Lucene search
K

10 matches found

Cvelist
Cvelist
added 2026/03/30 5:58 p.m.20 views

CVE-2026-33030 Nginx UI: Unencrypted Storage of DNS API Tokens and ACME Private Keys

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct...

8.8CVSS0.0028EPSS
Exploits1References1
NVD
NVD
added 2026/01/13 4:15 p.m.5 views

CVE-2025-68788

In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...

0.00173EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/01/13 4:15 p.m.2 views

CVE-2025-68788

In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...

5.8AI score0.00173EPSS
Exploits0References36
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.6 views

PT-2025-44671

Name of the Vulnerable Software and Affected Versions Summer Pearl Group Vacation Rental Management Platform versions prior to 1.0.2 Description The Summer Pearl Group Vacation Rental Management Platform is affected by inadequate server-side authorization. Authenticated attackers can access and...

6.3CVSS6.7AI score0.00178EPSS
Exploits0References5
OSV
OSV
added 2023/09/27 3:30 p.m.23 views

GHSA-V4J2-CWMM-XG89 OpenCart Path Traversal vulnerability

Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server...

8.1CVSS8.3AI score0.00848EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2022/04/10 9:15 p.m.3 views

CVE-2022-27960

Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...

5.5CVSS6.1AI score0.00459EPSS
Exploits1References2
CNVD
CNVD
added 2018/08/21 12:0 a.m.2 views

Hard-coded credential vulnerability in multiple Philips products

Philips PageWriter TC10 Cardiograph and others are different models of electrocardiograph equipment from Philips Netherlands. A security vulnerability exists in a number of Philips products that stems from the program's use of hard-coded credentials. An attacker in close physical proximity could...

7.2CVSS6.3AI score0.00408EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2011/11/07 12:0 a.m.18 views

Admin Bot - 'news.php' SQL Injection

source: https://www.securityfocus.com/bid/50562/info Admin Bot is prone to an SQL Injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify dat...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2007/10/24 12:0 a.m.12 views

CodeWidgets Web Based Alpha Tabbed Address Book - index.asp SQL Injection

CodeWidgets Web Based Alpha Tabbed Address Book - index.asp SQL Injection source: https://www.securityfocus.com/bid/26193/info CodeWidgets Web Based Alpha Tabbed Address Book is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2006/03/27 12:0 a.m.10 views

DSLogin 1.0 - index.php Multiple SQL Injections

DSLogin 1.0 - index.php Multiple SQL Injections source: https://www.securityfocus.com/bid/17262/info DSLogin is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A...

Exploits0
Rows per page
Query Builder