Lucene search
K

192450 matches found

Cvelist
Cvelist
added 2026/02/06 10:48 p.m.28 views

CVE-2026-25754 AdonisJS multipart body parsing has Prototype Pollution issue

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This issue has been patched in versions 10.1.3 and...

7.2CVSS0.00364EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/06 10:40 p.m.4 views

CVE-2026-25644

DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8...

7.5CVSS5.3AI score0.0031EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/06 10:40 p.m.15 views

CVE-2026-25644

DataHub (open-source metadata platform) is affected by CVE-2026-25644 through the LDAP ingestion source. Prior to version 1.3.1.8, it is vulnerable to a MITM attack via TLS downgrade. The issue has been patched in DataHub 1.3.1.8. Public sources from NVD/Red Hat confirm the vulnerability and the ...

7.5CVSS5.3AI score0.0031EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/06 10:16 p.m.5 views

CVE-2026-2068

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/formSyslogConf. The manipulation of the argument ServerIp results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. The vendor was...

9CVSS0.00673EPSS
Exploits1References5
OSV
OSV
added 2026/02/06 10:16 p.m.12 views

CVE-2026-2069

A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is the function llamagrammaradvancestack of the file llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar Handler. This manipulation causes stack-based buffer overflow. The attack needs to be launched locally. The exploi...

3.3CVSS5.9AI score
Exploits0References8
NVD
NVD
added 2026/02/06 10:16 p.m.6 views

CVE-2025-68621

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthenticated remote attackers to recover HMAC...

7.4CVSS0.00509EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/02/06 9:49 p.m.14 views

CVE-2026-1731

BeyondTrust Remote Support RS and certain older versions of Privileged Remote Access PRA contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the...

9.9CVSS8.1AI score0.87991EPSS
In wildExploits22References4
Cvelist
Cvelist
added 2026/02/06 9:21 p.m.34 views

CVE-2025-68621 Trilium Notes has a Timing Attack Vulnerability in /api/login/sync

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthenticated remote attackers to recover HMAC...

7.4CVSS0.00509EPSS
Exploits2References2
OSV
OSV
added 2026/02/06 9:21 p.m.6 views

CVE-2025-68621 Trilium Notes has a Timing Attack Vulnerability in /api/login/sync

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthenticated remote attackers to recover HMAC...

7.4CVSS5.6AI score0.00509EPSS
Exploits2References4
CVE
CVE
added 2026/02/06 9:21 p.m.10 views

CVE-2025-68621

Trilium Notes has a timing-attack vulnerability in the sync authentication endpoint (/api/login/sync) affecting versions before 0.101.0. Unauthenticated remote attackers can recover HMAC hashes byte-by-byte via statistical timing analysis, enabling complete authentication bypass and full read/wri...

7.4CVSS5.6AI score0.00509EPSS
Exploits2References2Affected Software1
EUVD
EUVD
added 2026/02/06 9:21 p.m.6 views

EUVD-2025-206876

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthenticated remote attackers to recover HMAC...

7.4CVSS5.6AI score0.00509EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/02/06 9:21 p.m.5 views

CVE-2025-68621 Trilium Notes has a Timing Attack Vulnerability in /api/login/sync

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthenticated remote attackers to recover HMAC...

7.4CVSS5.7AI score0.00509EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/02/06 9:21 p.m.4 views

CVE-2025-68621

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthenticated remote attackers to recover HMAC...

7.4CVSS5.6AI score0.00509EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2026/02/06 9:2 p.m.25 views

CVE-2026-2067 UTT 进取 520W formTimeGroupConfig strcpy buffer overflow

A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/formTimeGroupConfig. The manipulation of the argument year1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed...

9CVSS0.00837EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/06 8:44 p.m.5 views

CVE-2026-25628

Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled ondisk.logfile path. Minimal privileges are required read-only access. This vulnerability is fixed in 1.16.0...

8.5CVSS5.5AI score0.0049EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/02/06 8:16 p.m.8 views

CVE-2026-2065

A security flaw has been discovered in Flycatcher Toys smART Pixelator 2.0. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipulation results in missing authentication. The attack can only be performed from the local network. T...

8.8CVSS0.00549EPSS
Exploits0References5
CVE
CVE
added 2026/02/06 8:2 p.m.12 views

CVE-2026-2065

The CVE-2026-2065 entry concerns Flycatcher Toys smART Pixelator 2.0, specifically the Bluetooth Low Energy Interface. The connected documents provide concrete details: a manipulation of the BLE interface leads to missing authentication, the attack is executable from the local network, and exploi...

8.8CVSS5AI score0.00549EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/06 7:16 p.m.4 views

CVE-2026-2063

A security flaw has been discovered in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/setacserver of the component Web Management Interface. The manipulation of the argument acserver results in os command injection. The attack can be launched remotely. The...

7.2CVSS5.6AI score0.04016EPSS
Exploits1References5
OSV
OSV
added 2026/02/06 7:5 p.m.6 views

CVE-2026-25752 FUXA Unauthenticated Remote Arbitrary Device Tag Write

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...

9.3CVSS5.5AI score0.00479EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/06 6:10 p.m.11 views

Gogs user can update repository content with read-only permission

Vulnerability Description The endpoint PUT /repos/:owner/:repo/contents/ does not require write permissions and allows access with read permission only via repoAssignment. After passing the permission check, PutContents invokes UpdateRepoFile, which results in: Commit creation Execution of git pu...

6.5CVSS5.8AI score0.00282EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder