Lucene search
K

6039 matches found

OSV
OSV
added 2026/02/20 4:14 p.m.4 views

OPENSUSE-SU-2026:20265-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: Update to version 14.21. Security issues fixed: - CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory bsc1258008. - CVE-2026-2004: intarray missing validation of type of input to selectivit...

8.8CVSS6.4AI score0.01208EPSS
Exploits3References12
OSV
OSV
added 2026/02/20 4:11 p.m.3 views

SUSE-SU-2026:20587-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: Update to version 14.21. Security issues fixed: - CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory bsc1258008. - CVE-2026-2004: intarray missing validation of type of input to selectivit...

8.8CVSS6.4AI score0.01208EPSS
Exploits3References13
Snyk
Snyk
added 2026/02/19 8:31 p.m.5 views

Incorrect Privilege Assignment

Overview getformwork/formwork is an a file-based Content Management System CMS to make and manage simple sites. Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to insufficient privilege checks in the create user function. An attacker can gain unauthorized...

8.8CVSS5.6AI score0.00415EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/02/19 8:29 p.m.10 views

@deno/sandbox (>=0.0.9 <=0.6.0), @ekairos/dataset (>=1.21.56-beta.0 <=1.22.34-beta.development.0) +45 more potentially affected by unknown CVE via devalue (>=5.0.0 <=5.6.2)

devalue NPM version =5.0.0, =0.0.9, =1.21.56-beta.0, =1.22.4-beta.development.0, =1.21.56-beta.0, =1.21.67-beta.0, =1.21.88-beta.0, =0.0.0-dev-20260121145510, =0.0.0-dev-20260115183047, =0.0.0-dev-20260115183047, =0.0.0-dev-20260115183047, =2.3.65, =1.1.27, =1.1.21, =1.2.263, =2.2.3, =4.0.1 and...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/02/19 7:23 p.m.28 views

CVE-2026-26202 Penpot has Arbitrary File Read via create-font-variant RPC endpoint

Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path e.g. /etc/passwd as a font data chunk in the create-font-variant RPC endpoint, resulting in the file...

7.5CVSS0.00437EPSS
Exploits1References2
OSV
OSV
added 2026/02/19 7:23 p.m.5 views

CVE-2026-26202 Penpot has Arbitrary File Read via create-font-variant RPC endpoint

Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path e.g. /etc/passwd as a font data chunk in the create-font-variant RPC endpoint, resulting in the file...

7.5CVSS5.8AI score0.00437EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/19 3:26 p.m.24 views

CVE-2026-25940 jsPDF's PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property)

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following property, a user ca...

8.1CVSS0.0043EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/19 1:28 a.m.9 views

CVE-2025-70141

SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in adminclass.php based on the action parameter. An unauthenticated remote attacke...

9.4CVSS5.6AI score0.00546EPSS
Exploits1References1
NVD
NVD
added 2026/02/18 5:21 p.m.10 views

CVE-2025-70141

SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in adminclass.php based on the action parameter. An unauthenticated remote attacke...

9.4CVSS0.00546EPSS
Exploits1References2
OSV
OSV
added 2026/02/18 5:21 p.m.4 views

CVE-2025-70141

SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in adminclass.php based on the action parameter. An unauthenticated remote attacke...

9.4CVSS5.9AI score0.00546EPSS
Exploits1References2
OSV
OSV
added 2026/02/18 2:45 p.m.6 views

CLSA-2026-1771407667 freerdp: Fix of CVE-2026-22856

CVE-2026-22856: fix heap use-after-free in createirpthread...

8.1CVSS5.8AI score0.00286EPSS
Exploits1References1
NVD
NVD
added 2026/02/18 1:16 p.m.4 views

CVE-2026-2386

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 6.4.7. This is due to the tpaecreatepage AJAX handler authorizing users only with...

4.3CVSS0.00167EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/02/18 12:25 a.m.3 views

SUSE CVE-2026-23126

In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix a race issue related to the operation on bpfboundprogs list The netdevsim driver lacks a protection mechanism for operations on the bpfboundprogs list. When the nsimbpfcreateprog performs listaddtail, it is possibl...

4.7CVSS5.7AI score0.00086EPSS
Exploits0References3
CVE
CVE
added 2026/02/18 12:0 a.m.19 views

CVE-2025-70141

The CVE-2025-70141 issue affects SourceCodester Customer Support System 1.0, where ajax.php’s dispatcher is missing authentication/authorization before invoking administrative methods in admin_class.php based on the action parameter. This allows an unauthenticated remote attacker to perform sensi...

9.4CVSS5.6AI score0.00546EPSS
Exploits1References2Affected Software1
Packet Storm
Packet Storm
added 2026/02/18 12:0 a.m.174 views

📄 RuoYi 4.7.9 Advanced SQL Injection Exploitation Toolkit

This Python script is a sophisticated SQL injection exploitation tool that targets Java web applications specifically RuoYi framework, with additional remote code execution capabilities. The tool performs blind SQL injection attacks and includes multiple methods for escalating from SQL injection ...

6.8AI score
Exploits0
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.6 views

WordPress plugin The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to th...

4.3CVSS5.9AI score0.00167EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-20964

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description A configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, potentially enabling container...

9.8CVSS5.1AI score0.00479EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.10 views

PT-2026-20464

SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in admin class.php based on the action parameter. An unauthenticated remote attack...

5.6AI score0.00546EPSS
Exploits1References3
Patchstack
Patchstack
added 2026/02/17 8:4 a.m.6 views

WordPress Paytium: Mollie payment forms & donations plugin <= 4.3.7 - Missing Authorization in 'create_mollie_account' vulnerability

Missing Authorization in 'createmollieaccount' vulnerability discovered by WordFence in WordPress Plugin Paytium versions = 4.3.7...

8.1CVSS5.4AI score0.00354EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 7:56 a.m.7 views

WordPress Paytium: Mollie payment forms & donations plugin <= 4.3.7 - Missing Authorization in 'create_mollie_profile' vulnerability

Missing Authorization in 'createmollieprofile' vulnerability discovered by WordFence in WordPress Plugin Paytium versions = 4.3.7...

7.1CVSS5.4AI score0.00327EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder