Lucene search
K

192467 matches found

Snyk
Snyk
•added 2026/03/07 2:31 a.m.•4 views

Symlink Attack

Overview shescape is a simple shell escape library Affected versions of this package are vulnerable to Symlink Attack in resolving shells in unix.js. An attacker can expose sensitive information by configuring the shell path as a symbolic link to another symlink, which may bypass proper escaping ...

6.3CVSS5.8AI score0.00052EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/03/07 1:44 a.m.•5 views

CVE-2026-28395

OpenClaw version 2026.1.14-1 prior to 2026.2.12 contain an improper network binding vulnerability in the Chrome extension must be installed and enabled relay server that treats wildcard hosts as loopback addresses, allowing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUrl...

9.1CVSS5.8AI score0.00396EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/03/07 1:43 a.m.•4 views

CVE-2026-26124

'.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally...

6.7CVSS5.8AI score0.00462EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/03/07 12:0 a.m.•8 views

PT-2026-23840

The MyQtip – easy qTip2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's myqtip shortcode in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00159EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/03/07 12:0 a.m.•7 views

PT-2026-23885

Name of the Vulnerable Software and Affected Versions Freedom Factory dGEN1 versions up to 20260221 Description A flaw exists in Freedom Factory dGEN1 that allows for improper authorization. The issue is located within the FakeAppReceiver function of the org.ethosmobile.ethoslauncher component...

5.3CVSS5.9AI score0.00103EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/03/07 12:0 a.m.•7 views

PT-2026-23880

A security vulnerability has been detected in Freedom Factory dGEN1 up to 20260221. This impacts the function AlarmService of the component com.dgen.alarm. Such manipulation leads to improper authorization. The attack needs to be performed locally. The exploit has been disclosed publicly and may ...

5.3CVSS5.2AI score0.00105EPSS
Exploits0References5
Packet Storm News
Packet Storm News
•added 2026/03/07 12:0 a.m.•2 views

Machine Learning Techniques for Enhancing Quantum Key Distribution

Quantum Key Distribution QKD offers theoretically unbreakable security by leveraging quantum mechanics. However, practical implementation is challenged by environmental vulnerabilities, noise, and hardware imperfections. Recently, Machine Learning ML has emerged as a powerful tool to address thes...

5.8AI score
Exploits0
OSV
OSV
•added 2026/03/06 11:56 p.m.•3 views

GHSA-H6GW-8F77-MMMP WeKnora has DNS Rebinding Vulnerability in web_fetch Tool that Allows SSRF to Internal Resources

Summary A DNS rebinding vulnerability in the webfetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including private IP addresses e.g., 127.0.0.1, 192.168.x.x. By crafting a malicious domain that resolves to a public IP during...

7.5CVSS5.8AI score0.00355EPSS
Exploits1References3
Snyk
Snyk
•added 2026/03/06 10:54 p.m.•0 views

Directory Traversal

Overview dbt-common is a The shared common utilities that dbt-core and adapter implementations use Affected versions of this package are vulnerable to Directory Traversal via the safeextract function. An attacker can write files outside the intended extraction directory by supplying a malicious...

5.3CVSS6.2AI score0.00262EPSS
Exploits0References2
OSV
OSV
•added 2026/03/06 6:45 p.m.•4 views

GHSA-9R75-G2CR-3H76 Vercel Workflow Allows Webhook Creation with Predictable User-Specified Tokens

createWebhook in Vercel Workflow DevKit accepts a user-specified token parameter that serves as the credential for the public webhook endpoint /.well-known/workflow/v1/webhook/token. Official documentation recommended predictable token patterns, making it possible for an unauthenticated remote...

5.3CVSS6AI score
Exploits0References4
RedHat Linux
RedHat Linux
•added 2026/03/06 4:36 p.m.•5 views

pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID

A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service DoS f...

7.5CVSS5.7AI score0.00679EPSS
Exploits0References7
EUVD
EUVD
•added 2026/03/06 3:31 p.m.•5 views

EUVD-2018-21648

ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to reset.php with malicious email values containing SQL operators to bypass authenticati...

8.8CVSS5.9AI score0.00284EPSS
Exploits0References3
EUVD
EUVD
•added 2026/03/06 3:31 p.m.•7 views

EUVD-2018-21626

EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the admin/editsource endpoint with crafted SQL UNION statements to extract database...

8.8CVSS6.1AI score0.00281EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/03/06 3:18 p.m.•3 views

CVE-2026-20748 Everon api.everon.io Insufficient Session Expiration

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS5.8AI score0.00252EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/03/06 3:16 p.m.•30 views

CVE-2026-24696 Everon api.everon.io Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS0.00357EPSS
Exploits0References2
CVE
CVE
•added 2026/03/06 3:16 p.m.•16 views

CVE-2026-24696

Technical details (affected products, versions, exploit information) are not publicly provided in the connected documents. Monitor for updates.

8.7CVSS5.8AI score0.00357EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
•added 2026/03/06 3:5 p.m.•4 views

CVE-2026-20882

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS5.8AI score0.00437EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2026/03/06 3:5 p.m.•4 views

CVE-2026-20882 Mobiliti e-mobi.hu Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS5.8AI score0.00437EPSS
Exploits0References3
Cvelist
Cvelist
•added 2026/03/06 3:4 p.m.•29 views

CVE-2026-2752

Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an unhandled exception, causing the server to return verbose .NET stack traces. These error messages expose internal class names, method calls, and...

5.3CVSS0.00261EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/03/06 2:37 p.m.•9 views

CVE-2026-27750

Avira Internet Security contains a time-of-check time-of-use TOCTOU vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and subsequently deletes them during a separate cleanup phase without revalidating the target...

8.5CVSS5.8AI score0.00102EPSS
Exploits0References1
Rows per page
Query Builder