Lucene search
K

306952 matches found

CVE
CVE
added 1 hour ago9 views

CVE-2026-56287

A boolean-based SQL Injection vulnerability exists in Apache Fineract's Client Search API GET /api/v1/clients in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are concatenated into a SQL query without sufficient validation, allowing an authenticated user with...

Exploits0References3
CVE
CVE
added 2 hours ago6 views

CVE-2026-15804

The CVE-2026-15804 entry concerns MetaGuru’s HCM Product with a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands through specific parameters, compromising database confidentiality, integrity, and availability. The connected records confirm affected component as ...

8.8CVSS6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 8 hours ago5 views

Malicious code in @leviosa86com/leviosa86-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96264a8719e17bd8ec21d47213fe31dec87445e01ff312a1e46af5819e028979 Package @leviosa86com/[email protected] ships src/poc/index.js which shells out via childprocess.exec to collect host identifiers hostname, pwd,...

6.1AI score
Exploits0References4
CVE
CVE
added 8 hours ago9 views

CVE-2026-13585

The CVE-2026-13585 affects the ASUS System Control Interface (SCI) driver and ASUS Business Manager. The root cause is Allocation of Resources Without Limits and Throttling, leading to potential exposure of sensitive information via crafted IOCTL requests. A local administrator can leverage this ...

8.2CVSS6AI score
Exploits0References1
EUVD
EUVD
added 8 hours ago7 views

EUVD-2026-44587

Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe...

8.2CVSS6AI score
Exploits0References1
CVE
CVE
added 8 hours ago8 views

CVE-2026-8919

CVE-2026-8919 affects ASUS GameSDK. A permissive cross-domain policy with untrusted domains could let a remote user induce a local UNC request to the application’s local service endpoint, exposing a local NTLM hash and enabling information disclosure, data tampering, or service disruption. The is...

7.2CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 8 hours ago5 views

EUVD-2026-44585

Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...

7.2CVSS6.1AI score
Exploits0References1
CVE
CVE
added 8 hours ago7 views

CVE-2026-11851

CVE-2026-11851 is an SQL Injection vulnerability in the web management interface of certain ASUS router models. The root cause is improper neutralization of special elements in SQL commands. It can be exploited by a remote authenticated attacker with high privileges, without user interaction, to ...

5.9CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 8 hours ago8 views

EUVD-2026-44584

Improper Neutralization of Special Elements used in an SQL Command "SQL Injection" in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted request that bypasses existing input validation Refer to the ' ...

5.9CVSS6.1AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 10 hours ago17 views

The vulnerability of the Directum HR Pro system, which exists due to insufficient verification of input data, allows a perpetrator to disclose protected information.

The vulnerability of the Directum HR Pro system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information by sending a specially crafted POST request...

7.7CVSS5.7AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 10 hours ago15 views

The vulnerability of the Directum RX ECM system, related to deficiencies in access control, allows a perpetrator to compromise data integrity.

The vulnerability of the Directum RX ECM system is related to deficiencies in access control. Exploiting this vulnerability could allow a remote attacker to compromise data integrity...

5CVSS5.8AI score
Exploits0Affected Software1
CVE
CVE
added 10 hours ago9 views

CVE-2026-13230

The CVE-2026-13230 entry concerns TP-Link Kasa EC70 v4 and EC71 v4. The issue lies in the local discovery mechanism, where geolocation-related data can be retrieved without authentication. Affects confidentiality only; no evidence of integrity or availability impact is reported. Exploitation cont...

5.3CVSS6.1AI score
Exploits0References5
EUVD
EUVD
added 10 hours ago7 views

EUVD-2026-44577

An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related da...

5.3CVSS6.1AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-48295

CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction...

7.5CVSS6.1AI score
Exploits0References2
CVE
CVE
added yesterday11 views

CVE-2026-48295

Technical details about CVE-2026-48295 are not publicly available in the provided documents. Monitor for updates from official sources; the available information notes insufficiently protected credentials and potential unauthorized read access without user interaction.

7.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday26 views

CVE-2026-49853

Tornado before 6.5.6 exposed an Authorization header across cross-origin redirects in SimpleAsyncHTTPClient: when following 3xx redirects, the client shallow-copies the request and rewrites the URL without clearing Authorization (and related) headers if the origin changes. The issue is fixed in T...

7.7CVSS6.1AI score0.00034EPSS
Exploits0References4
CVE
CVE
added yesterday16 views

CVE-2026-48816

CVE-2026-48816 affects sigstore-js, where prior to version 3.1.1 the verification logic in @sigstore/verify derives a transparency-log timestamp from tlogEntries[].integratedTime for bundle v0.2 inclusionProof-only entries, even though the inclusion proof path does not cryptographically bind inte...

6.5CVSS6.1AI score
Exploits0References4
NVD
NVD
added yesterday7 views

CVE-2026-50649

Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally...

7.8CVSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in cosmos-gradio (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bf1266e0846a392e9aaa6805756d26dc427a04415e8a422d53ffce7a1a0c2e2 cosmos-gradio 9999.0.0 is a dependency-confusion squat published as an sdist-only release with an intentionally inflated version to win highest-versi...

6.3AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in cosmos-cuda (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a96e5776ec64356f639738134c95a2f33233a4275d2d0ddd6b174c297c64ee The sdist-only package cosmos-cuda 9999.0.0 executes a beacon function beacon'build' from setup.py during sdist build/install and beacon'import' from...

6.6AI score
Exploits0References2
Rows per page
Query Builder