Lucene search
K

57364 matches found

Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.3 views

PT-2026-6207

Name of the Vulnerable Software and Affected Versions Apache Answer versions through 1.7.1 github.com/apache/answer versions prior to 2.0.0 Description An issue exists in Apache Answer where an unauthenticated API endpoint incorrectly exposes the full revision history of deleted content. This...

7.5CVSS5.4AI score0.00619EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.6 views

PT-2026-6476

Summary An XSS vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. An attacker's maliciously crafted song has to be added to Navidrome to exploit the vulnerability. Details The frontend is using React. In...

6.1CVSS5.5AI score0.00297EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.7 views

PT-2026-6101

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.46 Description AutoGPT is a platform for creating and managing AI agents to automate workflows. The Stagehand integration improperly logs API keys and authentication secrets in plaintext using logger.info...

8.1CVSS5.5AI score0.00433EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.7 views

PT-2026-6548

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.1.20 Description An unauthenticated local client could leverage the Gateway WebSocket API to modify configuration settings through the config.apply function. Specifically, the ability to set unsafe cliPath value...

8.4CVSS5.5AI score0.00639EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.4 views

openSUSE 16 Security Update : chromium (openSUSE-SU-2026:20156-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20156-1 advisory. - Chromium 144.0.7559.109 boo1257404 CVE-2026-1504: Inappropriate implementation in Background Fetch API Tenable has extracted the preceding description...

6.5CVSS5.5AI score0.00224EPSS
Exploits1References3
Saint
Saint
added 2026/02/04 12:0 a.m.88 views

React Native Community CLI remote command execution

Added: 02/04/2026 Background React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. Problem A vulnerability in React Native Community CLI when running wi...

9.8CVSS6.1AI score0.61938EPSS
Exploits5
Exploit DB
Exploit DB
added 2026/02/04 12:0 a.m.158 views

Docker Desktop 4.44.3 - Unauthenticated API Exposure

Exploit Title: Docker Desktop 4.44.3 - Unauthenticated API Exposure Date: 2025-10-06 Exploit Author: OilSeller2001 Vendor Homepage: https://www.docker.com/ Software Link: https://www.docker.com/products/docker-desktop/ Version: Affected on Windows and macOS versions prior to 4.44.3 Tested on:...

9.3CVSS5.6AI score0.01594EPSS
Exploits15
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.2 views

openSUSE 16 Security Update : python-urllib3 (openSUSE-SU-2026:20127-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20127-1 advisory. - CVE-2025-66471: Fixed excessive resource consumption via decompression of highly compressed data in Streaming API bsc1254867 - CVE-2025-66418:...

8.9CVSS5.5AI score0.00622EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/02/03 11:42 p.m.6 views

WordPress Fortis for WooCommerce plugin <= 1.2.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid via 'wc-api' Endpoint vulnerability

Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid via 'wc-api' Endpoint vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Fortis for WooCommerce versions = 1.2.0...

5.3CVSS5.4AI score0.00345EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/03 8:37 p.m.3 views

GO-2026-4343 SiYuan has a Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon in github.com/siyuan-note/siyuan/kernel

SiYuan has a Reflected Cross-Site Scripting XSS via /api/icon/getDynamicIcon in github.com/siyuan-note/siyuan/kernel...

6.1CVSS5.2AI score0.00263EPSS
Exploits1References4
OSV
OSV
added 2026/02/03 8:30 p.m.3 views

GO-2026-4344 File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser

File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser...

5.3CVSS5.2AI score0.00417EPSS
Exploits1References3
OSV
OSV
added 2026/02/03 8:30 p.m.2 views

GO-2026-4345 Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API in github.com/axllent/mailpit

Mailpit has a Server-Side Request Forgery SSRF via HTML Check API in github.com/axllent/mailpit...

7.5CVSS5.2AI score0.00396EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/03 7:2 p.m.29 views

CVE-2026-1802 Ziroom ZHOME A0101 zrMacClone.lua macAddrClone command injection

A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\controller\api\zrMacClone.lua. The manipulation of the argument macType results in command injection. The attack may be launched remotely. The exploit has been released...

7.5CVSS0.02744EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/03 6:30 p.m.3 views

Missing Authentication for Critical Function

Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the /api/upload endpoint, which lacks authentication controls. An attacker can gain administrative access or...

9.8CVSS6AI score0.00726EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 6:30 p.m.4 views

GHSA-2R8F-CF6W-X5VQ Duplicate Advisory: FUXA contains a hard-coded credential vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c8m8-3jcr-6rj5. This link is maintained to preserve external references. Original Description FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a...

9.3CVSS5.8AI score0.02036EPSS
Exploits0References3
OSV
OSV
added 2026/02/03 6:16 p.m.4 views

CVE-2025-69970

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

9.3CVSS5.6AI score
Exploits0References1
Snyk
Snyk
added 2026/02/03 6:14 p.m.4 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the sort parameter in API endpoints, which is processed by the getOrderBy function. An attacker can execute arbitrary SQL queries and extract sensitive database information by supplying crafted input to the API while...

8.8CVSS6.1AI score0.00473EPSS
Exploits3References2
OSV
OSV
added 2026/02/03 6:14 p.m.3 views

GHSA-CJFX-QHWM-HF99 FacturaScripts has SQL Injection in API ORDER BY Clause

Summary FacturaScripts contains a critical SQL Injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queries through the sort parameter. The vulnerability exists in the ModelClass::getOrderBy method where user-supplied sorting parameters are directly...

8.3CVSS6.3AI score0.00473EPSS
Exploits3References4
vulnersOsv
vulnersOsv
added 2026/02/03 3:49 p.m.6 views

arches (=8.0.0a1), django-accounts-api (=1.2.5) +24 more potentially affected by CVE-2026-1207 via django (>=6.0.0 <=6.0.1)

django PYPI version =6.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =6.0.0, =0.20.4, =0.22.1 and more Source cves: CVE-2026-1207 Source advisory: SNYK:PYTHON-DJANGO-15183335...

8.3CVSS7.2AI score0.09436EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/03 3:49 p.m.6 views

arches (=8.0.0a1), django-accounts-api (=1.2.5) +24 more potentially affected by CVE-2026-1287 via django (>=6.0.0 <=6.0.1)

django PYPI version =6.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =6.0.0, =0.20.4, =0.22.1 and more Source cves: CVE-2026-1287 Source advisory: SNYK:PYTHON-DJANGO-15198932...

8.3CVSS7.2AI score0.00754EPSS
Exploits0
Rows per page
Query Builder