Lucene search
K

14250 matches found

Cvelist
Cvelist
added 2026/05/12 8:21 a.m.37 views

CVE-2026-41551

A vulnerability has been identified in ROS All versions V2.2.2. Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device...

9.3CVSS0.00487EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 2:20 a.m.10 views

CVE-2026-40131 SQL Injection vulnerability in SAP HANA Deployment Infrastructure (HDI) deploy library

SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...

3.4CVSS5.9AI score0.00173EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:20 a.m.9 views

CVE-2026-34260

SAP S/4HANA SAP Enterprise Search for ABAP contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the...

9.6CVSS5.9AI score0.00466EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

SAP S/4HANA SQL注入漏洞

SAP S/4HANA is a enterprise resource management software developed by SAP, a German company, based on the SAP HANA memory database system. SAP S/4HANA has a SQL injection vulnerability. This vulnerability allows authenticated attackers to inject malicious SQL statements through user-controlled...

9.6CVSS6.1AI score0.00466EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40019

Name of the Vulnerable Software and Affected Versions Multiple Products affected versions not specified Description A path traversal issue occurs when user-supplied input is improperly handled during server-side file path processing. This can lead to unauthorized access to sensitive files by...

7.1CVSS5.8AI score0.00303EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.10 views

PT-2026-40282

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...

6.5CVSS5.8AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.9 views

PT-2026-40547

Name of the Vulnerable Software and Affected Versions SillyTavern versions prior to 1.18.0 Description SillyTavern is a locally installed user interface for interacting with large language models, image generation engines, and text-to-speech voice models. A reflected Cross-Site Scripting XSS issu...

6.9CVSS6AI score0.00323EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/11 6:31 p.m.8 views

EUVD-2026-29056

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS6AI score0.00318EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 4:17 p.m.13 views

CVE-2026-3320

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS0.00318EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 2:26 p.m.15 views

CVE-2026-3319

CVE-2026-3319: Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-supplied input is insecurely reflected in HTML output at the /collection/ endpoint, enabling arbitrary JavaScript execution. CVSSv4.0 base score 5.1 (Medium) with network attack v...

5.1CVSS6AI score0.00318EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 6:16 a.m.17 views

CVE-2026-6433

The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval, allowing unauthenticated users to execute arbitrary PHP code on the server...

7.3CVSS0.00753EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.10 views

PT-2026-39619

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS6AI score0.00318EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.12 views

PT-2026-39618

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

5.1CVSS6AI score0.00318EPSS
Exploits0References2
OSV
OSV
added 2026/05/10 5:16 a.m.9 views

UBUNTU-CVE-2026-7259

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...

6.5CVSS5.8AI score0.00202EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/10 4:13 a.m.81 views

CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...

2.1CVSS0.00202EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 4:16 p.m.13 views

CVE-2026-41683

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware wrote user-controlled language values into the Content-Language response header after passing them through utils.escape, which ...

8.6CVSS0.00327EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 3:16 p.m.16 views

UBUNTU-CVE-2026-43398

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in wait ioctl Huge input values in amdgpuuserqwaitioctl can lead to a OOM and could be exploited. So check these input value against AMDGPUUSERQMAXHANDLES which is big enough value...

5.5CVSS5.7AI score0.00126EPSS
Exploits0References6
Veracode
Veracode
added 2026/05/08 8:10 a.m.11 views

Command Injection

Click is vulnerable to Command Injection. The vulnerability is due to improper handling of user-controlled input in the click.edit function, allowing attackers to inject and execute arbitrary operating system commands from an unprivileged account...

7.2CVSS6AI score0.0081EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2026/05/07 10:22 a.m.29 views

CVE-2026-33587

CVE-2026-33587 affects Open Notebook v1.8.3 and is due to lack of user input sanitisation enabling Server-Side Template Injection (SSTI). This allows an application user to run Python code within the server context and, consequently, execute OS commands inside the Docker container for user-create...

10CVSS6AI score0.0023EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2026/05/07 7:11 a.m.16 views

Command Injection

willitmerge is vulnerable to Command Injection. The vulnerability is due to improper neutralization of user-controlled input in command execution, which allows an attacker to inject and execute arbitrary system commands through crafted input parameters...

9.8CVSS6AI score0.02413EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder