Lucene search
K

28404 matches found

Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-55733

Name of the Vulnerable Software and Affected Versions SourceCodester Simple and Nice Shopping Cart Script version 1.0 Description An issue exists in the /admin/mensproductdeletequery.php file where improper handling of the user id variable allows for SQL injection. This allows a remote attacker t...

7.5CVSS7.2AI score0.00412EPSS
Exploits0References9
Snyk
Snyk
added 5 days ago5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the process that handles repository dump creation, which uses release tag names and asset names as filesystem path components. An attacker can manipulate file system paths by providing specially crafted release t...

8.7CVSS6.5AI score0.00181EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago4 views

EUVD-2026-41641

Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths...

6AI score0.00181EPSS
Exploits0References4
NVD
NVD
added 5 days ago6 views

CVE-2026-14607

A weakness has been identified in RT-Thread up to 5.0.2. This affects the function sysgetaddrinfo of the file components/lwp/lwpsyscall.c. Executing a manipulation of the argument aiaddr can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to...

6.8CVSS0.00119EPSS
Exploits0References7
CVE
CVE
added 5 days ago9 views

CVE-2026-14608

SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 is affected. The vulnerability resides in the POST Handler’s /index.php?action=view_student where manipulating the ID argument bypasses authorization. Remote exploitation is possible, and the exploit has been publicly di...

5.3CVSS5.6AI score0.00223EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-41565

A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=viewstudent of the component POST Handler. The manipulation of the argument ID leads to authorization...

5.3CVSS5.6AI score0.00223EPSS
Exploits0References5
CVE
CVE
added 5 days ago14 views

CVE-2026-14607

CVE-2026-14607 affects RT-Thread up to 5.0.2, specifically the sys_getaddrinfo implementation in components/lwp/lwp_syscall.c. Manipulating the ai_addr argument can cause memory corruption; exploit public and local access required. A fix is being prepared in a pull request (RT-Thread/rt-thread#11...

6.8CVSS5.6AI score0.00119EPSS
Exploits0References7
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-41560

A flaw was found in GIMP's Paint Shop Pro PSP file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service DoS by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the...

7.3CVSS6.7AI score0.00233EPSS
Exploits0References4
Nuclei
Nuclei
added 5 days ago53 views

Atom CMS v2.0 - SQL Injection

AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php. id: CVE-2022-24223 info: name: Atom CMS v2.0 - SQL Injection author: theamanrawat severity: critical description: | AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php...

9.8CVSS7.2AI score0.61965EPSS
Exploits4References5
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-4321 SQLi in Raera's Destekz

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the produ...

9.8CVSS0.00266EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 5 days ago5 views

Cursor < 3.0 Multiple Sandbox Escapes

The version of Cursor installed on the remote host is prior to 3.0. It is, therefore, affected by multiple vulnerabilities: - A flaw in the agent sandbox allows a malicious agent to manipulate the workingdirectory parameter, causing the sandbox to include writable paths outside the intended...

9.8CVSS6.9AI score0.00638EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 5 days ago2 views

Anthropic Claude Code 2.1.38 < 2.1.163 Sandbox Escape (CVE-2026-55607)

The version of Anthropic Claude Code installed on the remote host is 2.1.38 prior to 2.1.163. It is, therefore, affected by a sandbox escape vulnerability: - Claude Code's worktree handling allowed creation of worktrees named '.git' and navigation to worktrees outside the sandbox context, enablin...

8.8CVSS6.4AI score0.0071EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-14363

A flaw was found in the Mediawiki Cargo Extension. This vulnerability, identified as SQL Injection, allows an attacker to execute malicious SQL commands. By exploiting improper handling of special characters in SQL commands, an attacker can potentially access, modify, or delete sensitive data...

9.8CVSS5.8AI score0.00255EPSS
Exploits0References6
Nuclei
Nuclei
added 6 days ago44 views

pgAdmin < 6.17 - Unauthenticated Remote Code Execution

pgAdmin prior to 6.17 contains an insecure HTTP API caused by improper access control, letting unauthenticated users execute arbitrary external utilities via path manipulation, exploit requires no authentication. id: CVE-2022-4223 info: name: pgAdmin 6.17 - Unauthenticated Remote Code Execution...

8.8CVSS7.5AI score0.79933EPSS
Exploits0References2
Nuclei
Nuclei
added 6 days ago95 views

Joomla! JCK Editor SQL Injection

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. id: CVE-2018-17254 info: name: Joomla! JCK Editor SQL Injection author: SumanKar severity: critical description: The JCK Editor component 6.4.4 for Joomla! allows SQL Injection vi...

9.8CVSS7.4AI score0.82976EPSS
Exploits5References5
Nuclei
Nuclei
added 6 days ago143 views

Docassemble - Local File Inclusion

Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the mast...

7.5CVSS7AI score0.69486EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 6 days ago4 views

io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

6.9CVSS6.6AI score0.00343EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 6 days ago4 views

netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation

A flaw was found in Netty's DnsResolveContext. This vulnerability allows a remote attacker to achieve information disclosure or data manipulation by crafting malicious DNS responses. The flaw occurs because the DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS...

10CVSS5.9AI score0.00224EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 6 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-55577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow...

5.9CVSS6.1AI score0.00226EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added last week6 views

CVE-2026-56377

A flaw in ImageMagick’s policy enforcement allows remote attackers to bypass path restrictions within sandboxed conversion services. By circumventing these controls, an attacker can create or truncate files outside permitted security boundaries, leading to unauthorized file manipulation. Mitigati...

4.8CVSS5.9AI score0.00164EPSS
Exploits0References5
Rows per page
Query Builder