Lucene search
K

38612 matches found

CVE
CVE
added 2026/04/05 8:45 p.m.8 views

CVE-2018-25256

CVE-2018-25256 affects IP TOOLS 2.50, specifically the SNMP Scanner component. A local buffer overflow can be triggered by oversized input in the From Addr and To Addr fields, crashing the application when Start is clicked and causing a denial of service via an SEH overwrite. The description in t...

6.8CVSS6.2AI score0.00202EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/05 3:0 p.m.23 views

CVE-2026-5575 SourceCodester/jkev Record Management System Login index.php sql injection

A vulnerability was detected in SourceCodester/jkev Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The...

7.5CVSS0.00271EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/05 2:45 p.m.1 views

CVE-2026-5574 Technostrobe HI-LED-WR120-G2 FsBrowseClean deletefile authorization

A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/path leads to missing authorization. The attack may be initiated remotely. The exploit has been...

6.9CVSS6.2AI score0.00544EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.8 views

IP TOOLS 缓冲区错误漏洞

IP TOOLS is a tool provided by the IP TOOLS company for viewing IP addresses. Version 2.50 of IP TOOLS contains a buffer overflow vulnerability. This vulnerability stems from a local buffer overflow in the SNMP Scanner component, which could allow local attackers to cause the application to crash...

6.8CVSS6.1AI score0.00202EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/03 11:2 p.m.4 views

CVE-2026-5360

A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The...

6.3CVSS5.1AI score0.00427EPSS
Exploits0References1
NVD
NVD
added 2026/04/03 10:16 p.m.3 views

CVE-2026-28797

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions 0.24.0 and prior, a Server-Side Template Injection SSTI vulnerability exists in RAGFlow's Agent workflow Text Processing StringTransform and Message components. These components use Python's jinja2.Template unsandbox...

8.8CVSS0.00386EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/03 9:41 p.m.2 views

CVE-2026-28797 RAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" Component

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions 0.24.0 and prior, a Server-Side Template Injection SSTI vulnerability exists in RAGFlow's Agent workflow Text Processing StringTransform and Message components. These components use Python's jinja2.Template unsandbox...

8.7CVSS6.2AI score0.00386EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/03 7:49 p.m.5 views

CVE-2026-23451

A flaw was found in the Linux kernel's bonding component. When a specific network configuration involving a stack of two bonding devices is set up, the bondheaderparse function can enter an infinite loop. This vulnerability can lead to a Denial of Service DoS, making the affected system...

7.5CVSS5.9AI score0.00446EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/03 6:47 p.m.4 views

CVE-2026-23460

A flaw was found in the Linux kernel's net/rose component. A local user can trigger a NULL pointer dereference by calling connect a second time while a connection attempt is already in progress. This improper handling of concurrent connection attempts can lead to a system crash, resulting in a...

5.9AI score0.00123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/03 5:12 p.m.4 views

CVE-2026-23428

A flaw was found in ksmbd, a component of the Linux kernel. This use-after-free vulnerability occurs during the processing of Server Message Block version 2 SMB2 compound requests. An attacker could exploit this by sending a specially crafted sequence of SMB2 commands, causing the system to attem...

5.8AI score0.00331EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/03 5:10 p.m.3 views

CVE-2026-23432

A flaw was found in the Linux kernel's mshv component. A local user could exploit a use-after-free vulnerability by unmapping memory after a specific error path in the mshvmapusermemory function. This can cause a system crash kernel panic due to the system attempting to access freed memory...

7.8CVSS5.9AI score0.0012EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/03 4:59 p.m.3 views

CVE-2026-35002

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...

9.8CVSS6.7AI score0.00852EPSS
Exploits0References1
OSV
OSV
added 2026/04/03 4:16 p.m.6 views

UBUNTU-CVE-2026-23432

In the Linux kernel, the following vulnerability has been resolved: mshv: Fix use-after-free in mshvmapusermemory error path In the error path of mshvmapusermemory, calling vfree directly on the region leaves the MMU notifier registered. When userspace later unmaps the memory, the notifier fires...

7.8CVSS5.7AI score0.0012EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/03 12:36 p.m.1 views

CVE-2026-34785

A flaw was found in Rack. The Rack::Static component, which serves static files for web applications, uses a simple string prefix check to determine if a request should be served as a static file. This can lead to unintended information disclosure, as files with names that merely share a configur...

7.5CVSS5.9AI score0.00387EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/03 3:26 a.m.2 views

Incorrect Authorization

Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the process that handles Discord component interactions, which incorrectly classifies Group Direct Messages as standard Direct Messages. An attacker can...

5.4CVSS5.8AI score0.00125EPSS
Exploits0References2
OSV
OSV
added 2026/04/03 3:26 a.m.3 views

GHSA-6336-QQW9-V6X6 OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message

Summary Discord Component Interaction Misclassifies Group DM as Direct Message Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Real on shipped v2026.3.24 component-interaction routing/auth in extensions/discord/src/monitor/agent-components-helpers.ts, but impac...

5.4CVSS5.9AI score0.00125EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/03 3:26 a.m.4 views

OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message

Summary Discord Component Interaction Misclassifies Group DM as Direct Message Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Real on shipped v2026.3.24 component-interaction routing/auth in extensions/discord/src/monitor/agent-components-helpers.ts, but impac...

5.4CVSS5.9AI score0.00125EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.3 views

PT-2026-30218

Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations. To remediate this issue, users should upgrade to version 2.1.0...

7.1CVSS5.9AI score0.00271EPSS
Exploits0References7
Redos
Redos
added 2026/04/03 12:0 a.m.3 views

ROS-20260403-73-0021

A vulnerability in the venus component of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability allows an attacker to cause a denial of service...

7.1CVSS7.1AI score0.00149EPSS
Exploits0
Redos
Redos
added 2026/04/03 12:0 a.m.5 views

ROS-20260403-73-0023

A vulnerability in the mm/ptdump component of the Linux operating system kernel is related to synchronization errors when using a shared resource. Exploitation of the vulnerability allows an attacker to cause a denial of service...

4.7CVSS5.9AI score0.00114EPSS
Exploits0
Rows per page
Query Builder