Lucene search
K

3124 matches found

Cvelist
Cvelist
added 2026/03/13 8:39 p.m.27 views

CVE-2026-2923 GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability

GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...

7.8CVSS0.00729EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.7 views

WordPress plugin Benevolent 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.9 views

WordPress plugin Envo Extra 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.4CVSS5.8AI score0.00175EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.11 views

ABB AWIN GW100 访问控制错误漏洞

The ABB AWIN GW100 is a communication gateway device produced by the Swiss company ABB. The ABB AWIN GW100 rev.2 2.0-1 and earlier versions, as well as the ABB AWIN GW120 1.2-1 and earlier versions, have a security vulnerability related to access control. This vulnerability stems from the lack of...

7.1CVSS5.8AI score0.00274EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.6 views

PT-2026-24421

Name of the Vulnerable Software and Affected Versions Feathersjs versions 5.0.0 through 5.0.41 Description Feathersjs is a framework used for building web APIs and real-time applications. Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method get, patch,...

9.3CVSS5.9AI score0.00461EPSS
Exploits0References7
OSV
OSV
added 2026/03/09 7:48 p.m.11 views

GHSA-R633-FCGP-M532 FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse)

Summary Stored XSS is possible via share metadata fields e.g., title, description that are rendered into HTML for /public/share/ without context-aware escaping. The server uses text/template instead of html/template, allowing injected scripts to execute when victims visit the share URL. Details T...

8.9CVSS6AI score0.00347EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/03/06 3:3 p.m.4 views

CVE-2026-26051 Mobiliti e-mobi.hu Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS5.8AI score0.00871EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/03/06 1:31 a.m.33 views

Security issues in ESC/POS

Overview ESC/POS is a printer control language designed by Seiko Epson Corporation for controlling POS printers and related devices. The following security issues have been identified with ESC/POS. Products implementing ESC/POS need to be designed and operated with consideration of the following...

9.8CVSS5.8AI score0.00447EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/05 11:18 p.m.3 views

CVE-2026-22552

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS6AI score0.00889EPSS
Exploits0References4
OSV
OSV
added 2026/03/04 5:16 p.m.3 views

CVE-2025-69969

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy BLE communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is...

9.6CVSS6.1AI score0.00461EPSS
Exploits1References2
CNVD
CNVD
added 2026/03/02 12:0 a.m.2 views

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14345)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express suffers from a cross-site scripting vulnerability that originates from the interfaces.cgi script to GREENADDRESS, GREENNETMASK, REDDHCPHOSTNAME, REDADDRESS, DNS1OVERRIDE, DNS2 OVERRIDE,...

6.1CVSS5.9AI score0.00199EPSS
Exploits1References1
CNVD
CNVD
added 2026/03/02 12:0 a.m.3 views

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14288)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the urlfilter.cgi endpoint in the REDIRECTPAGE or CHILDREN parameter on the user-supplied data lack of effective filterin...

7.2CVSS6AI score0.0025EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.10 views

EV2GO 访问控制错误漏洞

EV2GO is a electric vehicle charging facility management platform developed by the Russian company EV2GO. EV2GO has a access control vulnerability, which stems from the lack of proper authentication mechanisms in WebSocket endpoints. This vulnerability could allow unauthorized attackers to perfor...

9.8CVSS5.7AI score0.00557EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/26 11:24 p.m.4 views

CVE-2026-20781 CloudCharge cloudcharge.se Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS6AI score0.00518EPSS
Exploits0References3
CVE
CVE
added 2026/02/25 3:7 a.m.43 views

CVE-2026-27746

The CVE-2026-27746 entry concerns the SPIP jeux plugin (versions prior to 4.1.1). Affected component: the pre_propre pipeline, where untrusted request parameters are inserted into HTML output without proper encoding. This results in a reflected XSS vulnerability: when a user visits a crafted URL,...

6.1CVSS5.2AI score0.00201EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

WordPress plugin aDirectory 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

6.5CVSS5.8AI score0.00316EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.10 views

WordPress plugin LC Wizard 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References1
Veracode
Veracode
added 2026/02/19 8:55 a.m.7 views

Arbitrary File Write

Langflow is vulnerable to arbitrary file write. The vulnerability is due to lack of path validation and directory restrictions in the fspath parameter, which allows an attacker to specify arbitrary absolute paths and overwrite files on the server...

7.1CVSS6AI score0.03631EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.9 views

PT-2026-5672

Memory corruption when calculating oversized partition sizes without proper checks...

6.8CVSS5.3AI score0.00093EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/27 3:23 p.m.9 views

CVE-2025-59105

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

7CVSS5.9AI score0.00097EPSS
Exploits0References1
Rows per page
Query Builder