Lucene search
+L

30 matches found

RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.8 views

CVE-2026-24126

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

9.1CVSS5.5AI score0.00447EPSS
Exploits3References1
SUSE CVE
SUSE CVE
added 2026/02/20 12:24 a.m.7 views

SUSE CVE-2026-24126

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

9.1CVSS5.8AI score0.00447EPSS
Exploits3References3
CVE
CVE
added 2026/02/19 8:26 a.m.17 views

CVE-2026-24999

CVE-2026-24999 concerns WordPress plugin “Alma gateway for WooCommerce” (WordPress Alma plugin

5.3CVSS5.4AI score0.00214EPSS
Exploits0References1
CVE
CVE
added 2026/02/18 11:5 p.m.38 views

CVE-2026-24126

CVE-2026-24126 (Weblate) : The SSH host-key management endpoint accepts the admin-supplied host value and forwards it to ssh-keyscan without validation, enabling argument injection and potential arbitrary local-file read by the web server user. Affected: Weblate versions ≤ 5.15.2; Impact: read se...

9.1CVSS5.5AI score0.00447EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2026/02/18 11:5 p.m.34 views

CVE-2026-24126 Weblate has an argument injection in management console

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...

6.6CVSS0.00447EPSS
Exploits3References3
SUSE CVE
SUSE CVE
added 2026/02/12 12:25 a.m.7 views

SUSE CVE-2026-25934

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...

4.3CVSS5.6AI score0.00136EPSS
Exploits0References10
OSV
OSV
added 2026/02/10 12:28 a.m.4 views

GHSA-37CX-329C-33X3 go-git improperly verifies data integrity values for .idx and .pack files

Impact A vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found. For context, clients fetch...

4.3CVSS5.6AI score0.00136EPSS
Exploits0References4
OSV
OSV
added 2026/02/09 11:16 p.m.3 views

DEBIAN-CVE-2026-25934

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...

4.3CVSS7.6AI score0.00136EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/09 10:13 p.m.2 views

CVE-2026-25934 go-git improperly verifies data integrity values for .idx and .pack files

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...

4.3CVSS5.5AI score0.00136EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.8 views

PT-2026-7181

Name of the Vulnerable Software and Affected Versions go-git versions prior to 5.16.5 Description go-git is a Git implementation library written in Go. A flaw exists in how go-git handles the integrity verification of .pack and .idx files. Specifically, data integrity values were not properly...

5CVSS5.4AI score0.00136EPSS
Exploits0
OSV
OSV
added 2025/03/27 2:15 p.m.5 views

DEBIAN-CVE-2025-26619

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In vega 5.30.0 and lower and in vega-functions 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be...

6.1CVSS5.9AI score0.00324EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/27 12:0 a.m.4 views

CMSimple 安全漏洞

CMSimple is a free content management system from CMSimple open source. A security vulnerability exists in CMSimple version 5.16 that originates from allowing a user to read cms source code by manipulating the filename in the file parameter of a GET request...

7.5CVSS6.8AI score0.00632EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/12/26 12:0 a.m.8 views

PT-2025-3467 · Cmsimple · Cmsimple

Name of the Vulnerable Software and Affected Versions: CMSimple version 5.16 Description: The issue in CMSimple is related to insufficient protection of internal data in the link validation function. This can be exploited by a remote attacker to obtain sensitive information via a crafted script...

7.8CVSS6.8AI score0.00559EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/12/26 12:0 a.m.10 views

PT-2025-3470 · Cmsimple · Cmsimple

Name of the Vulnerable Software and Affected Versions: CMSimple version 5.16 Description: The issue allows a user to read the CMS source code by manipulating the file name in the file parameter of a GET request. This is due to incorrect restriction of the path name to a directory with limited...

7.8CVSS7.2AI score0.00632EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.4 views

WordPress plugin Abandoned Cart Lite for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS8.6AI score0.00457EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.8 views

Vilo Mesh WiFi System 访问控制错误漏洞

Vilo Mesh WiFi System is a wireless system from Vilo. A security vulnerability exists in Vilo Mesh WiFi System version 5.16.1.33 and earlier, which stems from a lack of authentication and allows a remote, unauthenticated attacker to retrieve logs using a sensitive system...

5.3CVSS7AI score0.00377EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.10 views

Vilo 5 Mesh WiFi System 安全漏洞

Vilo Mesh WiFi System is a wireless system from Vilo. A security vulnerability exists in Vilo 5 Mesh WiFi System version 5.16.1.33 and earlier, which stems from the presence of a buffer overflow vulnerability that could allow a remote, unauthenticated attacker to execute arbitrary code via an...

9.6CVSS8.1AI score0.00595EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.7 views

Vilo Mesh WiFi System 安全漏洞

Vilo Mesh WiFi System is a wireless system from Vilo. A security vulnerability exists in Vilo Mesh WiFi System version 5.16.1.33 and earlier, which stems from the presence of a directory traversal vulnerability that could allow a remote, unauthenticated attacker to enumerate the existence and...

5.3CVSS6.8AI score0.00682EPSS
Exploits1References3
OSV
OSV
added 2024/08/21 8:15 a.m.5 views

CVE-2024-6339

The Phlox PRO theme for WordPress is vulnerable to Reflected Cross-Site Scripting via search parameters in all versions up to, and including, 5.16.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS5.9AI score0.00384EPSS
Exploits0References3
OSV
OSV
added 2024/07/31 2:15 p.m.5 views

CVE-2024-37135

DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable applicatio...

4.4CVSS5.8AI score0.00133EPSS
Exploits0References1
Rows per page
Query Builder