Lucene search
K

841 matches found

Github Security Blog
Github Security Blog
added last week13 views

Inside the Advisory Database and what happens when vulnerability volume breaks records

In May 2026, the GitHub Advisory Database published 1,560 reviewed advisories --more than five times our typical monthly output and the highest in its history. And it still wasn't enough to keep up. Over the past few months, the vulnerability ecosystem has shifted in a fundamental way. Input acro...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.18 views

CVE-2026-56311 Capgo - Unauthenticated Cross-Tenant Disclosure via get_current_plan_max_org RPC

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.getcurrentplanmaxorg RPC function that allows unauthenticated attackers to retrieve arbitrary organization plan limits. Attackers can call the RPC endpoint with any organization UUID using only the public Supabase...

6.9CVSS0.00265EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:4 p.m.7 views

CVE-2026-56311

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.getcurrentplanmaxorg RPC function that allows unauthenticated attackers to retrieve arbitrary organization plan limits. Attackers can call the RPC endpoint with any organization UUID using only the public Supabase...

6.9CVSS6AI score0.00265EPSS
Exploits0References3
Microsoft KB
Microsoft KB
added 2026/06/09 2:0 p.m.66 views

June 9, 2026—KB5094042 (Monthly Rollup)

June 9, 2026—KB5094042 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only are...

9.8CVSS6.2AI score0.21506EPSS
Exploits1
Microsoft KB
Microsoft KB
added 2026/06/09 2:0 p.m.31 views

June 9, 2026—KB5094041 (Monthly Rollup)

June 9, 2026—KB5094041 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU only a...

9.8CVSS6.2AI score0.21506EPSS
Exploits1
Microsoft KB
Microsoft KB
added 2026/05/12 2:0 p.m.27 views

May 12, 2026—KB5087471 (Monthly Rollup)

May 12, 2026—KB5087471 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU only a...

9.8CVSS6.6AI score0.72253EPSS
Exploits31
ATTACKERKB
ATTACKERKB
added 2026/04/13 1:30 a.m.3 views

CVE-2026-6148

A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. Performing a manipulation of the argument BRANCHID results in sql injection. The attack is possibl...

7.5CVSS6.9AI score0.00379EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.11 views

PT-2026-28101

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.464 Description An authorization bypass allows any authenticated user to access deployment details belonging to any team. The issue occurs because the GET /api/v1/deployments/uuid endpoint fails to use the...

5CVSS5.9AI score0.00213EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.16 views

PT-2026-28102

What are the limits of AI-assisted vulnerability hunting? I obtained 23 CVEs in one month. BentoML 8.2k CVE-2026-27905 HIGH SillyTavern 24.6k CVE-2026-26286 HIGH Plane 28.2k CVE-2026-27705 MEDIUM NocoDB 46.4k CVE-2026-28399 MEDIUM Mautic 8.4k CVE-2026-3105 HIGH File Browser 27.9k CVE-2026-28492...

9.8CVSS5.8AI score0.00651EPSS
Exploits12References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.5 views

PT-2026-28105

Name of the Vulnerable Software and Affected Versions Typebot versions prior to 3.16.0 Description Unauthenticated users can achieve Server-Side Request Forgery SSRF by providing a custom typebot definition containing server-side code blocks. The issue exists because the fetch function within the...

10CVSS5.9AI score0.00347EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.4 views

PT-2026-28098

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.29.0 Description Gotenberg, an API for converting document formats, contains a flaw related to URL scheme handling. A previously implemented fix for CVE-2024-21527 could be bypassed by utilizing mixed-case or...

8.8CVSS6AI score0.00538EPSS
Exploits1References51
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.12 views

PT-2026-28100

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the four date filter parameters f min date available, f max date available, f min date created, f max date created in ws std image sql filter are concatenated directly into SQL without any escaping or type...

8.7CVSS7.1AI score0.00651EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/12 6:30 p.m.4 views

EUVD-2019-19766

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS5.9AI score0.00323EPSS
Exploits0References3
NVD
NVD
added 2026/03/12 4:16 p.m.5 views

CVE-2019-25473

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS0.00323EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/12 3:36 p.m.4 views

CVE-2019-25473

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS5.9AI score0.00323EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/12 3:36 p.m.3 views

CVE-2019-25473 Clinic Pro SQL Injection via monthly_expense_overview month Parameter

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS6AI score0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/12 3:36 p.m.25 views

CVE-2019-25473 Clinic Pro SQL Injection via monthly_expense_overview month Parameter

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS0.00323EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/10 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-0785

The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the getmonthlytimetable AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...

9.8CVSS5.9AI score0.09351EPSS
In wildExploits2References17
RedhatCVE
RedhatCVE
added 2026/03/05 7:30 p.m.6 views

CVE-2019-25505

Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. Attackers can send POST requests to the monthlydeposit endpoint with malicious symbol values using boolean-based blind,...

7.1CVSS6.1AI score0.00287EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/04 6:31 p.m.8 views

EUVD-2019-19731

Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. Attackers can send POST requests to the monthlydeposit endpoint with malicious symbol values using boolean-based blind,...

7.1CVSS6.1AI score0.00287EPSS
Exploits1References3
Rows per page
Query Builder