Lucene search
K

57396 matches found

OSV
OSV
added 2026/02/05 3:20 a.m.2 views

GO-2026-4416 Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage in github.com/devtron-labs/devtron

Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage in github.com/devtron-labs/devtron...

8.8CVSS5.4AI score0.00393EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/05 12:37 a.m.4 views

Missing Authentication for Critical Function

Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the upload API. An attacker can overwrite arbitrary files on the server filesystem by sending crafted request...

9.8CVSS6.2AI score0.02675EPSS
Exploits3References3
NVD
NVD
added 2026/02/05 12:15 a.m.9 views

CVE-2025-13192

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic SQL Injection via the multiple REST API endpoints in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied...

8.2CVSS0.00399EPSS
Exploits0References7
CNVD
CNVD
added 2026/02/05 12:0 a.m.16 views

Google Chrome Information Disclosure Vulnerability (CNVD-2026-10645)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an information disclosure vulnerability, which is caused due to improper implementation in the backend fetch AP. An attacker can exploit the vulnerability to disclose cross-origin data...

6.5CVSS5.7AI score0.00224EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.15 views

PT-2026-6555

Name of the Vulnerable Software and Affected Versions Greenshift – animation and page builder blocks plugin for WordPress versions through 12.5.7 Description The plugin is susceptible to unauthorized data access because of a missing capability check within the greenshift app pass validation...

4.3CVSS5.4AI score0.00186EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.6 views

Amazon Linux 2 : python-urllib3, --advisory ALAS2-2026-3156 (ALAS-2026-3156)

The version of python-urllib3 installed on the remote host is prior to 1.25.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3156 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number...

8.9CVSS5.8AI score0.00622EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.3 views

Ubuntu 22.04 LTS / 24.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-8016-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8016-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...

8.8CVSS6.5AI score0.00391EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.13 views

Amazon Linux 2023 : python3-urllib3 (ALAS2023-2026-1418)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1418 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server...

8.9CVSS5.8AI score0.02667EPSS
Exploits0References8
Amazon
Amazon
added 2026/02/05 12:0 a.m.4 views

Medium: python-urllib3

Issue Overview: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage an...

8.9CVSS5.7AI score0.00622EPSS
Exploits0
Amazon
Amazon
added 2026/02/05 12:0 a.m.7 views

Important: python-urllib3

Issue Overview: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression...

8.9CVSS5.5AI score0.02667EPSS
Exploits0
Amazon
Amazon
added 2026/02/05 12:0 a.m.4 views

Important: python-urllib3

Issue Overview: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage an...

8.9CVSS5.7AI score0.02667EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.3 views

Ubuntu 24.04 LTS / 25.10 : Linux kernel vulnerabilities (USN-8014-1)

The remote Ubuntu 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8014-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects...

6.5AI score0.00274EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.4 views

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-8013-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8013-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...

8.5CVSS6.7AI score0.00391EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/02/04 11:22 p.m.28 views

CVE-2025-13192 Popup builder with Gamification <= 2.2.0 - Unauthenticated SQL Injection via Multiple REST API Endpoints

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic SQL Injection via the multiple REST API endpoints in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied...

8.2CVSS0.00399EPSS
Exploits0References7
CVE
CVE
added 2026/02/04 11:22 p.m.23 views

CVE-2025-13192

The CVE-2025-13192 entry describes a generic SQL Injection in the WordPress plugin “Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers” for versions up to 2.2.0. Root cause: insufficient escaping and inadequate query preparation on user-supplied par...

8.2CVSS5.8AI score0.00399EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/02/04 11:22 p.m.5 views

CVE-2025-13192

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic SQL Injection via the multiple REST API endpoints in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied...

8.2CVSS5.8AI score0.00399EPSS
Exploits0References8
NVD
NVD
added 2026/02/04 11:15 p.m.7 views

CVE-2026-22038

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using...

8.1CVSS0.00433EPSS
Exploits1References2
OSV
OSV
added 2026/02/04 11:15 p.m.5 views

CVE-2026-1894

A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper authorization. Remote exploitation of the atta...

5.4CVSS5AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/04 10:32 p.m.5 views

CVE-2026-1894

A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper authorization. Remote exploitation of the atta...

6.5CVSS6.1AI score0.00236EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/02/04 10:28 p.m.31 views

CVE-2026-22038 AutoGPT's API Keys and Secrets Logged in Plaintext in Stagehand Integration Blocks

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using...

8.1CVSS0.00433EPSS
Exploits1References2
Rows per page
Query Builder