Lucene search
+L

141 matches found

OSV
OSV
added 2026/05/07 12:45 p.m.6 views

ECHO-1910-CB5A-DE37

Bulletin has no description...

7.8CVSS5.7AI score0.00112EPSS
Exploits0References1
CVE
CVE
added 2026/04/20 4:4 p.m.25 views

CVE-2026-25883

Vexa SSRF via webhook URL validation flaw : The webhook feature allows authenticated users to configure any HTTP POST URL when meetings complete, with no validation of the target. This enables Server-Side Request Forgery to internal services (e.g., Redis/databases/admin panels), cloud metadata en...

5.8CVSS5.9AI score0.00203EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/20 4:3 p.m.33 views

CVE-2026-25058 Vexa's unauthenticated internal transcript endpoint exposed by default

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint GET /internal/transcripts/meetingid that returns transcript data for any meeting without any authentication or...

7.5CVSS0.00402EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/20 4:3 p.m.5 views

EUVD-2026-23887

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint GET /internal/transcripts/meetingid that returns transcript data for any meeting without any authentication or...

7.5CVSS5.7AI score0.00402EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/20 4:3 p.m.4 views

CVE-2026-25058 Vexa's unauthenticated internal transcript endpoint exposed by default

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint GET /internal/transcripts/meetingid that returns transcript data for any meeting without any authentication or...

7.5CVSS5.7AI score0.00402EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.7 views

PT-2026-33789

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint GET /internal/transcripts/meeting id that returns transcript data for any meeting without any authentication or...

7.5CVSS5.7AI score0.00402EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.6 views

MiracleLinux 4 : bind-9.7.3-2.2.0.1.AXS4.P3 (AXSA:2011-406:01)

"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-406:01 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves ho...

5CVSS6.7AI score0.24638EPSS
Exploits2References3
EUVD
EUVD
added 2026/01/11 8:0 a.m.5 views

EUVD-2026-1910

Malicious code in libc-dev PyPI...

6.6AI score
Exploits0References1
Circl
Circl
added 2025/12/04 10:8 p.m.14 views

CVE-2025-1910

creationtimestamp| type| source ---|---|--- 2025-12-04 22:08:06+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115663574444372667 2026-01-07 17:31:04+00:00| seen| https://bsky.app/profile/lutrasecurity.infosec.exchange.ap.brid.gy/post/3mbtybjfq5tj2 2026-01-07 17:31:36+00:00| seen|...

6.3CVSS5.7AI score0.00217EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1910

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01629EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/22 10:14 p.m.8 views

CVE-2022-1910

The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.6AI score0.01347EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:14 p.m.7 views

CVE-2021-1910

Double free in video due to lack of input buffer length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

10CVSS7.5AI score0.00576EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:16 p.m.9 views

CVE-2020-1910

A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image...

7.8CVSS6.8AI score0.05118EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 12:14 p.m.6 views

CVE-2012-1910

Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted...

7.5CVSS8.4AI score0.04507EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:26 p.m.5 views

CVE-2002-1910

Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords reversible algorithm, which allows attackers to obtain passwords...

7.5CVSS6.9AI score0.06335EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.27 views

CentOS 7 : firefox (RHSA-2024:1910)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1910 advisory. - The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This...

8.8CVSS7.9AI score0.00847EPSS
Exploits2References9
OpenVAS
OpenVAS
added 2024/06/05 12:0 a.m.16 views

openSUSE: Security Advisory for gstreamer (SUSE-SU-2024:1910-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.9AI score0.01565EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/04 12:0 a.m.15 views

SUSE SLES15: gstreamer-plugins-base / gstreamer-plugins-base-devel / etc (SUSE-SU-2024:1910-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1910-1 advisory. - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata bsc1224806 Tenable has extracted the...

7.8CVSS7.2AI score0.01565EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/06/04 12:0 a.m.19 views

SUSE: Security Advisory (SUSE-SU-2024:1910-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8AI score0.01565EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/21 12:0 a.m.8 views

Keenetic KN-1010 信息泄露漏洞

Keenetic KN is a series of routers from Keenetic. An information disclosure vulnerability exists in Keenetic KN-1010, which stems from an information disclosure vulnerability in file/version.js. Affected products and versions: Keenetic KN-1010, KN-1410, KN-1711, KN-1810, and KN-1910 4.1.2.15 and...

5.3CVSS6.3AI score0.00592EPSS
Exploits0References5
Rows per page
Query Builder