Lucene search
K

924 matches found

Vulnrichment
Vulnrichment
added 2026/03/10 12:17 a.m.2 views

CVE-2026-24310 Missing Authorization check in SAP NetWeaver Application Server for ABAP

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentialit...

3.5CVSS5.9AI score0.00193EPSS
Exploits0References2
Redos
Redos
added 2026/03/10 12:0 a.m.6 views

ROS-20260310-73-0009

A vulnerability in the Blink display module of the Google Chrome browser is related to flaws in the implementation of security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to read and delete data using a specially crafted...

5.4CVSS5.8AI score0.00187EPSS
Exploits0
Redos
Redos
added 2026/03/10 12:0 a.m.6 views

ROS-20260310-73-0001

A vulnerability in the Cluster: General component of the MySQL Cluster database management system is related to an access control flaw. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to read, modify, add or delete data or cause a denial of service...

5.5CVSS5.8AI score0.00819EPSS
Exploits0
NVD
NVD
added 2026/02/25 12:16 p.m.9 views

CVE-2026-25701

An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: gain access to possible private information found in /var/lib/pcrlock.d manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the...

7CVSS0.00108EPSS
Exploits0References1
Veracode
Veracode
added 2026/02/18 8:2 a.m.7 views

Directory Traversal

redaxo/source is vulnerable to Directory Traversal. The vulnerability is due to improper validation of the EXPDIR POST parameter in the Backup addon's file export functionality, which allows an authenticated attacker with backup permissions to supply crafted relative paths and read arbitrary file...

8.3CVSS5.8AI score0.00493EPSS
Exploits3References5Affected Software1
Redos
Redos
added 2026/02/16 12:0 a.m.7 views

ROS-20260216-73-0036

A vulnerability in the AWT and JavaFX components of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is associated with insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker acting...

7.4CVSS5.6AI score0.00427EPSS
Exploits0
Redos
Redos
added 2026/02/16 12:0 a.m.4 views

ROS-20260216-73-0024

A vulnerability in the Zabbix IT infrastructure monitoring system is related to insufficient server-side request validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to the data...

6.8CVSS5.6AI score0.00311EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/02/14 6:42 a.m.5 views

CVE-2026-0727

The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.5. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'wpaassaveattachmentdata' and...

5.4CVSS5.5AI score0.00266EPSS
Exploits0References3
OSV
OSV
added 2026/02/11 1:15 p.m.2 views

CVE-2025-54162

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File...

4.9CVSS5.8AI score0.00436EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/11 7:30 a.m.8 views

CVE-2026-2096

Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...

9.8CVSS5.5AI score0.00519EPSS
Exploits0References1
OSV
OSV
added 2026/02/10 4:16 p.m.3 views

CVE-2026-1602

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

6.5CVSS6AI score0.00685EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/10 3:7 p.m.3 views

CVE-2026-1602

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

6.5CVSS6.1AI score0.00685EPSS
Exploits0References1
NVD
NVD
added 2026/02/10 7:16 a.m.5 views

CVE-2026-2094

Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

8.8CVSS0.00319EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/10 6:45 a.m.2 views

CVE-2026-2093 Flowring|Docpedia - SQL Injection

Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

8.7CVSS6.3AI score0.00462EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/09 7:17 a.m.5 views

CVE-2026-2235 HGiga|C&Cm@il - SQL Injection

C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

7.1CVSS6.3AI score0.00272EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/06 7:7 a.m.14 views

CVE-2025-15080

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in the affected...

8.8CVSS5.5AI score0.00539EPSS
Exploits0References1
NVD
NVD
added 2026/02/05 6:15 a.m.11 views

CVE-2025-15080

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in the affected...

8.8CVSS0.00539EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/05 5:16 a.m.5 views

CVE-2025-15080

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in the affected...

8.8CVSS5.5AI score0.00539EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/05 5:16 a.m.8 views

EUVD-2025-206873

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in the affected...

8.8CVSS5.5AI score0.00539EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/21 10:25 p.m.3 views

CVE-2026-21981

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

4.6CVSS5.4AI score0.00121EPSS
Exploits0References1
Rows per page
Query Builder