Lucene search
K

6055 matches found

Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.8 views

PT-2026-7006

Name of the Vulnerable Software and Affected Versions code-projects Contact Management System version 1.0 Description A security flaw exists in the Contact Management System. The issue involves improper authentication due to manipulation of the ID argument within the CRUD Endpoint component. This...

7.5CVSS5.5AI score0.00563EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/06 11:14 p.m.30 views

CVE-2020-37160 SprintWork 2.3.1 - Local Privilege Escalation

SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain...

8.5CVSS0.00145EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/06 8:58 p.m.5 views

EUVD-2026-5575

SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration option...

5.4CVSS5.4AI score0.00216EPSS
Exploits1References2
OSV
OSV
added 2026/02/06 3:57 p.m.4 views

OESA-2026-1313 libpng security update

The libpng package contains libraries used by other programs for reading and writing PNG format files. The PNG format was designed as a replacement for GIF and, to a lesser extent, TIFF, with many improvements and extensions and lack of patent problems. Security Fixes: Buffer Overflow vulnerabili...

5.5CVSS5.5AI score0.00139EPSS
Exploits2References3
NVD
NVD
added 2026/02/06 8:15 a.m.12 views

CVE-2026-2009

A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/phpaction/createUser.php. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS0.00254EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/06 7:32 a.m.33 views

CVE-2026-2009 SourceCodester Gas Agency Management System createUser.php access control

A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/phpaction/createUser.php. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS0.00254EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.6 views

SourceCodester Gas Agency Management System 访问控制错误漏洞

The SourceCodester Gas Agency Management System is an open-source gas agency management system developed by SourceCodester. Version 1.0 of the SourceCodester Gas Agency Management System contains a vulnerability related to access control. This vulnerability arises from improper handling of the fi...

6.5CVSS6.6AI score0.00254EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.8 views

PT-2026-6845

If an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration options. Proof of concept: js sceditor.createtextarea, emoticons: dropdown: ':':...

5.4CVSS5.4AI score0.00216EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.7 views

PT-2026-6797

Name of the Vulnerable Software and Affected Versions SCEditor versions prior to 3.2.1 Description SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. A lack of sanitisation of configuration options passed to the sceditor.create function allows an attacker who can control these options—suc...

5.4CVSS5.1AI score0.00216EPSS
Exploits1References8
OSV
OSV
added 2026/02/05 6:30 p.m.6 views

GHSA-6W5W-JX4X-VJVW Microweber Cross-site Scripting vulnerability

There is a Cross-site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The...

6.3CVSS6.2AI score0.0027EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/05 6:30 p.m.7 views

Microweber Cross-site Scripting vulnerability

There is a Cross-site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The...

6.1CVSS6.2AI score0.0027EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/05 5:16 p.m.7 views

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

6.1CVSS6.1AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/05 4:3 p.m.2 views

nodejs: Nodejs denial of service

A stack overflow flaw has been discovered in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications tha...

7.5CVSS5.8AI score0.00624EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/05 12:0 a.m.23 views

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

0.0027EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/05 12:0 a.m.7 views

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

6.1CVSS6.1AI score0.0027EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.6 views

Microweber 安全漏洞

Microweber is an open-source online store management system that provides drag-and-drop functionality. This system includes modules for adding products and images. Version 2.0.19 of Microweber has a security vulnerability. This vulnerability stems from the /admin/category/create endpoint, which...

6.1CVSS5.5AI score0.0027EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/05 12:0 a.m.4 views

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

6.1AI score0.0027EPSS
Exploits1References2
CVE
CVE
added 2026/02/05 12:0 a.m.11 views

CVE-2025-70792

A cross-site scripting vulnerability (CVE-2025-70792) affects Microweber up to version 2.0.19, exposed via the /admin/category/create endpoint. The root cause is unsanitized manipulation of the rel_id parameter in a crafted URL, which can lure an admin-privileged user to visit the page and trigge...

6.1CVSS6.1AI score0.0027EPSS
Exploits1References2Affected Software1
Redos
Redos
added 2026/02/05 12:0 a.m.4 views

ROS-20260205-73-0009

A vulnerability in the rxecreatecq function of the Linux kernel is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

7.8CVSS6.9AI score0.00175EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/04 7:27 p.m.5 views

CVE-2026-24670

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This issue has been patch...

6.5CVSS5.3AI score0.00207EPSS
Exploits1References1
Rows per page
Query Builder