Lucene search
K

6835 matches found

EUVD
EUVD
added 2026/05/20 1:25 a.m.15 views

EUVD-2026-31028

The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2026/05/20 12:0 a.m.3 views

The vulnerability of the implementation of the ALTER SUBSCRIPTION...REFRESH PUBLICATION command in the PostgreSQL database management system allows a attacker to execute arbitrary SQL queries.

The vulnerability of the ALTER SUBSCRIPTION...REFRESH PUBLICATION command in PostgreSQL database management systems lies in the lack of protective measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

3.7CVSS6AI score0.0018EPSS
Exploits0References8Affected Software5
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.10 views

Bylancer Zechat 跨站请求伪造漏洞

Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat contains a cross-site request forgeing vulnerability. This vulnerability allows attackers to bypass anti-CSRF...

5.4CVSS5.7AI score0.00145EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

PostgreSQL SQL注入漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Versions of PostgreSQL prior to 18.4, 17.10, and 16.14 have SQL...

8.8CVSS6.2AI score0.0018EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

WordPress plugin WP Encryption 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:22 p.m.12 views

CVE-2020-37168

Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the payment endpoint,...

9.8CVSS5.8AI score0.00246EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Paiement Ecommerce Systempay 安全漏洞

Paiement Ecommerce Systempay is an online payment platform for e-commerce services provided by the French company Paiement. Version 1.0 of Paiement Ecommerce Systempay contains a security vulnerability. This vulnerability stems from weak encryption implementations, which may allow attackers to...

9.8CVSS5.8AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 3:16 a.m.18 views

CVE-2026-40131

SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...

3.4CVSS0.00173EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Microsoft M365 Copilot 命令注入漏洞

Microsoft M365 Copilot is an AI-driven productivity tool developed by the American company Microsoft. Microsoft M365 Copilot has a command injection vulnerability. Attackers can exploit this vulnerability to alter information...

7.5CVSS5.8AI score0.00399EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 10:12 a.m.8 views

CVE-2026-28201

An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration i...

8.7CVSS6AI score0.00144EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 10:12 a.m.41 views

CVE-2026-28201 SurrealDB Injection on Open Notebook

An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration i...

8.7CVSS0.00144EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/04 6:30 p.m.12 views

Apache Polaris has an Improper Input Validation issue

In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. write.metadata.path is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a...

9.9CVSS5.9AI score0.00364EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/04 4:19 p.m.76 views

CVE-2026-42812 Apache Polaris: No protection on `write.metadata.path`

In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. write.metadata.path is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a...

9.9CVSS0.00364EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

WordPress plugin Create DB Tables 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. WordPress plugins are additional applications that can b...

9.1CVSS5.9AI score0.00729EPSS
Exploits0References1
OSV
OSV
added 2026/04/20 3:31 p.m.7 views

GHSA-WF66-MPHR-4C4R Apache Kafka exposes sensitive information in its DEBUG logs

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

5.3CVSS5.7AI score0.00535EPSS
Exploits0References5
NVD
NVD
added 2026/04/20 2:16 p.m.8 views

CVE-2026-33558

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

5.3CVSS0.00535EPSS
Exploits0References3
CVE
CVE
added 2026/04/20 1:20 p.m.93 views

CVE-2026-33558

CVE-2026-33558 affects Apache Kafka: the NetworkClient logs sensitive information at DEBUG level, exposing full requests/responses for certain APIs (AlterConfigsRequest, AlterUserScramCredentialsRequest, ExpireDelegationTokenRequest, IncrementalAlterConfigsRequest, RenewDelegationTokenRequest, Sa...

5.3CVSS5.7AI score0.00535EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/20 1:20 p.m.30 views

CVE-2026-33558 Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

0.00535EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 6:31 p.m.4 views

Improper Control of Interaction Frequency

Overview org.apache.cassandra:cassandra-all is a maven plugin for the Apache Cassandra Project. Which, develops a highly scalable second-generation distributed database, bringing together Dynamo's fully distributed design and Bigtable's ColumnFamily-based data model. Affected versions of this...

6.5CVSS5.9AI score0.00533EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/07 4:42 p.m.1 views

CVE-2026-32588 Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing

Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue...

5.8AI score0.00533EPSS
Exploits0References1
Rows per page
Query Builder