Lucene search
K

2035 matches found

Vulnrichment
Vulnrichment
added 2026/06/02 4:30 p.m.14 views

CVE-2026-10606 DedeCMS Feedback feedback.php TrimMsg sql injection

A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the argument msg can lead to sql injection. The attack can be launched remotely. The exploit has been public...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References4
CVE
CVE
added 2026/06/02 4:30 p.m.19 views

CVE-2026-10606

CVE-2026-10606 affects DedeCMS 5.7.88, specifically the TrimMsg function in /plus/feedback.php (Feedback Handler). Manipulating the msg argument can cause a SQL injection. The issue is exploitable remotely with publicly disclosed exploit material; CVSS metrics indicate network access, low attack ...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

DesDev DedeCMS 安全漏洞

DesDev DedeCMS is an open-source content management system CMS developed by DesDev Corporation, based on PHP. This system offers functions such as content publishing, content management, content editing, and content retrieval. Version 5.7.88 of DesDev DedeCMS contains a security vulnerability. Th...

7.5CVSS5.7AI score0.00254EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.14 views

PT-2026-45795

A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the argument msg can lead to sql injection. The attack can be launched remotely. The exploit has been public...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5
OSV
OSV
added 2026/06/01 12:0 a.m.15 views

PUB-A-481300795

In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

6.5CVSS6AI score0.00217EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/27 11:2 p.m.11 views

CVE-2026-45969

A flaw was found in the Linux kernel's Human Interface Device HID PlayStation driver. The psgamepadcreate function does not verify the return value of inputffcreatememless. This missing check can lead to incorrect behavior or potential system crashes when Force Feedback FF effects are activated...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/05/27 5:34 p.m.7 views

doc-redaction (>=2.2.0 <=2.3.0), f5-tts (=1.1.20) +8 more potentially affected by CVE-2026-48545 via gradio (>=6.0.0 <=6.11.0)

gradio PYPI version =6.0.0, =2.2.0, =2.1.1, =0.0.1, =1.14.0, =2.10.0 Source cves: CVE-2026-48545 Source advisory: SNYK:PYTHON-GRADIO-16960000...

7.6CVSS5.7AI score0.0035EPSS
Exploits0
EUVD
EUVD
added 2026/05/27 3:33 p.m.12 views

EUVD-2026-32253

In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Add missing check for inputffcreatememless The psgamepadcreate function calls inputffcreatememless without verifying its return value, which can lead to incorrect behavior or potential crashes when FF effects ar...

5.8AI score0.00123EPSS
Exploits0References8
OSV
OSV
added 2026/05/27 2:17 p.m.14 views

UBUNTU-CVE-2026-45969

In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Add missing check for inputffcreatememless The psgamepadcreate function calls inputffcreatememless without verifying its return value, which can lead to incorrect behavior or potential crashes when FF effects ar...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/27 12:18 p.m.43 views

CVE-2026-45969 HID: playstation: Add missing check for input_ff_create_memless

In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Add missing check for inputffcreatememless The psgamepadcreate function calls inputffcreatememless without verifying its return value, which can lead to incorrect behavior or potential crashes when FF effects ar...

0.00123EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43836

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The ps gamepad create function calls input ff create memless without verifying its return value. This lack of validation can result in incorrect behavior or potential system crashes when...

5.5CVSS5.4AI score0.00123EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/27 12:0 a.m.25 views

A Wolf in Sheep'S Clothing: Targeted Routing Hijacking in Federated RAG

Federated Retrieval-Augmented Generation FedRAG is attractive for privacy-sensitive applications because raw data remain local. As a result, routing must rely on client-provided semantic profiles, creating a new opportunity for manipulation. We introduce Routing Hijacking, a routing-stage attack ...

5.8AI score
Exploits0
Veeam
Veeam
added 2026/05/27 12:0 a.m.13 views

Release Information for Veeam Backup for AWS 10.1

Requirements Please confirm that you are running version Veeam Backup for AWS 10 build 10.0.0.232 or later before upgrading. You can find the currently installed build number Product version in the About section under Configuration | Support Information | Updates. After installing Veeam Backup fo...

5.5AI score
Exploits0Affected Software1
HackRead
HackRead
added 2026/05/18 2:37 p.m.9 views

10 Tips for Phrasing Employee Feedback in Reviews

Performance reviews inside cybersecurity teams carry unusually high stakes. Security analysts, incident responders, IT administrators, and compliance staff…...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/18 12:0 a.m.11 views

Babel: Jailbreaking Safety Attention Via Obfuscation Distribution Optimized Sampling

Despite rigorous safety alignment, Large Language Models LLMs remain vulnerable to jailbreak attacks. Existing black-box methods often rely on heuristic templates or exhaustive trials, lacking mechanistic interpretability and query efficiency. In this study, we investigate an intrinsic...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/15 9:16 p.m.28 views

CVE-2026-45396

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

5.4CVSS0.00307EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 8:33 p.m.16 views

EUVD-2026-30630

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

5.4CVSS5.9AI score0.00307EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/15 8:33 p.m.55 views

CVE-2026-45396 Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

5.4CVSS0.00307EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/15 8:33 p.m.12 views

CVE-2026-45396 Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

5.4CVSS5.9AI score0.00307EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 8:33 p.m.9 views

CVE-2026-45396

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

5.4CVSS5.9AI score0.00307EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder