Lucene search
K

3092 matches found

RedhatCVE
RedhatCVE
added 2026/04/02 10:53 a.m.5 views

CVE-2026-0932

Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...

7.3CVSS6AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/01 12:31 p.m.6 views

EUVD-2026-17865

Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...

6.9CVSS6AI score0.00195EPSS
Exploits0References3
NVD
NVD
added 2026/04/01 11:15 a.m.7 views

CVE-2026-0932

Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...

7.3CVSS0.00195EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/01 10:3 a.m.2 views

CVE-2026-0932

Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...

6.9CVSS6AI score0.00195EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/01 10:3 a.m.4 views

CVE-2026-0932

Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...

6.9CVSS6AI score0.00195EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/01 10:3 a.m.26 views

CVE-2026-0932

Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...

6.9CVSS0.00195EPSS
Exploits0References2
CVE
CVE
added 2026/04/01 10:3 a.m.9 views

CVE-2026-0932

CVE-2026-0932 affects M-Files Server (legacy document co-authoring, SSRF) prior to version 26.3. An unauthenticated attacker can cause the server to issue HTTP GET requests to arbitrary URLs via legacy connection methods used in the document co-authoring feature. Root cause is a server-side reque...

7.3CVSS6AI score0.00195EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.9 views

M-Files Server 安全漏洞

The M-Files Server is a server belonging to the M-Files company’s M-Files system. Versions of the M-Files Server prior to 26.3 contained security vulnerabilities. These vulnerabilities stemmed from an outdated connection method used in the document collaborative editing feature, which allowed for...

7.3CVSS5.9AI score0.00195EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29509

Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...

6.9CVSS6AI score0.00195EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/28 12:30 p.m.4 views

EUVD-2016-10843

PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the...

8.6CVSS6.4AI score0.00241EPSS
Exploits1References4
CVE
CVE
added 2026/03/28 11:58 a.m.6 views

CVE-2016-20044

CVE-2016-20044 concerns PInfo 0.6.9-5.1, where a local buffer overflow via the -m parameter allows a local attacker to execute arbitrary code. The advisory describes crafting input with 564 bytes of padding followed by a return address to overwrite the instruction pointer and run shellcode with t...

8.6CVSS6.4AI score0.00241EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/28 11:58 a.m.2 views

CVE-2016-20044 PInfo 0.6.9-5.1 Local Buffer Overflow via -m Parameter

PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the...

8.6CVSS6.4AI score0.00241EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/28 11:58 a.m.35 views

CVE-2016-20044 PInfo 0.6.9-5.1 Local Buffer Overflow via -m Parameter

PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the...

8.6CVSS0.00241EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.6 views

CVE-2026-3503

Protection mechanism failure in wolfCrypt post-quantum implementations ML-KEM and ML-DSA in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during...

4.2CVSS5.8AI score0.00153EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 1:23 p.m.6 views

CVE-2026-33343 etcd: Nested etcd transactions bypass RBAC authorization checks

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...

5.9AI score0.0021EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/24 12:30 p.m.7 views

EUVD-2019-20018

Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, an...

8.8CVSS6.3AI score0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/03/24 12:16 p.m.3 views

CVE-2019-25639

Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, an...

8.8CVSS0.00334EPSS
Exploits0References3
CVE
CVE
added 2026/03/24 11:27 a.m.7 views

CVE-2019-25639

Affected software : Matrimony Website Script M-Plus. Vulnerability : multiple SQL injection flaws allow unauthenticated attackers to manipulate queries by injecting SQL through POST parameters (txtGender, religion, Fage, cboCountry) in pages such as simplesearch_results.php, advsearch_results.php...

8.8CVSS6.3AI score0.00334EPSS
Exploits0References3
Wolfi
Wolfi
added 2026/03/23 1:48 p.m.12 views

GHSA-3M6G-2423-7CP3 vulnerabilities

Vulnerabilities for packages: ruby3.4-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-rails, ruby, cinc-auditor, logstash, ruby3.4-rails, ruby4.0-rails, ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.3-rails...

6.1AI score
Exploits0
EUVD
EUVD
added 2026/03/19 9:30 p.m.5 views

EUVD-2026-13149

Protection mechanism failure in wolfCrypt post-quantum implementations ML-KEM and ML-DSA in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during...

4.2CVSS5.8AI score0.00153EPSS
Exploits0References2
Rows per page
Query Builder