Lucene search
+L

513 matches found

Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.9 views

PT-2026-25749

HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes...

5.8CVSS5.8AI score0.00141EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/06 3:5 p.m.4 views

CVE-2026-20882 Mobiliti e-mobi.hu Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS5.8AI score0.00437EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.16 views

PT-2026-22266

Name of the Vulnerable Software and Affected Versions Systems utilizing WebSocket endpoints for the Open Charge Point Protocol OCPP affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, allowing attackers to perform unauthorized station impersonati...

9.8CVSS6AI score0.00518EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/02/24 2:59 p.m.24 views

CVE-2026-27584 ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints

Actual is a local-first personal finance tool. Prior to version 26.2.1, missing authentication middleware in the ActualBudget server component allows any unauthenticated user to query the SimpleFIN and Pluggy.ai integration endpoints and read sensitive bank account balance and transaction...

9.2CVSS0.00395EPSS
Exploits1References2
OSV
OSV
added 2026/02/19 4:27 p.m.6 views

UBUNTU-CVE-2025-71241

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting XSS in the private area. The content of the error message displayed by the 'transmettre' API is not properly sanitized, allowing an attacker to inject malicious scripts. This vulnerability is mitigated by the SPIP security screen...

6.1CVSS5.8AI score0.002EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/12 1:35 a.m.34 views

CVE-2026-0969 Arbitrary code execution in React server-side rendering of untrusted MDX content

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in next-mdx-remote 6.0.0...

8.8CVSS0.00582EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/23 12:37 p.m.10 views

Security Bulletin: IBM Db2 Big SQL on Cloud Pak for Data is vulnerable to a denial of service due to lack of throttling on an API

Summary IBM Db2 Big SQL 7.8 and earlier on CLoud Pak for Data 5.1 and earlier is vulnerable to a denial of service due to lack of throttling on an API Vulnerability Details CVEID:CVE-2024-39724 DESCRIPTION: IBM Big SQL does not properly limit allocation of resources which could allow an...

5.3CVSS5.8AI score0.00293EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/01/20 12:15 p.m.5 views

CVE-2025-41024

Stored Cross-Site Scripting XSS in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'companyaddress', 'companyemail', 'companyname', 'country',...

5.4CVSS0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/17 3:22 p.m.7 views

CVE-2026-21624

Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla...

9.4CVSS6.2AI score0.00177EPSS
Exploits0References1
Veracode
Veracode
added 2026/01/15 8:13 a.m.10 views

Open Redirect

React Router is vulnerable to Open Redirect. The vulnerability is due to insufficient validation of attacker-supplied navigation paths, which allows an attacker to craft a malicious path that forces the application to redirect users to an external, potentially malicious URL...

6.5CVSS5.5AI score0.00198EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.6 views

CVE-2025-40977

Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ and ‘description’ parameters...

5.1CVSS5.4AI score0.00251EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/12 3:56 p.m.7 views

EUVD-2026-1930

Errands before 46.2.10 does not verify TLS certificates for CalDAV servers...

8.2CVSS6.4AI score0.00135EPSS
Exploits0References6
NVD
NVD
added 2026/01/07 5:16 p.m.17 views

CVE-2026-22537

The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker...

6.8CVSS0.00114EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/07 5:5 p.m.27 views

CVE-2026-22537 INFORMATION DISCLOSURE WITHIN THE OPERATING SYSTEM

The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker...

6.8CVSS0.00114EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.11 views

PT-2026-2201

Name of the Vulnerable Software and Affected Versions affected versions not specified Description The system lacks sufficient hardening, potentially allowing a user with management and maintenance access to view files containing credentials in plain text or other valuable information for an...

6.8CVSS6.4AI score0.00114EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/12/23 9:15 p.m.7 views

CVE-2025-14935

NSF Unidata NetCDF-C Dimension Name Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target...

7.8CVSS7.4AI score0.00306EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/12/17 12:0 a.m.4 views

The vulnerability of the Endpoint Manager web interface for managing IP telephony systems, FreePBX, allows a intruder to gain unauthorized access to the system.

The vulnerability of the Endpoint Manager web interface for managing IP telephony systems like FreePBX is related to authentication mechanisms’ deficiencies. Exploiting this vulnerability could allow an attacker to gain unauthorized access to the system remotely...

10CVSS6AI score0.03029EPSS
Exploits8References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.7 views

CVE-2025-12830

The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Slider widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS6.1AI score0.00203EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 4:9 p.m.9 views

CVE-2025-13642

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.7 due to insufficient input sanitization on the type parameter i...

5.4CVSS6.6AI score0.0042EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/04 12:0 a.m.27 views

CVE-2025-65346

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...

0.00894EPSS
Exploits1References2
Rows per page
Query Builder