11513 matches found
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/takeaction.php?id=. id: CVE-2022-31984 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...
H2O ImportFiles - Local File Inclusion
An attacker is able to read any file on the server hosting the H2O dashboard without any authentication. id: CVE-2023-6038 info: name: H2O ImportFiles - Local File Inclusion author: danmcinerney,byt3bl33d3r severity: high description: | An attacker is able to read any file on the server hosting t...
ASIS - SQL Injection Authentication Bypass
ASIS aka Aplikasi Sistem Sekolah using CodeIgniter 3 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass. id: CVE-2024-45622 info: name: ASIS - SQL Injection Authentication Bypass author: s4e-io severity: critical description: | ASIS aka Aplikasi Sistem Sekolah...
Homematic CCU3 - Local File Inclusion
eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem, aka local file inclusion. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. id: CVE-2019-9726 info: name: Homematic CCU3 - Local...
CVE-2026-50281
creationtimestamp| type| source ---|---|--- 2026-07-03 08:40:34+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpq5kgd4zs2j 2026-07-03 09:34:43+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqalb4gdi26 2026-07-03 09:34:52+00:00| seen|...
CVE-2022-4990
UNSUPPORTED WHEN ASSIGNED Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to bypass security validation and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation...
CVE-2022-4990
UNSUPPORTED WHEN ASSIGNED Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to bypass security validation and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation...
PT-2026-54772
Name of the Vulnerable Software and Affected Versions erlang/quic versions prior to 1.4.4 Description The QUIC client fails to authenticate the server during the TLS 1.3 handshake. Specifically, the verify process is ineffective because the CertificateVerify signature is not checked, the...
SUSE-SU-2026:22449-1 Security update for openssl-3
This update for openssl-3 fixes the following issue - CVE-2026-42767: NULL Pointer Dereference in CRMF EncryptedValue Decryption bsc1266350...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: zarf-fips, harbor, osv-scanner, rancher, knative-eventing-fips, spire-server, k9s-fips, argocd-image-updater, vitess, docker-machine-driver-harvester, trivy-fips, cloudbeat, mattermost, prometheus-mongodb-exporter, flux-image-automation-controller-fips, snyk-cli,...
CVE-2026-54898 vulnerabilities
Vulnerabilities for packages: kube-logging-operator, ruby3.2-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset...
CVE-2026-55200 affecting package libssh2 for versions less than 1.11.1-3
CVE-2026-55200 affecting package libssh2 for versions less than 1.11.1-3. A patched version of the package is available...
Debian dla-4649 : libdbi-perl - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4649 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4649-1 [email protected]...
Fedora 44 : pacemaker (2026-2c31df81dc)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2c31df81dc advisory. Wed Jun 17 2026 Klaus Wenninger - 3.0.2-3 - fix CVE-2026-10649: Fix integer overflows in remote message code Tenable has extracted the preceding description...
Debian dsa-6366 : sogo - security update
The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6366 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6366-1 [email protected] https://www.debian.org/securit...
UBUNTU-CVE-2026-11998
A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...
CVE-2026-11998 AngularJS XSS via SCE resource URL sanitization bypass
A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...
EUVD-2026-39080
A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...
CVE-2026-11998
A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...
PT-2026-52086
Name of the Vulnerable Software and Affected Versions AngularJS versions 1.2.0-rc.3 and later Description A flaw in the Strict Contextual Escaping SCE logic allows the bypass of policies for resource URLs, which can lead to arbitrary JavaScript execution in the victim's browser session. SCE is...