Lucene search
K

65 matches found

EUVD
EUVD
added last week4 views

EUVD-2026-39698

Unauthenticated Multiple Vulnerabilities in BitFire Security = 5.0.3 versions...

8.6CVSS5.8AI score0.00275EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/23 12:42 p.m.5 views

WordPress BitFire Security plugin <= 5.0.3 - Multiple Vulnerabilities vulnerability

Multiple Vulnerabilities vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin BitFire Security versions = 5.0.3...

8.6CVSS5.8AI score0.00275EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.6 views

CVE-2025-26474

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. This vulnerability can be exploited only in restricted scenarios...

3.3CVSS5.8AI score0.00138EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/18 8:55 p.m.2 views

CVE-2026-32700 Devise has a confirmable "change email" race condition that permits user to confirm email they have no access to

Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...

6CVSS5.8AI score0.00275EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/16 7:10 a.m.4 views

CVE-2025-26474 communication_ipc an improper input validation vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. This vulnerability can be exploited only in restricted scenarios...

3.3CVSS5.8AI score0.00138EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/12 6:59 p.m.3 views

CVE-2026-32246 Tinyauth vulnerable to TOTP/2FA bypass via OIDC authorize endpoint

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC authorization endpoint allows users with a TOTP-pending session password verified, TOTP not yet completed to obtain authorization codes. An attacker who knows a user's password but not their TOTP secret can obtain...

8.5CVSS5.8AI score0.0027EPSS
Exploits1References1
CVE
CVE
added 2026/03/12 6:57 p.m.13 views

CVE-2026-32245

CVE-2026-32245 concerns Tinyauth, an authentication/authorization server. The issue, present before 5.0.3, is that the OIDC token endpoint does not verify that the client exchanging an authorization code is the same client to which the code was issued. A malicious OIDC client operator can exchang...

6.5CVSS5.8AI score0.0025EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/02/23 4:29 p.m.8 views

CVE-2025-70044

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in fofolee uTools-quickcommand 5.0.3...

6.5CVSS0.00133EPSS
Exploits0References3
CVE
CVE
added 2026/02/23 12:0 a.m.12 views

CVE-2025-70044

CVE-2025-70044 affects fofolee uTools-quickcommand 5.0.3. The issue is improper certificate validation (CWE-295) and is described as a network-reachable vulnerability with medium severity (CVSS v3.1: 6.5). The Red Hat, NVD, and CVE records concur on the affected software version and the root caus...

6.5CVSS5.3AI score0.00133EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/19 3:49 p.m.21 views

CVE-2026-25766 Echo has a Windows path traversal via backslash in middleware.Static default filesystem

Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In middleware/static.go, the requested path is unescaped and...

5.3CVSS0.00329EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/09 2:52 p.m.4 views

EUVD-2025-201961

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in sevenspark Contact Form 7 Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 Dynamic Text Extension: from n/a through = 5.0.3...

5.3CVSS6AI score0.00236EPSS
Exploits0References2
Circl
Circl
added 2025/12/03 2:14 p.m.3 views

CVE-2022-50393

creationtimestamp| type| source ---|---|--- 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...

5.5CVSS5.8AI score0.00143EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/02 4:14 p.m.4 views

CVE-2025-55222

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP USB Function functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to a denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.This...

8.6CVSS6.8AI score0.00363EPSS
Exploits0References1
OSV
OSV
added 2025/12/01 4:15 p.m.3 views

CVE-2025-54851

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this...

7.5CVSS5.8AI score0.0037EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/01 3:25 p.m.14 views

CVE-2025-55222

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP USB Function functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to a denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.This...

8.6CVSS0.00363EPSS
Exploits0References1
Snyk
Snyk
added 2025/10/23 11:46 a.m.5 views

Observable Response Discrepancy

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Observable Response Discrepancy in the router. An attacker can determine the existence of specific course IDs by analyzing the different responses returned for valid and invalid IDs. Remediation...

6.9CVSS6.6AI score0.00254EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/06 5:13 p.m.5 views

CVE-2025-61733

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue...

7.5CVSS6.7AI score0.01224EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-24116

Malicious code in bioql PyPI...

8.4CVSS6.6AI score0.00103EPSS
Exploits0References1
CVE
CVE
added 2025/10/02 2:35 p.m.12 views

CVE-2025-59761

Summary: CVE-2025-59761 concerns AndSoft e-TMS v25.03, where a reflected cross-site scripting (XSS) vulnerability exists due to insufficient filtering/escaping of untrusted data. The attack vector involves crafted URLs to the endpoint /clt/LOGINFRM_DLG.ASP and targets the parameters l, demo, demo...

6.1CVSS6.1AI score0.00181EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2025/09/15 3:15 p.m.4 views

CVE-2022-50309

In the Linux kernel, the following vulnerability has been resolved: media: xilinx: vipp: Fix refcount leak in xvipgraphdmainit ofgetchildbyname returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak...

5.5CVSS5.9AI score0.00149EPSS
Exploits0References11
Rows per page
Query Builder