Lucene search
K

6250 matches found

BDU FSTEC
BDU FSTEC
added yesterday12 views

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the lack of a mechanism for verifying input data during backup scenarios. This allows a malicious actor to execute arbitrary code with SYSTEM privileges.

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to deficiencies in the mechanism for verifying input data during backup scenario execution. Exploiting this vulnerability could allow an attacker, operating...

9.1CVSS6.1AI score0.00648EPSS
Exploits0References2Affected Software1
OSV
OSV
added yesterday4 views

MAL-2026-10467 Malicious code in polymarket-stake-kelly-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01715ebd11c8adf6ac26ce11bc5fc07e6cfb6775fa77dbe1ca022d0d6593b99c [email protected] ships a postinstall script scripts/install-check.cjs referenced by package.json's postinstall hook that on every np...

6.1AI score
Exploits0References2
Circl
Circl
added yesterday5 views

CVE-2026-57743

creationtimestamp| type| source ---|---|--- 2026-07-13 10:47:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjjbruxca2l 2026-07-13 22:11:23+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkpjijgpa2a...

8.1CVSS6.1AI score0.00557EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday21 views

Zimbra Collaboration Suite - Cross-site Scripting

Cross-site scripting XSS vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite ZCS before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. id:...

6.1CVSS6.9AI score0.23717EPSS
Exploits2References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43076

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Location Selector allows SQL Injection. This issue affects Location Selector versions: from 0.0.0 to 1.3.0...

6.1AI score0.00194EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-15081

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Location Selector allows SQL Injection. This issue affects Location Selector versions: from 0.0.0 to 1.3.0...

7.4CVSS0.00194EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-15081

CVE-2026-15081 affects Drupal Location Selector module (versions 0.0.0–1.3.0). The vulnerability arises from a Views filter that does not sufficiently sanitize user input, allowing improper neutralization of special elements in an SQL command (SQL Injection). Impact is_high confidentiality and in...

7.4CVSS6.1AI score0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-15081 Location Selector - Critical - SQL Injection - SA-CONTRIB-2026-072

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Location Selector allows SQL Injection. This issue affects Location Selector versions: from 0.0.0 to 1.3.0...

0.00194EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-55472

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scopelocationsfmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location...

4.3CVSS0.00197EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-55472 Snipe-IT: API Location Creation Bypasses FMCS Parent-Child Company Boundary Validation

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scopelocationsfmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location...

4.3CVSS0.00197EPSS
Exploits0References3
CVE
CVE
added 4 days ago9 views

CVE-2026-55472

Snipe-IT (IT asset/license management) prior to version 8.6.2 permits creating a child location under a parent from a different company when Full Multiple Companies Support and scope_locations_fmcs are enabled. The API location creation endpoint detects an invalid parent-child company mismatch bu...

4.3CVSS6.1AI score0.00197EPSS
Exploits0References3Affected Software1
OSV
OSV
added 4 days ago3 views

CVE-2026-55472 Snipe-IT: API Location Creation Bypasses FMCS Parent-Child Company Boundary Validation

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scopelocationsfmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location...

4.3CVSS6.1AI score0.00197EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-57266

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.2 Description When Full Multiple Companies Support and scope locations fmcs are enabled, the API location creation endpoint fails to terminate the process after detecting an invalid parent-child company mismatch...

4.3CVSS6.1AI score0.00197EPSS
Exploits0References9
OSV
OSV
added 6 days ago3 views

DRUPAL-CONTRIB-2026-072

The Location Selector module provides a Views filter for selecting location values. One of the provided Views filters does not sufficiently sanitize values that may come from user input, resulting in a SQL injection vulnerability. This vulnerability is mitigated by the fact that a View must exist...

7.4CVSS6.1AI score0.00194EPSS
Exploits0References1
OSV
OSV
added 6 days ago7 views

MINI-QHQG-99HJ-VMJ3

Bulletin has no description...

6.1CVSS5.9AI score0.00171EPSS
Exploits0
RedhatCVE
RedhatCVE
added 6 days ago4 views

CVE-2026-59995

A flaw was found in OpenSSH. The sftp client, when used to download files from a malicious server with the 'sftp server:/path .' command, does not properly restrict where those files are saved. This allows an attacker to control the download location, potentially overwriting existing files or...

5.4CVSS5.9AI score0.00241EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42137

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

4.2CVSS6AI score0.00241EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-56661

Name of the Vulnerable Software and Affected Versions Location Selector versions 0.0.0 through 1.3.0 Description An SQL injection issue exists in the Location Selector module, which provides a Views filter for selecting location values. A specific Views filter fails to sufficiently sanitize value...

6.1AI score0.00194EPSS
Exploits0References3
OSV
OSV
added last week6 views

CGA-RPHM-JRJM-WHRV

Bulletin has no description...

7.8CVSS5.9AI score0.00138EPSS
Exploits0
OSV
OSV
added last week6 views

PYSEC-2026-1689 Nautobot may allows uploaded media files to be accessible without authentication

Impact Files uploaded by users to Nautobot's MEDIAROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by...

6.3CVSS5.9AI score0.00383EPSS
Exploits0References9
Rows per page
Query Builder