Lucene search
+L

7058 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:50 a.m.13 views

CVE-2009-4520

The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path...

5CVSS7.1AI score0.01242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:48 a.m.13 views

CVE-2010-0215

ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and 1 delete an attachment or 2 subscribe to an object, via a crafted URL...

6CVSS6.6AI score0.01521EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:10 a.m.8 views

CVE-2016-10514

urlcheckformat in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring...

6.5CVSS6.9AI score0.01222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:2 a.m.10 views

CVE-2011-0729

dbusbackend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a 1 SetSystemDefaultLangEnv or 2...

7.2CVSS6.4AI score0.00333EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.14 views

PT-2026-1972

Name of the Vulnerable Software and Affected Versions code-projects Intern Membership Management System version 1.0 Description A security issue exists in code-projects Intern Membership Management System version 1.0. The issue involves the manipulation of the admin id argument within an unknown...

7.2CVSS4.9AI score0.00369EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2026/01/07 9:28 a.m.13 views

CVE-2019-12002

A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage versions: GL225P001 and earlier; GL225P001 and...

10CVSS7AI score0.02067EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.9 views

PT-2026-2124

Name of the Vulnerable Software and Affected Versions n8n versions 0.150.0 through 2.2.1 Description n8n is a workflow automation platform. A flaw in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger node create...

6.5CVSS6.7AI score0.00432EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000191)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000191 advisory. btrfsfreeextent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfsprintleaf in a certain ENOENT case, which allows local users to obtain...

5.5CVSS6.7AI score0.00729EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.11 views

PT-2026-1326

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.445 Description Coolify is a self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters from docker-compose.yaml files are not properly sanitized when...

9.6CVSS7.7AI score0.00619EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.7 views

PT-2025-53850

Name of the Vulnerable Software and Affected Versions Tenda M3 version 1.0.0.134903 Description A flaw exists in the Tenda M3 router that could allow for remote code execution. The issue is due to a stack-based buffer overflow within the formSetRemoteVlanInfo function, located in the...

9CVSS9.2AI score0.00632EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.11 views

PT-2025-53829

Name of the Vulnerable Software and Affected Versions Refugee Food Management System version 1.0 Description A flaw exists in Refugee Food Management System 1.0 that allows for SQL injection. Manipulation of the arguments refNo, Fname, Lname, sex, age, contact, and nationality nid can lead to a...

9.8CVSS7.4AI score0.00315EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.5 views

PT-2025-53853

Name of the Vulnerable Software and Affected Versions Tenda M3 version 1.0.0.134903 Description A security issue exists in Tenda M3 version 1.0.0.134903. The formSetAdInfoDetails function within the /goform/setAdInfoDetail file is susceptible to a heap-based buffer overflow. This occurs through t...

9CVSS8.7AI score0.00632EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2025/12/28 12:0 a.m.5 views

PT-2025-53646

Name of the Vulnerable Software and Affected Versions ZSPACE Z4Pro+ version 1.0.0440024 Description A command injection issue exists in ZSPACE Z4Pro+. The issue is located within the HTTP POST Request Handler component, specifically in the zfilev2 api SafeStatus function accessible via the...

6.5CVSS7.6AI score0.06828EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/12/27 12:0 a.m.21 views

PT-2025-53626

Name of the Vulnerable Software and Affected Versions jackq XCMS versions prior to 3fab5342cc509945a7ce1b8ec39d19f701b89261 Description A flaw exists in jackq XCMS that allows for unrestricted file upload. The issue is located in the Upload function within the...

5.8CVSS6.8AI score0.00344EPSS
Exploits1References10
Snyk
Snyk
added 2025/12/26 6:26 p.m.3 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in the Code node when running in legacy JavaScript execution mode. An attacker can access or modify files on the host system with the same privileges as the application process by invoking internal...

7.1CVSS6.9AI score0.00242EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.11 views

PT-2025-53606

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.0.0 Description n8n is a workflow automation platform. In self-hosted instances before version 2.0.0, when the Code node operates in legacy JavaScript execution mode, authenticated users with workflow editing permission...

7.1CVSS6.8AI score0.00242EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.7 views

PT-2025-53593

Name of the Vulnerable Software and Affected Versions krishanmuraiji SMS version 1.0 Description A SQL injection issue exists in krishanmuraiji SMS version 1.0. The issue is located within the '/studentms/admin/edit-class-detail.php' file and is triggered through the editid GET parameter. An...

6.5CVSS7.5AI score0.00259EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.7 views

PT-2025-52766

Name of the Vulnerable Software and Affected Versions Netgear EX8000 version 1.0.0.126 Description The Netgear EX8000 Mesh Extender firmware version 1.0.0.126 contains a Command Injection issue. This occurs due to a flaw in the action bandwidth function, specifically through manipulation of the...

6.5CVSS7.2AI score0.00783EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/21 12:0 a.m.11 views

PT-2025-52583

Name of the Vulnerable Software and Affected Versions Campcodes Complete Online Beauty Parlor Management System version 1.0 Description A cross site scripting issue exists in Campcodes Complete Online Beauty Parlor Management System version 1.0. Manipulation of the fromdate argument in the file...

4.8CVSS5.8AI score0.002EPSS
Exploits1References9
Veracode
Veracode
added 2025/12/13 6:9 a.m.6 views

Improper Check For Unusual Or Exceptional Conditions

Drupal core is vulnerable to Improper Check for Unusual or Exceptional Conditions. The vulnerability is due to insufficient validation of access conditions, which allows an attacker to perform forceful browsing and access restricted resources without proper authorization...

5.3CVSS5.8AI score0.00316EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder