Lucene search
K

2838 matches found

Patchstack
Patchstack
added 2026/03/11 7:28 a.m.5 views

WordPress Ally - Web Accessibility & Usability plugin <= 4.0.3 - Unauthenticated SQL Injection via URL Path vulnerability

WordPress Ally - Web Accessibility & Usability plugin = 4.0.3 - Unauthenticated SQL Injection via URL Path vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Ally versions = 4.0.3...

7.5CVSS5.8AI score0.02289EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.6 views

PT-2026-24893

Name of the Vulnerable Software and Affected Versions yauzl version 3.2.0 Description yauzl, also known as Yet Another Unzip Library, version 3.2.0 for Node.js contains an off-by-one error within the getLastModDate function, specifically in the NTFS extended timestamp extra field parser. The...

6.9CVSS6AI score0.00485EPSS
Exploits0References16
ATTACKERKB
ATTACKERKB
added 2026/03/09 12:0 a.m.3 views

CVE-2025-70059

An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service...

5.8AI score0.00339EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.12 views

PT-2026-23627

Name of the Vulnerable Software and Affected Versions MarkUs versions prior to 2.9.4 Description MarkUs is a web application used for submitting and grading student assignments. Before version 2.9.4, the application extracted zip files without limitations on file size or the number of entries...

6.5CVSS5.8AI score0.0026EPSS
Exploits0References6
CVE
CVE
added 2026/03/03 12:0 a.m.11 views

CVE-2024-55022

CVE-2024-55022 affects Weintek cMT-3072XH2 easyweb v2.1.53 on OS v20231011. An authenticated command injection vulnerability exists in the HMI Name parameter, allowing an attacker with valid credentials to inject commands. Public details indicate a high-severity impact (CVE metrics show high conf...

8.8CVSS5.9AI score0.01285EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/02/26 12:2 a.m.14 views

CVE-2026-27818

TerriaJS-Server (Node.js Express) has a validation bug in versions prior to 4.0.3 that allows proxying of domains not explicitly allowed in the proxyableDomains allowlist. The issue is fixed in version 4.0.3. Impact is that unapproved domains could be proxied; explicit exploit details or in‑the‑w...

8.7CVSS5.4AI score0.00241EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.10 views

PT-2026-21590

Name of the Vulnerable Software and Affected Versions free5GC SMF versions up to and including 1.4.1 Description free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation 5G mobile core networks. The SMF component experiences a panic and terminates wh...

8.7CVSS5.9AI score0.00302EPSS
Exploits1References11
Vulnrichment
Vulnrichment
added 2026/02/20 12:0 a.m.3 views

CVE-2026-26722

An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality...

5.4AI score0.00333EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

Key Systems Global Facilities Management Software 安全漏洞

Key Systems Global Facilities Management Software is a facilities management system developed by the American company Key Systems. Version 20230721a of Key Systems Global Facilities Management Software contains a security vulnerability. This vulnerability stems from a problem with the PIN compone...

9.4CVSS5.8AI score0.00333EPSS
Exploits1References1
CVE
CVE
added 2026/02/19 11:14 p.m.20 views

CVE-2026-27003

OpenClaw (npm package) is affected by CVE-2026-27003. The vulnerability stems from logging Telegram bot tokens in error messages/stack traces due to insufficient redaction, which can lead to token disclosure. Affected versions are = 2026.2.15 and rotate any bot tokens that may have been exposed. ...

6.9CVSS5.7AI score0.00142EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/02/19 8:32 p.m.2 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview @feathersjs/authentication-oauth is an oAuth 1 and 2 authentication for Feathers. Powered by Grant. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere in the session cookies. An attacker can access sensitive...

8.3CVSS5.6AI score0.00354EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/16 2:32 p.m.4 views

CVE-2026-2561

A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the function webgetddnsuptime of the file /jdcapi of the component jdcwebrpc. Performing a manipulation results in Remote Privilege Escalation. The attack is possible to be carried out remotely. The exploit...

6.5CVSS5.2AI score0.00317EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/02/11 1:15 p.m.11 views

CVE-2025-58467

A relative path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync...

6.5CVSS0.00416EPSS
Exploits0References1
NVD
NVD
added 2026/02/09 8:15 p.m.15 views

CVE-2026-25230

FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is...

5.4CVSS0.00203EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/07 9:2 a.m.5 views

EUVD-2026-5733

A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public an...

8.6CVSS5.2AI score0.09369EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/04 5:15 p.m.5 views

CVE-2026-22044

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23...

6.5CVSS5.6AI score0.00264EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/03 9:19 p.m.4 views

CVE-2026-22222

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...

8.5CVSS6.1AI score0.01423EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/03 1:1 p.m.220 views

Exploit for CVE-2026-21721

💥 CVE-2026-21721 Exploit Написал exploit для CVE-2026-21721...

8.1CVSS5.3AI score0.00647EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.7 views

PT-2026-4933

Name of the Vulnerable Software and Affected Versions Testa Online Test Management System version 3.4.7 Description The software contains a SQL injection issue. Attackers can manipulate database queries through the q search parameter. By injecting malicious SQL code into the search field, attacke...

8.8CVSS5.5AI score0.0024EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/01/22 4:51 p.m.3 views

CVE-2025-48094 WordPress Magic Slider plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Magic Slider magicslider allows Reflected XSS.This issue affects Magic Slider: from n/a through = 2.2...

7.1CVSS5.9AI score0.00237EPSS
Exploits0References1
Rows per page
Query Builder