Lucene search
+L

24180 matches found

CVE
CVE
added 1 hour ago3 views

CVE-2026-63963

Summary: CVE-2026-63963 affects the Linux kernel USB Type-C TCPM code. Specifically, in Discover Identity ACK handlers, the VDO count passed from a device must be validated before calling svdm_consume_identity() or svdm_consume_identity_sop_prime(). The device-controlled value could index off the...

5.4AI score
Exploits0References4
CVE
CVE
added 1 hour ago2 views

CVE-2026-63934

The CVE-2026-63934 entry describes a Linux kernel vulnerability in iio: gyro: itg3200 where i2c_read writes into the wrong stack location. Specifically, itg3200_read_all_channels() takes __be16 *buf and uses (char *)&buf for i2c_transfer(), which points to a local stack slot rather than the calle...

5.6AI score
Exploits0References8
CVE
CVE
added 1 hour ago6 views

CVE-2026-63897

The CVE-2026-63897 entry concerns the Linux kernel USB serial driver mct_u232. A missing sanity check on the size of interrupt-in transfers could allow parsing of stale or uninitialised slab data, potentially leaking kernel data to user space. The vulnerability is addressed by kernel fixes that a...

5.4AI score
Exploits0References8
EUVD
EUVD
added 4 hours ago2 views

EUVD-2026-45517

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix dead ACL conflict guard in nfsd4create nfsd4create steals create-crdpacl/crpacl into the local nfsdattrs via the designated initializer, then immediately sets the source pointers to NULL. The subsequent conflict guard...

5.3AI score
Exploits0References2
Nuclei
Nuclei
added 13 hours ago93 views

Cartadis Gespage 8.2.1 - Directory Traversal

Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData. id: CVE-2021-33807 info: name: Cartadis Gespage 8.2.1 - Directory Traversal author: daffainfo severity: high description: Cartadis Gespage through 8.2.1 allows Directory Traversa...

7.5CVSS7.3AI score0.16139EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago111 views

MinIO Browser API - Server-Side Request Forgery

MinIO Browser API before version RELEASE.2021-01-30T00-20-58Z contains a server-side request forgery vulnerability. id: CVE-2021-21287 info: name: MinIO Browser API - Server-Side Request Forgery author: pikpikcu severity: high description: MinIO Browser API before version...

7.7CVSS7.3AI score0.24784EPSS
Exploits0References5
Nuclei
Nuclei
added 13 hours ago128 views

Jeecg Boot <= 2.4.5 - Sensitive Information Disclosure

Jeecg Boot = 2.4.5 API interface has unauthorized access and leaks sensitive information such as email,phone and Enumerate usernames that exist in the system. id: CVE-2021-37305 info: name: Jeecg Boot = 2.4.5 - Sensitive Information Disclosure author: ritikchaddha severity: high description: |...

7.5CVSS7.2AI score0.0352EPSS
Exploits0References2
Nuclei
Nuclei
added 13 hours ago80 views

PrestaShop xipblog - SQL Injection

In the blog module xipblog, an anonymous user can perform SQL injection. Even though the module has been patched in version 2.0.1, the version number was not incremented at the time. id: CVE-2023-27847 info: name: PrestaShop xipblog - SQL Injection author: mastercho severity: critical description...

9.8CVSS8.5AI score0.04715EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago45 views

Geoserver - Server-Side Request Forgery

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows server-side request forgery via the option for setting a proxy host. id: CVE-2021-40822 info: name: Geoserver - Server-Side Request Forgery author: For3stCo1d,aringo-bf severity: high description: GeoServer through 2.18.5 and 2.19.x throug...

7.5CVSS7.3AI score0.19761EPSS
Exploits0References5
Nuclei
Nuclei
added 13 hours ago143 views

Cachet <=2.3.18 - SQL Injection

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and...

8.1CVSS7.3AI score0.09752EPSS
Exploits2References5
Nuclei
Nuclei
added 13 hours ago88 views

Doctor Appointment System 1.0 - SQL Injection

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. id: CVE-2021-27320 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: high description: | Blind S...

7.5CVSS7.6AI score0.09299EPSS
Exploits3References3
Nuclei
Nuclei
added 13 hours ago68 views

AccessAlly <3.5.7 - Sensitive Information Leakage

WordPress AccessAlly plugin before 3.5.7 allows sensitive information leakage because the file "resource/frontend/product/product-shortcode.php" which is responsible for the accessallyorderform shortcode dumps serialize$SERVER, which contains all environment variables. The leakage occurs on all...

7.5CVSS7.2AI score0.05404EPSS
Exploits2References4
Nuclei
Nuclei
added 13 hours ago55 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=deleteteam. id: CVE-2022-31977 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: critical description: | Online Fire Reporting System v1.0 is vulnerable to SQ...

9.8CVSS8.9AI score0.0716EPSS
Exploits1References3
Nuclei
Nuclei
added 13 hours ago85 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=. id: CVE-2022-31974 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL Injectio...

7.2CVSS7.6AI score0.04903EPSS
Exploits1References3
Nuclei
Nuclei
added 13 hours ago122 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/takeaction.php?id=. id: CVE-2022-31984 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...

7.2CVSS7.6AI score0.04863EPSS
Exploits1References3
Nuclei
Nuclei
added 13 hours ago673 views

Thinkphp Lang - Local File Inclusion

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php. id:...

9.8CVSS8.4AI score0.16378EPSS
Exploits2References5
Nuclei
Nuclei
added 13 hours ago48 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manageuser&id=. id: CVE-2022-31975 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...

7.2CVSS7.6AI score0.04863EPSS
Exploits1References3
Nuclei
Nuclei
added 13 hours ago91 views

Doctor Appointment System 1.0 - SQL Injection

SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page. id: CVE-2021-27314 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: critical description: |...

9.8CVSS8.7AI score0.12394EPSS
Exploits3References3
Nuclei
Nuclei
added 13 hours ago44 views

Wavlink - Improper Access Control

Wavlink WL-WN530H4 M30H4.V5030.210121 is susceptible to improper access control in the component /cgi-bin/ExportLogs.sh. An attacker can download configuration data and log files, obtain admin credentials, and potentially execute unauthorized operations. id: CVE-2022-48165 info: name: Wavlink -...

7.5CVSS7.4AI score0.03284EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago68 views

TP-Link - OS Command Injection

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840NEUV5171211 is vulnerable to remote code execution via a specially crafted payload in an IP address input field. id: CVE-2021-41653 info: name: TP-Link - OS Command Injection author: gy741 severity: critical...

10CVSS9.4AI score0.75883EPSS
Exploits1References5
Rows per page
Query Builder