Lucene search
+L

7236 matches found

BDU FSTEC
BDU FSTEC
added yesterday20 views

The vulnerability of the Directum HR Pro system, which exists due to insufficient verification of input data, allows a perpetrator to disclose protected information.

The vulnerability of the Directum HR Pro system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information by sending a specially crafted POST request...

7.7CVSS5.7AI score
Exploits0Affected Software1
Nuclei
Nuclei
added yesterday20 views

WordPress AI ChatBot (WPBot) <= 4.8.9 - SQL Injection

ChatBot plugin for WordPress up to 4.8.9 contains a sqlinjection caused by insufficient escaping and lack of preparation on the $strid parameter, letting unauthenticated attackers extract sensitive data, exploit requires no authentication. id: CVE-2023-5204 info: name: WordPress AI ChatBot WPBot ...

9.8CVSS8AI score0.06888EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday82 views

AntD Admin - Sensitive Information Disclosure

AntD Admin has a security vulnerability that stems from Antd-admin 5.5.0 being affected by an incorrect access control vulnerability. Attackers can exploit this vulnerability to gain unauthorized access to some front-end interfaces, resulting in the leakage of sensitive information such as user...

7.5CVSS7.3AI score0.04305EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday15 views

Vendure Core - SQL Injection

Vendure, an open-source headless commerce platform built on Node.js/TypeScript, contains a critical SQL injection vulnerability in its Shop API. The languageCode query parameter is interpolated directly into a raw SQL CASE expression in ProductService.findOneBySlug without parameterization or inp...

9.1CVSS6.2AI score0.01762EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday4 views

NVIDIA Triton Inference Server <= 26.02 - Authentication Bypass

NVIDIA Triton Inference Server contains an authentication bypass vulnerability, letting attackers bypass authentication and potentially execute code, escalate privileges, tamper data, cause denial of service, or disclose information, exploit requires no special conditions. id: CVE-2026-24207 info...

9.8CVSS5.3AI score0.02166EPSS
Exploits2References2
Cvelist
Cvelist
added yesterday15 views

CVE-2026-15159 Ninja Forms - Excel Export <= 3.3.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Data Disclosure via 'spreadsheet_export_form_id' Parameter

The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the 'spreadsheetexportformid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

4.3CVSS0.00178EPSS
Exploits0References2
CVE
CVE
added 2 days ago10 views

CVE-2026-56456

Technical details such as affected versions, components, root cause, and remediation are not provided in the supplied documents. Monitor for updates.

5.3CVSS6.1AI score0.0024EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2 days ago6 views

CVE-2024-32387

Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 is affected by CVE-2024-32387. The issue allows a remote attacker to obtain sensitive information through the community string component. No additional technical details, root cause, affected subcomponents, or remediation steps are provided...

5.7CVSS6.1AI score0.00214EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-50030 DataEase: Arbitrary SQL execution in preview path (direct data disclosure)

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL preview exposes DatasetDataApi.previewSql/previewSqlCheck through /de2api/datasetData/previewSql, accepts PreviewSqlDTO.sql, PreviewSqlDTO.datasourceId, and PreviewSqlDTO.isCross, then...

7.1CVSS0.00269EPSS
Exploits0References3
CVE
CVE
added 3 days ago12 views

CVE-2026-50030

DataEase prior to 2.10.23 exposes the SQL preview path (DatasetDataApi.previewSql/previewSqlCheck) via /de2api/datasetData/previewSql, accepting PreviewSqlDTO.sql, PreviewSqlDTO.datasourceId, and PreviewSqlDTO.isCross. The system stores decoded SQL in datasourceRequest.query and CalciteProvider.f...

7.1CVSS6.2AI score0.00269EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 3 days ago7 views

CVE-2026-59733

A flaw was found in Rclone. When using the rclone serve restic --private-repos command, an authenticated user can include directory traversal sequences e.g., .. in a request. This allows them to bypass authorization and read, overwrite, or delete another user's private repository on backends that...

8.8CVSS6AI score0.00552EPSS
Exploits1References7
CVE
CVE
added 3 days ago6 views

CVE-2026-55242

CVE-2026-55242 affects ERPNext prior to 15.111.0 and 16.22.0, where an authenticated user with a standard operational role can trigger a server-side template injection via a configuration field in Batch autonaming (Stock Settings.naming_series_prefix). This leads to unauthorized disclosure of dat...

8.8CVSS6.1AI score0.00136EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-44704

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.111.0 and 16.22.0, an authenticated user with a standard operational role can trigger server-side template injection through a configuration field, resulting in unauthorized disclosure of data outside the user's norm...

8.8CVSS6.1AI score0.00136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 3 days ago5 views

CVE-2026-48806

A flaw was found in Twig, a template language for PHP. This vulnerability allows a remote attacker to bypass security restrictions by providing specially crafted input. Successful exploitation can lead to the disclosure of sensitive information and potentially allow for limited unauthorized data...

9.1CVSS6.1AI score0.00234EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 3 days ago6 views

undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing

A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from...

8.8CVSS6.6AI score0.00358EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-44587

Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe...

8.2CVSS6AI score0.00112EPSS
Exploits0References1
CVE
CVE
added 3 days ago14 views

CVE-2026-13585

The CVE-2026-13585 affects the ASUS System Control Interface (SCI) driver and ASUS Business Manager. The root cause is Allocation of Resources Without Limits and Throttling, leading to potential exposure of sensitive information via crafted IOCTL requests. A local administrator can leverage this ...

8.2CVSS6AI score0.00112EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-8919

Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...

7.2CVSS0.00264EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago11 views

EUVD-2026-44584

Improper Neutralization of Special Elements used in an SQL Command "SQL Injection" in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted request that bypasses existing input validation Refer to the ' ...

5.9CVSS6.1AI score0.00314EPSS
Exploits0References1
CVE
CVE
added 3 days ago10 views

CVE-2026-11851

CVE-2026-11851 is an SQL Injection vulnerability in the web management interface of certain ASUS router models. The root cause is improper neutralization of special elements in SQL commands. It can be exploited by a remote authenticated attacker with high privileges, without user interaction, to ...

5.9CVSS6.1AI score0.00314EPSS
Exploits0References1
Rows per page
Query Builder