Lucene search
K

192407 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/08 1:9 a.m.8 views

CVE-2026-2206

A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Performing a manipulation results in improper access controls. It is possible to initiate the attack...

6.5CVSS6.1AI score0.00239EPSS
Exploits0References7
EUVD
EUVD
added 2026/02/08 1:9 a.m.20 views

EUVD-2026-5823

A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Performing a manipulation results in improper access controls. It is possible to initiate the attack...

8.8CVSS6.1AI score0.00239EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/08 1:9 a.m.6 views

CVE-2026-2205

A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. Upgrading to version 8.21 is able to...

5.3CVSS4.8AI score0.00235EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/02/08 12:32 a.m.35 views

CVE-2026-2120 D-Link DIR-823X Configuration Parameter set_server_settings os command injection

A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/setserversettings of the component Configuration Parameter Handler. The manipulation of the argument terminaladdr/serverip/serverport leads to os command injection. The attack may be...

8.6CVSS0.03916EPSS
Exploits1References5
Packet Storm News
Packet Storm News
added 2026/02/08 12:0 a.m.3 views

Rethinking Latency Denial-Of-Service: Attacking the LLM Serving Framework, Not the Model

Large Language Models face an emerging and critical threat known as latency attacks. Because LLM inference is inherently expensive, even modest slowdowns can translate into substantial operating costs and severe availability risks. Recently, a growing body of research has focused on algorithmic...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.8 views

PT-2026-6944

Name of the Vulnerable Software and Affected Versions Wekan versions up to 8.20 Description A flaw exists in Wekan that could allow information disclosure. This issue impacts an unspecified part of the server/publications/cards.js file within the Meteor Publication Handler component. The attack c...

5.3CVSS5.3AI score0.00235EPSS
Exploits0References8
Packet Storm News
Packet Storm News
added 2026/02/08 12:0 a.m.6 views

RECUR: Resource Exhaustion Attack Via Recursive-Entropy Guided Counterfactual Utilization and Reflection

Large Reasoning Models LRMs employ reasoning to address complex tasks. Such explicit reasoning requires extended context lengths, resulting in substantially higher resource consumption. Prior work has shown that adversarially crafted inputs can trigger redundant reasoning processes, exposing LRMs...

5.5AI score
Exploits0
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.9 views

Code-Projects Contact Management System SQL注入漏洞

Code-Projects Contact Management System is an open-source contact management system developed by Code-Projects. Version 1.0 of the Code-Projects Contact Management System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter selecteditem0 in the...

8.8CVSS6.7AI score0.00243EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.10 views

PT-2026-7020

Name of the Vulnerable Software and Affected Versions Tenda RX3 version 16.03.13.11 Description A flaw exists in the fromSetIpMacBind function within the /goform/SetIpMacBind file. Manipulation of the argument list can trigger a stack-based buffer overflow. This issue can be exploited remotely. T...

9CVSS6AI score0.00817EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.5 views

Code-Projects Online Application System for Admission SQL注入漏洞

Code-Projects Online Application System for Admission is an online application system developed by Code-Projects. Version 1.0 of the Code-Projects Online Application System for Admission contains a SQL injection vulnerability. This vulnerability stems from incorrect operations with the...

9.8CVSS7.2AI score0.00391EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/02/08 12:0 a.m.6 views

Evasion of IoT Malware Detection Via Dummy Code Injection

The Internet of Things IoT has revolutionized connectivity by linking billions of devices worldwide. However, this rapid expansion has also introduced severe security vulnerabilities, making IoT devices attractive targets for malware such as the Mirai botnet. Power side-channel analysis has...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.9 views

PT-2026-6962

Name of the Vulnerable Software and Affected Versions projectworlds Online Food Ordering System version 1.0 Description A flaw exists in projectworlds Online Food Ordering System version 1.0, specifically within an unknown function of the /view-ticket.php file. Manipulation of the ID argument can...

9.8CVSS5.5AI score0.00326EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.10 views

PT-2026-7019

Name of the Vulnerable Software and Affected Versions Tenda RX3 version 16.03.13.11 Description A flaw exists in Tenda RX3 version 16.03.13.11 related to buffer overflow. The issue is located in the set device name function within the /goform/setBlackRule file, part of the MAC Filtering...

9CVSS6.3AI score0.00688EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.5 views

PT-2026-6985

Name of the Vulnerable Software and Affected Versions Tenda AC8 version 16.03.33.05 Description A buffer overflow issue exists in the fromSetWifiGusetBasic function within the /goform/WifiGuestSet file of the httpd component. The shareSpeed argument can be manipulated to trigger this issue,...

9CVSS5.8AI score0.00622EPSS
Exploits1References8
OSV
OSV
added 2026/02/07 11:15 p.m.4 views

CVE-2026-2115

A flaw has been found in itsourcecode Society Management System 1.0. This issue affects some unknown processing of the file /admin/deleteexpenses.php. This manipulation of the argument expensesid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published...

9.8CVSS5.7AI score0.00323EPSS
Exploits1References5
CVE
CVE
added 2026/02/07 11:2 p.m.20 views

CVE-2026-2116

CVE-2026-2116 affects itsourcecode Society Management System 1.0. An SQL injection vulnerability exists in the admin/edit_expenses.php file triggered by manipulating the expenses_id argument, with remote access possible. Multiple sources confirm the flaw and public exploitation has been disclosed...

9.8CVSS7.2AI score0.00381EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/07 10:32 p.m.5 views

CVE-2026-2115 itsourcecode Society Management System delete_expenses.php sql injection

A flaw has been found in itsourcecode Society Management System 1.0. This issue affects some unknown processing of the file /admin/deleteexpenses.php. This manipulation of the argument expensesid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published...

7.5CVSS5.5AI score0.00323EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/07 9:32 p.m.29 views

CVE-2025-15564 Mapnik value.cpp operator divide by zero

A vulnerability has been found in Mapnik up to 4.2.0. This vulnerability affects the function mapnik::detail::mod::operator of the file src/value.cpp. The manipulation leads to divide by zero. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used...

4.8CVSS0.00203EPSS
Exploits1References6
CVE
CVE
added 2026/02/07 5:32 p.m.13 views

CVE-2026-2106

The CVE-2026-2106 entry relates to yeqifu warehouse, affecting the Notice Management component. The exposed flaw is in NoticeController.java functions addNotice, updateNotice, deleteNotice, and batchDeleteNotice, causing improper authorization and enabling remote exploitation. Publicly disclosed ...

8.8CVSS6AI score0.00326EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2026/02/07 5:2 p.m.25 views

CVE-2026-2105 yeqifu warehouse Department Management DeptController.java deleteDept improper authorization

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\DeptController.java of the component Department Management...

6.5CVSS0.00276EPSS
Exploits1References6
Rows per page
Query Builder