Lucene search
K

2836 matches found

SUSE CVE
SUSE CVE
added 2026/03/04 12:27 a.m.9 views

SUSE CVE-2026-25242

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...

9.8CVSS5.8AI score0.00618EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/28 7:45 p.m.7 views

CVE-2019-25489

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hostingid parameter. Attackers can send GET requests to the rooms/ajaxrefreshsubtotal endpoint with malicious hostingid values to extract...

9.1CVSS6.1AI score0.00391EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/27 6:31 p.m.7 views

EUVD-2019-19715

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hostingid parameter. Attackers can send GET requests to the rooms/ajaxrefreshsubtotal endpoint with malicious hostingid values to extract...

8.8CVSS6.1AI score0.00391EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/27 5:23 p.m.23 views

CVE-2019-25489 Homey BNB V4 SQL Injection via ajax_refresh_subtotal

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hostingid parameter. Attackers can send GET requests to the rooms/ajaxrefreshsubtotal endpoint with malicious hostingid values to extract...

8.8CVSS0.00391EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/27 5:23 p.m.6 views

CVE-2019-25489

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hostingid parameter. Attackers can send GET requests to the rooms/ajaxrefreshsubtotal endpoint with malicious hostingid values to extract...

9.1CVSS6.1AI score0.00391EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 5:23 p.m.6 views

CVE-2019-25489 Homey BNB V4 SQL Injection via ajax_refresh_subtotal

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hostingid parameter. Attackers can send GET requests to the rooms/ajaxrefreshsubtotal endpoint with malicious hostingid values to extract...

8.8CVSS6.1AI score0.00391EPSS
Exploits1References3
CVE
CVE
added 2026/02/27 5:23 p.m.12 views

CVE-2019-25489

CVE-2019-25489 — Normal mode Impacting: Homey BNB V4. The vulnerability is a SQL injection in the hosting_id parameter used by the rooms/ajax_refresh_subtotal endpoint. It allows unauthenticated attackers to manipulate database queries, potentially exfiltrating sensitive data and causing a denial...

9.1CVSS6.1AI score0.00391EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.9 views

Doditsolutions Homey BNB SQL注入漏洞

Doditsolutions Homey BNB is a homestay reservation system operated by the Indian company Doditsolutions. Doditsolutions Homey BNB V4 has a SQL injection vulnerability; this vulnerability stems from the hostingid parameter, which allows for SQL injections. It may allow unverified attackers to...

9.1CVSS5.8AI score0.00391EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.9 views

PT-2026-22357

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting id parameter. Attackers can send GET requests to the rooms/ajax refresh subtotal endpoint with malicious hosting id values to extract...

8.8CVSS6.1AI score0.00391EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/23 1:30 p.m.6 views

CVE-2026-27194

D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. This issue...

9.8CVSS6.5AI score0.00712EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.10 views

Ghost SQL注入漏洞

Ghost is a hosting service developed by the Ghost open-source project. Versions of Ghost from 3.24.0 to 6.19.0 have SQL injection vulnerabilities. These vulnerabilities stem from unvalidated code, which may allow unauthorized attackers to execute arbitrary reads from the database...

9.4CVSS6.3AI score0.69996EPSS
Exploits7References4
OSV
OSV
added 2026/02/19 8:29 p.m.5 views

GHSA-C87C-78RC-VMV2 D-Tale affected by Remote Code Execution through the /save-column-filter endpoint

Impact Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Patches Users should upgrade to version 3.20.0. Workarounds There are no workarounds for versions 3.20.0...

9.3CVSS6.5AI score0.00712EPSS
Exploits0References4
NVD
NVD
added 2026/02/19 7:17 a.m.14 views

CVE-2026-25242

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...

9.8CVSS0.00618EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/19 2:28 a.m.36 views

CVE-2026-25242 Gogs allows unauthenticated file uploads

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...

6.9CVSS0.00618EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/19 2:28 a.m.4 views

CVE-2026-25242 Gogs allows unauthenticated file uploads

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...

6.9CVSS5.8AI score0.00618EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.12 views

PT-2026-21349

Name of the Vulnerable Software and Affected Versions D-Tale versions prior to 3.20.0 Description D-Tale, a visualizer for pandas data structures, has an issue allowing for Remote Code Execution. This is due to a flaw in the /save-column-filter API endpoint. Publicly hosted instances of D-Tale ar...

9.8CVSS5.7AI score0.00712EPSS
Exploits0References10
The Hacker News
The Hacker News
added 2026/02/18 7:40 a.m.25 views

Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. The version 8.9.2 update incorporates what maintainer Don Ho calls a "double lock" design th...

7.7CVSS7.1AI score0.01268EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.9 views

PT-2026-20323

Name of the Vulnerable Software and Affected Versions Gogs versions 0.13.4 and below Gogs versions prior to 0.14.1 Description Gogs, a self-hosted Git service, has an issue where unauthenticated file upload is possible by default. When the RequireSigninView setting is disabled which is the defaul...

9.9CVSS5.8AI score0.27661EPSS
Exploits45References119
CNNVD
CNNVD
added 2026/02/13 12:0 a.m.10 views

Soliton Systems Kk FileZen 安全漏洞

Soliton Systems Kk FileZen is a file hosting device developed by the Japanese company Soliton Systems Kk. This device offers functions such as file storage, file transfer, and upload/download capabilities. There is a security vulnerability present in Soliton Systems Kk FileZen; this vulnerability...

8.8CVSS7.7AI score0.04974EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/02/12 7:32 a.m.15 views

83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile EPMM can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitati...

10CVSS7.1AI score0.98871EPSS
Exploits77
Rows per page
Query Builder