Lucene search
K

57415 matches found

CNNVD
CNNVD
added 2026/01/30 12:0 a.m.5 views

Crafty Controller path traversal vulnerability

Crafty Controller is a Minecraft server control panel/launcher for Arcadia. Crafty Controller has a path traversal vulnerability, which stems from an input validation flaw in the File Operations API Endpoint component. This vulnerability could allow authenticated remote attackers to manipulate...

9.9CVSS6.2AI score0.00681EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.6 views

PT-2026-5499

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the Keycloak Admin API that allows an administrator with limited privileges to retrieve sensitive custom attributes. This is achieved through the /unmanagedAttributes API...

2.7CVSS5.3AI score0.00364EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2026/01/30 12:0 a.m.6 views

MiracleLinux 8 : python-urllib3-1.24.2-9.el8_10 (AXSA:2026-099:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-099:02 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

8.9CVSS5.9AI score0.02667EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/30 12:0 a.m.4 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : wlc vulnerabilities (USN-7981-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7981-1 advisory. It was discovered that wlc did not correctly handle SSL verification. An attacker could possibly use this iss...

5.5CVSS6AI score0.00164EPSS
Exploits0References3
CVE
CVE
added 2026/01/29 10:6 p.m.20 views

CVE-2026-25126

PolarLearn prior to version 0-PRERELEASE-15 is vulnerable in the vote API at POST /api/v1/forum/vote, where the request body field direction is not validated at runtime. This allows sending arbitrary strings; downstream VoteServer treats any non-up and non-null value as a downvote and stores the ...

7.1CVSS6AI score0.00339EPSS
Exploits2References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/29 10:6 p.m.6 views

CVE-2026-25126

PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route POST /api/v1/forum/vote trusts the JSON body’s direction value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings e.g., "x" ...

7.1CVSS6AI score0.00339EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2026/01/29 10:6 p.m.4 views

CVE-2026-25126 PolarLearn's unvalidated vote direction allows vote count manipulation

PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route POST /api/v1/forum/vote trusts the JSON body’s direction value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings e.g., "x" ...

7.1CVSS6AI score0.00339EPSS
Exploits2References4
Cvelist
Cvelist
added 2026/01/29 9:33 p.m.23 views

CVE-2026-25040 Budibase Vulnerable to Privilege Escalation via API Abuse – Creator Can Invite Users with Admin/Any Role

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...

7.1CVSS0.00523EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/29 9:33 p.m.6 views

EUVD-2026-4950

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...

7.1CVSS5.9AI score0.00523EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/29 9:33 p.m.4 views

CVE-2026-25040

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...

7.1CVSS5.9AI score0.00523EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/01/29 9:33 p.m.5 views

CVE-2026-25040 Budibase Vulnerable to Privilege Escalation via API Abuse – Creator Can Invite Users with Admin/Any Role

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...

7.1CVSS5.9AI score0.00523EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/29 9:21 p.m.9 views

CVE-2026-24742

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References1
OSV
OSV
added 2026/01/29 7:16 p.m.3 views

CVE-2026-1457

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges...

8.8CVSS6.6AI score0.06605EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/29 6:52 p.m.5 views

EUVD-2026-4967

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges...

8.5CVSS6.5AI score0.06605EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/29 6:52 p.m.7 views

CVE-2026-1457

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges...

8.5CVSS6.5AI score0.06605EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/01/29 6:52 p.m.5 views

CVE-2026-1457 Authenticated RCE Vulnerability Due to Buffer Overflow on TP-Link VIGI C385

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges...

8.5CVSS6.5AI score0.06605EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/29 6:52 p.m.36 views

CVE-2026-1457 Authenticated RCE Vulnerability Due to Buffer Overflow on TP-Link VIGI C385

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges...

8.5CVSS0.06605EPSS
Exploits1References3
CVE
CVE
added 2026/01/29 6:52 p.m.26 views

CVE-2026-1457

CVE-2026-1457 is an authenticated buffer-overflow vulnerability in the TP-Link VIGI C385 V1 Web API (input sanitization flaw) that can cause memory corruption and allow remote code execution with elevated privileges. Affected product: TP-Link VIGI C385 V1. Impact: authenticated attackers may exec...

8.8CVSS6.5AI score0.06605EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/01/29 5:12 p.m.5 views

EUVD-2026-4957

immich is a high performance self-hosted photo and video management solution. Prior to version 2.5.0, API keys can escalate their own permissions by calling the update endpoint, allowing a low-privilege API key to grant itself full administrative access to the system. Version 2.5.0 fixes the issu...

7.2CVSS5.9AI score0.00303EPSS
Exploits1References1
OSV
OSV
added 2026/01/29 5:12 p.m.5 views

CVE-2026-23896 immich API Key Privilege Escalation vulnerability

immich is a high performance self-hosted photo and video management solution. Prior to version 2.5.0, API keys can escalate their own permissions by calling the update endpoint, allowing a low-privilege API key to grant itself full administrative access to the system. Version 2.5.0 fixes the issu...

7.2CVSS5.9AI score0.00303EPSS
Exploits1References3
Rows per page
Query Builder