Lucene search
K

136 matches found

Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.16 views

PT-2026-51137

Name of the Vulnerable Software and Affected Versions iCagenda versions prior to 4.0.8 Description The iCagenda extension for Joomla contains a flaw in the file attachment feature of its public event submission form. Due to improper restriction of file types, unauthenticated attackers can upload...

10CVSS6.6AI score0.00478EPSS
Exploits2References12
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.8 views

CVE-2026-8238

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/messagepage' endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...

6.3CVSS5.5AI score0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 8:40 p.m.8 views

CVE-2026-45402

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, multiple endpoints accept a user-supplied fileid and attach the referenced file to a resource the caller controls folder knowledge, knowledge-base contents without verifying that the...

8.1CVSS5.8AI score0.00346EPSS
Exploits1References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/25 12:0 a.m.7 views

Vikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network Resources

The migration helper functions DownloadFile and DownloadFileWithHeaders in pkg/modules/migration/helpers.go make arbitrary HTTP GET requests without any SSRF protection. When a user triggers a Todoist or Trello migration, file attachment URLs from the third-party API response are passed directly ...

6.4CVSS5.9AI score0.00272EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/31 6:39 a.m.3 views

CVE-2026-1251 SupportCandy – Helpdesk & Customer Support Ticket System <= 3.4.4 - Authenticated (Subscriber+) Insecure Direct Object Reference

The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.4 via the 'addreply' function due to missing validation on a user controlled key. This makes it possible for authenticated...

5.4CVSS5.6AI score0.00284EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.5 views

Gitea security vulnerabilities

Gitea is a lightweight Git service developed using Go language in the Gitea community. Gitea has a security vulnerability that stems from the improper verification of repository ownership when attaching files to released versions. This vulnerability may allow unauthorized users to access files...

9.1CVSS5.8AI score0.00415EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-5332

Malware in sbrugna...

5.4CVSS5.5AI score0.00861EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-3507

Malware in sbrugna...

5.5CVSS6AI score0.00471EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-8568

Malware in sbrugna...

5CVSS6.4AI score0.01209EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2008-1011

Malware in sbrugna...

8.5CVSS6.1AI score0.03134EPSS
Exploits3References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-7237

Malware in sbrugna...

5.4CVSS5.6AI score0.00795EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-16755

Malware in sbrugna...

6.1CVSS6.3AI score0.00661EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2002-2207

Malware in sbrugna...

6.4CVSS6.4AI score0.01124EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-46992

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00644EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-54389

Malicious code in bioql PyPI...

7.5CVSS8.2AI score0.00416EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-7560

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00685EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.25 views

EUVD-2023-32155

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00965EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-5890

Malicious code in bioql PyPI...

7.5CVSS8.7AI score0.00461EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-7561

Malicious code in bioql PyPI...

8.1CVSS8.1AI score0.02151EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-5904

Malicious code in bioql PyPI...

7.5CVSS8.7AI score0.00399EPSS
Exploits0References3
Rows per page
Query Builder