Lucene search
K

22164 matches found

CVE
CVE
added 2026/02/11 12:0 a.m.13 views

CVE-2024-50617

CVE-2024-50617 affects CIPPlanner CIPAce prior to 9.17. The issue lies in the File Download and Get File handler components, where an authenticated user can change the file id parameter or supply a physical file path in the URL query to download files they should not access. The impact is unautho...

7.5CVSS5.3AI score0.00232EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.4 views

PT-2026-7674

Torrent 3GP Converter 1.51 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler SEH registers. Attackers can craft a malicious payload targeting the application's registration dialog to trigger code execution and open...

9.8CVSS6.8AI score0.00419EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/10 7:28 p.m.4 views

CVE-2024-36355

Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 sleep wake up, potentially resulting in arbitrary code execution...

7CVSS6.2AI score0.00153EPSS
Exploits0References2
OSV
OSV
added 2026/02/10 2:3 p.m.6 views

CLSA-2026-1770732201 Fix CVE(s): CVE-2026-24515

SECURITY UPDATE: XMLExternalEntityParserCreate failure to copy the encoding handler data can cause a NULL dereference. - debian/patches/CVE-2026-24515.patch: Make XMLExternalEntityParserCreate copy unknown encoding handler user data - CVE-2026-24515...

2.9CVSS6.8AI score0.0017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/10 1:23 p.m.6 views

CVE-2026-2226

A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sqlfilename leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

7.2CVSS5.2AI score0.00365EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/10 7:33 a.m.7 views

CVE-2026-2215

A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRETKEY results in use of default cryptographic key. The attack can be initiated...

6.3CVSS5AI score0.00268EPSS
Exploits0References1
OSV
OSV
added 2026/02/10 7:11 a.m.6 views

CLSA-2026-1770707507 Fix CVE(s): CVE-2026-24515

SECURITY UPDATE: Make XMLExternalEntityParserCreate copy unknown encoding handler user data - debian/patches/CVE-2026-24515.patch: copy unknown encoding handler user data and add tests to cover effect - CVE-2026-24515...

2.9CVSS7.2AI score0.0017EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/10 12:22 a.m.2 views

Improper Handling of Case Sensitivity

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to improper handling of case sensitivity in the userPutHandler function. An attacker can gain unauthorized access to user accoun...

5.4CVSS5.7AI score0.00325EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/09 7:23 p.m.8 views

CVE-2026-2141

A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper authorization...

8.8CVSS5AI score0.00362EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/09 7:23 p.m.8 views

CVE-2026-2155

A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub4208A0 of the file /goform/setdmz of the component Configuration Handler. The manipulation of the argument dmzhost/dmzenable results in os command injection. The attack can be executed remotely...

8.6CVSS5.4AI score0.03818EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/09 5:16 p.m.13 views

Malicious code in react-svg-handler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63577e9faa19bf76dac1f171ee006ed6801a0726d5782ae1246bde01b508a7ad The package react-svg-handler was found to contain malicious code. Source: ghsa-malware...

5.6AI score
Exploits0References1
OSV
OSV
added 2026/02/09 5:16 p.m.5 views

MAL-2026-822 Malicious code in react-svg-handler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63577e9faa19bf76dac1f171ee006ed6801a0726d5782ae1246bde01b508a7ad The package react-svg-handler was found to contain malicious code. Source: ghsa-malware...

5.6AI score
Exploits0References1
Snyk
Snyk
added 2026/02/09 5:16 p.m.2 views

Malicious Package

Overview react-svg-handler is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
OSV
OSV
added 2026/02/09 2:50 p.m.9 views

CLSA-2026-1770648617 expat: Fix of CVE-2026-24515

CVE-2026-24515: make XMLExternalEntityParserCreate copy unknown encoding handler user data...

2.9CVSS5.7AI score0.0017EPSS
Exploits0References1
OSV
OSV
added 2026/02/09 2:44 p.m.10 views

CLSA-2026-1770648267 expat: Fix of CVE-2026-24515

CVE-2026-24515: make XMLExternalEntityParserCreate copy unknown encoding handler user data...

2.9CVSS5.8AI score0.0017EPSS
Exploits0References1
OSV
OSV
added 2026/02/09 2:38 p.m.7 views

CLSA-2026-1770647876 expat: Fix of CVE-2026-24515

CVE-2026-24515: make XMLExternalEntityParserCreate copy unknown encoding handler user data...

2.9CVSS7.2AI score0.0017EPSS
Exploits0References1
NVD
NVD
added 2026/02/09 10:15 a.m.6 views

CVE-2026-2226

A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sqlfilename leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

7.2CVSS0.00365EPSS
Exploits1References4
OSV
OSV
added 2026/02/09 10:15 a.m.3 views

CVE-2026-2226

A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sqlfilename leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

7.2CVSS5.4AI score0.00365EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/09 9:32 a.m.38 views

CVE-2026-2226 DouPHP ZIP File file.php unrestricted upload

A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sqlfilename leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

5.8CVSS0.00365EPSS
Exploits1References4
CVE
CVE
added 2026/02/09 9:32 a.m.14 views

CVE-2026-2226

CVE-2026-2226 affects DouPHP up to 1.9, targeting the ZIP File Handler component. The issue arises from manipulating the argument sql_filename in the file /admin/file.php, leading to unrestricted upload. The vulnerability can be exploited remotely, and the exploit has been disclosed publicly. The...

7.2CVSS5.2AI score0.00365EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder