Lucene search
K

192497 matches found

RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.7 views

CVE-2026-25222

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...

7.5CVSS5.5AI score0.00413EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/04 12:2 a.m.5 views

CVE-2026-1835 lcg0124 BootDo cross-site request forgery

A vulnerability was identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. This affects an unknown part. The manipulation leads to cross-site request forgery. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product...

5.3CVSS4.8AI score0.00194EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.8 views

PT-2026-6082

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Collaboration Endpoint Software affected versions not specified Cisco RoomOS Software affected versions not specified Description A flaw exists in the text rendering subsystem that could allow a remote attacker to cause a...

7.5CVSS5.7AI score0.0037EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.6 views

Ubuntu 25.10 : CRaC JDK 17 vulnerabilities (USN-7997-1)

The remote Ubuntu 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7997-1 advisory. It was discovered that the RMI component of CRaC JDK 17 would establish RMI TCP endpoint connections to a remote host without setting an endpoint...

7.5CVSS6.6AI score0.00864EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.4 views

RockyLinux 10 : python3.12 (RLSA-2026:1828)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:1828 advisory. cpython: Excessive read buffering DoS in http.client CVE-2025-13836 cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of...

7.5CVSS7.3AI score0.01525EPSS
Exploits0References5
Snyk
Snyk
added 2026/02/03 10:55 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the validating admission controller feature. An attacker can exhaust system memory resources by sending large requests, potentially causing the controller pod to be terminated or...

7.1CVSS5.5AI score0.0046EPSS
Exploits1References2
NVD
NVD
added 2026/02/03 10:16 p.m.7 views

CVE-2020-37081

Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database manageme...

7.1CVSS0.00198EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/03 10:1 p.m.3 views

CVE-2020-37078 i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion

i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the deleteimport parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from...

8.8CVSS5.5AI score0.00325EPSS
Exploits0References4
CVE
CVE
added 2026/02/03 10:1 p.m.10 views

CVE-2020-37078

CVE-2020-37078 involves i-doit Open Source CMDB 1.14.1. The vulnerability is a file deletion flaw in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete_import parameter. An attacker can issue a crafted POST request to the import module (with...

8.8CVSS5.5AI score0.00325EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/03 9:19 p.m.6 views

CVE-2025-69207

Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...

7.1CVSS5.6AI score0.00361EPSS
Exploits1References1
NVD
NVD
added 2026/02/03 9:16 p.m.6 views

CVE-2026-1861

Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00413EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 9:13 p.m.7 views

Timing Attack

Overview prestashop/prestashop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers. Affected versions of this package are vulnerable to Timing Attack via the login function. An attacker can obtain information about the...

6.9CVSS5.5AI score0.00269EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 8:30 p.m.3 views

GO-2026-4344 File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser

File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser...

5.3CVSS5.2AI score0.00417EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/03 8:12 p.m.6 views

CVE-2025-13473

A flaw was found in Django. A remote attacker can exploit a timing attack vulnerability in the django.contrib.auth.handlers.modwsgi.checkpassword function, which is used for authentication via the Apache modwsgi module. This allows the attacker to determine valid usernames on the system, leading ...

5.3CVSS5.3AI score0.00713EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:52 p.m.3 views

CVE-2025-62501

SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle MITM attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53...

7CVSS5.4AI score0.00465EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/03 6:52 p.m.3 views

CVE-2025-62501 SSH Hostkey Misconfiguration Vulnerability in TP-Link Archer AX53

SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle MITM attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53...

7CVSS5.4AI score0.00465EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/03 6:52 p.m.28 views

CVE-2025-62501 SSH Hostkey Misconfiguration Vulnerability in TP-Link Archer AX53

SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle MITM attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53...

7CVSS0.00465EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/03 6:52 p.m.3 views

CVE-2025-62405 Heap-based Buffer Overflow Vulnerability in TP-Link Archer AX53

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected...

7.3CVSS5.9AI score0.00469EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/03 6:51 p.m.4 views

EUVD-2025-206670

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue...

7.3CVSS5.9AI score0.00469EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/03 6:51 p.m.33 views

CVE-2025-62404 Heap-based Buffer Overflow Vulnerability in TP-Link Archer AX53

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue...

7.3CVSS0.00469EPSS
Exploits0References4
Rows per page
Query Builder