Lucene search
K

537 matches found

RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.5 views

CVE-2026-25579

Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL /share/img/. When processing such requests, the...

9.2CVSS5.4AI score0.00455EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/04 9:58 p.m.6 views

EUVD-2026-5324

Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL /share/img/. When processing such requests, the...

9.2CVSS5.5AI score0.00455EPSS
Exploits1References2
NVD
NVD
added 2026/01/30 11:16 p.m.4 views

CVE-2020-37035

e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject malicious SQL code in the 'search' parameter to potentially extract, modify, or access sensitive...

8.8CVSS0.00362EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/30 10:7 p.m.25 views

CVE-2020-37035 e-learning Php Script 0.1.0 - 'search' SQL Injection

e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject malicious SQL code in the 'search' parameter to potentially extract, modify, or access sensitive...

8.8CVSS0.00362EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/30 3:24 a.m.8 views

CVE-2025-71011

An input validation vulnerability in the flow.Tensor.newempty/flow.Tensor.newones/flow.Tensor.newzeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

6.2CVSS5.9AI score0.00145EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/28 10:24 p.m.5 views

CVE-2026-24897

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the publ...

10CVSS6.7AI score0.03008EPSS
Exploits3References4Affected Software1
NVD
NVD
added 2026/01/28 9:16 p.m.4 views

CVE-2025-71004

A segmentation violation in the oneflow.logicalor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

6.5CVSS0.00224EPSS
Exploits1References2
OSV
OSV
added 2026/01/28 9:16 p.m.3 views

CVE-2025-71003

An input validation vulnerability in the flow.arange component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

7.5CVSS5.4AI score
Exploits0References2
OSV
OSV
added 2026/01/28 4:6 p.m.2 views

GHSA-5W5R-MF82-595P Cap'n Proto has Undefined Behavior in constant::Reader and StructSchema

The safe API functions constant::Reader::get and StructSchema::new rely on PointerReader::getrootunchecked, which can cause undefined behavior UB by constructing arbitrary words or schemas. Reader::get rust pub fn get&self - Result::Reader // ... // UNSAFE: access words without validation...

9.3CVSS6AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/28 12:0 a.m.3 views

CVE-2025-71004

A segmentation violation in the oneflow.logicalor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

5.9AI score0.00224EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.7 views

Oneflow security vulnerabilities

OneFlow is an open-source deep learning framework developed by OneFlow. Version 0.9.0 of OneFlow contains a security vulnerability. This vulnerability stems from a dimension validation flaw in the flow.empty component, which may allow denial-of-service attacks through negative values or excessive...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/27 11:34 p.m.32 views

CVE-2026-24134 StudioCMS has an Authorization Bypass Through User-Controlled Key

StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization BOLA vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by...

6.5CVSS0.00295EPSS
Exploits2References3
Snyk
Snyk
added 2026/01/27 10:13 p.m.1 views

Missing Authorization

Overview studiocms is an A Community-Driven Astro native CMS. Built from the ground up by the Astro community. Affected versions of this package are vulnerable to Missing Authorization via the edit endpoint in the content management feature. An attacker can gain unauthorized access to draft conte...

6.5CVSS5.9AI score0.00295EPSS
Exploits2References3
OSV
OSV
added 2026/01/27 9:11 p.m.6 views

CVE-2026-24741 ConvertX Vulnerable to Arbitrary File Deletion via Path Traversal in `POST /delete`

ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the POST /delete endpoint uses a user-controlled filename value to construct a filesystem path and deletes it via unlink without sufficient validation. By supplying path traversal sequences e.g., ../, an attacker can...

8.1CVSS5.9AI score0.00408EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.7 views

Froxlor cross-site scripting vulnerabilities

Froxlor is a set of lightweight server management software developed by the Froxlor team. Version 0.10.16 of Froxlor contains a cross-site scripting vulnerability, which stems from improper cleaning of customer registration input fields. This vulnerability may lead to storage-based cross-site...

6.4CVSS5.6AI score0.00305EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.30 views

SGH SQL injection vulnerability

SGH is a loan fund management PHP script developed by Geraked. Version 0.1.0 of SGH contains an SQL injection vulnerability, which arises from improper handling of the id parameter in the management interface. This vulnerability may lead to SQL injection attacks...

8.8CVSS5.9AI score0.00297EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/26 10:26 p.m.20 views

CVE-2026-24476 Shaarli vulnerable to stored XSS via Suggested Tags

Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with " prematurely ends the tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue...

5.3CVSS0.00147EPSS
Exploits1References2
OSV
OSV
added 2026/01/26 9:28 p.m.6 views

CVE-2026-22696 dcap-qvl has Missing Verification for QE Identity

dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity,...

9.3CVSS5.9AI score0.00208EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.2 views

PT-2026-4832

Name of the Vulnerable Software and Affected Versions Shaarli versions prior to 0.16.0 Description Shaarli is a personal bookmarking service susceptible to a cross-site scripting XSS issue. A malicious tag beginning with a double quote " can prematurely terminate the tag on the start page, enabli...

5.3CVSS6AI score0.00147EPSS
Exploits1References7
NVD
NVD
added 2026/01/22 3:15 a.m.5 views

CVE-2026-23967

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid signature for a...

7.5CVSS0.0019EPSS
Exploits0References1
Rows per page
Query Builder