Lucene search
K

429 matches found

Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.6 views

PT-2026-4819

Name of the Vulnerable Software and Affected Versions iJason-Liu Books Manager affected versions not specified Description A cross site scripting issue exists in the file controllers/books center/add book check.php. Manipulation of the mark argument can lead to exploitation. The attack can be...

4.8CVSS5AI score0.00206EPSS
Exploits0References7
OSV
OSV
added 2026/01/19 10:42 a.m.5 views

OPENSUSE-SU-2026:20060-1 Security update for cargo-c

This update for cargo-c fixes the following issues: - CVE-2025-4574: crossbeam-channel: Fixed double-free on drop in Channel::discardallmessages bsc1243179 - CVE-2025-58160: tracing-subscriber: Fixed log pollution bsc1249012 - CVE-2024-12224: idna: Fixed improper validation of Punycode labels...

8.8CVSS5.9AI score0.00465EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/07 9:48 a.m.7 views

CVE-2022-27201

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

6.5CVSS6.7AI score0.01314EPSS
Exploits0References1
CVE
CVE
added 2026/01/05 1:2 a.m.16 views

CVE-2025-15450

Summary: CVE-2025-15450 affects the sfturing hosp_order component (function findOrderHosNum) in /ssm_pro/orderHos/, where manipulation of hospitalAddress/hospitalName can trigger SQL injection. The vulnerability is remotely exploitable and a public exploit exists; affected versions are not clearl...

6.5CVSS6.4AI score0.00256EPSS
Exploits0References6
Spring Security Advisories
Spring Security Advisories
added 2025/12/30 12:0 a.m.7 views

This Year in Spring – December 30th, 2025

Hi, Spring fans! Can you believe it? It's already the 30th of December! I celebrated Christmas with my family in Los Angeles, then we jumped on a flight headed for Southeast Asia to ring in the New Year with more friends and family. I'm sitting at a café in the sweltering city of Kuala Lumpur,...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/27 2:4 a.m.10 views

CVE-2025-15094

A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing a manipulation of the argument redirectUrl ca...

6.1CVSS3.4AI score0.00354EPSS
Exploits1References1
NVD
NVD
added 2025/12/26 2:15 a.m.6 views

CVE-2025-15094

A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing a manipulation of the argument redirectUrl ca...

6.1CVSS0.00354EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/26 1:32 a.m.5 views

EUVD-2025-205405

A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing manipulation of the argument redirectUrl can...

5.3CVSS5AI score0.00354EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2025/12/26 1:32 a.m.4 views

CVE-2025-15094

A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing a manipulation of the argument redirectUrl ca...

6.1CVSS3.7AI score0.00354EPSS
Exploits1References5
OSV
OSV
added 2025/12/23 9:11 a.m.7 views

OPENSUSE-SU-2026:20000-1 Security update for salt

This update for salt fixes the following issues: Changes in salt: - Add minimumauthversion to enforce security CVE-2025-62349 - Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439 BDSA-2024-9026 - Junos module yaml loader fix CVE-2025-62348 - Require Python dependencies onl...

7.8CVSS5.8AI score0.00407EPSS
Exploits0References8
Spring Security Advisories
Spring Security Advisories
added 2025/12/11 12:0 a.m.9 views

A Bootiful Podcast: The legendary Rossen Stoyanchev on API versioning, declarative interface clients, RestTestClients, and more

Hi, Spring fans! Welcome to another installment of a Bootiful Podcast! In this installment I talk to the legendary Rossen Stoyanchev on API versioning, declarative interface clients, RestTestClients, and more!...

6.9AI score
Exploits0
NVD
NVD
added 2025/11/23 11:15 a.m.4 views

CVE-2025-13546

A vulnerability was detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this issue is some unknown functionality of the file /results.php of the component Search. The manipulation of the argument userquery results in sql injection. The attack can be...

9.8CVSS0.00317EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/11/20 9:37 p.m.12 views

CVE-2025-13395

A security flaw has been discovered in codehub666 94list up to 5831c8240e99a72b7d3508c79ef46ae4b96befe8. The impacted element is the function Login of the file /function.php. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released to the publi...

7.5CVSS6.9AI score0.00264EPSS
Exploits0References1
NVD
NVD
added 2025/11/19 11:15 a.m.7 views

CVE-2025-13395

A security flaw has been discovered in codehub666 94list up to 5831c8240e99a72b7d3508c79ef46ae4b96befe8. The impacted element is the function Login of the file /function.php. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released to the publi...

7.5CVSS0.00264EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/19 11:2 a.m.7 views

EUVD-2025-198151

A security flaw has been discovered in codehub666 94list up to 5831c8240e99a72b7d3508c79ef46ae4b96befe8. The impacted element is the function Login of the file /function.php. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released to the publi...

7.5CVSS7.2AI score0.00264EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.6 views

PT-2025-47451

Name of the Vulnerable Software and Affected Versions codehub666 94list affected versions not specified Description A security flaw exists in codehub666 94list. The issue involves a SQL injection impacting the Login function within the /function.php file. This allows for remote exploitation. The...

7.5CVSS7.5AI score0.00264EPSS
Exploits0References10
Packet Storm News
Packet Storm News
added 2025/11/17 12:0 a.m.4 views

It's a Feature, Not a Bug: Secure and Auditable State Rollback for Confidential Cloud Applications

Replay and rollback attacks threaten cloud application integrity by reintroducing authentic yet stale data through an untrusted storage interface to compromise application decision-making. Prior security frameworks mitigate these attacks by enforcing forward-only state transitions state continuit...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.2 views

MAL-2025-188811 Malicious code in prettier-stylelint-got-cosmos-ariel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 191ad1021c21de2e4d2aff52918a87b8c01692e87e5d7d02fa1dd71a2f77ed88 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 7:18 p.m.3 views

Malicious code in nokire-nakao34 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce3f4f91ae962580afdceac49bf763c22c1362b22161dc3e7078e7f06f5a0a0e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 7:18 p.m.4 views

Malicious code in goodai-sunabi-cufanu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba1e1a948699bdc7ba2ee6a6b0605edfb655b5433ca946aed709366c50cd5668 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder