Lucene search
K

52 matches found

NVD
NVD
added 2 days ago7 views

CVE-2026-54798

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt th...

7.1CVSS0.0024EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42593

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt th...

7.1CVSS5.9AI score0.0024EPSS
Exploits0References1
NOZOMI
NOZOMI
added 4 days ago4 views

Open Redirect in SAML Single Sign-On in Guardian/CMC before 26.2.0

Summary An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. Impact An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for...

7.1CVSS5.9AI score0.00167EPSS
Exploits0Affected Software2
CVE
CVE
added 2026/06/24 12:0 a.m.6 views

CVE-2025-60474

GPAC MP4Box up to version 26.01.x has a buffer overflow in the gf_media_import() function (in /media_tools/av_parsers.c). The underlining issue allows DoS via crafted input, affecting MP4Box before 26.02.0. Public sources consistently cite GPAC MP4Box versions prior to 26.02.0 as vulnerable, with...

7.5CVSS6.1AI score0.00579EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.9 views

CVE-2026-33583

Exposure of the QKEY used as input into the ‘OTA-Quantum’ device registration process and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03...

8.7CVSS5.5AI score0.00208EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 6:16 p.m.15 views

CVE-2026-46390 HAX CMS has Unauthenticated Git Access via User-Controlled Key

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenticated browsing of git repositories and git history. Version 26.0.0 patches the issue...

6.9CVSS5.5AI score0.0027EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 3:16 p.m.8 views

UBUNTU-CVE-2025-60481

A NULL pointer dereference in the gfodfac4cfgdsiv1 function /odf/descriptors.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted AC4 file...

5.5CVSS5.8AI score0.00143EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/01 12:0 a.m.11 views

EUVD-2025-210007

A segmentation violation in the gfmediagetcolorinfo function /mediatools/isomtools.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted data file...

5.5CVSS5.8AI score0.00133EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.23 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

7.5CVSS5.8AI score0.00411EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.14 views

Apple多款产品 安全漏洞

Apple iOS and other products are owned by the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

8.8CVSS5.8AI score0.00378EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple watchOS is an operating system for smart watches. Several Apple products have security vulnerabilities; these...

7.3CVSS5.8AI score0.00274EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/15 8:18 a.m.28 views

CVE-2025-40899 Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0

A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victim views the...

8.9CVSS0.00288EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/13 10:39 a.m.2 views

CVE-2026-2728

LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page...

4.6CVSS5.8AI score0.00225EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.10 views

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient cleaning and escaping of XML inputs controlled by the EPG function, which could...

5.4CVSS5.7AI score0.00195EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.7 views

WWBN AVideo 路径遍历漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained a path traversal vulnerability. This vulnerability allowed attackers to bypass the allowed access control by using the same domain URL, potentially leading t...

7.6CVSS5.8AI score0.00412EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.9 views

PT-2026-30989

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

WWBN AVideo 信息泄露漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 26 contain an information leakage vulnerability. This vulnerability arises from the disabling of access restrictions, which may lead to information leaks...

5.3CVSS5.8AI score0.00332EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

WWBN AVideo 跨站请求伪造漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF token validation in the player skin configuration endpoint, which cou...

4.3CVSS5.7AI score0.00134EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.6 views

WWBN AVideo 访问控制错误漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained an access control vulnerability. This vulnerability stemmed from the lack of authentication for the onpublishdone.php endpoint in the Live plugin, which could allo...

7.5CVSS5.8AI score0.00479EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.10 views

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the urlgetcontents function not revalidating the target when following HTTP redirection, which could...

6.5CVSS5.9AI score0.00233EPSS
Exploits1References2
Rows per page
Query Builder