Lucene search
K

55 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/13 6:3 p.m.6 views

CVE-2026-30906

Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

5.8AI score0.00118EPSS
Exploits0References2
OSV
OSV
added 2026/05/04 6:16 p.m.8 views

PYSEC-2026-105

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

4.6CVSS5.9AI score0.002EPSS
Exploits1References1
NVD
NVD
added 2026/04/08 7:25 p.m.7 views

CVE-2026-34722

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the used endpoint for ticket creation was missing authorization if the related parameter for adding links is used. This vulnerability is fixed in 7.0.1 and 6.5.4...

6.9CVSS0.00167EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 3:53 p.m.3 views

CVE-2026-35578

This CVE is a duplicate of another CVE. REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39940. Reason: This candidate is a reservation duplicate of CVE-2026-39940. Notes: All CVE users should reference CVE-2026-39940 instead of this candidate. All references and descriptions in this...

5.3CVSS5.8AI score0.00269EPSS
Exploits0References2
NVD
NVD
added 2026/04/03 5:16 p.m.2 views

CVE-2026-5473

A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manipulation leads to deserialization. The attack needs to be performed locally. The attack requires a high level of complexity. The exploitability is...

7CVSS0.00223EPSS
Exploits0References5
OSV
OSV
added 2026/04/02 2:16 p.m.2 views

UBUNTU-CVE-2026-31932

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4...

7.5CVSS5.7AI score0.00267EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-28392

Name of the Vulnerable Software and Affected Versions staffwiki version 7.0.1.19219 Description A cross-site scripting XSS issue exists in staffwiki. This allows attackers to execute arbitrary Javascript in the context of a user's browser through a crafted HTTP request. The vulnerable API endpoin...

6.1CVSS6AI score0.00249EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.4 views

PT-2026-26942

Name of the Vulnerable Software and Affected Versions Suricata affected versions not specified Description Security issues have been resolved in the libsuricata8 0 4-8.0.4-1.1 package on openSUSE Tumbleweed. Recommendations At the moment, there is no information about a newer version that contain...

7.5CVSS5.8AI score0.00351EPSS
Exploits0References11
EUVD
EUVD
added 2026/02/25 1:13 a.m.5 views

EUVD-2025-208105

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, when a link is sent via Secure Messaging, clicking the link opens the website within the OpenEMR/Portal site. This behavior could be exploited for phishing. Version 7.0...

7.2CVSS5.5AI score0.00157EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.6 views

Oracle Health Sciences Applications security vulnerabilities

Oracle Health Sciences Applications is a clinical research and development solution developed by Oracle Corporation for the healthcare industry in the United States. The version 7.0.1.0 of Oracle Life Sciences Central Coding in Oracle Health Sciences Applications contains a security vulnerability...

6.5CVSS7.1AI score0.00187EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/15 9:29 p.m.9 views

CVE-2025-14345

A post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short period of time. This error can cause the transaction...

5.4CVSS6.7AI score0.00192EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.3 views

EUVD-2025-202100

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Get Bowtied Shopkeeper Extender shopkeeper-extender allows Stored XSS.This issue affects Shopkeeper Extender: from n/a through 7.0...

6.5CVSS5.5AI score0.00156EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/22 2:32 p.m.9 views

CVE-2025-62006 WordPress WP SMS plugin <= 7.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in VeronaLabs WP SMS wp-sms.This issue affects WP SMS: from n/a through = 7.0.1...

5.4CVSS0.00254EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/21 8:3 p.m.3 views

EUVD-2025-35223

Vulnerability in the Oracle Life Sciences InForm product of Oracle Health Sciences Applications component: Web Server. The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life Science...

6.1CVSS5.1AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/14 8:6 p.m.10 views

CVE-2025-62374 Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs

Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...

6.4CVSS0.00374EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-32064

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00344EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/07/28 11:33 p.m.2 views

SUSE CVE-2024-47522

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been addressed in 7.0.7. O...

7.5CVSS6.9AI score0.00577EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.4 views

MongoDB Server 安全漏洞

MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A security vulnerability exists in MongoDB Server versions prior to 6.0.23,...

7.5CVSS6.5AI score0.00307EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/08 1:18 p.m.4 views

CVE-2025-49315

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows SQL Injection.This issue affects Persian Woocommerce SMS: from n/a through = 7.0.10...

7.6CVSS5.9AI score0.00355EPSS
Exploits0References1
Snyk
Snyk
added 2025/06/03 7:43 p.m.4 views

Arbitrary Code Injection

Overview org.hibernate.validator:hibernate-validator is a Hibernate Validator Engine Relocation Artifact. Affected versions of this package are vulnerable to Arbitrary Code Injection due to the interpolation of user-supplied input in constraint violation messages with Expression Language. An...

7.3CVSS7.7AI score0.00615EPSS
Exploits0References2
Rows per page
Query Builder