Lucene search
K

192497 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/03 6:51 p.m.4 views

CVE-2025-61983

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length...

7.3CVSS5.9AI score0.00469EPSS
Exploits0References5
NVD
NVD
added 2026/02/03 6:16 p.m.5 views

CVE-2020-37112

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information...

7.1CVSS0.00274EPSS
Exploits1References4
Snyk
Snyk
added 2026/02/03 5:42 p.m.5 views

Symlink Attack

Overview compressing is an Everything you need for compressing and uncompressing Affected versions of this package are vulnerable to Symlink Attack via the compressing.tar.uncompress' function, which sanitizes the destination paths of archive entries. An attacker can overwrite or create files in...

8.6CVSS5.7AI score0.00334EPSS
Exploits1References2
Microsoft Secure
Microsoft Secure
added 2026/02/03 5:0 p.m.4 views

Microsoft SDL: Evolving security practices for an AI-powered world

As AI reshapes the world, organizations encounter unprecedented risks, and security leaders take on new responsibilities. Microsoft’s Secure Development Lifecycle SDL is expanding to address AI-specific security concerns in addition to the traditional software security areas that it has...

6.1AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/02/03 5:0 p.m.7 views

Microsoft SDL: Evolving security practices for an AI-powered world

As AI reshapes the world, organizations encounter unprecedented risks, and security leaders take on new responsibilities. Microsoft’s Secure Development Lifecycle SDL is expanding to address AI-specific security concerns in addition to the traditional software security areas that it has...

5.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:52 p.m.4 views

CVE-2020-37112

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information...

7.1CVSS5.6AI score0.00274EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:52 p.m.4 views

CVE-2020-37105

PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests to the /admin/sauvegarde/download.php...

7.1CVSS6.1AI score0.00221EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/02/03 4:52 p.m.5 views

EUVD-2020-30986

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of productdetail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information...

7.1CVSS5.8AI score0.00272EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/03 4:52 p.m.38 views

CVE-2020-37105 PMB 5.6 - 'logid' SQL Injection

PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests to the /admin/sauvegarde/download.php...

7.1CVSS0.00221EPSS
Exploits0References4
hivepro
hivepro
added 2026/02/03 4:51 p.m.8 views

Chrome Zero-Day Vulnerability: Are You Protected?

With billions of users, Google Chrome is more than just a browser; it’s a fundamental part of your organization's attack surface. It’s installed on nearly every endpoint, from the C-suite to the intern pool. This ubiquity is precisely what makes a Chrome zero-day vulnerability so uniquely...

6.2AI score
Exploits0
F5 Networks
F5 Networks
added 2026/02/03 4:42 p.m.8 views

K000159867: MySQL vulnerability CVE-2026-21941

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multip...

4.9CVSS4.9AI score0.00337EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/02/03 4:41 p.m.11 views

Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata

Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon, an artificial intelligence AI assistant built into Docker Desktop and the Docker Command-Line Interface CLI, that could be exploited to execute code and exfiltrate sensitive data. The critical...

7.1AI score
Exploits0
Snyk
Snyk
added 2026/02/03 3:49 p.m.3 views

Timing Attack

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Timing Attack via the checkpassword function in the modwsgi.py file. An attacker can determine the existence of valid usernames b...

7.5CVSS5.5AI score0.00713EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 3:30 p.m.4 views

GHSA-2MCM-79HX-8FXW Django has Observable Timing Discrepancy

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

6.9CVSS5.9AI score0.00713EPSS
Exploits0References6
OSV
OSV
added 2026/02/03 3:16 p.m.4 views

CVE-2025-13473

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

5.3CVSS5.5AI score
Exploits0References3
PyPA
PyPA
added 2026/02/03 3:16 p.m.9 views

PYSEC-2026-42

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack.Earlier, unsupported Django series such as 5.0.x,...

5.3CVSS5.8AI score0.00713EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/02/03 3:16 p.m.7 views

CVE-2025-13473

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

5.3CVSS0.00713EPSS
Exploits0References3
OSV
OSV
added 2026/02/03 3:16 p.m.10 views

PYSEC-2026-42

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

5.3CVSS5.8AI score0.00713EPSS
Exploits0References4
OSV
OSV
added 2026/02/03 3:16 p.m.4 views

CVE-2020-37100

Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the...

7.8CVSS6.1AI score0.00187EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/03 3:14 p.m.25 views

CVE-2026-23795 Apache Syncope: Console XXE on Keymaster parameters

Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive data leakage occurs. Th...

0.00827EPSS
Exploits0References1
Rows per page
Query Builder