Lucene search
K

17 matches found

Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.20 views

PT-2026-45592

In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00075EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 7:18 p.m.11 views

SQL Injection

Overview agno is an Agno: a lightweight library for building Multi-Agent Systems Affected versions of this package are vulnerable to SQL Injection via the deletebymetadata function in the clickhouse backend. An attacker can execute unintended SQL commands by supplying malicious metadata keys and...

8.7CVSS6AI score0.00319EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 6:17 p.m.13 views

CVE-2026-42303

Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request whose identity was...

6.1CVSS0.00313EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-37261

Name of the Vulnerable Software and Affected Versions Fides versions 2.75.0 through 2.83.1 Description Deployments that enable both subject identity verification and duplicate privacy request detection are susceptible to an issue where an administrator can approve a privacy request without the...

6.1CVSS5.7AI score0.00313EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.8 views

Symfony Process Component < 5.4.51 / 6.4.x < 6.4.33 / 7.3.x < 7.3.11 / 7.4.x < 7.4.5 / 8.0.x < 8.0.5 Argument Injection (GHSA-r39x-jcww-82v6)

The version of Symfony Process Component installed on the remote host is prior to 5.4.51, or 6.4.x prior to 6.4.33, or 7.3.x prior to 7.3.11, or 7.4.x prior to 7.4.5, or 8.0.x prior to 8.0.5. It is, therefore, affected by an argument injection vulnerability. The Symfony Process component did not...

6.3CVSS5.9AI score0.00201EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.4 views

WordPress plugin Bookingor has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/20 12:0 a.m.7 views

PT-2025-52540

Name of the Vulnerable Software and Affected Versions WP DB Booster plugin versions up to and including 1.0.1 Description The WP DB Booster plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of nonce validation on the cleanup all AJAX action. An...

4.3CVSS6AI score0.00126EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/12/12 8:56 p.m.2 views

CVE-2025-43381

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to delete protected user data...

5.7AI score0.00174EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.7 views

PT-2025-50984

Name of the Vulnerable Software and Affected Versions macOS versions prior to Tahoe 26.1 Description The software addresses an issue with improper handling of symlinks, which could allow a malicious application to delete protected user data. Recommendations Update to macOS Tahoe 26.1...

6.5AI score0.00174EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/24 12:0 a.m.6 views

PT-2025-43590

Name of the Vulnerable Software and Affected Versions Originality.ai AI Checker plugin for WordPress versions through 1.0.12 Description The Originality.ai AI Checker plugin for WordPress is susceptible to unauthorized data loss. This is due to a missing capability check within the ai scan result...

4.3CVSS5.9AI score0.0022EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-11702

Malware in sbrugna...

4.3CVSS4.6AI score0.0037EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-32185

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00454EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/29 2:21 a.m.8 views

CVE-2025-46576

There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content...

6.5CVSS7AI score0.00229EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/03 12:0 a.m.3 views

PT-2025-5598 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.12 Description: A SQL Injection vulnerability was discovered in the WeGIA application, salvar cargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing...

9.4CVSS8.6AI score0.00562EPSS
Exploits1References12
BDU FSTEC
BDU FSTEC
added 2022/08/30 12:0 a.m.5 views

The vulnerability of the BD Synapsys software lies in its incorrect session duration, which allows a perpetrator to gain access, modify, or delete confidential information.

The vulnerability of the BD Synapsys software lies in the incorrect duration of a session. Exploiting this vulnerability can allow an attacker to gain access, modify, or delete confidential information...

6.2CVSS6.1AI score0.00223EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/04/13 4:15 p.m.3 views

CVE-2021-21731

A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The attacker could submit a malicious request to the affected device to delete the data. This affects:...

8.1CVSS7.2AI score0.00388EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/03/17 12:0 a.m.7 views

The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure or cause other effects.

The vulnerability of the content/browser/webcontents/webcontentsimpl.cc function in Google Chrome relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause service interruptions or other effects by initiating the loading of images after data of...

9.3CVSS7.6AI score0.01885EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder