Lucene search
K

47712 matches found

Vulnrichment
Vulnrichment
added 2026/02/19 7:48 p.m.4 views

CVE-2026-26318 systeminformation has Command Injection via Unsanitized `locate` Output in `versions()`

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

8.8CVSS5.5AI score0.0115EPSS
Exploits1References2
NVD
NVD
added 2026/02/19 7:22 p.m.9 views

CVE-2026-27474

SPIP before 4.4.9 allows Cross-Site Scripting XSS in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappeantixss function was not systematically applied to input, form, button, and anchor a HTML tags, allowing an attacker to inject malicious scripts through these element...

6.1CVSS0.00264EPSS
Exploits0References3
NVD
NVD
added 2026/02/19 7:22 p.m.8 views

CVE-2026-26057

Skill Scanner is a security scanner for AI Agent Skills that detects prompt injection, data exfiltration, and malicious code patterns. A vulnerability in the API Server of Skill Scanner could allow a unauthenticated, remote attacker to interact with the server API and either trigger a denial of...

9.1CVSS0.00328EPSS
Exploits0References2
NVD
NVD
added 2026/02/19 6:24 p.m.11 views

CVE-2026-23606

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtRuleName parameter to...

5.4CVSS0.00173EPSS
Exploits0References2
OSV
OSV
added 2026/02/19 6:24 p.m.5 views

CVE-2026-23605

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBRuleName parameter to...

5.4CVSS5.8AI score0.00173EPSS
Exploits0References2
OSV
OSV
added 2026/02/19 5:24 p.m.8 views

AZL-77976 CVE-2026-24834 affecting package kata-containers 3.19.1.kata2-4

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM...

9.3CVSS6.3AI score0.00223EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/19 4:0 p.m.5 views

CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution

Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a...

9.9CVSS6.3AI score0.02914EPSS
Exploits2References3
vulnersOsv
vulnersOsv
added 2026/02/19 3:18 p.m.8 views

@budibase/server (>=3.32.1 <=3.38.1), @builders-of-stuff/svelte-sui-wallet-adapter (>=0.6.6 <=2.1.0) +52 more potentially affected by CVE-2026-27122 via svelte (>=5.0.0-next.1 <=5.51.2)

svelte NPM version =5.0.0-next.1, =3.32.1, =0.6.6, =4.0.0-alpha.1, =4.0.0-alpha.1, =0.1.0, =0.0.1, =1.3.0, =0.1.4, =0.0.20, =0.15.0, =1.1.0-beta.0, =5.0.0-next.80, =0.1.1-alpha.24, =0.1.3-next.2 and more Source cves: CVE-2026-27122 Source advisory: SNYK:JS-SVELTE-15322733...

5.4CVSS5.7AI score0.00189EPSS
Exploits0
Cvelist
Cvelist
added 2026/02/19 2:58 p.m.22 views

CVE-2025-71241 SPIP < 4.3.6 Cross-Site Scripting in Private Area

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting XSS in the private area. The content of the error message displayed by the 'transmettre' API is not properly sanitized, allowing an attacker to inject malicious scripts. This vulnerability is mitigated by the SPIP security screen...

6.1CVSS0.002EPSS
Exploits0References3
NVD
NVD
added 2026/02/19 7:17 a.m.13 views

CVE-2026-25242

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...

9.8CVSS0.00618EPSS
Exploits1References4
NVD
NVD
added 2026/02/19 7:17 a.m.6 views

CVE-2026-25232

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...

8.8CVSS0.00436EPSS
Exploits1References4
ICS
ICS
added 2026/02/19 7:0 a.m.7 views

Valmet DNA Engineering Web Tools

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to manipulate the web maintenance services URL to achieve arbitrary file read access. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation...

9.2CVSS5.9AI score0.00505EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2026/02/19 6:37 a.m.4 views

CVE-2015-7947

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none...

5.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 2:28 a.m.4 views

CVE-2026-25242 Gogs allows unauthenticated file uploads

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...

6.9CVSS5.8AI score0.00618EPSS
Exploits1References4
CVE
CVE
added 2026/02/19 2:28 a.m.13 views

CVE-2026-25242

CVE-2026-25242 (Gogs) affects Gogs, an open source self-hosted Git service. Versions 0.13.4 and earlier expose unauthenticated file upload endpoints by default. When the global RequireSigninView is disabled (default), remote users can upload arbitrary files to /releases/attachments and /issues/at...

9.8CVSS5.7AI score0.00618EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/19 2:25 a.m.39 views

CVE-2026-25232 Gogs has a Protected Branch Deletion Bypass in Web Interface

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...

7.1CVSS0.00436EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/19 12:31 a.m.7 views

CVE-2014-7729

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none...

5.5AI score
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.10 views

GFI MailEssentials AI 安全漏洞

GFI MailEssentials AI is a U.S. GFI open source anti-spam and data leakage protection software. A cross-site scripting vulnerability exists in the GFI MailEssentials AI IP Blocklist administration page, which can be exploited by an attacker to execute script in the context of a logged-in user...

5.4CVSS5.7AI score0.00173EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.21 views

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1436)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1436 advisory. A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server...

8.2CVSS5.7AI score0.00339EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.6 views

SPIP 安全漏洞

SPIP is an open-source software created by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.9 contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation of joint URLs when editing joint sites, which could lead to Man-in-the-Middle attacks...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References3
Rows per page
Query Builder