Lucene search
K

192493 matches found

Vulnrichment
Vulnrichment
added 2026/02/05 12:32 a.m.3 views

CVE-2026-1898 WeKan LDAP User Sync syncUser.js SyncLDAPBleed access control

A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...

6.5CVSS6.1AI score0.00266EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/05 12:32 a.m.5 views

EUVD-2026-5537

A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...

6.5CVSS5AI score0.00266EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/05 12:2 a.m.5 views

CVE-2026-1897 WeKan Position-History Tracking positionHistory.js PositionHistoryBleed authorization

A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipulation results in missing authorization. The attack may be performed from remote. Upgrading to...

5.3CVSS4.6AI score0.003EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.7 views

PT-2026-6598

Name of the Vulnerable Software and Affected Versions Moxa Industrial Linux 3 affected versions not specified Description A physical attack is possible on certain Moxa industrial computers utilizing TPM-backed LUKS full-disk encryption. The discrete TPM is connected to the CPU via an SPI bus...

7.2CVSS5.1AI score0.00115EPSS
Exploits0References24
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.10 views

Moxa Industrial Linux 安全漏洞

Moxa Industrial Linux is an industrial-grade Linux system developed by Moxa Corporation in Taiwan, China. Moxa Industrial Linux has a security vulnerability, which stems from the physical attack vulnerability present in LUKS full-disk encryption supported by TPM. This vulnerability could lead to...

7CVSS5.8AI score0.00222EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/05 12:0 a.m.4 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4AI score0.00177EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/02/05 12:0 a.m.3 views

GNSS SpAmming: A Spoofing-Based GNSS Denial-Of-Service Attack

GNSSs are vulnerable to attacks of two kinds: jamming i.e. denying access to the signal and spoofing i.e. impersonating a legitimate satellite. These attacks have been extensively studied, and we have a myriad of countermeasures to mitigate them. In this paper we expose a new type of attack:...

5.6AI score
Exploits0
EUVD
EUVD
added 2026/02/05 12:0 a.m.3 views

EUVD-2025-206860

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4AI score0.00177EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/05 12:0 a.m.27 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

0.00177EPSS
Exploits0References2
CVE
CVE
added 2026/02/05 12:0 a.m.11 views

CVE-2025-68643

Axigen Mail Server prior to 10.5.57 is affected by a stored XSS in the timeFormat account preference. The vulnerability allows an attacker to inject a malicious JavaScript payload into timeFormat, which is later loaded from storage and inserted into the DOM when the WebMail interface is accessed,...

5.4CVSS5.4AI score0.00177EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/05 12:0 a.m.4 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.5AI score0.00177EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.6 views

PT-2026-6635

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based for Android affected versions not specified Description A flaw in Microsoft Edge for Android allows an attacker to conduct spoofing attacks over a network by misrepresenting critical information in the user...

6.5CVSS5.5AI score0.00595EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.10 views

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a security operating system developed by the American company Fortinet, specifically designed for use on the FortiGate network security platform. This system offers users various security features, including firewalls, antivirus protection, IPSec/SSLVPN, web content filtering,...

3.2CVSS5.8AI score0.00106EPSS
Exploits0References3
Amazon
Amazon
added 2026/02/05 12:0 a.m.11 views

Medium: python-filelock

Issue Overview: filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows loc...

6.5CVSS5.7AI score0.00184EPSS
Exploits1
NVD
NVD
added 2026/02/04 11:15 p.m.13 views

CVE-2026-1895

A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. Upgrading to version 8.21 is able to addre...

6.5CVSS0.00276EPSS
Exploits0References7
EUVD
EUVD
added 2026/02/04 11:15 p.m.6 views

EUVD-2019-19385

Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the...

8.5CVSS5.8AI score0.00161EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/04 11:15 p.m.32 views

CVE-2019-25285 Alps Pointing-device Controller 8.1202.1711.04 - 'ApHidMonitorService' Unquoted Service Path

Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the...

8.5CVSS0.00161EPSS
Exploits0References3
NVD
NVD
added 2026/02/04 10:15 p.m.5 views

CVE-2026-1892

A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.cardId/item.checklistId/card.boardId leads to improper authorization. The attack may be launched...

5CVSS0.00241EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/04 9:38 p.m.6 views

EUVD-2023-48034

EVE Doesn't Protect Config Partition with Measured Boot...

8.8CVSS8AI score0.00161EPSS
Exploits0References4
CVE
CVE
added 2026/02/04 9:32 p.m.19 views

CVE-2026-1884

CVE-2026-1884 affects ZenTao up to 21.7.6-85642. The vulnerable element is the function fetchHook in the file module/webhook/model.php of the Webhook Module. This manipulation enables a server-side request forgery (SSRF) that may be exploited remotely; the exploit is publicly available. Vendors w...

5.8CVSS5.1AI score0.00381EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder