192497 matches found
CVE-2026-1892
A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.cardId/item.checklistId/card.boardId leads to improper authorization. The attack may be launched...
EUVD-2023-48034
EVE Doesn't Protect Config Partition with Measured Boot...
CVE-2026-1884
CVE-2026-1884 affects ZenTao up to 21.7.6-85642. The vulnerable element is the function fetchHook in the file module/webhook/model.php of the Webhook Module. This manipulation enables a server-side request forgery (SSRF) that may be exploited remotely; the exploit is publicly available. Vendors w...
CVE-2023-38010
IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...
CVE-2023-38010
IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...
EUVD-2023-48030
EVE Doesn't Measure Config Partition From 2 Fronts...
CVE-2023-38010 Multiple Vulnerabilities in IBM Cloud Pak System
IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...
EUVD-2023-41837
IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...
CVE-2026-25160
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This...
libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption...
CVE-2026-20123
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the...
CVE-2026-20111 Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. This vulnerability exists because the web-based management...
cpython: Excessive read buffering DoS in http.client
A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into...
EUVD-2025-206791
Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios: Scenario 1...
K000159824: NGINX vulnerability CVE-2026-1642
Security Advisory Description A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be abl...
Handson-3-WEB2_XSS-Attack-Defense
No d...
SQL-Injection-Detector-and-Prevention
SQL-Injection-...
Commvault Initial Administrator Login Process Vulnerability
An issue was discovered in Commvault before 11.36.60.During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured. id:...
CVE-2025-67188
A buffer overflow vulnerability exists in TOTOLINK A950RG V4.1.2cu.5204B20210112. The issue resides in the setRadvdCfg interface of the /lib/cstemodules/ipv6.so module. The function fails to properly validate the length of the user-controlled radvdinterfacename parameter, allowing remote attacker...
CVE-2025-57529
YouDataSum CPAS Audit Management System =v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could...