Lucene search
K

192467 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/05 5:45 p.m.6 views

CVE-2025-15557

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication,...

7.5CVSS5.4AI score0.00183EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/05 5:22 p.m.7 views

EUVD-2025-206826

The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle MitM attack to execute JavaScript code o...

5.9CVSS5.8AI score0.00425EPSS
Exploits0References8
OSV
OSV
added 2026/02/05 5:16 p.m.5 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/05 4:58 p.m.6 views

EUVD-2026-5533

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

7CVSS5.3AI score0.00222EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/02/05 4:39 p.m.6 views

runc: container escape with malicious config due to /dev/console mount and related races

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount to /dev/pts/$n, if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount...

8.4CVSS5.7AI score0.00526EPSS
Exploits1References5
EUVD
EUVD
added 2026/02/05 4:13 p.m.10 views

EUVD-2020-31030

Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can generate a 450-byte buffer of repeated characters and paste it into the file open dialog to trigge...

5.5CVSS5.5AI score0.00214EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/05 4:13 p.m.5 views

EUVD-2020-31021

Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit the vulnerability by sending crafted POST requests with command injection payloads to download a...

9.8CVSS6.8AI score0.06301EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/02/05 4:3 p.m.5 views

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS5.9AI score0.01056EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/05 3:27 p.m.12 views

Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities

Summary IBM Enterprise Build of Quarkus is affected by Netty CRLF injection vulnerability, SCRAM authentication vulnerability, Hibernate Reactive database connection leak vulnerability and Quarkus REST worker thread exhaustion vulnerability. Vulnerability Details CVEID:CVE-2025-14969 DESCRIPTION:...

8.7CVSS7.3AI score0.00835EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2026/02/05 2:53 p.m.20 views

Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.2 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

8.7CVSS6.6AI score0.00835EPSS
Exploits1References37
RedHat Linux
RedHat Linux
added 2026/02/05 2:53 p.m.6 views

ongres-scram: Timing Attack Vulnerability in SCRAM Authentication

A timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals was used to compare secret values such as client proofs and server signatures. Since Arrays.equals performs a short-circuit comparison, the execution time varies depending on how many...

8.7CVSS5.9AI score0.00835EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/02/05 2:43 p.m.5 views

ongres-scram: Timing Attack Vulnerability in SCRAM Authentication

A timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals was used to compare secret values such as client proofs and server signatures. Since Arrays.equals performs a short-circuit comparison, the execution time varies depending on how many...

8.7CVSS5.9AI score0.00835EPSS
Exploits0References7
EUVD
EUVD
added 2026/02/05 1:30 p.m.6 views

EUVD-2025-206875

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

8.6CVSS5.7AI score0.00351EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 8:38 a.m.5 views

BIT-DJANGO-2025-13473 Username enumeration through timing difference in mod_wsgi authentication handler

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

5.3CVSS5.5AI score0.00713EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/02/05 3:46 a.m.8 views

libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption...

8.6CVSS6.7AI score0.00947EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/05 3:34 a.m.2 views

libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption...

8.6CVSS6.7AI score0.00947EPSS
Exploits0References5
Snyk
Snyk
added 2026/02/05 3:20 a.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the comment field in song metadata. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious content into this field. Details Cross-site scripting or XSS is a...

6.1CVSS5.6AI score0.00297EPSS
Exploits1References3
NVD
NVD
added 2026/02/05 1:15 a.m.6 views

CVE-2026-1898

A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...

6.5CVSS0.00266EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/02/05 12:47 a.m.9 views

SUSE CVE-2025-13473

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

7.5CVSS5.4AI score0.00713EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/05 12:32 a.m.3 views

CVE-2026-1898 WeKan LDAP User Sync syncUser.js SyncLDAPBleed access control

A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...

6.5CVSS6.1AI score0.00266EPSS
Exploits0References6
Rows per page
Query Builder