Lucene search
+L

16916 matches found

OSV
OSV
added 2026/02/02 11:2 p.m.4 views

CVE-2026-25228 SignalK Server has Path Traversal leading to information disclosure

Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerability in SignalK Server's applicationData API allows authenticated users on Windows systems to read, write, and list arbitrary files and directories on the filesystem. The...

5CVSS5.6AI score0.00384EPSS
Exploits1References4
EUVD
EUVD
added 2026/01/28 5:35 p.m.7 views

EUVD-2020-30881

M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standa...

8.8CVSS5.9AI score0.00419EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/28 12:0 a.m.5 views

EUVD-2025-206470

An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

7.5CVSS5.9AI score0.00308EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/27 8:44 a.m.30 views

CVE-2026-24808 A possible integer overflow vulnerability in RawTherapee/RawTherapee

Integer Overflow or Wraparound vulnerability in RawTherapee rtengine modules. This vulnerability is associated with program files dcraw.Cc. This issue affects RawTherapee: through 5.11...

8.3CVSS0.00129EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.7 views

PT-2026-4854

Name of the Vulnerable Software and Affected Versions ASDA-Soft affected versions not specified Description ASDA-Soft contains a stack-based buffer overflow issue. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

9.8CVSS6.2AI score0.00532EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.5 views

Google Chrome < 144.0.7559.109 Vulnerability

The version of Google Chrome installed on the remote macOS host is prior to 144.0.7559.109. It is, therefore, affected by a vulnerability as referenced in the 202601stable-channel-update-for-desktop27 advisory. - Inappropriate implementation in Background Fetch API in Google Chrome prior to...

6.5CVSS8.8AI score0.00224EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/26 5:42 p.m.2 views

CVE-2020-36953 MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path

MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\MiniTool ShadowMaker\AgentService.exe' to inject malicious executables and...

8.5CVSS6.1AI score0.00172EPSS
Exploits0References3
Wolfi
Wolfi
added 2026/01/23 1:57 a.m.4 views

GHSA-R6Q2-HW4H-H46W vulnerabilities

Vulnerabilities for packages: kubeflow-centraldashboard, lerna, prism, opensearch-dashboards, py3-jupyterlab, kubeflow-pipelines, pnpm-stage0, pulumi, renovate, saf, sqlpad, code-server, tileserver-gl, kubeflow-katib, node-gyp, vitess, tensorflow-cpu-jupyter...

5.3AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:52 p.m.2 views

CVE-2025-68857

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through = 3.15...

9.3CVSS5.6AI score0.00283EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.4 views

PT-2026-3927

Authorization Bypass Through User-Controlled Key vulnerability in Solvera Software Services Trade Inc. Teknoera allows Exploitation of Trusted Identifiers.This issue affects Teknoera: through 01102025...

7.5CVSS5.4AI score0.00379EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.8 views

PT-2026-3524

Name of the Vulnerable Software and Affected Versions CRMEB versions prior to 5.6.4 Description A security flaw exists in CRMEB that allows improper authentication. This is due to manipulation of the openId argument within the appleLogin function located in the file...

7.5CVSS7AI score0.0079EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

Qnap QTS and QuTS hero Buffer Copy without Checking Size of Input (CVE-2025-52863)

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS...

8.1CVSS5.8AI score0.00299EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/19 11:25 p.m.5 views

CVE-2026-23644

esm.sh is a no-build content delivery network CDN for web development. Prior to Go pseeudoversion 0.0.0-20260116051925-c62ab83c589e, the software has a path traversal vulnerability due to an incomplete fix. path.Clean normalizes a path but does not prevent absolute paths in a malicious tar file...

8.7CVSS5.5AI score0.00476EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.8 views

PT-2026-3222

Name of the Vulnerable Software and Affected Versions Delta Electronics DIAView affected versions not specified Description DIAView software contains a command injection issue. The software is susceptible to command injection, potentially allowing an attacker to execute arbitrary commands...

9.8CVSS5.8AI score0.01356EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.9 views

Laravel Valet security vulnerabilities

Laravel Valet is an open-source PHP development framework available on https://laravel.com/. There are security vulnerabilities in the version of Laravel Valet from 1.1.4 to 2.0.3. These vulnerabilities stem from allowing users to modify the valet command with root privileges, which could lead to...

8.4CVSS5.8AI score0.00183EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/14 10:18 p.m.28 views

CVE-2025-13454

A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information...

6.8CVSS0.00092EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.6 views

Adobe Substance3D Stager 资源管理错误漏洞

Adobe Substance3D Stager is a set and rendering software for 3D scenes from Audobee Adobe USA. A resource management error vulnerability exists in Adobe Substance3D Stager 3.1.5 and prior versions, which stems from reuse after release and could lead to the execution of arbitrary code...

7.8CVSS6AI score0.0018EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.6 views

Adobe InDesign Desktop 缓冲区错误漏洞

Adobe InDesign is a professional desktop publishing software developed by Adobe for layout and page layout in print and digital media. A buffer overflow vulnerability exists in Adobe InDesign, which is caused by an access to an uninitialized pointer error, and can be exploited by an attacker to...

7.8CVSS6.5AI score0.00216EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:34 p.m.9 views

CVE-2023-45499

VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain hardcoded credentials...

9.8CVSS7.3AI score0.07887EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:30 p.m.19 views

CVE-2023-40297

Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component...

7.5CVSS6.7AI score0.00989EPSS
Exploits1References1
Rows per page
Query Builder