Lucene search
K

676 matches found

EUVD
EUVD
added 2026/05/15 6:36 p.m.16 views

EUVD-2026-30601

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

9.8CVSS5.8AI score0.01709EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/14 7:13 a.m.15 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: dotnet10.0: aspnetcore-runtime-10.0-10.0.8-1.hum1 aarch64, x8664 aspnetcore-runtime-dbg-10.0-10.0.8-1.hum1 aarch64, x8664 aspnetcore-targeting-pack-10.0-10.0.8-1.hum1 aarch64, x8664...

7.5CVSS5.8AI score0.0243EPSS
Exploits0References3
NVD
NVD
added 2026/05/13 6:16 p.m.19 views

CVE-2026-44578

Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the serve...

8.6CVSS0.38696EPSS
Exploits9References5
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.18 views

vm2 安全漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 have security vulnerabilities; these vulnerabilities stem from sandbox boundary violations. During...

7.2CVSS5.9AI score0.002EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/11 2:42 p.m.19 views

Prometheus exporter process crash via malformed HTTP request

Summary A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid URI causes an uncaught TypeError that terminates the process. You...

7.5CVSS5.9AI score0.00455EPSS
Exploits0References3Affected Software3
CVE
CVE
added 2026/05/08 5:17 p.m.25 views

CVE-2026-6659

CVE-2026-6659 affects Crypt::PasswdMD5 up to 1.42 for Perl. Root cause: salts generated with Perl’s built-in rand are predictable, making password hashes vulnerable to weaknesses in randomness. Exploitation details are not provided in the documents. No remediation information is present in the pr...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/05/08 12:0 a.m.13 views

TOR Virtual Network Tunneling Tool 0.4.9.8

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 2026/05/08 12:0 a.m.74 views

📄 Dash-Uploader 0.7.0a2 Path Traversal

There is an unauthenticated path traversal in dash-uploader versions 0.1.0 through 0.7.0a2 allowing arbitrary file write, leading to but not limited to remote code execution, application source code overwrite, stored cross site scripting, and persistent backdoor installation. CVE-2026-38360: Path...

9.8CVSS5.8AI score0.05982EPSS
Exploits5
GithubExploit
GithubExploit
added 2026/05/07 2:59 p.m.93 views

Exploit for CVE-2026-38360

CVE-2026-38360: Directory Traversal in dash-uploader !CVE...

6AI score0.05982EPSS
Exploits5
Snyk
Snyk
added 2026/05/06 8:49 p.m.12 views

SQL Injection

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to SQL Injection via the BuiltinCaptcha process. An attacker can access sensitive data, modify or delete database records, and extract credential hashes by...

9.8CVSS5.8AI score0.01709EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.6 views

JetBrains IntelliJ IDEA Arbitrary Local File Read (CVE-2026-41882)

The version of JetBrains IntelliJ IDEA installed on the remote host is prior to 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, or 2026.1.1. It is, therefore, affected by an arbitrary local file read vulnerability: - In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1...

7.5CVSS6AI score0.00401EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2026/05/05 12:0 a.m.18 views

osbuild-composer security update

149-6.0.1 - Add missing dependency over dracut-config-rescue for image-installer Orabug: 38587453 - Add OL10 support - Update repository URLs for baseos, appstream and UERK - Fix the label for UEKR repository - Simplify repository names JIRA: OLDIS-35893 - Ensure build on latest golang:...

7.5CVSS7.1AI score0.01127EPSS
Exploits0
OSV
OSV
added 2026/05/04 9:27 p.m.7 views

GHSA-HCWR-PQ9G-RQ3M apko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution possible)

apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded .apk packages against the checksum recorded in the signed index. The checksum is parsed and available via ChecksumString, and the downloaded package control hash is computed, but the two values are never...

7.5CVSS5.9AI score0.00159EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/30 11:5 a.m.8 views

CVE-2026-41882

In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server...

7.4CVSS5.3AI score0.00401EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/30 11:5 a.m.5 views

EUVD-2026-26368

In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server...

7.4CVSS5.3AI score0.00401EPSS
Exploits0References1
CVE
CVE
added 2026/04/30 11:5 a.m.19 views

CVE-2026-41882

CVE-2026-41882 affects JetBrains IntelliJ IDEA prior to 2024.3.7.1 and versions 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, and 2026.1.1. The issue enables reading arbitrary local files via the built‑in web server. The root cause details are not provided in the given documents. A patch is indicated by th...

7.5CVSS5.3AI score0.00401EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/30 11:5 a.m.9 views

CVE-2026-41882

In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server...

7.4CVSS5.3AI score0.00401EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.6 views

PT-2026-36089

Name of the Vulnerable Software and Affected Versions JetBrains IntelliJ IDEA versions prior to 2024.3.7.1 JetBrains IntelliJ IDEA versions prior to 2025.1.7.1 JetBrains IntelliJ IDEA versions prior to 2025.2.6.2 JetBrains IntelliJ IDEA versions prior to 2025.3.4.1 JetBrains IntelliJ IDEA version...

7.5CVSS5.9AI score0.00401EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

JetBrains IntelliJ IDEA 后置链接漏洞

JetBrains IntelliJ IDEA is an integrated development environment for Java language developed by the Czech company JetBrains. Versions of JetBrains IntelliJ IDEA prior to 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, and 2026.1.1 have a post-link vulnerability. This vulnerability stems from issu...

7.5CVSS5.9AI score0.00401EPSS
Exploits0References1
NVD
NVD
added 2026/04/29 2:16 p.m.5 views

CVE-2026-42520

Jenkins Credentials Binding Plugin 719.v80e905ef14eb and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins...

7.5CVSS0.00411EPSS
Exploits0References1
Rows per page
Query Builder