Lucene search
K

1396 matches found

Nuclei
Nuclei
added 7 hours ago279 views

PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting

PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header. id: CVE-2022-24181 info: name: PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting author: lucasljm2001,ekrause severit...

6.1CVSS6.5AI score0.0608EPSS
Exploits3References5
Cvelist
Cvelist
added 2026/07/07 12:58 p.m.39 views

CVE-2026-10659 NULL pointer dereference in Zephyr Dhara FTL disk driver on flash read error during journal resume

The Dhara flash translation layer disk driver drivers/disk/ftldhara.c implemented the dharanand callbacks so that, on a flash error, the error code was written unconditionally through the caller-supplied dharaerrort err pointer e.g. err = DHARAEECC in dharanandread, and similar in...

4.7CVSS0.00098EPSS
Exploits1References2
CVE
CVE
added 2026/07/07 12:58 p.m.19 views

CVE-2026-10659

The CVE concerns Zephyr’s Dhara FTL disk driver (drivers/disk/ftl_dhara.c). On flash read errors, the driver previously wrote error codes unconditionally to a caller-supplied err pointer, and the journal-resume path forwarded NULL into dhara_nand_read(), causing a NULL dereference during disk ini...

4.7CVSS6AI score0.00098EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/07/07 12:58 p.m.5 views

EUVD-2026-42037

The Dhara flash translation layer disk driver drivers/disk/ftldhara.c implemented the dharanand callbacks so that, on a flash error, the error code was written unconditionally through the caller-supplied dharaerrort err pointer e.g. err = DHARAEECC in dharanandread, and similar in...

4.7CVSS6AI score0.00098EPSS
Exploits1References2
NVD
NVD
added 2026/06/29 2:16 p.m.9 views

CVE-2026-40524

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...

8.1CVSS0.00276EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/29 12:27 p.m.8 views

EUVD-2026-40079

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...

8.1CVSS6AI score0.00276EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:27 p.m.6 views

CVE-2026-40524

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...

8.1CVSS6AI score0.00276EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 12:27 p.m.35 views

CVE-2026-40524 FrontAccounting < 2.4.20 SQL Injection via get_gl_transactions()

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...

8.1CVSS0.00276EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 12:27 p.m.18 views

CVE-2026-40524

CVE-2026-40524 affects FrontAccounting

8.1CVSS6AI score0.00276EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/26 7:1 p.m.30 views

CVE-2026-47193 OpenProject: Journal diff endpoint bypasses object, journal, and field visibility checks

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and field visibility. This vulnerability is fixed in 17.3.3 and 17.4.1...

7.5CVSS0.00252EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 7:1 p.m.23 views

CVE-2026-47193

OpenProject (open-source web-based project management) contains a vulnerability in the journal diff endpoint that discloses hidden historical field values due to lack of object/field visibility enforcement. The issue is fixed in versions 17.3.3 and 17.4.1. Affected component: journal diff endpoin...

7.5CVSS5.8AI score0.00252EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:1 p.m.7 views

CVE-2026-47193

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and field visibility. This vulnerability is fixed in 17.3.3 and 17.4.1...

7.5CVSS5.8AI score0.00252EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability in freeipa

A flaw was identified in the FreeIPA API audit; it sends the entire FreeIPA command line to journalctl. As a result, during the FreeIPA installation process, administrative user credentials—including the administrator’s password—are inadvertently leaked into the journal database. In the worst-cas...

5.5CVSS5.6AI score0.00226EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: jbd2: avoided the bugon in jbd2journalgetcreateaccess when the file system is corrupted. The issue occurs when the file system is corrupted: ------------ cut here ------------ Kernel bug at fs/jbd2/transaction.c:1289! Oops:...

5.6AI score0.0018EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed a potential out-of-bound read issue in ext4fcreplayscan. For the scan loop, it is necessary to ensure that at least EXT4FCTAGBASELEN space is available. If the remaining space is less than EXT4FCTAGBASELEN, it may lea...

7.1CVSS5.7AI score0.00147EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.15

A use-after-free flaw was discovered in the Linux kernel, specifically in the logreplay function within fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and causes a kernel information leak...

7.1CVSS6.7AI score0.00278EPSS
Exploits0References2
NVD
NVD
added 2026/06/13 3:16 a.m.19 views

CVE-2026-54231

A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...

5.5CVSS0.00116EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/13 2:34 a.m.7 views

CVE-2026-54231 Abrt: unsanitized systemd journal content written to dump directory files enables content injection

A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...

5.5CVSS5.3AI score0.00116EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/13 2:34 a.m.47 views

CVE-2026-54231 Abrt: unsanitized systemd journal content written to dump directory files enables content injection

A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...

5.5CVSS0.00116EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 2:34 a.m.16 views

EUVD-2026-36640

A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...

5.5CVSS5.3AI score0.00116EPSS
Exploits0References2
Rows per page
Query Builder