Lucene search
K

449 matches found

Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.5 views

PT-2026-22618

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability in the admin/user list.php endpoint. The keyword inactive parameter is not properly sanitized, allowing attackers to inject malicious JavaScript through a crafted URL. Th...

5.1CVSS5.7AI score0.00187EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.5 views

Chamilo 跨站脚本漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the keywordinactive parameter in the admin/userlist.php file, which could lead to...

6.1CVSS5.6AI score0.00187EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.12 views

PT-2026-7045

A security vulnerability has been detected in ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9. This impacts the function addLeave of the file src/main/java/com/wdd/studentmanager/controller/LeaveController.java. The manipulation of the argument Reason for Leave leads to cros...

4.8CVSS3.8AI score0.00213EPSS
Exploits1References5
NVD
NVD
added 2026/02/08 9:15 p.m.13 views

CVE-2026-2184

A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...

9.8CVSS0.09902EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/08 8:32 p.m.4 views

EUVD-2026-5766

A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...

7.5CVSS5.3AI score0.09902EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/08 8:32 p.m.4 views

CVE-2026-2184

A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...

7.5CVSS7.2AI score0.09902EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/08 8:32 p.m.4 views

CVE-2026-2184 Great Developers Certificate Generation System csv.php os command injection

A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...

7.5CVSS5.5AI score0.09902EPSS
Exploits1References4
OSV
OSV
added 2026/02/08 8:15 p.m.5 views

CVE-2026-2183

A security vulnerability has been detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This affects an unknown part of the file /restructured/csv.php. The manipulation leads to unrestricted upload. Remote exploitation of the attack is possible...

9.8CVSS5.4AI score0.00233EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.9 views

PT-2026-7015

Name of the Vulnerable Software and Affected Versions Great Developers Certificate Generation System affected versions not specified Description A security issue exists in Great Developers Certificate Generation System. The issue involves unrestricted upload due to manipulation of the file...

6.5CVSS5.4AI score0.00233EPSS
Exploits1References6
OSV
OSV
added 2026/02/04 7:37 a.m.4 views

SUSE-SU-2026:0375-1 Security update for libvirt

This update for libvirt fixes the following issues: Security fixes: - CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 - CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML bsc1253278 Other fixes: - libvirt-supportconfig: Add support...

5.5CVSS6.4AI score0.00204EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-22976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. T...

5.5CVSS6.2AI score0.00118EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.5 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005117)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005117 advisory. In the Linux kernel, the following vulnerability has been resolved: sched/smt: Fix unbalance schedsmtpresent dec/inc I got the following warn report while doing stre...

5.5CVSS6.6AI score0.00213EPSS
Exploits0References3
NVD
NVD
added 2026/01/25 3:15 p.m.9 views

CVE-2026-23012

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove callcontrol in inactive contexts If damoncall is executed against a DAMON context that is not running, the function returns error while keeping the damoncallcontrol object linked to the context's callcontrol...

7.8CVSS0.00151EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/01/25 3:15 p.m.6 views

CVE-2026-23012

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove callcontrol in inactive contexts If damoncall is executed against a DAMON context that is not running, the function returns error while keeping the damoncallcontrol object linked to the context's callcontrol...

7.8CVSS5.7AI score0.00151EPSS
Exploits0References4
OSV
OSV
added 2026/01/25 3:15 p.m.5 views

UBUNTU-CVE-2026-23012

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove callcontrol in inactive contexts If damoncall is executed against a DAMON context that is not running, the function returns error while keeping the damoncallcontrol object linked to the context's callcontrol...

7.8CVSS5.7AI score0.00151EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/25 2:36 p.m.6 views

EUVD-2026-4617

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove callcontrol in inactive contexts If damoncall is executed against a DAMON context that is not running, the function returns error while keeping the damoncallcontrol object linked to the context's callcontrol...

5.3AI score0.00151EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/01/25 2:36 p.m.6 views

CVE-2026-23012

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove callcontrol in inactive contexts If damoncall is executed against a DAMON context that is not running, the function returns error while keeping the damoncallcontrol object linked to the context's callcontrol...

7.8CVSS5.4AI score0.00151EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/25 12:0 a.m.6 views

PT-2026-4674

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove call control in inactive contexts If damon call is executed against a DAMON context that is not running, the function returns error while keeping the damon call control object linked to the context's call...

5.3AI score0.00151EPSS
Exploits0References3
OSV
OSV
added 2026/01/23 3:9 p.m.3 views

SUSE-SU-2026:0279-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 - CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML bsc1253278...

5.5CVSS5.8AI score0.00204EPSS
Exploits0References5
NVD
NVD
added 2026/01/22 1:15 a.m.7 views

CVE-2025-27378

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries...

9.8CVSS0.00353EPSS
Exploits0References1
Rows per page
Query Builder