Lucene search
K

1288 matches found

CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

webERP 安全漏洞

webERP is an open-source ERP system developed by Tim Schofield. It supports inventory management, permission role management, order management, and financial management. Version 4.15.1 of webERP contains a security vulnerability caused by an unverified file access flaw. Attackers can directly...

9.8CVSS5.8AI score0.00541EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/01/27 5:57 p.m.3 views

CVE-2026-23592

Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

7.2CVSS6.5AI score0.00777EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/27 5:57 p.m.4 views

CVE-2026-23592 Insecure File Handling allows Remote Code Execution in Backup Functionality

Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

7.2CVSS6.5AI score0.00777EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/27 5:57 p.m.21 views

CVE-2026-23592 Insecure File Handling allows Remote Code Execution in Backup Functionality

Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

7.2CVSS0.00777EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.8 views

phpMyFAQ security vulnerabilities

phpMyFAQ is a multilingual, database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ 4.0.16 and earlier contain security vulnerabilities. These vulnerabilities stem from authorization logic flaws, which may allow non-administrative users to trigger configuration backups and...

6.5CVSS5.8AI score0.01734EPSS
Exploits3References3
Snyk
Snyk
added 2026/01/23 8:17 p.m.6 views

Improper Authorization

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Improper Authorization via the backup endpoint in the setup API. An attacker can access sensitive configuration backups by sending authenticated request...

7.1CVSS5.5AI score0.01734EPSS
Exploits3References2
The Hacker News
The Hacker News
added 2026/01/21 6:40 a.m.6 views

LastPass Warns of Fake Maintenance Messages Targeting Users' Master Passwords

LastPass is alerting users to a new active phishing campaign that's impersonating the password management service, which aims to trick users into giving up their master passwords. The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming upcoming maintenan...

5.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/01/20 4:30 p.m.11 views

Pterodactyl improperly locks resources allowing raced queries to create more resources than alloted

Summary Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and validated during the request cycle. However, it is possib...

6.5CVSS5.6AI score0.00212EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/01/20 4:30 p.m.5 views

EUVD-2025-206300

Pterodactyl improperly locks resources allowing raced queries to create more resources than alloted...

6CVSS5.4AI score0.00212EPSS
Exploits0References3
NVD
NVD
added 2026/01/19 7:16 p.m.6 views

CVE-2025-69198

Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...

6.5CVSS0.00212EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/19 7:5 p.m.15 views

CVE-2025-69198 Pterodactyl's improper resource locking allows raced queries to create more resources than alloted

Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...

6CVSS0.00212EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/19 7:5 p.m.6 views

CVE-2025-69198

Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...

6.5CVSS5.4AI score0.00212EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/19 7:5 p.m.4 views

CVE-2025-69198 Pterodactyl's improper resource locking allows raced queries to create more resources than alloted

Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...

6CVSS5.6AI score0.00212EPSS
Exploits0References2
CVE
CVE
added 2026/01/19 7:5 p.m.19 views

CVE-2025-69198

Pterodactyl panel suffers a race condition in resource locking: before v1.12.0, concurrent requests can bypass per-server resource validation and concurrently create more databases, allocations, or backups than configured, denying resources to other users and potentially exhausting node quotas. T...

6.5CVSS5.6AI score0.00212EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/19 7:5 p.m.6 views

CVE-2025-69198 Pterodactyl's improper resource locking allows raced queries to create more resources than alloted

Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...

6CVSS5.6AI score0.00212EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.9 views

PT-2026-3485

Name of the Vulnerable Software and Affected Versions Pterodactyl versions prior to 1.12.0 Description Pterodactyl is a game server management panel that applies rate limits to resources like databases, port allocations, and backups on a per-server basis. In versions before 1.12.0, a malicious us...

6.5CVSS5.5AI score0.00212EPSS
Exploits0References9
GithubExploit
GithubExploit
added 2026/01/17 2:59 a.m.215 views

Exploit for CVE-2025-8489

100-days-challenge-day-21--WP scan WP Scan helped identify co...

10CVSS8.8AI score0.20631EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000736)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000736 advisory. fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNTNODEV, MNTNOSUID, and MNTNOEXEC and changing MNTATIMEMASK during a remount o...

6.2CVSS7AI score0.00888EPSS
Exploits6References15
RedhatCVE
RedhatCVE
added 2026/01/09 9:50 a.m.10 views

CVE-2020-24366

Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups...

3.3CVSS6.7AI score0.0029EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:3 a.m.9 views

CVE-2024-39118

Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up...

5.5CVSS7AI score0.00311EPSS
Exploits1References1
Rows per page
Query Builder