Lucene search
K

41 matches found

EUVD
EUVD
added 2026/04/21 9:31 p.m.6 views

EUVD-2026-24295

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

4.9CVSS5.7AI score0.00323EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 9:16 p.m.6 views

CVE-2026-35239

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.9CVSS0.00242EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 3:16 p.m.3 views

CVE-2026-33205

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitra...

5.5CVSS0.00173EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/27 1:53 p.m.2 views

CVE-2026-33206 calibre has a path traversal vulnerability

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling of images in Markdown and other similar text-based files allowing an attacker to include arbitrary files from the...

8.2CVSS5.9AI score0.00208EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.3 views

CVE-2026-32886

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.24 and 8.6.47, remote clients can crash the Parse Server process by calling a cloud function endpoint with a crafted function name that traverses the JavaScript prototype...

8.2CVSS6AI score0.00512EPSS
Exploits0References1
NVD
NVD
added 2026/03/11 8:16 p.m.5 views

CVE-2026-32234

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.10 and 8.6.36, an attacker with access to the master key can inject malicious SQL via crafted field names used in query constraints when Parse Server is configured with...

5.1CVSS0.00201EPSS
Exploits0References3
OSV
OSV
added 2026/03/11 7:57 p.m.4 views

CVE-2026-32098 Parse Server has a protected fields bypass via LiveQuery subscription WHERE clause

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.9 and 8.6.35, an attacker can exploit LiveQuery subscriptions to infer the values of protected fields without directly receiving them. By subscribing with a WHERE clause th...

6.9CVSS5.8AI score0.00288EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/10 2:12 a.m.4 views

CVE-2025-70050

An issue pertaining to CWE-312: Cleartext Storage of Sensitive Information was discovered in lesspass lesspass v9.6.9 which allows attackers to obtain sensitive information...

6.5CVSS5.8AI score0.00167EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/09 12:0 a.m.1 views

CVE-2025-70050

An issue pertaining to CWE-312: Cleartext Storage of Sensitive Information was discovered in lesspass lesspass v9.6.9 which allows attackers to obtain sensitive information...

5.8AI score0.00167EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/02/16 5:51 p.m.8 views

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.8CVSS6.9AI score0.00544EPSS
Exploits3References9
OSV
OSV
added 2026/01/17 6:30 p.m.1 views

GHSA-VHCX-7RPG-HP39 risesoft-y9 Digital-Infrastructure has a SQL injection vulnerability

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...

7.3CVSS5.7AI score0.00364EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/01/17 6:2 p.m.3 views

CVE-2026-1050

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...

7.5CVSS5.3AI score0.00364EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/01/08 2:21 a.m.17 views

CVE-2019-25296

The CVE-2019-25296 entry concerns the WP Cost Estimation WordPress plugin up to version 9.642, where missing file type validation in the lfb_upload_form and lfb_removeFile AJAX actions allows unauthenticated arbitrary file uploads and deletions. This can enable uploading arbitrary files to the se...

9.8CVSS7.2AI score0.00597EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/10/22 12:12 a.m.13 views

CVE-2025-61457

code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting XSS src/Form/Fields/SharpFormUploadField.php...

6.1CVSS6.2AI score0.00296EPSS
Exploits0References1
OSV
OSV
added 2025/10/21 9:33 p.m.2 views

GHSA-9778-V769-QVJF code16 Sharp vulnerable to Cross Site Scripting (XSS)

code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting XSS src/Form/Fields/SharpFormUploadField.php...

6.1CVSS6.3AI score0.00296EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/09 6:30 p.m.4 views

EUVD-2025-33404

In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in user/list is not securely filtered, resulting in a SQL injection vulnerability...

6.5CVSS7.5AI score0.00235EPSS
Exploits1References3
NVD
NVD
added 2025/10/09 5:16 p.m.2 views

CVE-2025-60266

In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in address/list is not securely filtered, resulting in a SQL injection vulnerability...

6.5CVSS0.00202EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.6 views

PT-2025-41448

Name of the Vulnerable Software and Affected Versions xckk version 9.6 Description The software contains a SQL injection issue due to insufficient filtering of the cond parameter within the ''/notice/list'' API endpoint. This allows for potential unauthorized database access or modification...

6.5CVSS7.5AI score0.00235EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2025/10/06 7:15 p.m.11 views

CVE-2025-61984

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. A configuration...

3.6CVSS6.6AI score0.00221EPSS
Exploits2References6
CNNVD
CNNVD
added 2025/05/08 12:0 a.m.3 views

SLiMS 9 Bulian 安全漏洞

SLiMS 9 Bulian is a free and open source software from the SLiMS community in Indonesia. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. A security vulnerability exists in SLiMS 9 Bulian version 9.6.1, which originates...

6.5CVSS7.7AI score0.00268EPSS
Exploits1References2
Rows per page
Query Builder