Lucene search
K

2757 matches found

EUVD
EUVD
added 2026/06/11 6:28 p.m.54 views

EUVD-2026-36300

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...

9.5CVSS5.5AI score0.00324EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 2:16 p.m.16 views

CVE-2026-38581

SQL Injection vulnerability in damasac thaipalliativelte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php line 14 and the id parameter line 49. The parameters are concatenated directly into SQL queries without...

9.8CVSS0.00329EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2026/06/11 1:26 p.m.17 views

Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories

Most good security work is invisible by design. Today is the exception. The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories. The reason is simple. Cybersecurity is full of work that deserves recognition and rarely gets it. Products that...

5.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/11 12:0 a.m.10 views

CVE-2026-38581

SQL Injection vulnerability in damasac thaipalliativelte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php line 14 and the id parameter line 49. The parameters are concatenated directly into SQL queries without...

6.3AI score0.00329EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.21 views

Thai Palliative SQL注入漏洞

Thai Palliative is a modified version of the PHP framework developed by DAMASAC KKU. Versions of Thai Palliative 3.0 and earlier have a SQL injection vulnerability. This vulnerability arises from the lack of cleaning or parameterization of the idFormMain parameter and the id parameter, which may...

9.8CVSS6.4AI score0.00329EPSS
Exploits1References1
OSV
OSV
added 2026/06/09 5:24 p.m.13 views

MAL-2026-5448 Malicious code in mazemap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 751317dcad79cec866b8dc69cd60b39e3be8e1bcc45746039835b04ce32445b0 package.json declares its only dependency ltidisafe as a direct HTTPS tarball URL https://ltidi.storage.googleapis.com/depenconf/ltidisafe-3.0.2.tgz...

6.3AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/08 1:44 a.m.9 views

tornado-python: Tornado: Denial of Service via large multipart bodies

A flaw was found in tornado-python. A remote attacker can exploit this vulnerability by sending a specially crafted, very large multipart body with numerous parts. Because the parsing of these large bodies occurs synchronously on the main thread, it can consume excessive resources, leading to a...

8.7CVSS7.4AI score0.00375EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.16 views

CVE-2026-38579

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...

6.1CVSS5.6AI score0.00199EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.7 views

CVE-2026-30363

flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function...

8.4CVSS5.5AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.11 views

CVE-2026-5938

Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service...

5.5CVSS5.5AI score0.00103EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 12:0 a.m.7 views

CVE-2026-38579

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...

5.6AI score0.00199EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.9 views

PT-2026-49158

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=519671967 Crash type: Stack-buffer-overflow READ 1 Crash state: log4cxx::helpers::Transcoder::decode TranscoderFuzzer.cpp CentipedeRunnerMain...

5.2AI score
Exploits0References2
CVE
CVE
added 2026/06/02 2:37 p.m.25 views

CVE-2026-40619

CVE-2026-40619 affects Genetec Security Center main server installations. The issue could allow an attacker with local OS privileges on the main server to access the Server Admin credentials . It is tied to specific installation package builds, not just the product version, with vulnerable and re...

7.8CVSS5.7AI score0.00115EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 2:37 p.m.12 views

CVE-2026-40619

A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of...

7.8CVSS5.7AI score0.00115EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 3:16 p.m.16 views

CVE-2026-10264

A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly...

5.1CVSS0.00265EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/01 2:15 p.m.11 views

CVE-2026-10264 lharries whatsapp-mcp Send API Endpoint main.go SendMessageRequest path traversal

A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly...

5.1CVSS5.3AI score0.00265EPSS
Exploits0References8
NVD
NVD
added 2026/06/01 3:16 a.m.16 views

CVE-2026-10212

A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astrmainagent of the file astrbot/core/astrmainagent.py. Such manipulation of the argument sessionid leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly availab...

6.5CVSS0.00211EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/01 1:30 a.m.49 views

CVE-2026-10212 AstrBotDevs AstrBot astr_main_agent.py astr_main_agent authorization

A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astrmainagent of the file astrbot/core/astrmainagent.py. Such manipulation of the argument sessionid leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly availab...

6.5CVSS0.00211EPSS
Exploits0References5
Fedora
Fedora
added 2026/06/01 12:49 a.m.16 views

[SECURITY] Fedora 44 Update: libsoup3-3.6.6-8.fc44

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

8.2CVSS5.8AI score0.00254EPSS
Exploits1
NVD
NVD
added 2026/05/29 4:16 p.m.14 views

CVE-2018-25398

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frmpasswd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive...

8.8CVSS0.00334EPSS
Exploits0References4
Rows per page
Query Builder