Lucene search
K

673 matches found

Nuclei
Nuclei
added yesterday52 views

ZimaOS <= v1.2.4 - Sensitive Information Disclosure

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as http:///v1/users/image?path=/var/lib/casaos/1/apporder.json and http:///v1/users/image?path=/var/lib/casaos/1/system.json,...

7.5CVSS6AI score0.20599EPSS
Exploits1References3
NVD
NVD
added 6 days ago6 views

CVE-2026-57752

Contributor SQL Injection in iNET Webkit 1.2.4 versions...

8.5CVSS0.0029EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41308

Contributor SQL Injection in iNET Webkit 1.2.4 versions...

8.5CVSS5.8AI score0.0029EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-57752 WordPress iNET Webkit plugin 1.2.4 - SQL Injection vulnerability

Contributor SQL Injection in iNET Webkit 1.2.4 versions...

8.5CVSS0.0029EPSS
Exploits0References1
CVE
CVE
added 6 days ago17 views

CVE-2026-57752

The CVE-2026-57752 entry covers a Contributor SQL Injection in the WordPress iNET Webkit plugin version 1.2.4. The vulnerability is described without attack details; CVSS 3.1 base score 8.5 (Network attack, Low complexity, Privileges Required: Low, User Interaction: None, Confidentiality Impact: ...

8.5CVSS5.8AI score0.0029EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.11 views

CVE-2026-8335

A missing authentication check on the Aix‑DB "/llm/processllmout" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

7.1CVSS6AI score0.00195EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 9:47 p.m.8 views

CVE-2026-42563 Dulwich Vulnerable to Command Injection via Merge Driver Path

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

7.7CVSS5.8AI score0.00555EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 3:16 p.m.21 views

CVE-2026-8335

A missing authentication check on the Aix‑DB "/llm/processllmout" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

7.1CVSS0.00195EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 2:31 p.m.12 views

EUVD-2026-36050

A missing authentication check on the Aix‑DB "/llm/processllmout" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

7.1CVSS6AI score0.00195EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 2:31 p.m.26 views

CVE-2026-8335

CVE-2026-8335 affects Aix-DB. A missing authentication check on the "/llm/process_llm_out" endpoint allows unauthenticated clients to execute arbitrary SQL (e.g., arbitrary SELECTs) and retrieve database data, because token validation enforced on other endpoints is absent here. All releases up to...

7.1CVSS6AI score0.00195EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 8:2 p.m.10 views

Inefficient CPU Computation

Overview Nerdbank.MessagePack is an A modern, fast and NativeAOT-compatible MessagePack serialization library Affected versions of this package are vulnerable to Inefficient CPU Computation in the WithExpandoObjectConverter. An attacker can cause excessive CPU consumption by deserializing special...

6.9CVSS5.8AI score
Exploits0References2
Patchstack
Patchstack
added 2026/05/27 9:14 a.m.12 views

WordPress NS Product icon badge plugin <= 1.2.4 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin NS Product icon badge versions = 1.2.4...

6.1CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/27 7:16 a.m.17 views

CVE-2026-8707

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS0.00211EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.13 views

CVE-2026-8707

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6AI score0.00211EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.34 views

CVE-2026-8707 NS Product icon badge <= 1.2.4 - Reflected Cross-Site Scripting via PHP_SELF

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS0.00211EPSS
Exploits0References5
CVE
CVE
added 2026/05/27 5:31 a.m.22 views

CVE-2026-8707

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF in all versions up to 1.2.4 due to insufficient input sanitization and output escaping. Affected: WordPress plugin NS Product icon badge; vulnerable component: code handling user input/outp...

6.1CVSS6AI score0.00211EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.12 views

CVE-2026-8707 NS Product icon badge <= 1.2.4 - Reflected Cross-Site Scripting via PHP_SELF

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS6AI score0.00211EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/26 8:59 p.m.17 views

CVE-2026-47672

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g.,...

6.5CVSS5.9AI score0.00162EPSS
Exploits0References3Affected Software1
CBLMariner
CBLMariner
added 2026/05/06 12:10 a.m.12 views

CVE-2026-41205 affecting package python-mako for versions less than 1.2.4-3

CVE-2026-41205 affecting package python-mako for versions less than 1.2.4-3. A patched version of the package is available...

8.7CVSS5.8AI score0.00361EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/11 1:21 a.m.4 views

CVE-2026-5802

A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of the component HTTP Interface. Such manipulation of the argument jarFilePath leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might...

7.5CVSS6.8AI score0.01651EPSS
Exploits0References1
Rows per page
Query Builder