Lucene search
K

2840 matches found

NVD
NVD
added 2026/04/06 6:16 p.m.3 views

CVE-2026-30613

An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch 16amp- WiFi/Bluetooth Enabled Software Version: 1.1.9 due to improper access control on the UART debug interface. An attacker with physical access can connect to the UART interface and obtain sensitive information from th...

4.6CVSS0.00168EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.10 views

PT-2026-30563

A vulnerability has been found in itsourcecode Construction Management System 1.0. Affected is an unknown function of the file /borrowed equip report.php of the component Parameter Handler. The manipulation of the argument Home leads to sql injection. It is possible to initiate the attack remotel...

6.5CVSS5.7AI score0.00204EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.3 views

PT-2026-29329

An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure...

6.4AI score0.00147EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/30 5:29 p.m.2 views

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error in the CapSoftwareVersion.DecodeFromBytes function. An attacker can cause a denial of service by remotely manipulating the data argument to trigger an off-by-one error. Remediation Upgrade...

6.3CVSS5.9AI score0.00409EPSS
Exploits0References2
NVD
NVD
added 2026/03/30 12:16 p.m.5 views

CVE-2019-25655

Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection dialog. Attackers can trigger the crash by entering a malformed server name or address containing...

6.9CVSS0.00159EPSS
Exploits1References2
Fedora
Fedora
added 2026/03/28 1:7 a.m.11 views

[SECURITY] Fedora 42 Update: htslib-1.23.1-1.fc42

HTSlib is an implementation of a unified C library for accessing common file formats, such as SAM, CRAM and VCF, used for high-throughput sequencing data, and is the core library used by samtools and bcftools...

8.8CVSS5.8AI score0.00373EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.8 views

CVE-2025-55272

HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s software and version details which would allow them to craft software specific attacks...

5.3CVSS5.9AI score0.00225EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.8 views

PT-2026-28546

Name of the Vulnerable Software and Affected Versions Gematik Authenticator versions prior to 4.16.0 Description Gematik Authenticator is used to securely authenticate users for login to digital health applications. Versions prior to 4.16.0 are susceptible to authentication flow hijacking. An...

9.3CVSS5.9AI score0.00265EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/03/26 12:55 p.m.20 views

CVE-2025-55272 HCL Aftermarket DPC is affected by Banner Disclosure vulnerability

HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s software and version details which would allow them to craft software specific attacks...

3.1CVSS0.00225EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.4 views

PT-2026-28147

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint interface/billing/get claim file.php only verifies that the caller has a valid session and CSRF token, but does not check any ACL...

7.6CVSS5.8AI score0.00244EPSS
Exploits0References4
NVD
NVD
added 2026/03/24 4:16 p.m.4 views

CVE-2026-33473

Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue...

5.7CVSS0.00258EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.10 views

Pixarra Liquid Studio 安全漏洞

Pixarra Liquid Studio is a digital art creation software developed by the American company Pixarra. It focuses on creating works in the “organic block-style” style, suitable for concept art, illustrations, textures, backgrounds, and the rendering of natural forms. Version 2.17 of Pixarra Liquid...

6.9CVSS5.8AI score0.00174EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.6 views

PT-2026-26897

CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the password field. Attackers can paste a large string of repeated characters into the password input during the upload process to trigger an...

8.7CVSS6AI score0.00395EPSS
Exploits1References4
NVD
NVD
added 2026/03/20 7:16 p.m.5 views

CVE-2026-32318

Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Befo...

7.6CVSS0.00078EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.4 views

PT-2026-25602

Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication...

5.3CVSS5.9AI score0.00256EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 9:19 p.m.34 views

CVE-2026-32709 PX4 Autopilot MAVLink FTP Unauthenticated Path Traversal (Arbitrary File Read/Write/Delete)

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem withou...

5.4CVSS0.00476EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/13 11:42 a.m.28 views

CVE-2026-32424 WordPress Sprout Clients plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from n/a through = 3.2.2...

6.5CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/03/12 1:2 p.m.11 views

CVE-2026-0809

CVE-2026-0809 concerns Streamsoft Prestiż. The vulnerability arises from a weak, custom token encoding algorithm used by the software, which enables an attacker to guess the KSeF (Krajowy System e‑Faktur) token after analyzing how tokens with known values are encoded. The issue affects Streamsoft...

6.3CVSS5.8AI score0.00249EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-25088

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.5.1 Description Ella Core is a 5G core designed for private networks. The software experiences a panic, leading to a denial of service, when processing a PathSwitchRequest containing UE Security Capabilities with...

9.9CVSS7.1AI score0.22162EPSS
Exploits70References140
EUVD
EUVD
added 2026/03/11 7:52 p.m.6 views

EUVD-2026-11334

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.1, Plunk's image upload endpoint accepted SVG files, which browsers treat as active documents capable of executing embedded JavaScript, creating a stored XSS vulnerability. This vulnerability is fixed in 0.7.1...

5.4CVSS5.8AI score0.00136EPSS
Exploits0References1
Rows per page
Query Builder