Lucene search
K

37466 matches found

RedHat Linux
RedHat Linux
added 5 hours ago7 views

Important: Red Hat Security Advisory: libpq security update

An update for libpq is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syste...

8.8CVSS6.9AI score0.00668EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 5 hours ago6 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS6.6AI score0.00558EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 7 hours ago4 views

Maintenance update for Multi-Linux Manager 5.1: Server, Proxy and Retail Branch Server

Description: This update fixes the following issues: Release Notes Highlights: Update to SUSE Multi-Linux Manager 5.1.4: Bugs mentioned: bsc1208800, bsc1234567, bsc1238890, bsc1253032, bsc1257894 bsc1258382, bsc1259474, bsc1259739, bsc1260806, bsc1261902 bsc1262708, bsc1264966, bsc1266012 Contain...

9.1CVSS6AI score
Exploits0References206
SUSE Linux
SUSE Linux
added 7 hours ago4 views

Security update 5.1.4 for Multi-Linux Manager Client Tools

This update fixes the following issues: dracut-saltboot updated to version 1.2.1: Key Update Highlights v1.2.1 Added wait check for minion start default 10s, configurable using rd.saltboot.saltstarttimeout option bsc1260870 Decouple salt key wait check to use separate configurable option...

9.1CVSS7.1AI score0.05994EPSS
Exploits0References126
SUSE Linux
SUSE Linux
added 7 hours ago4 views

Security update 5.1.4 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: CVE-2022-21698: Replace github.com/prometheus/clientgolang with version 1.11.1 bsc1248707 golang-github-boynux-squidexporter: Non customer facing changes golang-github-lusitaniae-apacheexporter: Non customer...

7.5CVSS6.8AI score0.05994EPSS
Exploits0References42
SUSE Linux
SUSE Linux
added 7 hours ago4 views

Security update 5.1.4 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: Security issue fixed: CVE-2022-21698: Fixed prometheus/clientgolang possible denial of service using InstrumentHandlerCounter bsc1248699 golang-github-lusitaniae-apacheexporter: Non customer facing changes...

7.5CVSS7AI score0.91969EPSS
Exploits3References40
Nuclei
Nuclei
added 12 hours ago86 views

Online Piggery Management System v1.0 - Unauthenticated File Upload

Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to add-pig.php. id: CVE-2023-37629 info: name: Online Piggery Management System v1.0 - Unauthenticated File Upload author: Harsh severity: critical descriptio...

9.8CVSS7.2AI score0.15033EPSS
Exploits5References4
Nuclei
Nuclei
added 12 hours ago16 views

Google ADK-Python - Unauthenticated Builder Endpoint

Google Agent Development Kit ADK 1.7.0 through 1.28.1 and 2.0.0a1 through 2.0.0a2 on Python OSS, Cloud Run, and GKE contains a code injection and missing authentication vulnerability, letting unauthenticated remote attackers execute arbitrary code on the server, exploit requires no authentication...

10CVSS6.4AI score0.01816EPSS
Exploits0References1
Nuclei
Nuclei
added 12 hours ago12 views

Cloudlog - SQL Injection

Cloudlog 2.6.15 contains a SQL injection caused by unsanitized input in oqrs.php requestform, letting attackers execute arbitrary SQL commands via stationid or callsign, exploit requires sending crafted request. id: CVE-2024-48259 info: name: Cloudlog - SQL Injection author: s4e-io severity: high...

7.3CVSS6.2AI score0.0087EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago125 views

CRMEB v.5.2.2 - SQL Injection

SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file. id: CVE-2024-36837 info: name: CRMEB v.5.2.2 - SQL Injection author: DhiyaneshDk severity: high description: | SQL Injection...

7.5CVSS6.1AI score0.08306EPSS
Exploits2References2
Nuclei
Nuclei
added 12 hours ago36 views

Navidrome <=0.54.5 - Authentication Bypass in Subsonic API

Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...

6.9CVSS6.1AI score0.00936EPSS
Exploits1References1
Nuclei
Nuclei
added 12 hours ago62 views

WordPress Booking Calendar <3.2.2 - Arbitrary File Upload

WordPress Booking Calendar plugin before 3.2.2 is susceptible to arbitrary file upload possibly leading to remote code execution. The plugin does not validate uploaded files, which can allow an attacker to upload arbitrary files, such as PHP, and potentially obtain sensitive information, modify...

9.8CVSS7.6AI score0.04493EPSS
Exploits2References4
Nuclei
Nuclei
added 12 hours ago37 views

openSIS Student Information System 8.0 SQL Injection

openSIS Student Information System version 8.0 is susceptible to SQL injection via the studentid and TRANSFERSCHOOL parameters in POST request sent to /TransferredOutModal.php. id: CVE-2021-41691 info: name: openSIS Student Information System 8.0 SQL Injection author: Bartu Utku SARP severity: hi...

9.8CVSS6.6AI score0.01723EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago24 views

ZoomSounds Plugin - Unauthenticated Arbitrary File Upload

ZoomSounds plugin for WordPress contains a file upload vulnerability in savepng.php id: CVE-2021-4449 info: name: ZoomSounds Plugin - Unauthenticated Arbitrary File Upload author: 0xnemian severity: critical description: | ZoomSounds plugin for WordPress contains a file upload vulnerability in...

9.8CVSS7.2AI score0.05288EPSS
Exploits2References5
Nuclei
Nuclei
added 12 hours ago58 views

IdeaCMS <= 1.7 - SQL Injection

IdeaCMS up to 1.7 is vulnerable to SQL injection via the field parameter in article and product query interfaces. This template uses a time-based payload to safely detect the vulnerability. id: CVE-2025-5569 info: name: IdeaCMS = 1.7 - SQL Injection author: ritikchaddha severity: critical...

8.8CVSS6.6AI score0.01269EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago8 views

OpenCATS - Command Injection

OpenCATS prior to commit 3002a29 contains a command injection caused by injection of PHP statements into the installer AJAX endpoint's databaseConnectivity action parameter, letting unauthenticated attackers execute arbitrary code, exploit requires incomplete installation wizard. id: CVE-2026-277...

9.2CVSS6.1AI score0.22189EPSS
Exploits0References4
Nuclei
Nuclei
added 12 hours ago5 views

Xerte Online Toolkits <= 3.15 - Remote Code Execution

Xerte Online Toolkits versions 3.15 and earlier expose the elFinder file manager connector at /editor/elfinder/php/connector.php without authentication CVE-2026-34413, because the access-control redirect for unauthenticated users does not call exit/die and execution continues server-side. This is...

9.8CVSS6.4AI score0.03575EPSS
Exploits1References6
Nuclei
Nuclei
added 12 hours ago40 views

Complete Online Job Search System 1.0 - SQL Injection

Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=category&search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

7.2CVSS7.2AI score0.04522EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago85 views

Car Rental Management System 1.0 - SQL Injection

Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/managebooking.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-32026...

7.2CVSS7.1AI score0.05261EPSS
Exploits2References4
Nuclei
Nuclei
added 12 hours ago46 views

PrestaShop xipblog - SQL Injection

In the blog module xipblog, an anonymous user can perform SQL injection. Even though the module has been patched in version 2.0.1, the version number was not incremented at the time. id: CVE-2023-27847 info: name: PrestaShop xipblog - SQL Injection author: mastercho severity: critical description...

9.8CVSS7.1AI score0.04715EPSS
Exploits1References2
Rows per page
Query Builder