Lucene search
K

154 matches found

Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.11 views

PT-2026-41837

Name of the Vulnerable Software and Affected Versions Escargot version 590345cc6258317c5da850d846ce6baaf2afc2d3 Description An improper check for unusual or exceptional conditions in Samsung Open Source Escargot allows for input data manipulation. Recommendations At the moment, there is no...

7.5CVSS5.4AI score0.00266EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.13 views

SAMSUNG Escargot 代码问题漏洞

SAMSUNG Escargot is a memory-optimized JavaScript engine developed by South Korea’s Samsung Corporation. It is suitable for mid-range devices such as smartphones, tablets, and TVs. SAMSUNG Escargot has a code vulnerability that stems from improper exception or special case handling, which may lea...

5.5CVSS5.9AI score0.00266EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.16 views

PT-2026-41838

Name of the Vulnerable Software and Affected Versions Escargot version 590345cc6258317c5da850d846ce6baaf2afc2d3 Description Improper check or handling of exceptional conditions in Samsung Open Source Escargot allows for input data manipulation. Recommendations At the moment, there is no informati...

7.5CVSS5.4AI score0.00266EPSS
Exploits0References5
CVE
CVE
added 2026/05/07 1:13 p.m.14 views

CVE-2025-14341

DivvyDrive Information Technologies’ DivvyDrive contains a vulnerability (CVE-2025-14341) due to improperly controlled modification of dynamically-determined object attributes, causing Excessive Allocation/Resource Flooding. Affected versions are 4.8.2.19 prior to 4.8.3.2. The issue has NETWORK a...

8.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/07 1:13 p.m.29 views

CVE-2025-14341 Input Data Manipulation in DivvyDrive Information Technologies' DivvyDrive

Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before...

8.3CVSS0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/07 1:13 p.m.6 views

CVE-2025-14341 Input Data Manipulation in DivvyDrive Information Technologies' DivvyDrive

Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before...

8.3CVSS5.8AI score0.00221EPSS
Exploits0References1
CVE
CVE
added 2026/04/02 6:55 p.m.40 views

CVE-2026-35053

OneUptime prior to v10.0.42 exposes unauthenticated access in the Worker service ManualAPI endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId, allowing an attacker who can obtain or guess a workflowId to trigger arbitrary workflow execution with attacker-cont...

9.8CVSS6.2AI score0.00546EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15568

Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through = 1.8.10...

5.8AI score0.00463EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.3 views

CVE-2026-24372

Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through = 1.8.10...

7.5CVSS0.00463EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.3 views

CVE-2026-24372 WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerability

Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through = 1.8.10...

5.8AI score0.00463EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.11 views

CVE-2026-24372

CVE-2026-24372 affects the WordPress plugin Subscriptions for WooCommerce up to version 1.8.10, where an Authentication Bypass by Spoofing plus Input Data Manipulation vulnerability exists. The issue is confirmed across multiple sources (NVD/Red Hat/CVEs lists) with CVSS v3.1 base score 7.5 (HIGH...

7.5CVSS5.8AI score0.00463EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.6 views

PT-2026-27854

Name of the Vulnerable Software and Affected Versions Subscriptions for WooCommerce versions through 1.8.10 Description An authentication bypass by spoofing issue exists in WP Swings Subscriptions for WooCommerce. This allows for input data manipulation. The issue impacts the Subscriptions for...

7.5CVSS5.9AI score0.00463EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 6:31 p.m.15 views

GHSA-27QJ-9GVP-8RH9 Packetbeat does not properly validate an array index in multiple protocol parser components

Improper Validation of Array Index CWE-129 in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger...

5.7CVSS5.8AI score0.00239EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/19 6:31 p.m.5 views

Packetbeat does not properly validate an array index in multiple protocol parser components

Improper Validation of Array Index CWE-129 in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger...

5.7CVSS5.8AI score0.00239EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/03 8:43 a.m.4 views

BIT-KIBANA-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...

7.5CVSS5.9AI score0.00272EPSS
Exploits0References2
OSV
OSV
added 2026/03/03 8:40 a.m.6 views

BIT-ELK-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...

7.5CVSS5.9AI score0.00272EPSS
Exploits0References2
OSV
OSV
added 2026/03/03 8:40 a.m.2 views

BIT-ELK-2026-26934 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service

Improper Validation of Specified Quantity in Input CWE-1284 in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted, malformed payload causing excessive resource consumptio...

6.5CVSS5.9AI score0.00275EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/27 7:45 p.m.4 views

CVE-2026-26932

Improper Validation of Array Index CWE-129 in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requir...

7.5CVSS6AI score0.00454EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/26 9:31 p.m.5 views

EUVD-2026-8872

Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...

6.5CVSS5.3AI score0.00272EPSS
Exploits0References2
NVD
NVD
added 2026/02/26 7:32 p.m.10 views

CVE-2026-26937

Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...

7.5CVSS0.00272EPSS
Exploits0References1
Rows per page
Query Builder