Lucene search
K

88 matches found

Kaspersky
Kaspersky
added 2026/04/29 12:0 a.m.18 views

KLA91056 DoS vulnerabilities in Wireshark

Denial of service vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in Wireshark dissector can be exploited remotely to cause denial of service. 2...

7.5CVSS5.8AI score0.00193EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.3 views

Fedora 44 : dnsdist (2026-519446405a)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-519446405a advisory. Update to latest upstream Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

8.2CVSS5.5AI score0.01028EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/04/22 6:45 a.m.14 views

DeepL Chrome browser extension vulnerable to cross-site scripting

Overview DeepL Chrome browser extension contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2026-40451 This vulnerability was reported by the researchers below and JPCERT/CC coordinated with the developer. Junki Yuasa of Cybozu, Inc. reported this vulnerability to JPCERT/CC...

6.1CVSS6.2AI score0.00168EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/31 10:52 p.m.5 views

baserCMS is Vulnerable to Cross-site Scripting

baserCMS has DOM-based cross-site scripting in tag creation. Target baserCMS 5.2.2 and earlier versions Vulnerability Malicious JavaScript may be executed when creating a tag. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more...

7.1CVSS7AI score0.00258EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 10:35 p.m.3 views

baserCMS has an SQL injection vulnerability in its blog post functionality

baserCMS has a SQL injection vulnerability in blog posts. Target baserCMS 5.2.2 and earlier versions Vulnerability Malicious SQL may be executed in blog posts. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information...

9.8CVSS7.1AI score0.00412EPSS
Exploits0References5Affected Software1
Packet Storm
Packet Storm
added 2026/02/18 12:0 a.m.115 views

📄 ChurchCRM 6.8.0 Information Disclosure Tester

ChurchCRM versions 6.8.0 and earlier expose the installation setup endpoint without proper access restrictions. If the setup process remains accessible after deployment, it may allow unauthorized users to interact with configuration parameters. This misconfiguration increases the risk of...

5.5AI score
Exploits0
Rosalinux
Rosalinux
added 2026/02/16 10:56 a.m.7 views

Advisory ROSA-SA-2026-3176

Software: modauthopenidc 2.4.9.4 OS: ROSA Virtualization 3.0 unaffected versions = modauthopenidc-2.4.9.4-8.rv30 affected versions modauthopenidc-2.4.9.4-8.rv30 CVE-ID: CVE-2025-3891 BDU-ID: 2025-10948 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the authentication and authorization module for...

8.2CVSS6.2AI score0.01327EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.11 views

PT-2026-7328

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 14.99.14 Frappe versions prior to 15.94.0 Description A crafted malicious signup URL for a Frappe site could lead to an open redirect or reflected cross-site scripting XSS, depending on the crafted payload, when a user...

6.1CVSS4.8AI score0.00159EPSS
Exploits0References6
ICS
ICS
added 2026/02/10 12:0 a.m.7 views

Siemens SINEC NMS

SUMMARY Multiple Siemens products are affected by two local privilege escalation vulnerabilities which could allow an low privileged attacker to load malicious DLLs, potentially leading to arbitrary code execution with elevated privileges. Siemens has released new versions for the affected...

6.4AI score
Exploits0References10
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.20 views

Adobe Commerce - Authentication Bypass

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high...

9.1CVSS6.9AI score0.96742EPSS
Exploits9References2
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.143 views

📄 WP-Polls 2.73 Cross Site Scripting

A cross site scripting vulnerability exists in WP-Polls WordPress Plugin version 2.73. This issue is older research added to the archive. WP-Polls 2.73 - Reflected Cross-site Scripting Advisory ID: RO-16-005 CVE ID: CVE-2016-10936 Severity: Medium Vendor: WordPress Product: WP-Polls Version: 2.73...

6.1CVSS4.9AI score0.00917EPSS
Exploits1
ICS
ICS
added 2026/01/13 12:0 a.m.5 views

Siemens TeleControl Server Basic

SUMMARY TeleControl Server Basic before V3.1.2.4 contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges. Siemens has released a new version for TeleControl Server Basic and recommends to update to the latest version. 2...

8.8CVSS7.4AI score0.00144EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/01/09 9:10 p.m.5 views

CVE-2026-0830 Command Injection in Kiro GitLab Merge Request Helper

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version...

8.4CVSS7.1AI score0.01279EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.7 views

PT-2026-2125

Name of the Vulnerable Software and Affected Versions rsa crate versions prior to 0.9.10 Description The rsa crate, an RSA implementation written in rust, experiences a panic instead of returning an error during the creation of an RSA private key from its components when one of the prime numbers ...

6.9CVSS6.6AI score0.00405EPSS
Exploits0References15
Kaspersky
Kaspersky
added 2025/12/03 12:0 a.m.6 views

KLA90683 DoS vulnerability in Wireshark

Denial of service vulnerability was found in Wireshark. Malicious users can exploit this vulnerability to cause denial of service. Original advisories wnpa-sec-2025-07 · HTTP3 dissector crash Exploitation Public exploits exist for this vulnerability. Related products Wireshark CVE list...

5.5CVSS6.3AI score0.00132EPSS
Exploits1References3
Kaspersky
Kaspersky
added 2025/11/19 12:0 a.m.9 views

KLA90684 DoS vulnerability in Wireshark

Denial of service vulnerability was found in Wireshark. Malicious users can exploit this vulnerability to cause denial of service. Original advisories wnpa-sec-2025-05 · BPv7 dissector crash Related products Wireshark CVE list CVE-2025-13674 high Solution Update to the latest version Download...

5.5CVSS6.6AI score0.00096EPSS
Exploits0References3
Kaspersky
Kaspersky
added 2025/11/19 12:0 a.m.7 views

KLA90685 DoS vulnerability in Wireshark

Denial of service vulnerability was found in Wireshark. Malicious users can exploit this vulnerability to cause denial of service. Original advisories wnpa-sec-2025-06 · Kafka dissector crash Related products Wireshark CVE list CVE-2025-13499 high Solution Update to the latest version Download...

7.8CVSS6.6AI score0.00101EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.5 views

PT-2025-47296

Name of the Vulnerable Software and Affected Versions WinPlus version 24.11.27 Description An issue exists in WinPlus that allows for the upload of dangerous file types. An attacker can upload a 'webshell' by sending a POST request to the ''/WinplusPortal/ws/sWinplus.svc/json/uploadfile'' endpoin...

8.7CVSS6.8AI score0.003EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.8 views

PT-2025-44522

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R2 Description Nagios XI versions prior to 2024R2 have a command injection issue in the WinRM plugin. A lack of proper validation of user-supplied parameters allows an authenticated administrator to inject shell...

9.4CVSS7.6AI score0.04188EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.7 views

PT-2025-44362

Name of the Vulnerable Software and Affected Versions Drupal Simple OAuth OAuth2 & OpenID Connect versions 6.0.0 through 6.0.6 Description A flaw exists in Simple OAuth OAuth2 & OpenID Connect that permits authentication bypass. This issue allows bypassing normal authentication mechanisms through...

7.5CVSS6.6AI score0.00343EPSS
Exploits0References9
Rows per page
Query Builder