Lucene search
K

64 matches found

Cvelist
Cvelist
added 2026/06/24 8:39 p.m.16 views

CVE-2026-13208 Kubevirt: virt-handler-rhel9: kubevirt: virt-handler notify server trusts vmi identity from unauthenticated grpc request body

A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity namespace/name solely from the request body without validating it against the connection's origin. Each virt-launcher pod connects through a per-VMI...

6.5CVSS0.00094EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/24 8:38 p.m.5 views

CVE-2026-13208

A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity namespace/name solely from the request body without validating it against the connection's origin. Each virt-launcher pod connects through a per-VMI...

6.5CVSS5.8AI score0.00094EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-10283

A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue...

6.5CVSS6.3AI score0.00295EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 5:22 p.m.11 views

Security Bulletin: IBM SPSS Analytic Server is affected by a Vert.x Web Static Handler cache manipulation vulnerability (CVE-2026-1002)

Summary IBM SPSS Analytic Server is affected by a Vert.x Web Static Handler cache manipulation vulnerability CVE-2026-1002. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated t...

6.9CVSS6.4AI score0.00343EPSS
Exploits1Affected Software1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

Altice Labs GR140DG和Altice Labs GR140IG 安全漏洞

Altice Labs GR140DG and Altice Labs GR140IG are fiber-optic access gateway devices from the Portuguese company Altice Labs. Both devices have security vulnerabilities. The vulnerability stems from the ping diagnostic handler in /bin/httpdclientside, which inserts uncleaned user inputs into the...

8.8CVSS6.1AI score0.01275EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.11 views

PT-2026-35534

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...

7.5CVSS7AI score0.00356EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.13 views

MCP Chat Studio 代码问题漏洞

MCP Chat Studio is a testing and development platform for MCP servers, developed by JoeCastrom. Versions of MCP Chat Studio 1.5.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from unknown functions in the LLM Models API component file server/routes/llm.js, which...

7.5CVSS7.2AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.16 views

PT-2026-33828

Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rename files to blocked extensions .php or .htaccess. Attackers can exploit this logic flaw by first...

9.2CVSS6.7AI score0.00633EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.12 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.1 contained security vulnerabilities. These vulnerabilities stemmed from the PUT request handler in the UDR service, which failed to properly return values after request parsing or...

6.9CVSS5.9AI score0.00321EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/10 5:45 a.m.1 views

CVE-2026-6026 Totolink A7100RU CGI cstecgi.cgi setPortalConfWeChat os command injection

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument enable results in os command injection. The attack can ...

10CVSS7AI score0.02981EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/09 9:31 p.m.4 views

EUVD-2026-21076

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sambaEnabled results in os command injection. It is possible to initiate th...

10CVSS7AI score0.01803EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/03 4:0 p.m.2 views

CVE-2026-5472 ProjectsAndPrograms School Management System Profile Picture settings.php unrestricted upload

A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. The affected element is an unknown function of the file /adminpanel/settings.php of the component Profile Picture Handler. This manipulation of the argument File causes unrestrict...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/28 12:0 a.m.7 views

elecV2P 代码问题漏洞

elecV2P is a network request modification and scheduled task tool developed by the elecV2 individual developer. Versions of elecV2P 3.8.3 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of parameters req in the eAxios function within the component’s URL...

7.5CVSS7.2AI score0.003EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/27 9:27 p.m.28 views

CVE-2026-4988 Open5GS CCA Message smf_s6b denial of service

A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smfgxccacb/smfgyccacb/smfs6b of the component CCA Message Handler. The manipulation results in denial of service. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitabilit...

6.3CVSS0.00566EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.5 views

PT-2026-28682

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launch...

7.5CVSS5.8AI score0.00318EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.6 views

PT-2026-27106

Name of the Vulnerable Software and Affected Versions Shenzhen HCC Technology MPOS M6 PLUS version 1V.31-N Description The Bluetooth Handler component in Shenzhen HCC Technology MPOS M6 PLUS version 1V.31-N contains a flaw that allows authentication bypass via capture-replay attacks originating...

5CVSS6AI score0.00288EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/02/26 4:22 a.m.8 views

CVE-2026-27799

A flaw was found in ImageMagick, a software suite used for editing and manipulating digital images. This vulnerability, a heap buffer over-read, exists within the component that handles DJVU image files. A local attacker could exploit this by processing a specially crafted DJVU image, leading to ...

4.4CVSS5.7AI score0.00123EPSS
Exploits0References6
OSV
OSV
added 2026/01/17 5:15 p.m.6 views

CVE-2025-15532

A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. The manipulation results in resource consumption. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks...

7.5CVSS5AI score
Exploits0References12
Redos
Redos
added 2025/12/16 12:0 a.m.7 views

ROS-20251216-7360

A vulnerability in the V8 JavaScript script handler of Google Chrome and Microsoft Edge browsers is related to errors in the implementation of security checks for standard elements. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

4.3CVSS6.6AI score0.0025EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2025/12/15 12:2 a.m.4 views

CVE-2025-14693

A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and may be used. It i...

7CVSS5.3AI score0.00202EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder