Lucene search
+L

7347 matches found

Nuclei
Nuclei
added yesterday97 views

TerraMaster TOS < 4.2.06 - User Enumeration

User Enumeration vulnerability in TerraMaster TOS = 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php. id: CVE-2020-28185 info: name: TerraMaster TOS 4.2.06 - User Enumeration author: pussycat0x severity:...

5.3CVSS5.8AI score0.18066EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday18 views

ASUSTOR ADM 3.1.0.RFQ3 - SQL Injection

ASUSTOR ADM version 3.1.0.RFQ3 is vulnerable to SQL injection via the albumid parameter in the /photo-gallery/api/album/treelists/ endpoint. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the database, potentially leading to information disclosure or further...

9.8CVSS9AI score0.11176EPSS
Exploits7References2
Nuclei
Nuclei
added yesterday27 views

Quiz and Survey Master <= 8.1.4 - SQL Injection

ExpressTech Quiz And Survey Master versions up to 8.1.4 contains an SQL injection caused by improper neutralization of special elements used in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2023-28787 info: name: Quiz and Survey Master =...

9.3CVSS9AI score0.0196EPSS
Exploits0References3
Nuclei
Nuclei
added 2 days ago66 views

Apache Spark - Authentication Bypass

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...

9.8CVSS6.8AI score0.29157EPSS
Exploits0References2
NVD
NVD
added 2 days ago7 views

CVE-2026-13767

The Quiz Master Next plugin for WordPress is vulnerable to SQL Injection via stored quiz page data in versions up to, and including, 11.2.0. This is due to insufficient escaping on the user-supplied 'pages' parameter persisted by the qsmajaxsavepages AJAX handler sanitizetextfield only and lack o...

6.5CVSS0.00249EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-44885

The Quiz Master Next plugin for WordPress is vulnerable to SQL Injection via stored quiz page data in versions up to, and including, 11.2.0. This is due to insufficient escaping on the user-supplied 'pages' parameter persisted by the qsmajaxsavepages AJAX handler sanitizetextfield only and lack o...

6.5CVSS6.1AI score0.00249EPSS
Exploits0References5
CVE
CVE
added 2 days ago8 views

CVE-2026-13767

CVE-2026-13767 affects the Quiz Master Next WordPress plugin up to version 11.2.0. The issue is a stored SQL injection in the quiz page data via the ‘pages’ parameter, persisted by qsm_ajax_save_pages() and interpolated into an IN() clause in qsm_options_questions_tab_content() without proper pre...

6.5CVSS6.1AI score0.00249EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago37 views

CVE-2026-13767 Quiz and Survey Master (QSM) <= 11.2.0 - Authenticated (Custom+) SQL Injection via 'pages' Parameter

The Quiz Master Next plugin for WordPress is vulnerable to SQL Injection via stored quiz page data in versions up to, and including, 11.2.0. This is due to insufficient escaping on the user-supplied 'pages' parameter persisted by the qsmajaxsavepages AJAX handler sanitizetextfield only and lack o...

6.5CVSS0.00249EPSS
Exploits0References5
NVD
NVD
added 3 days ago5 views

CVE-2026-49988

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, the Repomix MCP server attachpackedoutput and readrepomixoutput flow can register and read arbitrary local .json, .txt, .md, or .xml files without the filesystemreadfile runSecretLint safety check or Repomix...

6.8CVSS0.00169EPSS
Exploits0References3
NVD
NVD
added 5 days ago7 views

CVE-2026-15541

A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch...

7.5CVSS0.00316EPSS
Exploits0References7
CVE
CVE
added 5 days ago9 views

CVE-2026-15541

CVE-2026-15541 affects will-moss Isaiah up to version 1.36.9. The flaw resides in the Master Websocket Handler’s Server.Handle function (file app/server/server/server.go). A manipulation of the Agent argument can lead to missing authorization, enabling a remote attack. The issue is awaiting a pul...

7.5CVSS6.6AI score0.00316EPSS
Exploits0References7
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-15541 will-moss Isaiah Master Websocket server.go Server.Handle authorization

A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch...

7.5CVSS0.00316EPSS
Exploits0References7
OSV
OSV
added 5 days ago3 views

CVE-2026-15541 will-moss Isaiah Master Websocket server.go Server.Handle authorization

A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch...

6.9CVSS5.8AI score0.00316EPSS
Exploits0References9
NVD
NVD
added 6 days ago10 views

CVE-2026-15476

A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack can only be performed from a local environment. The...

5.3CVSS0.00103EPSS
Exploits0References6
CVE
CVE
added 6 days ago16 views

CVE-2026-15476

CVE-2026-15476 affects QILING Disk Master 6.0.0.0 and its Kernel Driver component diskbckp.sys, where an unknown function in that library enables local privilege escalation via improper access controls. The vulnerability is local, with low attack complexity and proof-of-concept exploit maturity r...

5.3CVSS5.8AI score0.00103EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago11 views

EUVD-2026-43198

A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack can only be performed from a local environment. The...

5.3CVSS5.7AI score0.00103EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago39 views

CVE-2026-15476 QILING Disk Master Kernel Driver diskbckp.sys access control

A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack can only be performed from a local environment. The...

5.3CVSS0.00103EPSS
Exploits0References6
Snyk
Snyk
added 2026/07/08 10:39 p.m.7 views

Arbitrary Code Injection

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Arbitrary Code Injection via the createguardrail, updateguardrail, deleteguardrail, and patchguardrail handlers in the guardrails API. An attacker can upload or modify cust...

7.7CVSS6.3AI score0.00355EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 10:10 a.m.7 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the parsing process of a tar archive containing a PAX extended header with a malformed SUN.holesdata sparse-file attribute. An attacker can cause a heap overflow and out-of-bounds read by supplying a...

3.9CVSS6.3AI score0.00203EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 2:25 a.m.14 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the scp process. An attacker can cause files to be placed outside the intended directory by crafting a copy operation between two remote destinations. Remediation A fix was pushed into the master branch but n...

5.4CVSS6.1AI score0.00241EPSS
Exploits0References2
Rows per page
Query Builder