Lucene search
K

57403 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/03 12:0 a.m.5 views

CVE-2025-69970

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

5.5AI score0.00463EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-5987

Name of the Vulnerable Software and Affected Versions Dokans Multi-Tenancy Based eCommerce Platform version 3.9.2 Description The platform allows unauthenticated remote attackers to obtain sensitive application configuration data by directly requesting the '/script/.env' file. This file contains...

10CVSS5.5AI score0.00383EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.3 views

PT-2026-6512

SiYuan has a Reflected Cross-Site Scripting XSS via /api/icon/getDynamicIcon in github.com/siyuan-note/siyuan/kernel...

6.1CVSS5.4AI score0.00263EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/03 12:0 a.m.4 views

CVE-2025-69981

FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...

6AI score0.00726EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/03 12:0 a.m.6 views

EUVD-2025-206717

FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...

5.5AI score0.02036EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 12:0 a.m.4 views

CVE-2025-69981

FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...

6.1AI score0.00726EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

Wikimedia DiscussionTools 安全漏洞

Wikimedia DiscussionTools is a discussion tool provided by the Wikimedia Foundation. Versions of Wikimedia DiscussionTools prior to 1.43.4 and 1.44.1 contained security vulnerabilities. These vulnerabilities stemmed from the discussiontoolspageinfo method in the Action API, which did not check...

6.9CVSS5.8AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 12:0 a.m.12 views

CVE-2025-69981

FUXA v1.2.7 has an Unrestricted File Upload issue at the /api/upload endpoint. The endpoint authenticates users poorly (lacks authentication), allowing unauthenticated remote attackers to upload arbitrary files. This can enable overwriting critical system files such as the SQLite user database an...

9.8CVSS6AI score0.00726EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2026/02/03 12:0 a.m.6 views

Huawei EulerOS: Security Advisory for libpng (EulerOS-SA-2026-1213)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS5.4AI score0.00281EPSS
Exploits5References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/02/03 12:0 a.m.3 views

Security update for python-urllib3 (important)

openSUSE security update: security update for python-urllib3 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20127-1 Rating: important References: bsc1254866 bsc1254867 Cross-References: CVE-2025-66418 CVE-2025-66471 CVSS scores: CVE-2025-66418 SUSE...

6.9CVSS5.4AI score0.00622EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/02 11:50 p.m.6 views

Information Exposure

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Information Exposure via the BlockListPager and...

3.4CVSS5.6AI score0.00454EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/02 11:49 p.m.3 views

Cross-site Scripting (XSS)

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper input...

6.1CVSS5.6AI score0.0027EPSS
Exploits0References2
CVE
CVE
added 2026/02/02 11:39 p.m.17 views

CVE-2025-61641

CVE-2025-61641 affects Wikimedia Foundation MediaWiki, tied to program files includes/api/ApiQueryAllPages.Php and impacts MediaWiki versions before 1.39.14, 1.43.4, 1.44.1. Debians and OSV entries describe multiple issues (e.g., XSS, information disclosure, missing rate limiting, denial of servi...

6.3CVSS5.2AI score0.00272EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/02/02 11:26 p.m.16 views

CVE-2025-61635

CVE-2025-61635 affects Wikimedia/MediaWiki ConfirmEdit’s ApiFancyCaptchaReload.Php. The related CVE description (via CVE list and Debian advisory) indicates the issue was addressed by adding rate limiting to ApiFancyCaptchaReload, with fixes shipped in MediaWiki updates (e.g., oldstable bookworm:...

5.1AI score0.00356EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/02 11:26 p.m.32 views

CVE-2025-61635 Add rate limiting to ApiFancyCaptchaReload

Vulnerability in Wikimedia Foundation ConfirmEdit. This vulnerability is associated with program files includes/FancyCaptcha/ApiFancyCaptchaReload.Php. This issue affects ConfirmEdit:...

0.00356EPSS
Exploits0References1
NVD
NVD
added 2026/02/02 11:16 p.m.5 views

CVE-2025-6927

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php. This issue affects MediaWiki: from = 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...

2.3CVSS0.00454EPSS
Exploits0References1
NVD
NVD
added 2026/02/02 11:16 p.m.8 views

CVE-2025-6591

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiFeedContributions.Php. This issue affects MediaWiki: from before 1.39.13, 1.42.7 1.43.2, 1.44.0...

0.00393EPSS
Exploits0References1
OSV
OSV
added 2026/02/02 11:16 p.m.3 views

UBUNTU-CVE-2025-6591

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiFeedContributions.Php. This issue affects MediaWiki: from before 1.39.13, 1.42.7 1.43.2, 1.44.0...

4.7CVSS5.8AI score0.00393EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/02 11:2 p.m.4 views

CVE-2026-25228

Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerability in SignalK Server's applicationData API allows authenticated users on Windows systems to read, write, and list arbitrary files and directories on the filesystem. The...

5CVSS5.6AI score0.00384EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/02 11:2 p.m.3 views

CVE-2026-25228 SignalK Server has Path Traversal leading to information disclosure

Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerability in SignalK Server's applicationData API allows authenticated users on Windows systems to read, write, and list arbitrary files and directories on the filesystem. The...

5CVSS5.6AI score0.00384EPSS
Exploits1References4
Rows per page
Query Builder