Lucene search
K

74003 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.4 views

CVE-2026-21783

HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this...

4.3CVSS5.8AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.4 views

CVE-2026-21386

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexisten...

4.3CVSS5.8AI score0.00184EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.5 views

CVE-2026-32770

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.19 and 8.6.43, a remote attacker can crash the Parse Server by subscribing to a LiveQuery with an invalid regular expression pattern. The server process terminates when the...

7.5CVSS5.8AI score0.0055EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.4 views

CVE-2026-33065

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leak...

6.9CVSS5.7AI score0.00282EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.4 views

CVE-2026-20997

Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.8 views

CVE-2026-31382

The errordescription parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload...

6.1CVSS6AI score0.00245EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.7 views

CVE-2026-30939

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.13 and 9.5.1-alpha.2, an unauthenticated attacker can crash the Parse Server process by calling a Cloud Function endpoint with a prototype property name as the function name. The...

8.8CVSS5.8AI score0.0049EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.6 views

CVE-2026-33191

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...

8.7CVSS5.8AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.8 views

CVE-2026-33192

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...

8.7CVSS5.7AI score0.00321EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/03/26 1:16 p.m.3 views

CVE-2026-4887

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible...

7.1CVSS6AI score0.00634EPSS
Exploits1References4
OSV
OSV
added 2026/03/26 12:33 p.m.3 views

SUSE-SU-2026:1073-1 Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.47 fixes various security issues The following security issues were fixed: - CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds bsc1257629. - CVE-2025-38488: smb: client: fix use-after-free in...

7.8CVSS6.9AI score0.00278EPSS
Exploits0References19
EUVD
EUVD
added 2026/03/26 12:30 p.m.7 views

EUVD-2018-21671

KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...

8.8CVSS5.9AI score0.00245EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/26 12:30 p.m.3 views

EUVD-2018-21679

WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based...

8.8CVSS6AI score0.00271EPSS
Exploits1References5
NVD
NVD
added 2026/03/26 12:16 p.m.9 views

CVE-2018-25210

WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based...

8.8CVSS0.00271EPSS
Exploits1References4
NVD
NVD
added 2026/03/26 12:16 p.m.8 views

CVE-2018-25205

ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive...

8.8CVSS0.00267EPSS
Exploits0References3
NVD
NVD
added 2026/03/26 12:16 p.m.6 views

CVE-2018-25206

KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...

8.8CVSS0.00245EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/26 12:8 p.m.2 views

CVE-2026-4887

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible...

7.1CVSS6AI score0.00634EPSS
Exploits1References11
AlpineLinux
AlpineLinux
added 2026/03/26 12:8 p.m.4 views

CVE-2026-4887

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible...

7.1CVSS5.9AI score0.00634EPSS
Exploits1References13
CVE
CVE
added 2026/03/26 11:39 a.m.18 views

CVE-2018-25210

WebOfisi E-Ticaret 4.0 is affected by an SQL injection in the 'urun' GET parameter of the vulnerable endpoint. The issue allows unauthenticated attackers to manipulate backend queries using SQL payloads through the 'urun' parameter, enabling boolean-based blind, error-based, time-based blind, and...

8.8CVSS6AI score0.00271EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/26 11:39 a.m.22 views

CVE-2018-25210 WebOfisi E-Ticaret 4.0 SQL Injection via urun Parameter

WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based...

8.8CVSS0.00271EPSS
Exploits1References4
Rows per page
Query Builder