Lucene search
K

57408 matches found

Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.13 views

PT-2026-5614

A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of the component Online Report API. Such manipulation of the argument keyword leads to sql injection. The attack can be executed remotely. The exploit is...

6.5CVSS5.3AI score0.00444EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/02/02 12:0 a.m.8 views

EulerOS 2.0 SP13 : libpng (EulerOS-SA-2026-1225)

According to the versions of the libpng package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From...

7.1CVSS5.8AI score0.00281EPSS
Exploits5References5
Tenable Nessus
Tenable Nessus
added 2026/02/02 12:0 a.m.3 views

Fedora 42 : chromium (2026-64e9a195d3)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-64e9a195d3 advisory. Update to 144.0.7559.109 CVE-2026-1504: Inappropriate implementation in Background Fetch API Tenable has extracted the preceding description block directly...

6.5CVSS5.5AI score0.00224EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/01 11:2 p.m.4 views

CVE-2026-1733

A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/storeintegral/order/detail/:uni. The manipulation of the argument orderid leads to improper authorization. The attack can be initiated remotely. The exploit is publicly...

5.3CVSS5.6AI score0.00364EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/02/01 6:34 a.m.4 views

Insertion of Sensitive Information into Log File

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the userapikeyauthbuilder function, which leaks expired session keys into the authentication error output of other...

5.3CVSS5.5AI score
Exploits0References3
OSV
OSV
added 2026/02/01 12:16 a.m.12 views

CVE-2026-25069

SunFounder Pironman Dashboard pmdashboard version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files. Successful exploitation can...

9.3CVSS5.9AI score0.00602EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/01 12:0 a.m.7 views

Pironman Dashboard 安全漏洞

Pironman Dashboard is a console interface open-sourced by SunFounder. Versions of Pironman Dashboard prior to 1.3.13 have security vulnerabilities; these vulnerabilities stem from path traversal in the log file API endpoints, which could lead to arbitrary file reading and deletion...

9.3CVSS7.4AI score0.00602EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/02/01 12:0 a.m.3 views

Fedora 43 : chromium (2026-ffccca9880)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ffccca9880 advisory. Update to 144.0.7559.109 CVE-2026-1504: Inappropriate implementation in Background Fetch API Tenable has extracted the preceding description block directly...

6.5CVSS5.5AI score0.00224EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/31 11:46 p.m.3 views

CVE-2026-25069 SunFounder Pironman Dashboard <= 1.3.13 Path Traversal Arbitrary File Read/Deletion

SunFounder Pironman Dashboard pmdashboard version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files. Successful exploitation can...

9.3CVSS5.6AI score0.00602EPSS
Exploits0References5
Chainguard
Chainguard
added 2026/01/31 7:17 p.m.7 views

CVE-2025-61728 vulnerabilities

Vulnerabilities for packages: datadog-agent-fips, cert-manager-cmctl, gatekeeper-fips, thanos-operator-fips, google-osconfig-agent, xeol, helm-operator, flux-source-watcher-fips, helm-set-status, nvidia-nsight-compute-13.2, argo-cd-fips, agentbeat-fips, loki, zitadel, qemu-guesthelper,...

6.5CVSS6.8AI score0.00643EPSS
Exploits1
GithubExploit
GithubExploit
added 2026/01/31 8:7 a.m.259 views

Exploit for CVE-2026-25126

CVE-2026-25126: PolarLearn Vote Count Manipulation Research...

7.1CVSS5.9AI score0.00339EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/01/31 3:19 a.m.6 views

CVE-2026-25040

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...

8.8CVSS5.9AI score0.00523EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2026/01/31 12:0 a.m.8 views

VulnCheck KEV: CVE-2018-11770

From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...

4.9CVSS5.8AI score0.66067EPSS
In wildExploits2References2
EUVD
EUVD
added 2026/01/30 9:30 p.m.5 views

EUVD-2024-36557

It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated privileges...

9.8CVSS5.9AI score0.00603EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/30 9:23 p.m.4 views

CVE-2026-1457

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges...

8.8CVSS6.6AI score0.06605EPSS
Exploits1References1
NVD
NVD
added 2026/01/30 7:16 p.m.7 views

CVE-2024-9432

Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X...

6.9CVSS0.00091EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/30 6:31 p.m.6 views

CVE-2024-9432 Cleartext Storage of Sensitive Information vulnerability has been discovered in OpenText™ Vertica.

Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X...

6.9CVSS5.9AI score0.00091EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/30 6:31 p.m.6 views

CVE-2024-9432

Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X...

6.9CVSS5.9AI score0.00091EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:20 p.m.31 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.6 Vulnerability Details CVEID:CVE-2021-3999 DESCRIPTION: A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A loc...

9.8CVSS6.8AI score0.08673EPSS
Exploits7Affected Software1
OSV
OSV
added 2026/01/30 4:8 p.m.8 views

CLEANSTART-2026-ZM51114 SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption

Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability...

9.8CVSS5.8AI score0.0056EPSS
Exploits1References17
Rows per page
Query Builder