Lucene search
K

57 matches found

CNNVD
CNNVD
added 2026/04/08 12:0 a.m.10 views

D-Link DI-8003 安全漏洞

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. The D-Link DI-8003 suffers from a buffer overflow vulnerability that originates from improper validation of the id parameter in the /thdmember.asp endpoint, which can be exploited by an attacker to cause a denial of service...

7.5CVSS6AI score0.00516EPSS
Exploits0References3
NVD
NVD
added 2026/03/24 4:16 p.m.3 views

CVE-2026-33678

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, TaskAttachment.ReadOne queries attachments by ID only WHERE id = ?, ignoring the task ID from the URL path. The permission check in CanRead validates access to the task specified in the URL, but ReadOne loads ...

8.1CVSS0.00265EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/16 3:30 p.m.2 views

Missing Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Missing Authorization in the invite ID validation process. An attacker can gain unauthorized access to create accounts by using leaked invite IDs...

5.3CVSS5.8AI score0.0017EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.8 views

WordPress plugin GetGenie 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS5.8AI score0.00281EPSS
Exploits0References4
NVD
NVD
added 2026/02/26 3:16 a.m.13 views

CVE-2026-2356

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'registermember' function, due to missing validation on the 'memberid' user...

5.3CVSS0.00187EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/10 1:23 p.m.4 views

CVE-2026-22905

An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences e.g., /js/../cgi-bin/post.cgi, gaining unauthorized access to protected CGI endpoints and configuration downloads...

7.5CVSS5.6AI score0.00619EPSS
Exploits0References1
OSV
OSV
added 2026/02/07 9:56 p.m.6 views

CVE-2026-25561 WeKan < 8.19 Attachment Upload Object Relationship Validation Bypass

WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers such as boardId, cardId, swimlaneId, and listId are consistent and refer to a coherent card/board relationship, enabling attempts to upload...

7.1CVSS6AI score0.0028EPSS
Exploits0References6
OSV
OSV
added 2026/01/28 6:10 p.m.9 views

CVE-2026-24775 OpenProject has Forced Actions, Content Spoofing, and Persistent DoS via ID Manipulation in OpenProject Blocknote Editor Extension

OpenProject is an open-source, web-based project management software. In the new editor for collaborative documents based on BlockNote, OpenProject maintainers added a custom extension in OpenProject version 17.0.0 that allows to mention OpenProject work packages in the document. To show work...

6.3CVSS6AI score0.00105EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/14 3:5 p.m.3 views

CVE-2025-71112

In the Linux kernel, the following vulnerability has been resolved: net: hns3: add VLAN id validation before using Currently, the VLAN id may be used without validation when receive a VLAN configuration mailbox from VF. The length of vlandelfailbmap is BITSTOLONGSVLANNVID. It may cause...

5.2AI score0.00126EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-8424

Malware in sbrugna...

7CVSS6.1AI score0.0122EPSS
Exploits0References30
CNNVD
CNNVD
added 2025/10/07 12:0 a.m.3 views

Online Shopping System Advanced 安全漏洞

Online Shopping System Advanced is an online store website by Puneeth Reddy H C Individual Developer. A security vulnerability exists in Online Shopping System Advanced version 1.0, which stems from insufficient validation of the parameter productid in the file editproduct.php, which could lead t...

9.8CVSS7.4AI score0.00309EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/10/06 12:0 a.m.5 views

PT-2025-46554

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the drm/vmwgfx subsystem related to cursor snooping. The issue arises from a missing check for resource existence before attempting to use the...

6CVSS7.4AI score0.00188EPSS
Exploits0
OSV
OSV
added 2025/09/15 8:11 p.m.2 views

GHSA-Q67Q-549Q-P849 Flowise has arbitrary file access due to missing chat flow id validation

Summary Missing chat flow id validation allows an attacker to access arbitrary file. Details Commit https://github.com/FlowiseAI/Flowise/commit/8bd3de41533de78e4ef6c980e5704a1f9cb7ae6f and https://github.com/FlowiseAI/Flowise/commit/c2b830f279e454e8b758da441016b2234f220ac7 added check for filenam...

9.8CVSS7AI score0.00895EPSS
Exploits1References4
Zero Day Initiative
Zero Day Initiative
added 2025/08/12 12:0 a.m.5 views

(0Day) Schneider Electric EcoStruxure Power Monitoring Expert ExportDataAsXML Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the ExportDataAsXML...

7.5CVSS6.4AI score0.00421EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-3866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate session i...

5.5CVSS6.2AI score0.14332EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 5:52 a.m.3 views

CVE-2023-22452

kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured...

6.5CVSS6.8AI score0.00548EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:43 a.m.5 views

CVE-2023-5982

The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instanceid on the 'updraftmethod-googledrive-auth' acti...

5.4CVSS5.9AI score0.00218EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 3:16 p.m.1 views

DEBIAN-CVE-2025-22118

In the Linux kernel, the following vulnerability has been resolved: ice: validate queue quanta parameters to prevent OOB access Add queue wraparound prevention in quanta configuration. Ensure endqid does not overflow by validating startqid and numqueues...

7.1CVSS6.7AI score0.00151EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.4 views

PT-2024-39776 · Posthog · Posthog

Name of the Vulnerable Software and Affected Versions: PostHog affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this issue. The specific flaw exists within...

8.3CVSS6.9AI score0.00662EPSS
Exploits0References7
OSV
OSV
added 2024/07/30 8:15 a.m.3 views

UBUNTU-CVE-2024-42121

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check index msgid before read or write WHAT msgid is used as an array index and it cannot be a negative value, and therefore cannot be equal to MODHDCPMESSAGEIDINVALID -1. HOW Check whether msgid is valid before...

7.8CVSS6.2AI score0.0026EPSS
Exploits0References25
Rows per page
Query Builder