Lucene search
K

192497 matches found

NVD
NVD
added 2026/02/04 10:15 p.m.5 views

CVE-2026-1892

A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.cardId/item.checklistId/card.boardId leads to improper authorization. The attack may be launched...

5CVSS0.00241EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/04 9:38 p.m.6 views

EUVD-2023-48034

EVE Doesn't Protect Config Partition with Measured Boot...

8.8CVSS8AI score0.00161EPSS
Exploits0References4
CVE
CVE
added 2026/02/04 9:32 p.m.19 views

CVE-2026-1884

CVE-2026-1884 affects ZenTao up to 21.7.6-85642. The vulnerable element is the function fetchHook in the file module/webhook/model.php of the Webhook Module. This manipulation enables a server-side request forgery (SSRF) that may be exploited remotely; the exploit is publicly available. Vendors w...

5.8CVSS5.1AI score0.00381EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/02/04 9:15 p.m.7 views

CVE-2023-38010

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...

7.5CVSS0.00292EPSS
Exploits0References1
OSV
OSV
added 2026/02/04 9:15 p.m.5 views

CVE-2023-38010

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...

7.5CVSS5.8AI score0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/04 8:43 p.m.6 views

EUVD-2023-48030

EVE Doesn't Measure Config Partition From 2 Fronts...

8.8CVSS8AI score0.00107EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/04 8:24 p.m.25 views

CVE-2023-38010 Multiple Vulnerabilities in IBM Cloud Pak System

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...

5.3CVSS0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/04 8:24 p.m.7 views

EUVD-2023-41837

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...

5.3CVSS5.2AI score0.00292EPSS
Exploits0References2
NVD
NVD
added 2026/02/04 8:16 p.m.19 views

CVE-2026-25160

Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This...

9.1CVSS0.00234EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/02/04 7:21 p.m.12 views

libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption...

8.6CVSS6.7AI score0.00947EPSS
Exploits0References5
OSV
OSV
added 2026/02/04 5:16 p.m.3 views

CVE-2026-20123

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the...

6.1CVSS5.9AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/04 4:11 p.m.29 views

CVE-2026-20111 Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. This vulnerability exists because the web-based management...

4.8CVSS0.00175EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/02/04 3:4 p.m.4 views

cpython: Excessive read buffering DoS in http.client

A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into...

7.5CVSS5.7AI score0.01525EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/04 1:57 p.m.5 views

EUVD-2025-206791

Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios: Scenario 1...

6.7CVSS6.4AI score0.00196EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2026/02/04 1:40 p.m.21 views

K000159824: NGINX vulnerability CVE-2026-1642

Security Advisory Description A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be abl...

8.2CVSS6.1AI score0.00339EPSS
Exploits0Affected Software5
GithubExploit
GithubExploit
added 2026/02/04 9:20 a.m.144 views

Handson-3-WEB2_XSS-Attack-Defense

No d...

5.3AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/04 7:17 a.m.148 views

SQL-Injection-Detector-and-Prevention

SQL-Injection-...

5.6AI score
Exploits0
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.15 views

Commvault Initial Administrator Login Process Vulnerability

An issue was discovered in Commvault before 11.36.60.During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured. id:...

5.4CVSS7.3AI score0.01104EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.5 views

CVE-2025-67188

A buffer overflow vulnerability exists in TOTOLINK A950RG V4.1.2cu.5204B20210112. The issue resides in the setRadvdCfg interface of the /lib/cstemodules/ipv6.so module. The function fails to properly validate the length of the user-controlled radvdinterfacename parameter, allowing remote attacker...

9.8CVSS5.7AI score0.00628EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.5 views

CVE-2025-57529

YouDataSum CPAS Audit Management System =v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could...

9.8CVSS6.2AI score0.00555EPSS
Exploits3References1
Rows per page
Query Builder