Lucene search
K

6981 matches found

BDU FSTEC
BDU FSTEC
added 1 hour ago21 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS7.2AI score0.00709EPSS
Exploits1References11Affected Software9
Nuclei
Nuclei
added 5 hours ago6 views

Spring Framework Path Traversal in Functional Web Frameworks

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

7.5CVSS6.7AI score0.54862EPSS
Exploits6References3
Nuclei
Nuclei
added 5 hours ago150 views

Apache Superset < 4.0.2 - SQL Injection

An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new...

9.8CVSS6.1AI score0.04433EPSS
Exploits2References4
CVE
CVE
added yesterday8 views

CVE-2026-15557

CVE-2026-15557 affects waooAI waoowaoo up to version 0.4.1. The vulnerability resides in the Internal Task Header Handler’s API-auth logic (functions getInternalTaskSession, getAuthSession, requireUserAuth, requireProjectAuth, requireProjectAuthLight in src/lib/api-auth.ts). Malicious manipulatio...

7.5CVSS6.7AI score0.00507EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago8 views

Malicious code in pipspeed (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1037d713fe94f92e9f1302a1c8fdfcd03ee290e1f2076e7c01cbd1305499e91 The package's advertised public entry point pipspeed.optimize GETs a JSON document from https://www.jsonkeeper.com/b/53XMN an anonymous, mutable past...

6.6AI score
Exploits0References2
Fedora
Fedora
added 4 days ago6 views

[SECURITY] Fedora 44 Update: perl-DBI-1.650-1.fc44

DBI is a database access Application Programming Interface API for the Perl Language. The DBI API Specification defines a set of functions, variables and conventions that provide a consistent database interface independent of the actual database being used...

9.8CVSS5.9AI score0.00498EPSS
Exploits0
CVE
CVE
added 5 days ago13 views

CVE-2026-50180

Summary: CVE-2026-50180 in Langroid’s SQLChatAgent allows arbitrary PostgreSQL file reads due to an incomplete DANGEROUS_SQL_PATTERNS blocklist. The blocklist misses several pg_read * and related functions (e.g., pg_read_file, pg_stat_file, pg_ls_logdir, pg_ls_waldir, pg_current_logfile) and does...

8.7CVSS6.1AI score0.00686EPSS
Exploits0References2
NVD
NVD
added 5 days ago8 views

CVE-2026-54002

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins that use the writer or list fields or call Dom::sanitize, Sane::sanitize, Sane::Html::sanitize, Sane::Svg::sanitize, Sane::Xml::sanitize, Sane::sanitizeFile, or file sanitizeContents with untruste...

8.5CVSS0.00409EPSS
Exploits0References7
Cvelist
Cvelist
added 5 days ago38 views

CVE-2026-54800

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized...

6.3CVSS0.00146EPSS
Exploits0References1
CVE
CVE
added 5 days ago10 views

CVE-2026-54800

CVE-2026-54800 affects CPCI85 Central Processing/Communication and SICORE Base system (all versions &lt; V26.20 /

6.3CVSS5.9AI score0.00146EPSS
Exploits0References1
OSV
OSV
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1953 TensorFlow has segmentation fault in tfg-translate

Impact Out-of-bounds access due to mismatched integer type sizes in ValueMap::Manager::GetValueOrCreatePlaceholder. Bug with tfg-translate call to InitMlir. The problem happens with generic functions, as it is already handled for non-generic functions. This is because they, unlike non-generic...

7.5CVSS6.6AI score0.00516EPSS
Exploits0References7
Nuclei
Nuclei
added 2026/07/03 1:39 p.m.73 views

Node.JS System Information Library <5.3.1 - Remote Command Injection

Node.JS System Information Library System before version 5.3.1 is susceptible to remote command injection. Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. id: CVE-2021-21315 info: name: Node.JS System...

7.8CVSS7.1AI score0.9024EPSS
Exploits4References5
OSV
OSV
added 2026/07/02 2:13 p.m.2 views

PYSEC-2026-723 Out-of-bounds Read in OpenCV

An out-of-bounds read was discovered in OpenCV before 4.1.1 OpenCV-Python before 4.1.0.25. Specifically, variable coarsestscale is assumed to be greater than or equal to finestscale within the calc/oclcalc functions in disflow.cpp. However, this is not true when dealing with small images, leading...

6.5CVSS6.5AI score0.01742EPSS
Exploits1References8
NVD
NVD
added 2026/07/02 6:16 a.m.10 views

CVE-2026-14249

The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emddeletefile AJAX action. This is due to the emddeletefile handler deriving a PHP function name from the attacker-controlled $POST'path' parameter and invoking it dynamically...

7.5CVSS0.00333EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/02 5:35 a.m.39 views

CVE-2026-14249 Request a Quote Form Plugin <= 2.5.5 - Unauthenticated Code Injection via 'path' Parameter

The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emddeletefile AJAX action. This is due to the emddeletefile handler deriving a PHP function name from the attacker-controlled $POST'path' parameter and invoking it dynamically...

7.5CVSS0.00333EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/02 5:35 a.m.10 views

EUVD-2026-41245

The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emddeletefile AJAX action. This is due to the emddeletefile handler deriving a PHP function name from the attacker-controlled $POST'path' parameter and invoking it dynamically...

7.5CVSS6AI score0.00333EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:35 a.m.7 views

CVE-2026-14249

The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emddeletefile AJAX action. This is due to the emddeletefile handler deriving a PHP function name from the attacker-controlled $POST'path' parameter and invoking it dynamically...

7.5CVSS6AI score0.00333EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.14 views

PT-2026-54640

Name of the Vulnerable Software and Affected Versions Request a Quote versions prior to 2.5.6 Description The Request a Quote plugin for WordPress allows unauthenticated attackers to perform code injection. The issue occurs because the emd delete file function derives a PHP function name from the...

7.5CVSS6.1AI score0.00333EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/07/01 5:14 p.m.4 views

PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions

A flaw was found in PHP. Some functions, including urldecode, incorrectly pass signed characters to character type ctype functions. On certain systems, this can lead to accessing memory with a negative offset. This vulnerability can be exploited by an attacker to trigger a denial of service DoS,...

7.5CVSS7AI score0.00337EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 6:40 a.m.6 views

postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory

A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...

8.8CVSS8.1AI score0.00464EPSS
Exploits0References5
Rows per page
Query Builder