Lucene search
+L

325 matches found

cve
cve
added 4 days ago11 views

CVE-2026-22100

The CVE-2026-22100 entry describes a command injection in the OCPP DataTransfer message ReserveLogin. By manipulating the data value, arbitrary OS commands can be executed with root privileges. Exploitation details, affected versions, and concrete remediation are not provided in the connected doc...

8.6CVSS6.2AI score0.01036EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/26 7:40 a.m.7 views

CVE-2026-53162

A flaw was found in the Linux kernel's memory cgroup memcg subsystem. When a non-maskable interrupt NMI occurs during an update of the system's random number generation state, it can lead to corruption of that state. This issue can result in memory cgroup charge draining, potentially causing syst...

7.8CVSS5.8AI score0.00136EPSS
Exploits0References4
cve
cve
added 2026/06/18 5:34 a.m.24 views

CVE-2026-12093

The CVE-2026-12093 entry concerns the WordPress Simple Membership plugin (versions up to and including 4.7.5). The root cause is missing authorization verification, enabling unauthenticated attackers to deactivate arbitrary member accounts by forging a charge.refunded Stripe webhook with a victim...

5.3CVSS5.5AI score0.00352EPSS
Exploits0References10
osv
osv
added 2026/05/08 1:11 p.m.2 views

CVE-2026-43287 drm: Account property blob allocations to memcg

In the Linux kernel, the following vulnerability has been resolved: drm: Account property blob allocations to memcg DRMIOCTLMODECREATEPROPBLOB allows userspace to allocate arbitrary-sized property blobs backed by kernel memory. Currently, the blob data allocation is not accounted to the allocatin...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References11
nessus
nessus
added 2026/04/22 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013725)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013725 advisory. In the Linux kernel, the following vulnerability has been resolved: power: supply: adp5061: fix out-of-bounds read in adp5061getchgtype ADP5061CHGSTATUS1CHGSTATUS is...

5.8AI score0.00183EPSS
Exploits0References4
malwarebytes
malwarebytes
added 2026/04/21 12:59 p.m.9 views

Real Apple notifications are being used to drive tech support scams

Scammers have found a way to abuse legitimate Apple account notification emails to trick targets into calling fake tech support numbers. According to a report from BleepingComputer, scammers create an Apple account and insert a phishing message into the personal information fields, then modify th...

5.8AI score
Exploits0
nessus
nessus
added 2026/04/17 12:0 a.m.11 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007621)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007621 advisory. In the Linux kernel, the following vulnerability has been resolved: power: supply: adp5061: fix out-of-bounds read in adp5061getchgtype ADP5061CHGSTATUS1CHGSTATUS is...

5.8AI score0.00183EPSS
Exploits0References4
euvd
euvd
added 2026/04/12 3:30 p.m.8 views

EUVD-2019-20149

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...

7.1CVSS6.2AI score0.00276EPSS
Exploits1References5
nvd
nvd
added 2026/04/12 1:16 p.m.4 views

CVE-2019-25713

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...

8.1CVSS0.00276EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/04/12 12:28 p.m.5 views

CVE-2019-25713

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...

7.1CVSS6.2AI score0.00276EPSS
Exploits1References4Affected Software1
vulnrichment
vulnrichment
added 2026/04/12 12:28 p.m.3 views

CVE-2019-25713 MyT-PM 1.5.1 SQL Injection via Charge[group_total] Parameter

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...

7.1CVSS6.2AI score0.00276EPSS
Exploits1References4
cvelist
cvelist
added 2026/04/12 12:28 p.m.32 views

CVE-2019-25713 MyT-PM 1.5.1 SQL Injection via Charge[group_total] Parameter

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...

7.1CVSS0.00276EPSS
Exploits1References4
cve
cve
added 2026/04/12 12:28 p.m.11 views

CVE-2019-25713

MyT-PM 1.5.1 is affected by an SQL injection vulnerability reachable via the Charge[group_total] parameter in POST requests to /charge/admin. The issue allows authenticated attackers to execute arbitrary SQL queries, using error-based, time-based blind, or stacked query payloads to extract data o...

8.1CVSS6.2AI score0.00276EPSS
Exploits1References4Affected Software1
cnnvd
cnnvd
added 2026/04/12 12:0 a.m.6 views

MyT SQL注入漏洞

MyT is a task management system developed by domgio as an individual project. Version 1.5.1 of MyT contains a SQL injection vulnerability. This vulnerability stems from insufficient input validation for the Chargegrouptotal parameter in the /charge/admin endpoint, which may lead to SQL injection...

8.1CVSS5.9AI score0.00276EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/04/12 12:0 a.m.17 views

PT-2026-32175

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegroup total parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blin...

7.1CVSS6.2AI score0.00276EPSS
Exploits1References5
nvd
nvd
added 2026/04/11 1:16 a.m.4 views

CVE-2026-4156

ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to exploit this...

7.5CVSS0.00425EPSS
Exploits0References1
cve
cve
added 2026/04/11 12:16 a.m.17 views

CVE-2026-4157

ChargePoint Home Flex revssh Service Command Injection (CVE-2026-4157) allows network-adjacent attackers to execute arbitrary code as root due to improper validation of a user-supplied string before invoking a system call in OCPP message handling. Authentication is not required. The issue is docu...

7.5CVSS7.6AI score0.00855EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/04/11 12:16 a.m.35 views

CVE-2026-4157 ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability

ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex devices. Authentication is not required to exploit this vulnerability. The...

7.5CVSS0.00855EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/04/11 12:16 a.m.3 views

CVE-2026-4156

ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to exploit this...

7.5CVSS7.6AI score0.00425EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/04/11 12:16 a.m.17 views

CVE-2026-4156

Summary: CVE-2026-4156 affects ChargePoint Home Flex. The flaw is a stack-based buffer overflow in the OCPP getpreq handling, caused by improper validation of user-supplied data length copied into a fixed-length buffer. This leads to remote code execution in the context of root for network-adjace...

7.5CVSS7.6AI score0.00425EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder