Lucene search
K

47717 matches found

Cvelist
Cvelist
added 2026/02/19 2:25 a.m.39 views

CVE-2026-25232 Gogs has a Protected Branch Deletion Bypass in Web Interface

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...

7.1CVSS0.00436EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/19 12:31 a.m.7 views

CVE-2014-7729

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none...

5.5AI score
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.10 views

GFI MailEssentials AI 安全漏洞

GFI MailEssentials AI is a U.S. GFI open source anti-spam and data leakage protection software. A cross-site scripting vulnerability exists in the GFI MailEssentials AI IP Blocklist administration page, which can be exploited by an attacker to execute script in the context of a logged-in user...

5.4CVSS5.7AI score0.00173EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.21 views

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1436)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1436 advisory. A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server...

8.2CVSS5.7AI score0.00339EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.6 views

SPIP 安全漏洞

SPIP is an open-source software created by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.9 contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation of joint URLs when editing joint sites, which could lead to Man-in-the-Middle attacks...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.4 views

PT-2026-20910

Name of the Vulnerable Software and Affected Versions GFI MailEssentials AI versions prior to 22.4 Description The software contains an arbitrary directory existence enumeration issue in the ListServer.IsPathExist web method, accessible via the API endpoint...

5.3CVSS5.5AI score0.00244EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.7 views

GFI MailEssentials AI 安全漏洞

GFI MailEssentials AI is a U.S. GFI open source anti-spam and data leakage protection software. A cross-site scripting vulnerability exists in the GFI MailEssentials AI Anti-Spoofing configuration page, which can be exploited by an attacker to execute scripts in the context of a logged-in user...

5.4CVSS5.7AI score0.00173EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.8 views

Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2026-010 (ALASNGINX1-2026-010)

The version of nginx installed on the remote host is prior to 1.28.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2026-010 advisory. A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. A...

8.2CVSS5.8AI score0.00339EPSS
Exploits0References4
Amazon
Amazon
added 2026/02/19 12:0 a.m.15 views

Medium: nginx

Issue Overview: A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side--along with conditions beyond the attacker's control--may be able to inject...

8.2CVSS5.8AI score0.00339EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.6 views

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-050 (ALASFIREFOX-2026-050)

The version of firefox installed on the remote host is prior to 140.7.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2026-050 advisory. Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox 146. CVE-2025-14327 Mitigation...

9.8CVSS6.2AI score0.0057EPSS
Exploits0References28
Broadcom
Broadcom
added 2026/02/19 12:0 a.m.17 views

OpenSSH security update (CVE-2025-61985)

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...

3.6CVSS6.1AI score0.00114EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.9 views

PT-2026-21353

Name of the Vulnerable Software and Affected Versions Flask versions 3.1.2 and below Description Flask, a web server gateway interface WSGI web application framework, may improperly handle caching when accessing the session object. Specifically, it may fail to set the 'Vary: Cookie' header,...

4.3CVSS5.8AI score0.00374EPSS
Exploits0References191
Vulnrichment
Vulnrichment
added 2026/02/18 10:47 p.m.4 views

CVE-2026-24745 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Login Logo functions of InvoicePlane version 1.7.0. In the Upload Login Logo, the application allows uploading svg files. Althou...

5.7CVSS5.7AI score0.0022EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/18 10:42 p.m.3 views

Arbitrary Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Command Injection due to embedding the current working directory path into LLM prompts without sanitization. An attacker can manipulate agent behavior or cause disclosure of...

8.6CVSS5.7AI score0.00205EPSS
Exploits0References2
OSV
OSV
added 2026/02/18 9:50 p.m.4 views

GHSA-W52V-V783-GW97 Ghost has a SQL injection in Content API

Impact A SQL injection vulnerability existed in Ghost's Content API that allowed unauthenticated attackers to read arbitrary data from the database. Vulnerable Versions This vulnerability is present in Ghost v3.24.0 to v6.19.0. Patches v6.19.1 contains a fix for this issue. Note: as this...

9.4CVSS6.2AI score0.69996EPSS
Exploits7References6
Vulnrichment
Vulnrichment
added 2026/02/18 9:1 p.m.5 views

CVE-2026-24744 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the Edit Invoices functions of InvoicePlane version 1.7.0. When editing invoices, the application does not validate user input at the...

5.7CVSS5.6AI score0.0022EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/02/18 8:18 p.m.3 views

CVE-2026-25500

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename starts with the javascript: scheme e.g. javascript:alert1, the...

5.4CVSS6.3AI score0.00224EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/18 7:30 p.m.6 views

CVE-2025-33101

IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory...

5.9CVSS5.5AI score0.00202EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/18 3:32 p.m.4 views

CVE-2013-0060

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none...

5.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/18 3:32 p.m.6 views

CVE-2013-0057

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none...

5.5AI score
Exploits0References1
Rows per page
Query Builder