Lucene search
K

57396 matches found

OSV
OSV
added 2026/02/03 8:37 p.m.3 views

GO-2026-4343 SiYuan has a Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon in github.com/siyuan-note/siyuan/kernel

SiYuan has a Reflected Cross-Site Scripting XSS via /api/icon/getDynamicIcon in github.com/siyuan-note/siyuan/kernel...

6.1CVSS5.2AI score0.00263EPSS
Exploits1References4
OSV
OSV
added 2026/02/03 8:30 p.m.2 views

GO-2026-4345 Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API in github.com/axllent/mailpit

Mailpit has a Server-Side Request Forgery SSRF via HTML Check API in github.com/axllent/mailpit...

7.5CVSS5.2AI score0.00396EPSS
Exploits1References4
OSV
OSV
added 2026/02/03 8:30 p.m.3 views

GO-2026-4344 File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser

File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser...

5.3CVSS5.2AI score0.00417EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/03 7:2 p.m.29 views

CVE-2026-1802 Ziroom ZHOME A0101 zrMacClone.lua macAddrClone command injection

A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\controller\api\zrMacClone.lua. The manipulation of the argument macType results in command injection. The attack may be launched remotely. The exploit has been released...

7.5CVSS0.02744EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/03 6:30 p.m.3 views

Missing Authentication for Critical Function

Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the /api/upload endpoint, which lacks authentication controls. An attacker can gain administrative access or...

9.8CVSS6AI score0.00726EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 6:30 p.m.4 views

GHSA-2R8F-CF6W-X5VQ Duplicate Advisory: FUXA contains a hard-coded credential vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c8m8-3jcr-6rj5. This link is maintained to preserve external references. Original Description FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a...

9.3CVSS5.8AI score0.02036EPSS
Exploits0References3
OSV
OSV
added 2026/02/03 6:16 p.m.5 views

CVE-2025-69970

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

9.3CVSS5.6AI score
Exploits0References1
Snyk
Snyk
added 2026/02/03 6:14 p.m.4 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the sort parameter in API endpoints, which is processed by the getOrderBy function. An attacker can execute arbitrary SQL queries and extract sensitive database information by supplying crafted input to the API while...

8.8CVSS6.1AI score0.00473EPSS
Exploits3References2
OSV
OSV
added 2026/02/03 6:14 p.m.3 views

GHSA-CJFX-QHWM-HF99 FacturaScripts has SQL Injection in API ORDER BY Clause

Summary FacturaScripts contains a critical SQL Injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queries through the sort parameter. The vulnerability exists in the ModelClass::getOrderBy method where user-supplied sorting parameters are directly...

8.3CVSS6.3AI score0.00473EPSS
Exploits3References4
vulnersOsv
vulnersOsv
added 2026/02/03 3:49 p.m.6 views

arches (=8.0.0a1), django-accounts-api (=1.2.5) +24 more potentially affected by CVE-2026-1207 via django (>=6.0.0 <=6.0.1)

django PYPI version =6.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =6.0.0, =0.20.4, =0.22.1 and more Source cves: CVE-2026-1207 Source advisory: SNYK:PYTHON-DJANGO-15183335...

8.3CVSS7.2AI score0.09436EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/03 3:49 p.m.6 views

arches (=8.0.0a1), django-accounts-api (=1.2.5) +24 more potentially affected by CVE-2026-1287 via django (>=6.0.0 <=6.0.1)

django PYPI version =6.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =6.0.0, =0.20.4, =0.22.1 and more Source cves: CVE-2026-1287 Source advisory: SNYK:PYTHON-DJANGO-15198932...

8.3CVSS7.2AI score0.00754EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/03 3:49 p.m.7 views

arches (=8.0.0a1), django-accounts-api (=1.2.5) +24 more potentially affected by CVE-2026-1312 via django (>=6.0.0 <=6.0.1)

django PYPI version =6.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =6.0.0, =0.20.4, =0.22.1 and more Source cves: CVE-2026-1312 Source advisory: SNYK:PYTHON-DJANGO-15198931...

8.5CVSS7.2AI score0.00802EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/03 3:49 p.m.9 views

arches (=8.0.0a1), django-accounts-api (=1.2.5) +24 more potentially affected by CVE-2025-13473 via django (>=6.0.0 <=6.0.1)

django PYPI version =6.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =6.0.0, =0.20.4, =0.22.1 and more Source cves: CVE-2025-13473 Source advisory: SNYK:PYTHON-DJANGO-15198930...

5.3CVSS5.8AI score0.00713EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/03 3:30 p.m.5 views

arches (=8.0.0a1), django-accounts-api (=1.2.5) +24 more potentially affected by CVE-2026-1285 via django (>=6.0.0 <=6.0.1)

django PYPI version =6.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =6.0.0, =0.20.4, =0.22.1 and more Source cves: CVE-2026-1285 Source advisory: OSV:GHSA-4RRR-2H4V-F3J9...

7.5CVSS7AI score0.00993EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/03 3:30 p.m.9 views

arches (=8.0.0a1), django-accounts-api (=1.2.5) +24 more potentially affected by CVE-2026-1207 via django (>=6.0.0 <=6.0.1)

django PYPI version =6.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =6.0.0, =0.20.4, =0.22.1 and more Source cves: CVE-2026-1207 Source advisory: OSV:GHSA-MWM9-4648-F68Q...

8.3CVSS7.2AI score0.09436EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/03 3:30 p.m.9 views

arches (=8.0.0a1), django-accounts-api (=1.2.5) +24 more potentially affected by CVE-2025-14550 via django (>=6.0.0 <=6.0.1)

django PYPI version =6.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =6.0.0, =0.20.4, =0.22.1 and more Source cves: CVE-2025-14550 Source advisory: OSV:GHSA-33MW-Q7RJ-MJWJ...

7.5CVSS7AI score0.00993EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/03 3:30 p.m.10 views

arches (=8.0.0a1), django-accounts-api (=1.2.5) +24 more potentially affected by CVE-2025-13473 via django (>=6.0.0 <=6.0.1)

django PYPI version =6.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =6.0.0, =0.20.4, =0.22.1 and more Source cves: CVE-2025-13473 Source advisory: OSV:GHSA-2MCM-79HX-8FXW...

5.3CVSS5.8AI score0.00713EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/03 3:16 p.m.8 views

arches (=8.0.0a1), django-accounts-api (=1.2.5) +24 more potentially affected by CVE-2026-1312 via django (>=6.0.0 <=6.0.1)

django PYPI version =6.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =6.0.0, =0.20.4, =0.22.1 and more Source cves: CVE-2026-1312 Source advisory: OSV:PYSEC-2026-47...

8.5CVSS7.2AI score0.00802EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/03 3:16 p.m.9 views

arches (=8.0.0a1), django-accounts-api (=1.2.5) +24 more potentially affected by CVE-2026-1285 via django (>=6.0.0 <=6.0.1)

django PYPI version =6.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =6.0.0, =0.20.4, =0.22.1 and more Source cves: CVE-2026-1285 Source advisory: OSV:PYSEC-2026-45...

7.5CVSS7AI score0.00993EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/03 3:16 p.m.7 views

arches (=8.0.0a1), django-accounts-api (=1.2.5) +24 more potentially affected by CVE-2025-13473 via django (>=6.0.0 <=6.0.1)

django PYPI version =6.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =6.0.0, =0.20.4, =0.22.1 and more Source cves: CVE-2025-13473 Source advisory: OSV:PYSEC-2026-42...

5.3CVSS5.8AI score0.00713EPSS
Exploits0
Rows per page
Query Builder