Lucene search
K

250 matches found

CVE
CVE
added 2026/07/06 11:12 p.m.13 views

CVE-2026-53648

FOSSBilling prior to v0.8.1 stores downloadable product files with a deterministic path md5(), so files with identical names between different products/orders map to the same stored path and can be overwritten by later uploads. This leads to customers/admins downloading the wrong file. Version 0....

5.1CVSS5.9AI score0.00264EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-487 PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py)

Summary The memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py lines 303 to 305. No sanitization, no shlex.quote, no character filter, and no allowlist check exists...

9.3CVSS6.3AI score0.00229EPSS
Exploits1References5
CVE
CVE
added 2026/06/14 6:0 a.m.38 views

CVE-2025-15546

The CVE concerns the Iptanus File Upload WordPress plugin

5.4CVSS5.3AI score0.00159EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.8 views

CVE-2026-39819

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

5.3CVSS5.5AI score0.00179EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/03 9:52 p.m.23 views

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.7AI score0.00939EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.10 views

Schneider Electric PowerChute Serial Shutdown < 1.5 Multiple Vulnerabilities (SEVD-2026-104-01)

The version of Schneider Electric PowerChute Serial Shutdown installed on the remote host is prior to 1.5. It is, therefore, affected by multiple vulnerabilities, including: - An improper limitation of a pathname to a restricted directory vulnerability exists that could cause critical files to be...

6.9CVSS5.9AI score0.00274EPSS
Exploits0References8
CVE
CVE
added 2026/04/07 2:51 p.m.10 views

CVE-2026-35488

CVE-2026-35488 affects Tandoor Recipes where RecipeBookViewSet and RecipeBookEntryViewSet exposed a flawed CustomIsShared permission: has_object_permission() returns True for all HTTP methods, letting shared (read-only) users delete or overwrite a RecipeBook. The root cause is the permission chec...

8.1CVSS5.9AI score0.00378EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/05 8:45 p.m.9 views

CVE-2019-25681

CVE-2019-25681 affects Xlight FTP Server 3.9.1. The issue is a structured exception handler (SEH) overwrite that allows a local attacker to crash the application and overwrite SEH pointers by sending a crafted buffer. Specifically, a 428-byte payload injected via the program execution field in th...

8.6CVSS6.4AI score0.00208EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/01 5:0 a.m.4 views

CVE-2026-30285

An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

9.8CVSS6.4AI score0.00617EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/10 8:54 p.m.2 views

CVE-2026-31801 zot create-only policy allows overwrite attempts of existing latest tag (update permission not required)

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot’s dist-spec authorization middleware infers the required action for PUT /v2/name/manifests/reference as create by default, and only switches to update when the t...

7.7CVSS5.8AI score0.00212EPSS
Exploits1References1
OSV
OSV
added 2026/03/10 8:54 p.m.7 views

CVE-2026-31801 zot create-only policy allows overwrite attempts of existing latest tag (update permission not required)

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot’s dist-spec authorization middleware infers the required action for PUT /v2/name/manifests/reference as create by default, and only switches to update when the t...

7.7CVSS5.8AI score0.00212EPSS
Exploits1References3
OSV
OSV
added 2026/02/05 12:38 a.m.5 views

GHSA-GGXW-G3CP-MGF8 FUXA Unauthenticated Remote Arbitrary Device Tag Write

Summary Description An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10. Impact This affects all deployments, including those...

9.3CVSS5.5AI score0.00479EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/04 12:0 a.m.5 views

EUVD-2025-206818

An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information...

6.2AI score0.00329EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.13 views

PT-2026-5157

docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload that triggers a structured exception handler SEH overwrite to execute shellcode and gain remo...

8.4CVSS6.4AI score0.00149EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 8:59 a.m.6 views

CVE-2023-49788

Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server richdocumentscode is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attac...

7.2CVSS7.1AI score0.00496EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.4 views

PT-2025-47808

Name of the Vulnerable Software and Affected Versions PJSIP versions prior to 2.16 Description PJSIP is a multimedia communication library. Versions before 2.16 may experience a memory overwrite issue when using the Opus audio codec in receiving direction. This occurs because Opus PLC may zero-fi...

8.7CVSS6.6AI score0.00279EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-25733

Malware in sbrugna...

8.1CVSS8.2AI score0.01506EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-5695

Malware in sbrugna...

7.2CVSS6.4AI score0.00846EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-1869

Malware in sbrugna...

6.3CVSS6.3AI score0.00394EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-27226

Malware in sbrugna...

9.8CVSS9.4AI score0.00956EPSS
Exploits0References2
Rows per page
Query Builder