Lucene search
K

57403 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/02 5:32 a.m.5 views

CVE-2026-1746

A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of the component Online Report API. Such manipulation of the argument keyword leads to sql injection. The attack can be executed remotely. The exploit is...

6.5CVSS6.5AI score0.00444EPSS
Exploits1References4
CVE
CVE
added 2026/02/02 5:32 a.m.17 views

CVE-2026-1746

Summary (CVE-2026-1746) : JeecgBoot 3.9.0 is affected by an SQL injection in the Online Report API, caused by manipulation of the keyword argument in /JeecgBoot/sys/api/loadDictItemByKeyword. The issue enables remote execution and is supported by multiple sources (NVD, Red Hat, CVE list, Attacker...

8.8CVSS6.5AI score0.00444EPSS
Exploits1References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/02 4:21 a.m.6 views

Security Bulletin: The IBM Maximo Application Suite IoT component uses "urllib3-2.5.0-py3-none-any.whl" which are vulnerable to "CVE-2025-66418, CVE-2025-66471".

Summary The IBM Maximo Application Suite IoT component uses "urllib3-2.5.0-py3-none-any.whl" which are vulnerable to "CVE-2025-66418, CVE-2025-66471". This bulletin contains information regarding the vulnerabilities and how they are addressed. Vulnerability Details CVEID:CVE-2025-66418 DESCRIPTIO...

8.9CVSS5.7AI score0.00622EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/02/02 1:58 a.m.11 views

Important: Red Hat Security Advisory: python3.12-urllib3 security update

An update for python3.12-urllib3 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.9CVSS6.6AI score0.02667EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/02/02 1:58 a.m.3 views

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS5.8AI score0.02667EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/02 1:17 a.m.7 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00622EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/02 1:17 a.m.6 views

Important: Red Hat Security Advisory: python-urllib3 security update

An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

8.9CVSS6.6AI score0.02667EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.8 views

PT-2026-5731

Name of the Vulnerable Software and Affected Versions SignalK Server versions prior to 2.20.3 Description SignalK Server contains a path traversal issue in the applicationData API. Authenticated users on Windows systems can potentially read, write, and list arbitrary files and directories on the...

5CVSS5.7AI score0.00384EPSS
Exploits1References10
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.132 views

📄 Cockpit CMS 0.13.0 Cross Site Scripting

Multiple reflected cross site scripting vulnerabilities exist in Cockpit CMS version 0.13.0. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive. Cockpit CMS 0.13.0 - Multiple Reflected XSS Advisory ID: RO-16-003...

5.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.4 views

PT-2026-5670

Memory Corruption when user space address is modified and passed to mem free API, causing kernel memory to be freed inadvertently...

7.8CVSS5.3AI score0.00092EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.9 views

PT-2026-6298

Name of the Vulnerable Software and Affected Versions Bambuddy versions prior to 0.1.7 Description Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Versions before 0.1.7 include a hardcoded secret key used for signing JSON Web Tokens JWTs. Multiple API rout...

9.8CVSS5.5AI score0.00724EPSS
Exploits1References19
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.4 views

PT-2026-6311

Name of the Vulnerable Software and Affected Versions Craft Commerce versions 4.0.0-RC1 through 4.10.0 Craft Commerce versions 5.0.0 through 5.5.1 Description Craft Commerce, an ecommerce platform for Craft CMS, contains a stored cross-site scripting XSS issue. The vulnerability resides in the...

6.1CVSS5AI score0.00261EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/02/02 12:0 a.m.3 views

Fedora 42 : chromium (2026-64e9a195d3)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-64e9a195d3 advisory. Update to 144.0.7559.109 CVE-2026-1504: Inappropriate implementation in Background Fetch API Tenable has extracted the preceding description block directly...

6.5CVSS5.5AI score0.00224EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/02/02 12:0 a.m.8 views

EulerOS 2.0 SP13 : libpng (EulerOS-SA-2026-1225)

According to the versions of the libpng package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From...

7.1CVSS5.8AI score0.00281EPSS
Exploits5References5
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.12 views

PT-2026-5614

A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of the component Online Report API. Such manipulation of the argument keyword leads to sql injection. The attack can be executed remotely. The exploit is...

6.5CVSS5.3AI score0.00444EPSS
Exploits1References5
OPENSUSE Linux
OPENSUSE Linux
added 2026/02/02 12:0 a.m.8 views

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2026:0034-1 Rating: important References: 1257404 Cross-References: CVE-2026-1504 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: Chromium was...

6.5CVSS7AI score0.00224EPSS
Exploits1References1
OPENSUSE Linux
OPENSUSE Linux
added 2026/02/02 12:0 a.m.7 views

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2026:0035-1 Rating: important References: 1257404 Cross-References: CVE-2026-1504 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: Chromium was...

6.5CVSS7AI score0.00224EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/02/02 12:0 a.m.4 views

AlmaLinux 9 : fence-agents (ALSA-2026:1239)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1239 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

8.9CVSS5.5AI score0.02667EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/01 11:2 p.m.4 views

CVE-2026-1733

A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/storeintegral/order/detail/:uni. The manipulation of the argument orderid leads to improper authorization. The attack can be initiated remotely. The exploit is publicly...

5.3CVSS5.6AI score0.00364EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/02/01 6:34 a.m.4 views

Insertion of Sensitive Information into Log File

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the userapikeyauthbuilder function, which leaks expired session keys into the authentication error output of other...

5.3CVSS5.5AI score
Exploits0References3
Rows per page
Query Builder