Lucene search
K

212 matches found

Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.4 views

PT-2026-25662

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...

8.7CVSS5.7AI score0.00275EPSS
Exploits0References5
OSV
OSV
added 2026/03/03 10:20 p.m.5 views

CVE-2026-26272 HomeBox affected by Stored XSS via HTML/SVG Attachment Upload

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting XSS vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated user to upload...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/24 1:24 p.m.10 views

EUVD-2026-8465

A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the content of directories by using the DAC protocol that the user is not authorized to do so...

7.6CVSS5.4AI score0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/02/11 4:11 p.m.14 views

CVE-2026-25084

The CVE-2026-25084 entry concerns ZLAN5143D, a device whose authentication can be bypassed by directly accessing internal URLs. Connected sources provide concrete details: in addition to the basic bypass vulnerability, an unprotected API endpoint can allow an attacker to remotely change the devic...

9.8CVSS5.4AI score0.00732EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/09 8:48 p.m.27 views

CVE-2026-25806 PlaciPy has Missing Authorization Checks on Student Management Endpoints (IDOR)

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the GET /api/students/:email PUT /api/students/:email/status, and DELETE /api/students/:email routes in backend/src/routes/student.routes.ts only enforce authentication using authenticateToken but do...

5.3CVSS0.00212EPSS
Exploits0References1
OSV
OSV
added 2026/01/14 4:45 p.m.5 views

GHSA-3G2F-4RJG-9385 Weblate leaks information via screenshots

Impact The screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. Patches https://github.com/WeblateOrg/weblate/pull/17516 References Thanks to Lukas May and Michael Leu...

2.3CVSS6.8AI score0.00323EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/12/24 1:16 p.m.3 views

CVE-2023-54117

In the Linux kernel, the following vulnerability has been resolved: s390/dcssblk: fix kernel crash with listadd corruption Commit fb08a1908cb1 "dax: simplify the daxdevice gendisk association" introduced new logic for gendisk association, requiring drivers to explicitly call daxaddhost and...

5.8AI score0.00175EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.8 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989441)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989441 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/dasd: protect device queue against concurrent access In dasdprofilestart the amount of...

5.5CVSS5.9AI score0.0024EPSS
Exploits0References4
OSV
OSV
added 2025/10/22 2:15 p.m.10 views

UBUNTU-CVE-2023-53711

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential data corruption We must ensure that the subrequests are joined back into the head before we can retransmit a request. If the head was not on the commit lists, because the server wrote it synchronously, we sti...

5.9AI score0.00182EPSS
Exploits0References8
OSV
OSV
added 2025/10/22 1:23 p.m.7 views

CVE-2023-53711 NFS: Fix a potential data corruption

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential data corruption We must ensure that the subrequests are joined back into the head before we can retransmit a request. If the head was not on the commit lists, because the server wrote it synchronously, we sti...

6.4AI score0.00182EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/10/20 6:23 p.m.4 views

CVE-2025-62356

A path traversal vulnerability in all versions of the Qodo Qodo Gen IDE enables a threat actor to read arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and through indirect prompt injection...

7.5CVSS6.6AI score0.00559EPSS
Exploits0References1
CVE
CVE
added 2025/10/17 3:36 p.m.25 views

CVE-2025-62356

CVE-2025-62356 affects Qodo Gen IDE (Qodo Gen IDE). A path traversal vulnerability enables a threat actor to read arbitrary local files on an end user’s system, including files outside of current projects. The issue is reachable directly and via indirect prompt injection, impacting confidentialit...

7.5CVSS6.3AI score0.00559EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-1024

Malware in sbrugna...

2.1CVSS6.3AI score0.00397EPSS
Exploits0References20
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-13531

Malware in sbrugna...

9.8CVSS9.5AI score0.01952EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-5307

Malware in sbrugna...

9.3CVSS6.4AI score0.0086EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.6 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-392013)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-392013 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error recovery leading to data corruption on ESE devices Extent Space Efficient ES...

7.8CVSS6.3AI score0.00243EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/23 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly removing DAX entries, which could result in a runtime warning...

7.8CVSS6.2AI score0.00133EPSS
Exploits0References2
OSV
OSV
added 2025/09/16 5:15 p.m.1 views

DEBIAN-CVE-2023-53323

In the Linux kernel, the following vulnerability has been resolved: ext2/dax: Fix ext2setsize when len is page aligned PAGEALIGNx macro gives the next highest value which is multiple of pagesize. But if x is already page aligned then it simply returns x. So, if x passed is 0 in daxzerorange...

5.5CVSS5.3AI score0.00134EPSS
Exploits0References1
CVE
CVE
added 2025/08/25 12:0 a.m.18 views

CVE-2025-52130

CVE-2025-52130 is a file upload vulnerability in WebErpMesv2 prior to 1.19 (FactoryController.php in 1.17). An authenticated attacker can upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests and may lead to Remote Code Execution (RCE). Related advisories (R...

5.4CVSS8.1AI score0.002EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/23 9:22 p.m.6 views

CVE-2010-20115

Arcane Software’s Vermillion FTP Daemon vftpd versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and...

9.3CVSS8AI score0.0086EPSS
Exploits0References1
Rows per page
Query Builder