Lucene search
K

47722 matches found

Vulnrichment
Vulnrichment
added 2026/02/12 10:39 a.m.5 views

CVE-2025-15573 Missing Certificate Validation for Solax Power Pocket WiFi models MQTT Cloud Connection

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud mqtt001.solaxcloud.com, TCP 8883. This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to...

5.8AI score0.00216EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/02/12 12:0 a.m.4 views

DRAMatic Speedup: Accelerating HE Operations on a Processing-In-Memory System

Homomorphic encryption HE is a promising technology for confidential cloud computing, as it allows computations on encrypted data. However, HE is computationally expensive and often memory-bound on conventional computer architectures. Processing-in-Memory PIM is an alternative hardware architectu...

5.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.2 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xrdp (SUSE-SU-2026:0433-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0433-1 advisory. - CVE-2025-68670: Fix a potential overflow when processing user domain information. bsc1257362 Tenable ha...

9.8CVSS5.7AI score0.01318EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.6 views

PT-2026-7913

Name of the Vulnerable Software and Affected Versions emp3r0r versions prior to 3.21.1 Description emp3r0r is a command and control C2 tool designed for Linux environments. Versions prior to 3.21.1 accept untrusted agent metadata, specifically Transport and Hostname, during the check-in process...

9.3CVSS6.4AI score0.0327EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.6 views

PT-2026-7924

RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn and entryDisplayNameIn parameters to insert arbitrary HTML content, potentially enabling...

6.1CVSS5.3AI score0.0022EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.8 views

galaxy-fds-sdk-android 安全漏洞

Galaxy-FDS-SDK-Android is an open-source developer toolkit developed by Xiaomi for storing file data on Xiaomi devices. Versions of Galaxy-FDS-SDK-Android 3.0.8 and earlier contain security vulnerabilities. These vulnerabilities stem from the disabling of TLS hostname verification when HTTPS is...

9.1CVSS5.8AI score0.00184EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.11 views

PT-2026-7834

Name of the Vulnerable Software and Affected Versions SolaX devices affected versions not specified Description Devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in Alibaba Cloud mqtt001.solaxcloud.com, TCP 8883. This allows attackers in a...

9.4CVSS5.9AI score0.00216EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.6 views

SolaX Power Pocket 安全漏洞

SolaX Power Pocket is a monitoring data collection tool developed by SolaX Energy in China. There is a security vulnerability in SolaX Power Pocket, which stems from the lack of server certificate verification when connecting to the SolaX Cloud MQTTS server. This vulnerability could allow a...

9.4CVSS5.9AI score0.00216EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/11 10:23 p.m.3 views

Prototype Pollution

Overview set-in is a set value of nested associative structure given array of keys Affected versions of this package are vulnerable to Prototype Pollution via the set-in function. An attacker can modify the prototype of built-in objects by supplying crafted input that leverages Array.prototype,...

9.8CVSS6.5AI score0.00461EPSS
Exploits1References2
NVD
NVD
added 2026/02/11 10:15 p.m.6 views

CVE-2026-26021

set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...

9.8CVSS0.00461EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/11 9:18 p.m.3 views

CVE-2026-26021 Prototype pollution in set-in

set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...

9.4CVSS5.4AI score0.00461EPSS
Exploits1References2
CVE
CVE
added 2026/02/11 9:18 p.m.12 views

CVE-2026-26021

CVE-2026-26021 affects the npm package set-in (versions >=2.0.1,

9.8CVSS5.4AI score0.00461EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/11 9:18 p.m.7 views

CVE-2026-26021

set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...

9.4CVSS5.4AI score0.00461EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/11 9:18 p.m.22 views

CVE-2026-26021 Prototype pollution in set-in

set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...

9.4CVSS0.00461EPSS
Exploits1References2
OSV
OSV
added 2026/02/11 9:18 p.m.7 views

CVE-2026-26021 Prototype pollution in set-in

set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...

9.4CVSS5.4AI score0.00461EPSS
Exploits1References4
NVD
NVD
added 2026/02/11 9:16 p.m.15 views

CVE-2026-25062

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the value of attachments.key from the imported JSON is passed directly to path.joinrootPath, node.key and then read using fs.readFile without validation. By embedding path traversal...

5.5CVSS0.00393EPSS
Exploits1References2
NVD
NVD
added 2026/02/11 9:16 p.m.11 views

CVE-2026-25633

Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take...

4.3CVSS0.00285EPSS
Exploits0References4
OSV
OSV
added 2026/02/11 9:14 p.m.6 views

CVE-2026-26012 vaultwarden has Full Cipher Enumeration Ignoring Organization Collection Permissions

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to 1.35.3, a regular organization member can retrieve all ciphers within an organization, regardless of collection permissions. The endpoint /ciphers/organization-details is accessible t...

6.5CVSS5.5AI score0.00331EPSS
Exploits2References4
AlpineLinux
AlpineLinux
added 2026/02/11 8:53 p.m.6 views

CVE-2026-25990

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1...

8.6CVSS6.4AI score0.00367EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/02/11 8:47 p.m.3 views

CVE-2026-25935 Vikunja Affected by XSS Via Task Preview

Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a project, create a malicious task, and cause an XSS o...

8.6CVSS5.5AI score0.00227EPSS
Exploits0References4
Rows per page
Query Builder