Lucene search
+L

1166 matches found

NVD
NVD
added 2026/03/23 4:16 p.m.5 views

CVE-2024-51224

Multiple cross-site scripting XSS vulnerabilities in the component /admin/edit-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the vehiclename, modelnumber, regnumber, vehiclesubtype,...

4.8CVSS0.00184EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/22 4:2 a.m.2 views

CVE-2026-4536

A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacte...

7.5CVSS6.7AI score0.00284EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.5 views

PT-2026-24580

Name of the Vulnerable Software and Affected Versions MR-GM5L-S1 MR-GM5A-L1 Description An authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration. Recommendations At the moment, there is no...

9.8CVSS7.3AI score0.00558EPSS
Exploits0References8
RustSec
RustSec
added 2026/03/02 12:0 p.m.4 views

Timing Side-Channel in AES-CCM Tag Verification in AWS-LC

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

8.2CVSS7.6AI score0.01079EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/02/24 2:39 a.m.8 views

EUVD-2026-7402

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...

7CVSS5.5AI score0.00446EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.8 views

Azure Linux 3.0 Security Update: kernel (CVE-2025-22079)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22079 advisory. - In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate ltreedepth to avoid...

7.1CVSS5.3AI score0.00203EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/02 5:2 p.m.6 views

EUVD-2026-0654

A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resourceaggregate.go of the component Aggregate API. The manipulation of the argument column/group/order leads to sql injection. The attack may be initiated remotely...

6.5CVSS6.5AI score0.00237EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.7 views

PT-2026-1108

Name of the Vulnerable Software and Affected Versions Daptin version 0.10.3 Description A flaw exists in Daptin version 0.10.3 within the Aggregate API component. Specifically, the goqu.L function in the server/resource/resource aggregate.go file is susceptible to SQL injection. The issue arises...

6.5CVSS7AI score0.00237EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992825)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992825 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate ltreedepth to avoid out-of-bounds access The ltreedepth field is 16-bit le16, but...

7.1CVSS6.2AI score0.00203EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/30 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992626)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992626 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate ltreedepth to avoid out-of-bounds access The ltreedepth field is 16-bit le16, but...

7.1CVSS6.2AI score0.00203EPSS
Exploits0References4
NVD
NVD
added 2025/12/26 4:15 p.m.5 views

CVE-2025-67013

The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery CSRF protection mechanisms no tokens, no Origin/Referer validation on critical configuration endpoints...

6.5CVSS0.00154EPSS
Exploits1References2
OSV
OSV
added 2025/12/26 4:15 p.m.7 views

CVE-2025-67013

The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery CSRF protection mechanisms no tokens, no Origin/Referer validation on critical configuration endpoints...

6.5CVSS5.8AI score0.00154EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.6 views

PT-2025-53594

Name of the Vulnerable Software and Affected Versions ETL Systems Ltd DEXTRA Series Digital L-Band Distribution System version 1.8 Description The web management interface lacks Cross-Site Request Forgery CSRF protection mechanisms, specifically missing tokens and Origin/Referer validation, on...

6.5CVSS6.5AI score0.00154EPSS
Exploits1References6
EUVD
EUVD
added 2025/12/26 12:0 a.m.4 views

EUVD-2025-205447

The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery CSRF protection mechanisms no tokens, no Origin/Referer validation on critical configuration endpoints...

6.5CVSS6.4AI score0.00154EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/26 12:0 a.m.25 views

CVE-2025-67013

The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery CSRF protection mechanisms no tokens, no Origin/Referer validation on critical configuration endpoints...

0.00154EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/26 12:0 a.m.3 views

CVE-2025-67013

The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery CSRF protection mechanisms no tokens, no Origin/Referer validation on critical configuration endpoints...

6.6AI score0.00154EPSS
Exploits1References2
CVE
CVE
added 2025/12/26 12:0 a.m.12 views

CVE-2025-67013

The CVE-2025-67013 entry concerns ETL Systems Ltd DEXTRA Series Digital L-Band Distribution System v1.8. The web management interface does not implement CSRF protections (no tokens, no Origin/Referer validation) on critical configuration endpoints, per Red Hat and NVD entries. Affected component:...

6.5CVSS6.6AI score0.00154EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2025/12/24 7:27 p.m.7 views

CVE-2018-25153

Removed by vendor...

6.7AI score0.00028EPSS
Exploits0
CVE
CVE
added 2025/12/22 9:35 p.m.14 views

CVE-2021-47714

Hasura GraphQL Engine 1.3.3 is affected by a local file read vulnerability exploitable via SQL injection at the query endpoint, enabling reading arbitrary files on the server through PostgreSQL’s pg_read_file(). Root cause is unsanitized SQL path in the query endpoint that allows crafting queries...

6.9CVSS7.2AI score0.00183EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/12/19 12:9 p.m.7 views

OESA-2025-2852 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate ltreedepth to avoid out-of-bounds access The ltreedepth field is 16-bit le16, but the actual maximum depth is limited to OCFS2MAXPATHDEPTH. Add a...

7.8CVSS6.2AI score0.00273EPSS
Exploits0References5
Rows per page
Query Builder