Lucene search
K

1725 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/07 8:35 p.m.6 views

CVE-2026-55635

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, chart quota and Y-axis filters embed attacker-controlled filter values directly into generated SQL in Quota2SQLObj.getYWheres without applying the SQL literal validation and escaping used by other filter paths,...

8.7CVSS6AI score0.00266EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.8 views

PT-2026-56252

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description An authenticated user capable of creating or modifying chart definitions, or submitting chart data requests containing quota filters, can inject SQL into queries executed against configured...

8.7CVSS6.1AI score0.00266EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

Axis Communications AXIS OS Improper Validation of Specified Type of Input (CVE-2024-47261)

A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device. Axis has released patched AXIS OS...

4.3CVSS5.9AI score0.00347EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Axis Communications AXIS OS Improper Validation of Syntactic Correctness of Input (CVE-2024-6173)

A researcher in the AXIS OS Bug Bounty Program has found that a Guard Tour VAPIX API parameter accepted arbitrary values, which could let an attacker block access to the guard tour configuration page in the web interface of the Axis device. Axis has released patched AXIS OS versions for this flaw...

6.5CVSS6AI score0.00391EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Axis Communications AXIS OS Cleartext Transmission of Sensitive Information (CVE-2024-0066)

A researcher in the AXIS OS Bug Bounty Program has found that a O3C feature may expose sensitive traffic between the client Axis device and O3C server. This issue does not apply if O3C is not used. Axis has released patched AXIS OS versions for this flaw. This plugin only works with Tenable.ot...

5.3CVSS5.9AI score0.00205EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Axis Communications AXIS OS Improper Validation of Syntactic Correctness of Input (CVE-2024-8160)

A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection to transfer files to/from the Axis device. This flaw can only be exploited after authenticating with an...

3.8CVSS5.9AI score0.00614EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.6 views

Axis Communications AXIS OS Path Traversal (CVE-2024-0067)

A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for this flaw. This plugin only works with...

4.3CVSS5.9AI score0.0038EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Axis Communications AXIS OS Improper Neutralization of Wildcards or Matching Symbols (CVE-2024-0054)

A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX APIs locallist.cgi, createoverlay.cgi and irissetup.cgi were vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for this flaw. This plugin only works with...

6.5CVSS5.9AI score0.00572EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.5 views

Axis Communications AXIS OS Improper Validation of Syntactic Correctness of Input (CVE-2024-8772)

A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack enabling an attacker to block access to the overlay configuration page in the web interface of the Axis device. Exploitation requires prior authentication...

4.3CVSS5.9AI score0.00418EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Axis Communications AXIS OS Improper Neutralization of Wildcards or Matching Symbols (CVE-2024-6509)

A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has released patched AXIS OS versions for this flaw. This plugin only works with Tenable.ot. Please visit...

6.5CVSS5.9AI score0.00391EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.6 views

Axis Communications AXIS OS Improper Restriction of Names for Files and Other Resources (CVE-2024-47260)

Lasse Trind, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory. Axis has released patched AXIS OS versions for thi...

6.5CVSS5.9AI score0.00374EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.6 views

Axis Communications AXIS OS Improper Neutralization of Wildcards or Matching Symbols (CVE-2024-0055)

A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX APIs mediaclip.cgi and playclip.cgi were vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for this flaw. This plugin only works with Tenable.ot. Please...

6.5CVSS5.9AI score0.00596EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Axis Communications AXIS OS Improper Validation of Specified Type of Input (CVE-2024-47262)

Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Axis has released patched AXIS OS versions for this flaw. Endpoints not...

5.3CVSS6AI score0.00334EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-550 TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation

Impact Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE. When axis is larger than the dim of input, c-Diminput,axis goes out of bound. Same problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Gra...

9.8CVSS6.7AI score0.00831EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-549 TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation

Impact Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE. When axis is larger than the dim of input, c-Diminput,axis goes out of bound. Same problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Gra...

9.8CVSS6.7AI score0.00831EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-548 TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation

Impact Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE. When axis is larger than the dim of input, c-Diminput,axis goes out of bound. Same problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Gra...

9.8CVSS6.7AI score0.00831EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.12 views

CVE-2026-44903

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

6.1CVSS5.6AI score0.00182EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/29 10:4 p.m.10 views

Malicious Package

Overview axis-abc-search-address is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/29 10:4 p.m.8 views

Malicious Package

Overview axis-abc-search-account is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/29 10:2 p.m.18 views

Malicious Package

Overview axis-notification is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder