Lucene search
K

1132 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/13 5:30 a.m.1 views

CVE-2026-6164

A security flaw has been discovered in code-projects Lost and Found Thing Management 1.0. This affects an unknown part of the file /addcat.php. Performing a manipulation of the argument cata results in sql injection. The attack can be initiated remotely. The exploit has been released to the publi...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/04/13 5:30 a.m.29 views

CVE-2026-6164 code-projects Lost and Found Thing Management addcat.php sql injection

A security flaw has been discovered in code-projects Lost and Found Thing Management 1.0. This affects an unknown part of the file /addcat.php. Performing a manipulation of the argument cata results in sql injection. The attack can be initiated remotely. The exploit has been released to the publi...

7.5CVSS0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/13 5:15 a.m.4 views

CVE-2026-6163

A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly...

7.5CVSS7AI score0.00318EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/13 5:15 a.m.4 views

CVE-2026-6163 code-projects Lost and Found Thing Management catageory.php sql injection

A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly...

7.5CVSS7AI score0.00318EPSS
Exploits0References5
CVE
CVE
added 2026/04/13 5:15 a.m.14 views

CVE-2026-6163

CVE-2026-6163 : In code-projects Lost and Found Thing Management 1.0, manipulation of the argument cat in /catageory.php enables SQL injection via an unsanitized input parameter. The issue is exploitable remotely and the exploit is publicly available. The CVSS metrics in the connected documents i...

7.5CVSS7AI score0.00318EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/13 5:15 a.m.34 views

CVE-2026-6163 code-projects Lost and Found Thing Management catageory.php sql injection

A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly...

7.5CVSS0.00318EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.12 views

PT-2026-32274

A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly...

7.5CVSS7AI score0.00318EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.9 views

PT-2026-32275

A security flaw has been discovered in code-projects Lost and Found Thing Management 1.0. This affects an unknown part of the file /addcat.php. Performing a manipulation of the argument cata results in sql injection. The attack can be initiated remotely. The exploit has been released to the publi...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.7 views

Code-Projects Lost and Found Thing Management SQL注入漏洞

Code-Projects Lost and Found Thing Management is an open-source lost and found management tool developed by Code-Projects. Version 1.0 of Code-Projects Lost and Found Thing Management contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “cata”...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.7 views

Code-Projects Lost and Found Thing Management SQL注入漏洞

Code-Projects Lost and Found Thing Management is an open-source lost and found management tool developed by Code-Projects. Version 1.0 of Code-Projects Lost and Found Thing Management contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the cat parameter in...

7.5CVSS7.2AI score0.00318EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.6 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006723)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006723 advisory. In the Linux kernel, the following vulnerability has been resolved: xfs: do not propagate ENODATA disk errors into xattr code ENODATA aka ENOATTR has a very specifi...

7.8CVSS5.8AI score0.00157EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/02 8:36 p.m.11 views

Rack has Content-Length mismatch in Rack::Files error responses

Summary Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the number of bytes actually sent on the wire. Because Rack::Files reflects the...

6.5CVSS5.8AI score0.00147EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/02 8:36 p.m.4 views

GHSA-Q2WW-5357-X388 Rack has Content-Length mismatch in Rack::Files error responses

Summary Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the number of bytes actually sent on the wire. Because Rack::Files reflects the...

4.8CVSS5.9AI score0.00147EPSS
Exploits0References4
OSV
OSV
added 2026/04/02 5:16 p.m.2 views

UBUNTU-CVE-2026-34831

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the...

6.5CVSS5.8AI score0.00147EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.3 views

PT-2026-29918

Summary Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the number of bytes actually sent on the wire. Because Rack::Files reflects the...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.6 views

CVE-2026-28786

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including th...

4.3CVSS5.9AI score0.00427EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 3:29 p.m.2 views

GHSA-VVXM-VXMR-624H Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Summary An unsanitised filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including the server's absolute DATADIR path — is returned verbatim in the HTTP 400 response body, confirming information...

4.3CVSS6AI score0.00427EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/27 3:29 p.m.9 views

Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Summary An unsanitised filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including the server's absolute DATADIR path — is returned verbatim in the HTTP 400 response body, confirming information...

4.3CVSS6AI score0.00427EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/26 11:37 p.m.5 views

CVE-2026-28786 Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including th...

4.3CVSS5.9AI score0.00427EPSS
Exploits1References3
OSV
OSV
added 2026/03/20 4:32 a.m.5 views

MAL-2026-1938 Malicious code in @metaplex-foundations/umi-public-keys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48abfc0f902cd0f09b0c2ae7449eaefbf3b4baf1cb12e4165f509b86f7ad8692 The package @metaplex-foundations/umi-public-keys was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
Rows per page
Query Builder