Lucene search
K

192467 matches found

OSV
OSV
added 2026/02/06 3:57 p.m.6 views

OESA-2026-1309 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...

8.5CVSS6.9AI score0.09436EPSS
Exploits2References7
OSV
OSV
added 2026/02/06 3:57 p.m.8 views

OESA-2026-1308 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...

8.5CVSS6.9AI score0.09436EPSS
Exploits2References7
OSV
OSV
added 2026/02/06 3:57 p.m.7 views

OESA-2026-1307 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...

8.5CVSS6.9AI score0.09436EPSS
Exploits2References7
NVD
NVD
added 2026/02/06 1:15 p.m.12 views

CVE-2026-2054

A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the publi...

7.5CVSS0.00907EPSS
Exploits1References6
OSV
OSV
added 2026/02/06 1:15 p.m.5 views

CVE-2026-2054

A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the publi...

7.5CVSS5.5AI score0.00907EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/06 1:2 p.m.27 views

CVE-2026-2055 D-Link DIR-605L/DIR-619L DHCP Client Information information disclosure

A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The affected element is an unknown function of the component DHCP Client Information Handler. Executing a manipulation can lead to information disclosure. The attack may be launched remotely. The exploit has been made...

6.9CVSS0.00907EPSS
Exploits1References6
CVE
CVE
added 2026/02/06 1:2 p.m.11 views

CVE-2026-2055

D-Link DIR-605L/DIR-619L routers (versions 2.06B01 and 2.13B01) contain a weakness in the DHCP Client Information Handler. Manipulation of this component can lead to information disclosure. The attack is remote, and an exploit is publicly available. These products are no longer supported by the m...

7.5CVSS5.6AI score0.00907EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2026/02/06 12:2 p.m.30 views

CVE-2026-2018 itsourcecode School Management System controller.php sql injection

A flaw has been found in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/settings/controller.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

7.5CVSS0.00326EPSS
Exploits1References5
CVE
CVE
added 2026/02/06 9:2 a.m.14 views

CVE-2026-2012

The CVE-2026-2012 vulnerability affects itsourcecode Student Management System 1.0. The flaw is a SQL injection caused by manipulation of the ID argument in /ramonsys/facultyloading/index.php, enabling remote exploitation. Public disclosures exist for the exploit. Remediation guidance across sour...

9.8CVSS7.2AI score0.00326EPSS
Exploits1References5Affected Software1
The Hacker News
The Hacker News
added 2026/02/06 8:40 a.m.9 views

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index PyPI repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution. The compromised versions of the tw...

6.7AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/06 7:40 a.m.140 views

davids-xss-attack-defense

XSS Attack & Defense EXPERIMENT 1: Stored XSS Attack aler...

5.2AI score
Exploits0
CVE
CVE
added 2026/02/06 7:32 a.m.11 views

CVE-2026-2009

The vulnerability CVE-2026-2009 affects SourceCodester Gas Agency Management System 1.0. It targets the file /gasmark/php_action/createUser.php, where improper access controls allow manipulation that enables unauthorized account creation. Exploitation appears remote and an exploit has been publis...

6.5CVSS6.3AI score0.00254EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/02/06 6:15 a.m.10 views

CVE-2026-1991

A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvcscanstreaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be use...

5.5CVSS0.0018EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/02/06 6:2 a.m.5 views

CVE-2026-1998

A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mpimportall of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be launched locally. The exploit has been published and may be used. Patch name:...

4.8CVSS4.9AI score0.00203EPSS
Exploits1References8
EUVD
EUVD
added 2026/02/06 5:32 a.m.7 views

EUVD-2026-5585

A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvcscanstreaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be use...

4.8CVSS4.4AI score0.0018EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/02/06 5:32 a.m.8 views

CVE-2026-1991

A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvcscanstreaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be use...

4.8CVSS4.9AI score0.0018EPSS
Exploits1References6
Snyk
Snyk
added 2026/02/06 2:47 a.m.7 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the ResolveNodeIdToIp function in the SMF component. An attacker can cause a service disruption by sending specially crafted requests remotely. Remediation Upgrade...

7.5CVSS6.1AI score0.00499EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/06 2:32 a.m.4 views

CVE-2026-1975 Free5GC pfcp_reports.go identityTriggerType null pointer dereference

A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcpreports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks...

6.9CVSS5.1AI score0.00526EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/02/06 1:26 a.m.6 views

CVE-2026-1892

A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.cardId/item.checklistId/card.boardId leads to improper authorization. The attack may be launched...

5CVSS5AI score0.00241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.7 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4CVSS5.4AI score0.00177EPSS
Exploits0References1
Rows per page
Query Builder