Lucene search
+L

193 matches found

CVE
CVE
added 4 days ago8 views

CVE-2026-51105

CVE-2026-51105 affects aMULE-Project’s aMule 2.3.3. The root cause is a Buffer Overflow in the OP_SERVERMESSAGE Handler, enabling a remote attacker over the network with no user interaction to cause a denial of service. The CVSS indicates Network access, low complexity, no privileges, and a High ...

7.5CVSS6.1AI score0.00318EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-51541

OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in CIP message parsing when handling malformed explicit requests with a forged EPath size. An attacker can send a valid ENIP SendRRData frame carrying a very short CIP payload whose pathsize field claims that many more path words are...

0.00379EPSS
Exploits0References2
CVE
CVE
added 2026/07/11 5:35 a.m.16 views

CVE-2026-11901

Affected software: WordPress WP Hotel Booking plugin (versions ≤ 2.3.1). Vulnerability: Insufficient Verification of Data Authenticity in the PayPal IPN handler (web_hook_process_paypal_standard). The IPN validation endpoint can be chosen from attacker-controlled test_ipn, permitting force-upgrad...

5.3CVSS6.1AI score0.00177EPSS
Exploits0References10
OSV
OSV
added 2026/07/09 9:26 a.m.2 views

CLEANSTART-2026-OV19069 Security fixes for CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27140, CVE-2026-27143, CVE-2026-27144, CVE-2026-27145, CVE-2026-32280, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42504, CVE-2026-42506, CVE-2026-42507, ghsa-p77j-4mvh-x3m3 applied in versions: 2.3.0-r1

Multiple security vulnerabilities affect the mountpoint-s3-csi-driver package. These issues are resolved in later releases. See references for individual vulnerability details...

9.8CVSS6.8AI score0.01557EPSS
Exploits1References64
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.11 views

PT-2026-56578

Name of the Vulnerable Software and Affected Versions AsyncSSH versions prior to 2.23.1 Description AsyncSSH is a Python package providing an asynchronous client and server implementation of the SSHv2 protocol. A malicious SSH server can write arbitrary files on the SCP client's filesystem by...

8.1CVSS6.2AI score0.00317EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/02 10:30 a.m.8 views

CVE-2026-54431

In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...

5.1CVSS5.8AI score0.00128EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 10:30 a.m.11 views

EUVD-2026-41277

In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...

5.1CVSS5.8AI score0.00128EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 2:25 p.m.21 views

CVE-2026-58399

The CVE affects @acastellon/auth (authentication control for microservices). Versions

8.7CVSS5.8AI score0.00543EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/16 12:34 a.m.10 views

EUVD-2026-37027

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM Comment tags. An attacker cou...

5.6CVSS5.5AI score0.00158EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/15 8:19 p.m.12 views

EUVD-2026-36862

Subscriber Privilege Escalation in Amelia = 2.3 versions...

8.8CVSS5.2AI score0.00378EPSS
Exploits0References1
CVE
CVE
added 2026/06/14 11:45 p.m.29 views

CVE-2026-12197

The CVE-2026-12197 affects Ruijie EG105G-P (firmware 2.340). The issue resides in the nslookup function of /cgi-bin/luci/api/diagnose (JSON-RPC Diagnose Endpoint), where manipulating the params.target argument leads to command injection. It enables remote initiation of an attack, with an exploit ...

8.6CVSS7AI score0.02385EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.12 views

CVE-2026-49051

Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Meta and Date Remover: from n/a through 2.3.6...

4.3CVSS5.4AI score0.0022EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 6:0 p.m.10 views

CVE-2026-45748 Termix Vulnerable to Remote Code Execution via SSH Tunnel Forward Command Injection

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The POST /ssh/tunnel/connect endpoint in Termix prior to version 2.3.2 builds an SSH tunnel command by interpolating user-controlled host record fields endpointIP, endpointUsername,...

9.8CVSS5.5AI score0.01729EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/05 5:58 p.m.13 views

EUVD-2026-34873

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command...

9.9CVSS6AI score0.02008EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/05 5:56 p.m.11 views

CVE-2026-45743 Termix has a File-Manager Session Hijack via Missing Ownership Check (IDOR)

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by sessionId. An authenticated attacker who knows or...

8.1CVSS5.6AI score0.00282EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.12 views

Termix 安全漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification by 16 file manager endpoints to ensure that the requesting user had an SSH session...

8.1CVSS5.5AI score0.00282EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.29 views

PT-2026-47022

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description The File Manager component of this web-based server management platform contains a command injection flaw. The endpoint "/ssh/file manager/ssh/resolvePath" unsafely processes the path parameter,...

9CVSS5.6AI score0.00294EPSS
Exploits1References9
NVD
NVD
added 2026/06/02 10:16 a.m.16 views

CVE-2025-53345

Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3...

8.8CVSS0.00302EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor 2.362.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the SAML service provider’s failure to validate the...

5.8AI score0.00365EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/27 8:13 p.m.12 views

CVE-2026-46620

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

6.5CVSS5.8AI score0.00133EPSS
Exploits0References1
Rows per page
Query Builder