Lucene search
+L

185 matches found

NVD
NVD
added 2026/07/09 3:16 p.m.8 views

CVE-2026-54798

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt th...

7.1CVSS0.0024EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/09 2:15 p.m.8 views

EUVD-2026-42593

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt th...

7.1CVSS5.9AI score0.0024EPSS
Exploits0References1
NOZOMI
NOZOMI
added 2026/07/07 12:0 a.m.5 views

Open Redirect in SAML Single Sign-On in Guardian/CMC before 26.2.0

Summary An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. Impact An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for...

7.1CVSS5.9AI score0.00167EPSS
Exploits0Affected Software2
OSV
OSV
added 2026/07/02 4:6 p.m.4 views

CVE-2026-55952 TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS6.1AI score0.00487EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/29 3:19 p.m.6 views

EUVD-2026-40126

Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...

5.8CVSS5.8AI score0.00083EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 12:0 a.m.12 views

CVE-2025-60474

GPAC MP4Box up to version 26.01.x has a buffer overflow in the gf_media_import() function (in /media_tools/av_parsers.c). The underlining issue allows DoS via crafted input, affecting MP4Box before 26.02.0. Public sources consistently cite GPAC MP4Box versions prior to 26.02.0 as vulnerable, with...

7.5CVSS6.1AI score0.00579EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.10 views

CVE-2026-33583

Exposure of the QKEY used as input into the ‘OTA-Quantum’ device registration process and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03...

8.7CVSS5.5AI score0.00208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.10 views

CVE-2024-47097

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...

5.1CVSS5.6AI score0.00319EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 6:16 p.m.16 views

CVE-2026-46390 HAX CMS has Unauthenticated Git Access via User-Controlled Key

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenticated browsing of git repositories and git history. Version 26.0.0 patches the issue...

6.9CVSS5.5AI score0.0027EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.25 views

PT-2026-45722

LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database...

5.3CVSS5.8AI score0.00268EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 3:16 p.m.8 views

UBUNTU-CVE-2025-60481

A NULL pointer dereference in the gfodfac4cfgdsiv1 function /odf/descriptors.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted AC4 file...

5.5CVSS5.8AI score0.00143EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/01 12:0 a.m.12 views

EUVD-2025-210007

A segmentation violation in the gfmediagetcolorinfo function /mediatools/isomtools.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted data file...

5.5CVSS5.8AI score0.00133EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.14 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 29 contain security vulnerabilities. These vulnerabilities allow unauthorized remote attackers to read arbitrary image files on a disk that can be accessed by PHP...

6.9CVSS5.9AI score0.00455EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.26 views

PT-2026-44213

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...

5.1CVSS6AI score0.00319EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/22 2:24 p.m.16 views

CVE-2026-8992

An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code...

8.8CVSS6.1AI score0.00564EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:18 p.m.14 views

CVE-2026-7431

An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section...

7.8CVSS5.8AI score0.00284EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.24 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

7.5CVSS5.8AI score0.00411EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple watchOS is an operating system for smart watches. Several Apple products have security vulnerabilities; these...

7.3CVSS5.8AI score0.00274EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.15 views

Apple多款产品 安全漏洞

Apple iOS and other products are owned by the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

8.8CVSS5.8AI score0.00378EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.14 views

WWBN AVideo 注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained an injection vulnerability. This vulnerability stemmed from the improper escaping of CRLF characters in the plugin/Scheduler/downloadICS.php file, which could allo...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References2
Rows per page
Query Builder