Lucene search
K

47722 matches found

NVD
NVD
added 2026/02/12 11:16 p.m.15 views

CVE-2019-25324

RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn and entryDisplayNameIn parameters to insert arbitrary HTML content, potentially enabling...

6.1CVSS0.0022EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/12 10:48 p.m.5 views

CVE-2019-25324

RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn and entryDisplayNameIn parameters to insert arbitrary HTML content, potentially enabling...

6.1CVSS5.3AI score0.0022EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/12 10:1 p.m.5 views

CVE-2026-26068

emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. Prior to 3.21.1, untrusted agent metadata Transport, Hostname is accepted during check-in and later interpolated into tmux shell command strings executed via /bin/sh -c. This enables command injection and remote code...

9.3CVSS6.5AI score0.0327EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/12 9:37 p.m.4 views

CVE-2025-14282

A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's file...

5.4CVSS5.5AI score0.00364EPSS
Exploits0References3Affected Software1
Debian
Debian
added 2026/02/12 7:46 p.m.10 views

[SECURITY] [DSA 6131-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6131-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 12, 2026 https://www.debian.org/security/faq -...

8.2CVSS5.5AI score0.00339EPSS
Exploits0
NVD
NVD
added 2026/02/12 7:15 p.m.11 views

CVE-2026-21435

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...

7.5CVSS0.00413EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/12 7:12 p.m.22 views

CVE-2026-24894 FrankenPHP leaks session data between requests in worker mode

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $SESSION data of the previous request potential...

8.7CVSS0.00356EPSS
Exploits1References3
NVD
NVD
added 2026/02/12 4:16 p.m.13 views

CVE-2026-26214

Galaxy FDS Android SDK XiaoMi/galaxy-fds-sdk-android version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled the default configuration. In GalaxyFDSClientImpl.createHttpClient, the SDK configures Apache HttpClient with SSLSocketFactory.ALLOWALLHOSTNAMEVERIFIER, which accep...

9.1CVSS0.00184EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/12 3:56 p.m.6 views

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to the GalaxyFDSClientImpl.createHttpClient function. An attacker can intercept and modify communications by performing a man-in-the-middle attack when TLS hostname verification ...

9.1CVSS5.6AI score0.00184EPSS
Exploits0References2
OSV
OSV
added 2026/02/12 3:29 p.m.7 views

GHSA-R3XH-3R3W-47GP FrankenPHP leaks session data between requests in worker mode

Summary When running FrankenPHP in worker mode, the $SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $SESSION data of the previous request potentially belonging to a different user before sessionstart is...

8.7CVSS5.6AI score0.00356EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/12 3:1 p.m.7 views

CVE-2026-26214

Galaxy FDS Android SDK XiaoMi/galaxy-fds-sdk-android version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled the default configuration. In GalaxyFDSClientImpl.createHttpClient, the SDK configures Apache HttpClient with SSLSocketFactory.ALLOWALLHOSTNAMEVERIFIER, which accep...

9.1CVSS5.5AI score0.00184EPSS
Exploits0References3
CVE
CVE
added 2026/02/12 3:1 p.m.13 views

CVE-2026-26214

The CVE describes a TLS hostname verification flaw in Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android)

9.1CVSS5.6AI score0.00184EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/12 3:1 p.m.7 views

CVE-2026-26214 Xiaomi Galaxy FDS Android SDK <= 3.0.8 TLS Hostname Verification Disabled Enables MITM

Galaxy FDS Android SDK XiaoMi/galaxy-fds-sdk-android version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled the default configuration. In GalaxyFDSClientImpl.createHttpClient, the SDK configures Apache HttpClient with SSLSocketFactory.ALLOWALLHOSTNAMEVERIFIER, which accep...

9.1CVSS5.6AI score0.00184EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2026/02/12 2:35 p.m.5 views

Outlook add-in goes rogue and steals 4,000 credentials and payment data

Researchers found a malicious Microsoft Outlook add-in which was able to steal 4,000 stolen Microsoft account credentials, credit card numbers, and banking security answers. How is it possible that the Microsoft Office Add-in Store ended listing an add-in that silently loaded a phishing kit insid...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/12 1:43 p.m.4 views

CVE-2025-30269

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync...

8.1CVSS5.5AI score0.0028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/12 1:43 p.m.6 views

CVE-2025-48722

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...

6.5CVSS5.5AI score0.00391EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/12 1:43 p.m.6 views

CVE-2025-62853

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5...

7.2CVSS5.5AI score0.00598EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/12 1:42 p.m.3 views

CVE-2026-22894

A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5...

6.5CVSS5.5AI score0.00537EPSS
Exploits0References1
NVD
NVD
added 2026/02/12 11:15 a.m.12 views

CVE-2025-15573

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud mqtt001.solaxcloud.com, TCP 8883. This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to...

9.4CVSS0.00216EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/12 10:39 a.m.5 views

CVE-2025-15573

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud mqtt001.solaxcloud.com, TCP 8883. This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to...

9.4CVSS5.8AI score0.00216EPSS
Exploits0References2Affected Software5
Rows per page
Query Builder