Lucene search
K

147480 matches found

BDU FSTEC
BDU FSTEC
added 10 hours ago8 views

The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems allows a hacker to cause a service failure.

The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems is related to incorrect resource management. Exploiting this vulnerability can allow an attacker to cause service failures...

5.5CVSS6AI score0.00127EPSS
Exploits0References6Affected Software4
NVD
NVD
added 11 hours ago6 views

CVE-2026-3014

Milestone has released a new version of XProtect® and several cumulative patch updates which fix security vulnerability in Management Server API. The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server...

9.1CVSS
Exploits0References1
NVD
NVD
added 11 hours ago6 views

CVE-2025-40945

A vulnerability has been identified in COMOS V10.4.5 All versions V10.4.5.0.2, COMOS V10.6 All versions V10.6.1, Designcenter NX All versions V2512.7000, Simcenter 3D All versions V2512.7000, Simcenter Femap V2506 All versions V2506.0003, Simcenter Femap V2512 All versions V2512.0002, Simcenter...

8.5CVSS
Exploits0References1
CVE
CVE
added 11 hours ago12 views

CVE-2026-15389

Sesame Time web app and its REST v3 API expose an access-control weakness in session management: USID is used as the sole validator without verifying ownership, enabling session impersonation when a valid USID is obtained. The flaw is worsened by poor session lifecycle management, as new logins g...

8.7CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added 11 hours ago10 views

CVE-2026-15389 Inadequate access control in Sesame Time session management

A vulnerability relating to insufficient access control has been identified in the session management of the Sesame Time web application and its REST v3 API. The flaw lies in the fact that the system uses the session identifier USID as the sole validation mechanism, without verifying whether that...

8.7CVSS
Exploits0References1
CVE
CVE
added 12 hours ago9 views

CVE-2026-3014

CVE-2026-3014 concerns Milestone XProtect. A vulnerability in the Management Server API could allow users with edit permissions on the Management Server to execute arbitrary code in the context of the Management Server Service. Milestone has released a new version of XProtect with cumulative patc...

9.1CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added 12 hours ago9 views

CVE-2026-3014 Remote Code Execution by administrative user on the Management Server

Milestone has released a new version of XProtect® and several cumulative patch updates which fix security vulnerability in Management Server API. The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server...

9.1CVSS
Exploits0References1
EUVD
EUVD
added 12 hours ago4 views

EUVD-2026-43655

Milestone has released a new version of XProtect® and several cumulative patch updates which fix security vulnerability in Management Server API. The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server...

9.1CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added 12 hours ago5 views

CVE-2025-40945

A vulnerability has been identified in COMOS V10.4.5 All versions V10.4.5.0.2, COMOS V10.6 All versions V10.6.1, Designcenter NX All versions V2512.7000, Simcenter 3D All versions V2512.7000, Simcenter Femap V2506 All versions V2506.0003, Simcenter Femap V2512 All versions V2512.0002, Simcenter...

8.5CVSS
Exploits0References1
EUVD
EUVD
added 12 hours ago5 views

EUVD-2025-210460

A vulnerability has been identified in COMOS V10.4.5 All versions V10.4.5.0.2, COMOS V10.6 All versions V10.6.1, Designcenter NX All versions V2512.7000, Simcenter 3D All versions V2512.7000, Simcenter Femap V2506 All versions V2506.0003, Simcenter Femap V2512 All versions V2512.0002, Simcenter...

8.5CVSS6AI score
Exploits0References1
Nuclei
Nuclei
added 14 hours ago38 views

Schools Alert Management Script - Arbitrary File Read

Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal. id: CVE-2018-12054 info: name: Schools Alert Management Script - Arbitrary File Read author: wisnupramoedya severity: high description: Schools Alert...

7.5CVSS7AI score0.39391EPSS
Exploits4References5
Nuclei
Nuclei
added 14 hours ago39 views

HPE System Management - Cross-Site Scripting

HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...

5.4CVSS6.7AI score0.04601EPSS
Exploits2References5
Nuclei
Nuclei
added 14 hours ago119 views

Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting

PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute...

8.8CVSS7AI score0.2389EPSS
Exploits0References5
Nuclei
Nuclei
added 14 hours ago121 views

HP System Management Homepage (SMH) v2.x.x.x - Open Redirect

Open redirect vulnerability in red2301.html in HP System Management Homepage SMH 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter. id: CVE-2010-1586 info: name: HP System Management Homepage SMH v2.x.x.x - Open...

4.3CVSS6.2AI score0.09659EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago35 views

CentralSquare CryWolf - Path Traversal

A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf False Alarm Management through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information. id: CVE-2024-45241 info:...

7.5CVSS7AI score0.13623EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago45 views

LMS by Masteriyo < 1.6.8 - Information Exposure

The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints. id: CVE-2023-3345 info: name: LMS by Masteriyo 1.6.8 - Information Exposure author: DhiyaneshDK...

6.5CVSS6.8AI score0.01926EPSS
Exploits2References4
Nuclei
Nuclei
added 14 hours ago67 views

Purchase Order Management v1.0 - SQL Injection

A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/viewdetails.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is...

9.8CVSS6.5AI score0.04122EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago90 views

Smart s200 Management Platform v.S200 - SQL Injection

SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component. id: CVE-2024-27718 info: name: Smart s200 Management Platform v.S200 - SQL Injection author:...

7.8CVSS6.1AI score0.01101EPSS
Exploits0References1
Nuclei
Nuclei
added 14 hours ago84 views

POS Codekop v2.0 - Broken Authentication

A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data. id: CVE-2023-36347 info: name: POS Codekop v2.0 - Broken Authentication author: princechaddha severity: high description: | A broken authentication mechanism ...

7.5CVSS7AI score0.34293EPSS
Exploits1
Nuclei
Nuclei
added 14 hours ago89 views

School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting

School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability in admin/inc/navigation.php:126. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-base...

6.1CVSS6.5AI score0.03345EPSS
Exploits2References5
Rows per page
Query Builder