Lucene search
K

6946 matches found

Vulnrichment
Vulnrichment
added 2026/05/27 7:38 p.m.14 views

CVE-2026-8364 Gladinet Triofox Missing Authentication for Critical Functions

Gladinet Triofox Cloud Server Agent Access Service GladServerAgentService.exe listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache...

9.8CVSS5.8AI score0.00305EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-43770

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF verifier where it relies on access type flags in helper function prototypes for memory access optimizations. Several helper functions using ARG PTR TO MEM lack...

7.1CVSS6AI score0.00157EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

WordPress plugin Search Simple Fields 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from writing values from the /smack/doi module. By writing values that have been previously used, it is...

5.8AI score0.0016EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/26 8:58 p.m.8 views

CVE-2025-14361 WordPress Woocommerce Envato Affiliates plugin <= 1.2.1 - Settings Change vulnerability

Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1...

7.1CVSS5.8AI score0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:31 p.m.9 views

CVE-2026-43981

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, in engine/luahandler.go, the sync.RWMutex protecting LoadCommonFunctions is released before L.Push and L.PCall execute. Since gopher-lua's LState is explicitly not goroutine-safe, concurrent requests race on the shared state...

8.2CVSS5.8AI score0.00182EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/26 10:16 a.m.11 views

CVE-2026-44410

This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks...

3.8CVSS0.00131EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:39 a.m.12 views

CVE-2026-44410

This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks...

3.8CVSS5.8AI score0.00131EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/26 9:39 a.m.26 views

CVE-2026-44410

Technical details for CVE-2026-44410 are not publicly available in the provided documents. Monitor for updates from the vendor and CVE records for any concrete impact, affected components, or remediation.

3.8CVSS5.8AI score0.00131EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 9:39 a.m.12 views

EUVD-2026-31809

This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks...

3.8CVSS5.8AI score0.00131EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 9:39 a.m.41 views

CVE-2026-44410 Function Abusement Vulnerability in ZTE ZXUniPOS NDS-LTE

This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks...

3.8CVSS0.00131EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

JeecgBoot 访问控制错误漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contain an access control vulnerability caused by improper handling of unknown functions in the /sys/comment/add file. This vulnerability may lead t...

6.5CVSS6.6AI score0.00209EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.14 views

PT-2026-43210

This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks...

3.8CVSS5.8AI score0.00131EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/25 7:0 p.m.10 views

EUVD-2026-31722

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected by this vulnerability is the function getClassroomStudents/removeStudentFromClassroom of the file classroom.php. Executing a manipulation of the argument classroomid can lead to improper authorization...

6.5CVSS6.4AI score0.00272EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/25 8:9 a.m.6 views

Malicious Package

Overview wm-plugin-native-functions-restorer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...

9.8CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.12 views

PT-2026-43112

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected by this vulnerability is the function getClassroomStudents/removeStudentFromClassroom of the file classroom.php. Executing a manipulation of the argument classroom id can lead to improper authorization...

6.5CVSS6.4AI score0.00272EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.14 views

PT-2026-43088

A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. Th...

6.5CVSS6.2AI score0.00337EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Besen BS20 EV Charging Station 安全漏洞

The Besen BS20 EV Charging Station is an AC electric vehicle wall-mounted charging station developed by the Chinese company Besen. The Besen BS20 EV Charging Station, including versions dated before April 2026, contains security vulnerabilities. These vulnerabilities stem from improper operation ...

3.1CVSS5.8AI score0.00192EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.7 views

Unity Linux 20.1060e / 20.1070e Security Update: openblas (UTSA-2026-016623)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016623 advisory. An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version...

9.1CVSS7.1AI score0.0262EPSS
Exploits0References4
CVE
CVE
added 2026/05/21 5:11 p.m.20 views

CVE-2026-48247

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php (CURLOPT_SSL_VERIFYPEER=false and no CURLOPT_SSL_VERIFYHOST), enabling network‑path MITM interception of outbound HTTPS requests and exposure of API keys or session data. The CVE notes this applies to ...

8.2CVSS5.9AI score0.00173EPSS
Exploits0References3
Rows per page
Query Builder