Lucene search
K

259 matches found

AlpineLinux
AlpineLinux
added 2026/04/07 9:27 p.m.2 views

CVE-2026-34078

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access ...

10CVSS6.5AI score0.0168EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.12 views

Flatpak 安全漏洞

Flatpak is an open-source system developed by Flatpak for building, distributing, and running sandboxed desktop applications on Linux. Versions of Flatpak prior to 1.16.4 contained a security vulnerability. This vulnerability stemmed from the sandbox-expose option accepting symbolic links that we...

10CVSS7.5AI score0.0168EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/03 2:46 a.m.13 views

Electron: Context Isolation bypass via contextBridge VideoFrame transfer

Impact Apps that pass VideoFrame objects from the WebCodecs API across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world for example, via XSS can use a bridged VideoFrame to gain access to the isolated world, including any...

8.3CVSS6AI score0.00327EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.9 views

Spring Cloud 安全漏洞

Spring Cloud is a microservices framework implemented based on Spring Boot by the Spring team in the United States. Vulnerabilities exist in versions prior to Spring Cloud 3.1.13, 4.1.9, 4.2.3, 4.3.2, and 5.0.2. These vulnerabilities stem from improper handling of configuration file parameters,...

8.6CVSS5.8AI score0.0122EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.6 views

Kanboard SQL注入漏洞

Kanboard is a set of open-source visualization taskboards developed by Kanboard. This software allows for the customization of panels according to business needs. Versions of Kanboard prior to 1.2.51 contained a SQL injection vulnerability. This vulnerability could lead to the exposure of databas...

8.4CVSS5.8AI score0.00281EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.9 views

Cloud Foundry 安全漏洞

Cloud Foundry is an open-source Platform as a Service PaaS cloud computing platform developed by the Cloud Foundry Foundation in the United States. This product offers features such as container scheduling, continuous delivery, and automated service deployment. There is a security vulnerability i...

7.5CVSS5.8AI score0.00199EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.8 views

Janitza UMG 96RM-E 24V和Janitza UMG 96RM-E 230V 安全漏洞

Both Janitza UMG 96RM-E 24V and Janitza UMG 96RM-E 230V are multi-functional power quality analyzers from the German company Janitza. There are security vulnerabilities associated with these devices. These vulnerabilities stem from improper assignment of permissions to web servers, which may allo...

6.5CVSS5.8AI score0.00388EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/06 12:19 p.m.3 views

CVE-2018-25189

Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dcalogin.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive database information including...

8.8CVSS6.1AI score0.00237EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/03 12:0 a.m.18 views

CVE-2025-63912

CVE-2025-63912 affects Cohesity TranZman Migration Appliance Release 4.0 Build 14614. The issue is a weak cryptography algorithm used for data encryption (static XOR in some disclosures), allowing an attacker to reverse encryption and expose credentials. Impact is credential exposure as described...

7.5CVSS5.9AI score0.00133EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.12 views

Grafana 安全漏洞

Grafana is a set of open-source monitoring tools developed by Grafana Open Source, which provide a visual monitoring interface. This tool is primarily used for monitoring and analyzing Graphite, InfluxDB, and Prometheus. Grafana has a security vulnerability that stems from a cross-tenant legacy...

3.3CVSS5.8AI score0.00204EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.8 views

Media Streaming add-on 缓冲区错误漏洞

The Media Streaming add-on is a supplementary component for media streaming. The Media Streaming add-on has a buffer error vulnerability, which stems from out-of-bounds reading. This vulnerability could allow attackers to obtain sensitive data after gaining access to the local network...

5.5CVSS6AI score0.00107EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/31 3:21 p.m.10 views

CVE-2026-22625

Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files...

4.6CVSS5.9AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:0 a.m.7 views

CVE-2023-50304

IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335...

8.2CVSS6.9AI score0.00614EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/12/26 4:30 a.m.174 views

OIBSIP_-SQL-Injection-on-DVWA-Low-Security-

This project demonstrates a basic SQL Injection vulnerability us...

8AI score
Exploits0
NVD
NVD
added 2025/12/22 7:15 p.m.4 views

CVE-2025-63662

Insecure permissions in the /api/v1/agents API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access sensitive information...

7.5CVSS0.00255EPSS
Exploits0References2
NVD
NVD
added 2025/12/17 11:16 p.m.11 views

CVE-2025-68429

Storybook is a frontend workshop for building user interface components and pages in isolation. A vulnerability present starting in versions 7.0.0 and prior to versions 7.6.21, 8.6.15, 9.1.17, and 10.1.10 relates to Storybook’s handling of environment variables defined in a .env file, which could...

7.3CVSS0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/04 8:4 p.m.24 views

CVE-2025-12997

Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: befo...

2.2CVSS0.00161EPSS
Exploits0References1
OSV
OSV
added 2025/11/11 8:46 p.m.2 views

MAL-2025-126476 Malicious code in fauzi-klentik95-wekto (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9944dd51e64960b65feb81237d3571a7092618701ef1f9bf6b12fc521884862 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
HackRead
HackRead
added 2025/11/11 10:35 a.m.5 views

Cisco Finds Open-Weight AI Models Easy to Exploit in Long Chats

Cisco’s new research shows that open-weight AI models, while driving innovation, face serious security risks as multi-turn attacks, including conversational persistence, can bypass safeguards and expose data...

7AI score
Exploits0
CVE
CVE
added 2025/11/10 9:40 p.m.12 views

CVE-2025-64502

Parse Server vulnerability CVE-2025-64502 arises from public explain() queries being allowed before the 8.5.0-alpha.5 release. The MongoDB Explain() output can reveal database schema, field names, index configurations, query optimization details, and execution statistics, which could aid targeted...

6.9CVSS6.5AI score0.00407EPSS
Exploits0References3
Rows per page
Query Builder