Lucene search
K

47717 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/18 3:31 p.m.4 views

CVE-2013-0051

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none...

5.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/18 2:53 p.m.5 views

CVE-2025-71235 scsi: qla2xxx: Delay module unload while fabric scan in progress

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop. 105954.384919 RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086 105954.384920 R10:...

5.3AI score0.00118EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/02/18 11:20 a.m.5 views

CVE-2026-2570

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

5.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/18 9:31 a.m.6 views

CVE-2026-1452

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

5.5AI score
Exploits0References1
NVD
NVD
added 2026/02/18 7:16 a.m.10 views

CVE-2026-2019

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...

7.2CVSS0.00481EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/18 5:29 a.m.3 views

CVE-2025-11737 VK All in One Expansion Unit <= 9.112.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via SNS Title

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'vkExUnitsnstitle' parameter in all versions up to, and including, 9.112.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

6.4CVSS5.7AI score0.0019EPSS
Exploits0References2
CVE
CVE
added 2026/02/18 5:29 a.m.18 views

CVE-2025-11737

The VK All in One Expansion Unit for WordPress is affected by CVE-2025-11737: Stored Cross-Site Scripting via the vkExUnit_sns_title/SNS title parameter in all versions up to 9.112.3. Exploitation requires Contributor+ authenticated access; payloads execute when users load injected pages. Support...

6.4CVSS5.7AI score0.0019EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/18 2:32 a.m.5 views

nodejs: Nodejs uninitialized memory exposure

A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other...

7.1CVSS7.4AI score0.03493EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.5 views

PT-2026-20963

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description OpenClaw embedded the current working directory workspace path into the agent system prompt without proper sanitization. An attacker could potentially exploit this by creating a directory with...

8.6CVSS5.4AI score0.00205EPSS
Exploits0References11
Amazon
Amazon
added 2026/02/18 12:0 a.m.7 views

Medium: python3.13

Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...

6CVSS5.6AI score0.0056EPSS
Exploits0
Patchstack
Patchstack
added 2026/02/17 11:48 p.m.6 views

WordPress VK All in One Expansion Unit plugin <= 9.112.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via SNS Title vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via SNS Title vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin VK All in One Expansion Unit versions = 9.112.3...

6.4CVSS5.5AI score0.0019EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/17 8:22 p.m.9 views

CVE-2025-33101

IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory...

5.9CVSS0.00202EPSS
Exploits0References1
OSV
OSV
added 2026/02/17 8:22 p.m.5 views

CVE-2025-33101

IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory...

5.9CVSS5.5AI score
Exploits0References1
OSV
OSV
added 2026/02/17 8:22 p.m.2 views

CVE-2025-27903

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques...

5.9CVSS5.8AI score0.00133EPSS
Exploits0References1
NVD
NVD
added 2026/02/17 8:22 p.m.9 views

CVE-2025-27903

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques...

5.9CVSS0.00133EPSS
Exploits0References1
CVE
CVE
added 2026/02/17 7:32 p.m.14 views

CVE-2025-27903

CVE-2025-27903 affects IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002. Affected component is the Recovery Expert for Linux/UNIX/Windows; the underlying issue is transmission of data over a cleartext channel, enabling potential MITM interception to obtain sensitive information. The accompanyi...

5.9CVSS5.5AI score0.00133EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/17 7:32 p.m.5 views

CVE-2025-27903 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques...

5.9CVSS5.5AI score0.00133EPSS
Exploits0References1
CVE
CVE
added 2026/02/17 7:14 p.m.40 views

CVE-2026-0102

CVE-2026-0102 affects Microsoft Edge (Chromium-based) with a vulnerability where, under specific conditions, a malicious webpage can trigger autofill population after two consecutive taps, potentially disclosing stored autofill data (addresses, email, phone number metadata). Connected documents i...

3.1CVSS5.4AI score0.00463EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/17 7:14 p.m.2 views

CVE-2026-0102 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability

...

3.1CVSS5.8AI score0.00463EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/17 7:14 p.m.23 views

CVE-2026-0102 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability

...

3.1CVSS0.00463EPSS
Exploits0References1
Rows per page
Query Builder