Lucene search
K

537 matches found

Vulnrichment
Vulnrichment
added 2026/01/22 2:6 a.m.4 views

CVE-2026-23966 sm-crypto Affected by Private Key Recovery in SM2-PKE

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...

9.1CVSS5.5AI score0.00209EPSS
Exploits0References2
OSV
OSV
added 2026/01/22 2:5 a.m.6 views

CVE-2026-23965 sm-crypto Affected by Signature Forgery in SM2-DSA

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto prior to version 0.4.0. Under default configurations, an attacker can forge valid signatures for...

7.5CVSS5.8AI score0.00194EPSS
Exploits0References4
OSV
OSV
added 2026/01/22 1:59 a.m.5 views

CVE-2026-23967 sm-crypto Affected by Signature Malleability in SM2-DSA

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid signature for a...

7.5CVSS5.8AI score0.0019EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.3 views

Azure Linux 3.0 Security Update: librabbitmq (CVE-2023-35789)

The version of librabbitmq installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-35789 advisory. - An issue was discovered in the C AMQP client library aka rabbitmq-c through 0.13.0 for RabbitMQ...

5.5CVSS5.7AI score0.00214EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.6 views

sm-crypto data forgery vulnerability

sm-crypto is an encryption algorithm developed by June01 as a personal developer. Versions of sm-crypto prior to 0.3.14 contained a data falsification vulnerability. This vulnerability stemmed from a malleability flaw in the SM2 signature verification logic, which could allow the generation of ne...

7.5CVSS5.8AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2026/01/21 9:16 p.m.6 views

CVE-2026-22793

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

9.6CVSS0.00607EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.6 views

PT-2026-3863

Name of the Vulnerable Software and Affected Versions 5ire versions prior to 0.15.3 Description 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, unsafe HTML rendering allows untrusted HTML, including on event attributes...

9.6CVSS5.9AI score0.00713EPSS
Exploits1References10
EUVD
EUVD
added 2026/01/19 8:47 p.m.7 views

EUVD-2026-3285

CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious content onto the collection knowledge base...

7.1CVSS5.5AI score0.00196EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/19 8:47 p.m.2 views

CVE-2026-23875

CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious content onto the collection knowledge base...

7.1CVSS5.4AI score0.00196EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/01/19 6:35 p.m.6 views

EUVD-2026-3300

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is ?categoryCreated=. Version 0.70.0 fixes the issue...

9.3CVSS5AI score0.00222EPSS
Exploits1References2
OSV
OSV
added 2026/01/14 4:52 p.m.4 views

CVE-2026-22787 html2pdf.js has a cross-site scripting vulnerability

html2pdf.js converts any webpage or element into a printable PDF entirely client-side. Prior to 0.14.0, html2pdf.js contains a cross-site scripting XSS vulnerability when given a text source rather than an element. This text is not sufficiently sanitized before being attached to the DOM, allowing...

8.7CVSS5.7AI score0.00324EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.7 views

CVE-2026-22612

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to "builtins" blindness. This issue has been patched in version 0.1.7...

9.3CVSS6.9AI score0.00264EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.3 views

Aero CMS SQL注入漏洞

Aero CMS is a content management system from Aero CMS, Inc. in the United States. A SQL injection vulnerability exists in Aero CMS version 0.0.1, which stems from a SQL injection vulnerability in the author parameter that could lead to the extraction of sensitive database information...

9.8CVSS5.9AI score0.00554EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.4 views

NanoCMS 代码注入漏洞

NanoCMS is a lightweight content management system by kalyan02 individual developer. A code injection vulnerability exists in NanoCMS version 0.4, which stems from an unauthenticated file upload vulnerability in the page content creation feature that could lead to remote code execution...

8.8CVSS6.2AI score0.01112EPSS
Exploits1References4
NVD
NVD
added 2026/01/12 10:16 p.m.10 views

CVE-2026-22798

hermes is an implementation of the HERMES workflow to automatize software publication with rich metadata. From 0.8.1 to before 0.9.1, hermes subcommands take arbitrary options under the -O argument. These have been logged in raw form. If users provide sensitive data such as API tokens e.g., via...

5.9CVSS0.00154EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/10 5:40 a.m.5 views

CVE-2026-22034

Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deployments of Snuffleupagus prior to version 0.13.0 with the non-default upload validation feature enabled and configured to use one of the upstream...

9.2CVSS7AI score0.00657EPSS
Exploits1References1
CVE
CVE
added 2026/01/09 11:15 a.m.17 views

CVE-2025-13854

CVE-2025-13854 — The Curved Text WordPress plugin is vulnerable to a stored XSS via the radius parameter of the arctext shortcode in versions up to 0.1. The Wordfence note confirms the issue arises from insufficient input sanitization/output escaping, enabling authenticated attackers with Contrib...

6.4CVSS4.8AI score0.00232EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:56 a.m.4 views

CVE-2022-38484

An arbitrary file upload and directory traversal vulnerability exist in the file upload functionality of the System Setup menu in AgeVolt Portal prior to version 0.1. A remote authenticated attacker could leverage this vulnerability to upload files to any location on the target operating system...

8.8CVSS7AI score0.01606EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:40 a.m.3 views

CVE-2022-35142

An issue in Renato v0.17.0 allows attackers to cause a Denial of Service DoS via a crafted payload injected into the Search parameter...

7.5CVSS6.8AI score0.01207EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.10 views

CVE-2022-31164

Tovy is a a staff management system for Roblox groups. A vulnerability in versions prior to 0.7.51 allows users to log in as other users, including privileged users such as the other of the instance. The problem has been patched in version 0.7.51...

7.5CVSS6.6AI score0.00543EPSS
Exploits0References1
Rows per page
Query Builder