Lucene search
K

11513 matches found

Nuclei
Nuclei
added yesterday121 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/takeaction.php?id=. id: CVE-2022-31984 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...

7.2CVSS7AI score0.04863EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday121 views

H2O ImportFiles - Local File Inclusion

An attacker is able to read any file on the server hosting the H2O dashboard without any authentication. id: CVE-2023-6038 info: name: H2O ImportFiles - Local File Inclusion author: danmcinerney,byt3bl33d3r severity: high description: | An attacker is able to read any file on the server hosting t...

9.3CVSS7AI score0.0434EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday163 views

ASIS - SQL Injection Authentication Bypass

ASIS aka Aplikasi Sistem Sekolah using CodeIgniter 3 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass. id: CVE-2024-45622 info: name: ASIS - SQL Injection Authentication Bypass author: s4e-io severity: critical description: | ASIS aka Aplikasi Sistem Sekolah...

9.8CVSS7.1AI score0.36297EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday65 views

Homematic CCU3 - Local File Inclusion

eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem, aka local file inclusion. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. id: CVE-2019-9726 info: name: Homematic CCU3 - Local...

7.5CVSS7.1AI score0.15732EPSS
Exploits1References3
Circl
Circl
added 2026/07/03 8:40 a.m.11 views

CVE-2026-50281

creationtimestamp| type| source ---|---|--- 2026-07-03 08:40:34+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpq5kgd4zs2j 2026-07-03 09:34:43+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqalb4gdi26 2026-07-03 09:34:52+00:00| seen|...

7.1CVSS5.9AI score0.00253EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 2:0 a.m.37 views

CVE-2022-4990

UNSUPPORTED WHEN ASSIGNED Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to bypass security validation and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation...

7.3CVSS0.00096EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/03 2:0 a.m.7 views

CVE-2022-4990

UNSUPPORTED WHEN ASSIGNED Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to bypass security validation and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation...

7.3CVSS5.8AI score0.00096EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54772

Name of the Vulnerable Software and Affected Versions erlang/quic versions prior to 1.4.4 Description The QUIC client fails to authenticate the server during the TLS 1.3 handshake. Specifically, the verify process is ineffective because the CertificateVerify signature is not checked, the...

9.1CVSS5.8AI score
Exploits0References5
OSV
OSV
added 2026/06/30 8:41 a.m.2 views

SUSE-SU-2026:22449-1 Security update for openssl-3

This update for openssl-3 fixes the following issue - CVE-2026-42767: NULL Pointer Dereference in CRMF EncryptedValue Decryption bsc1266350...

5.9CVSS5.9AI score0.00349EPSS
Exploits0References3
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.7 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: zarf-fips, harbor, osv-scanner, rancher, knative-eventing-fips, spire-server, k9s-fips, argocd-image-updater, vitess, docker-machine-driver-harvester, trivy-fips, cloudbeat, mattermost, prometheus-mongodb-exporter, flux-image-automation-controller-fips, snyk-cli,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.8 views

CVE-2026-54898 vulnerabilities

Vulnerabilities for packages: kube-logging-operator, ruby3.2-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset...

2.1CVSS6.1AI score0.00117EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/06/26 3:26 p.m.8 views

CVE-2026-55200 affecting package libssh2 for versions less than 1.11.1-3

CVE-2026-55200 affecting package libssh2 for versions less than 1.11.1-3. A patched version of the package is available...

9.2CVSS5.8AI score0.00732EPSS
Exploits11
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.5 views

Debian dla-4649 : libdbi-perl - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4649 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4649-1 [email protected]...

9.8CVSS6.4AI score0.00413EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.8 views

Fedora 44 : pacemaker (2026-2c31df81dc)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2c31df81dc advisory. Wed Jun 17 2026 Klaus Wenninger - 3.0.2-3 - fix CVE-2026-10649: Fix integer overflows in remote message code Tenable has extracted the preceding description...

8.6CVSS5.8AI score0.0044EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.8 views

Debian dsa-6366 : sogo - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6366 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6366-1 [email protected] https://www.debian.org/securit...

8.6CVSS5.8AI score0.00398EPSS
Exploits0References16
OSV
OSV
added 2026/06/24 9:16 p.m.4 views

UBUNTU-CVE-2026-11998

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6AI score0.00338EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/24 8:29 p.m.7 views

CVE-2026-11998 AngularJS XSS via SCE resource URL sanitization bypass

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6.1AI score0.00338EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 8:29 p.m.10 views

EUVD-2026-39080

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6.1AI score0.00338EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:29 p.m.5 views

CVE-2026-11998

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6.1AI score0.00338EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52086

Name of the Vulnerable Software and Affected Versions AngularJS versions 1.2.0-rc.3 and later Description A flaw in the Strict Contextual Escaping SCE logic allows the bypass of policies for resource URLs, which can lead to arbitrary JavaScript execution in the victim's browser session. SCE is...

7.6CVSS6AI score0.00338EPSS
Exploits0References16
Rows per page
Query Builder