Lucene search
K

689 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:27 a.m.14 views

CVE-2019-12357

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php when the attacker has admin authority via the id parameter...

7.2CVSS7.9AI score0.00896EPSS
Exploits1References1
OSV
OSV
added 2025/12/29 12:15 p.m.6 views

CVE-2025-15186

A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such manipulation of the argument a leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

9.8CVSS5.7AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/12/25 6:35 a.m.6 views

CVE-2025-68741

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxxprocesspurlsiocb, an item is allocated via qla27xxcopymultiplepkt, which internally calls qla24xxallocpurexitem. The qla24xxallocpurexitem function may return a...

5.5CVSS5.6AI score0.00171EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/24 7:57 p.m.2 views

CVE-2023-54159

In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix kernel panic at qmu transfer done irq handler When handle qmu transfer irq, it will unlock @mtu-lock before give back request, if another thread handle disconnect event at the same time, and try to disable ep, it m...

5.6AI score0.00173EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/12/24 12:0 a.m.7 views

SUSE: Security Advisory (SUSE-SU-2025:4506-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.2AI score0.00338EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.16 views

PT-2025-52616

TRC analysis shows attackers chaining authentication bypass CVE-2025-67039 with OS command injection flaws to gain root access on Lantronix devices. Root compromise enables lateral movement across network infrastructure. Runtime segmentation helps contain post-compromise pivoting in critical...

9.1CVSS5.8AI score0.00311EPSS
Exploits0References7
Circl
Circl
added 2025/12/18 8:33 p.m.5 views

CVE-2025-14885

creationtimestamp| type| source ---|---|--- 2025-12-18 20:33:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mabzjy6dzz2c...

8.8CVSS5.8AI score0.00299EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/17 10:2 p.m.3 views

CVE-2025-14832 itsourcecode Online Cake Ordering System updateproduct.php sql injection

A vulnerability was identified in itsourcecode Online Cake Ordering System 1.0. The affected element is an unknown function of the file /updateproduct.php?action=edit. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicl...

7.5CVSS6.8AI score0.00326EPSS
Exploits1References5
CVE
CVE
added 2025/12/16 8:12 a.m.25 views

CVE-2025-67950

CVE-2025-67950 affects the WordPress All In One SEO Pack plugin (versions up to 4.9.1). The Red Hat/NVD/Patchstack entries describe an SQL injection vulnerability due to improper input handling that enables blind SQL injection with authenticated access (Contributor+) and high impact (C/H/I/H/A). ...

8.5CVSS7.3AI score0.00253EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/12 12:24 a.m.9 views

WordPress Events Manager – Calendar, Bookings, Tickets, and more! plugin <= 7.2.2.2 - Cross-Site Request Forgery to Location Deletion vulnerability

Cross-Site Request Forgery to Location Deletion vulnerability discovered by thinnawarth mathuros in WordPress Plugin Events Manager versions = 7.2.2.2...

4.3CVSS6.7AI score0.00106EPSS
Exploits0References1Affected Software1
NCSC
NCSC
added 2025/12/10 2:59 p.m.13 views

Vulnerabilities fixed in Adobe Experience Manager

Adobe has fixed vulnerabilities in Adobe Experience Manager. Most of the fixed vulnerabilities involve Cross-Site Scripting XSS, which can lead to execution of arbitrary code or increase user privileges. This does require user interaction. The vulnerability with reference CVE-2025-64540 concerns ...

9.3CVSS6.9AI score0.00711EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 4:9 a.m.14 views

CVE-2025-40334

Summary: CVE-2025-40334 concerns the Linux kernel subsystem for AMD GPUs (drm/amdgpu). The issue is that the code path validating the userq object’s virtual address and size could permit operating on a user/qr virtual address that is not guaranteed to be resident in a valid VM mapping. The connec...

6.2AI score0.00183EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/06 6:39 a.m.5 views

CVE-2025-13748 Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...

5.3CVSS5.6AI score0.0026EPSS
Exploits0References2
Chainguard
Chainguard
added 2025/11/28 1:29 a.m.14 views

CVE-2025-65944 vulnerabilities

Vulnerabilities for packages: langfuse...

5CVSS6.7AI score0.00298EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/11/12 12:0 a.m.5 views

CVE-2025-59491

Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields...

6.1AI score0.00195EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.3 views

Siemens SIMATIC Devices Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2024-42292)

In the Linux kernel, the following vulnerability has been resolved: kobjectuevent: Fix OOB access within zapmodaliasenv zapmodaliasenv wrongly calculates size of memory block to move, so will cause OOB memory access issue if variable MODALIAS is not the last one within its @env parameter, fixed b...

7.1CVSS6.1AI score0.00248EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-1999-0335

Malware in sbrugna...

7.2CVSS6.4AI score
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2001-1102

Malware in sbrugna...

7.5CVSS6.4AI score
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2000-0739

Malware in sbrugna...

10CVSS6.4AI score
Exploits0References1
OSV
OSV
added 2025/10/05 2:15 a.m.1 views

DEBIAN-CVE-2025-11277

A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing a manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit...

7.8CVSS5.7AI score0.00224EPSS
Exploits1References1
Rows per page
Query Builder