Lucene search
+L

3128 matches found

CNNVD
CNNVD
added 2026/02/20 12:0 a.m.12 views

WordPress plugin LC Wizard 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References1
Veracode
Veracode
added 2026/02/19 8:55 a.m.8 views

Arbitrary File Write

Langflow is vulnerable to arbitrary file write. The vulnerability is due to lack of path validation and directory restrictions in the fspath parameter, which allows an attacker to specify arbitrary absolute paths and overwrite files on the server...

7.1CVSS6AI score0.03771EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.9 views

PT-2026-5672

Memory corruption when calculating oversized partition sizes without proper checks...

6.8CVSS5.3AI score0.00093EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/27 3:23 p.m.9 views

CVE-2025-59105

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

7CVSS5.9AI score0.00097EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/24 9:15 a.m.16 views

CVE-2026-0778

Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Enel X JuiceBox 40 charging stations. Authentication is not required to exploit this...

8.8CVSS6.5AI score0.00606EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.9 views

Enel X JuiceBox 40: Access control error vulnerability

The Enel X JuiceBox 40 is a household electric vehicle charging station developed by the American company Enel X. The Enel X JuiceBox 40 has a access control vulnerability, which stems from the lack of authentication in the Telnet service. This vulnerability may lead to remote code execution...

8.8CVSS7.6AI score0.00606EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.7 views

WordPress plugin Quiz And Survey Master has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.9 views

WordPress plugin User Registration security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.2CVSS5.8AI score0.00309EPSS
Exploits0References1
CVE
CVE
added 2026/01/19 7:17 p.m.15 views

CVE-2025-69199

CVE-2025-69199 affects the Wings websocket endpoints in Pterodactyl. Prior to version 1.12.0, websockets lacked rate limiting and message-size controls, enabling a attacker to open many connections and flood data, risking network saturation and elevated CPU/memory load. Remedies: upgrade to Wings...

8.3CVSS5.5AI score0.00251EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/01/16 7:16 p.m.5 views

DEBIAN-CVE-2025-62291

In the eap-mschapv2 plugin client-side in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow...

8.1CVSS5.7AI score0.00879EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.8 views

Code-Projects Police Station Management System Access Control Vulnerability

Code-Projects Police Station Management System is an open-source police station management system developed by Code-Projects. The Code-Projects Police Station Management System has a vulnerability related to access control, which stems from the lack of authentication. This vulnerability may allow...

9.8CVSS5.8AI score0.00525EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/15 1:7 p.m.3 views

CVE-2026-22916

An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration...

4.3CVSS6.5AI score0.00333EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.11 views

InputPlumber 安全漏洞

InputPlumber is an open source input device routing daemon from ShadowBlip. A security vulnerability exists in InputPlumber versions prior to v0.63.0, which stems from a lack of authorization and could lead to a local denial of service, information disclosure, or elevation of privilege...

8.5CVSS6.1AI score0.002EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:39 p.m.10 views

CVE-2023-29168

The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication...

7.5CVSS6.8AI score0.00475EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:28 p.m.7 views

CVE-2023-40845

Tenda AC6 USAC6V1.0BRV15.03.05.16multiTD01.bin is vulnerable to Buffer Overflow via function 'sub34FD0.' In the function, it reads user provided parameters and passes variables to the function without any length checks...

9.8CVSS7AI score0.0057EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:35 a.m.8 views

CVE-2021-41555

In ARCHIBUS Web Central 21.3.3.815 a version from 2014, XSS occurs in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr because the data received as input from clients is re-included within the HTTP response returned by the application without adequate validation. In this way, if HTML cod...

6.1CVSS6.2AI score0.00745EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.8 views

CVE-2021-31643

An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter...

5.4CVSS6.1AI score0.8845EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:16 a.m.12 views

CVE-2021-0889

In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12...

10CVSS7.4AI score0.01602EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.8 views

CVE-2022-0429

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability...

6.1CVSS6AI score0.01378EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:39 a.m.12 views

CVE-2022-35534

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifimultissid.shtml...

9.8CVSS7.5AI score0.02348EPSS
Exploits1References1
Rows per page
Query Builder