Lucene search
K

615 matches found

Cvelist
Cvelist
added last week35 views

CVE-2026-53643 FOSSBilling allows low-privileged staff accounts to perform unauthorized actions via admin API endpoints

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the canalwaysaccess module flag which grants all staff access to certain...

8.7CVSS0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 8:18 p.m.27 views

CVE-2026-34597 Coolify: Authenticated Host RCE

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.470, a critical Authenticated Host Remote Code Execution RCE vulnerability was discovered in Coolify. The flaw resides in the handling of user-defined build parameters for the...

8.8CVSS0.00526EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 4:24 p.m.36 views

CVE-2026-13752 Snowflake CLI SQL Injection Through Improper Neutralization of Parameters in Secret Creation and SPCS Service Log Commands

Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing Snowflake CLI to execute unintended SQL in the context of the user’s Snowflake session...

6CVSS0.00188EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.4 views

PT-2026-52172

Name of the Vulnerable Software and Affected Versions WissKI versions 0.0.0 through 4.2.0 Description A missing authorization issue in the wisski mirador submodule allows forceful browsing and access bypass. The module fails to sufficiently validate parameters submitted via a route before writing...

6.1AI score0.00132EPSS
Exploits0References3
OSV
OSV
added 2026/06/16 11:50 a.m.8 views

BIT-MYSQL-CLIENT-2026-44168 MariaDB: wsrep SST unsafe parameter handling on the donor side

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

8CVSS5.8AI score0.00567EPSS
Exploits0References13
OSV
OSV
added 2026/06/13 8:46 a.m.16 views

BIT-MYSQL-CLIENT-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS5.5AI score0.00998EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2026/06/12 5:34 p.m.12 views

CVE-2026-48163 MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync)

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

8CVSS5.9AI score0.00654EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 5:34 p.m.196 views

CVE-2026-48163

CVE-2026-48163 affects MariaDB (wsrep SST): during donor–donor synchronization, the donor interpolates parameters from the joiner in the SST rsync command line, and not all parameters are validated. This could allow a malicious joiner to execute arbitrary shell commands on the donor side. Patched...

9.1CVSS5.8AI score0.00654EPSS
Exploits0References12Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 5:31 p.m.16 views

CVE-2026-44168 MariaDB: wsrep SST unsafe parameter handling on the donor side

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

8CVSS5.8AI score0.00567EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/12 5:31 p.m.12 views

CVE-2026-44168

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

8CVSS5.8AI score0.00567EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/12 1:0 p.m.31 views

CVE-2026-12066 PbootCMS Password MemberController.php retrieve password recovery

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password...

7.5CVSS0.00288EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/11 5:13 p.m.14 views

CVE-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS5.6AI score0.00998EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 3:36 p.m.19 views

CVE-2026-45566

Roxy-WI unauthenticated login flow flaw (affecting 8.2.6.4 and prior) allows an open redirect via the next parameter. The code rejects strings containing https:// or http:// but then builds https://{request.host}{next_url} and redirects with window.location.replace(), not accounting for userinfo@...

6.1CVSS5.5AI score0.00153EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

VMware Spring Data KeyValue和VMware Spring Data Redis 安全漏洞

VMware Spring Data KeyValue and VMware Spring Data Redis are both products of the American company VMware. VMware Spring Data KeyValue is a key-value storage data access framework. VMware Spring Data Redis is a Redis data access framework. Both VMware Spring Data KeyValue and VMware Spring Data...

6.4CVSS5.4AI score0.00202EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

Code-Projects Online Music Site 注入漏洞

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of the Code-Projects Online Music Site has a vulnerability due to incorrect handling of parameters in the file /Administrator/PHP/AdminDeleteAlbum.php. This vulnerability may lead to...

7.5CVSS7.5AI score0.00275EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.13 views

student_management_system 注入漏洞

studentmanagementsystem is a student information management tool personally developed by Vivek Singh. There is an injection vulnerability in studentmanagementsystem. This vulnerability stems from improper handling of parameters ausr/apwd by an unknown function in the Administrator Login Endpoint...

7.5CVSS7.5AI score0.00328EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

SourceCodester Hospitals Patient Records Management System 注入漏洞

SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System has a vulnerability related to SQL injection, which arises from incorre...

7.5CVSS7.5AI score0.00263EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.14 views

JeeWMS 安全漏洞

JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. There is a security vulnerability in JeeWMS. This vulnerability stems from incorrect operations with parameters such as dbType/dbDriver/dbUrl/dbUsername/dbPassword in the JimuReport test-connection Endpoi...

7.5CVSS7.3AI score0.00329EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.12 views

OneDev 授权问题漏洞

OneDev is a JAVA-based multi-functional DevOps platform developed by Theonedev team. This platform supports container building, orchestration, CI, Git management, and team collaboration, helping developers create a simple yet powerful development platform. OneDev versions 15.0.5 and earlier have...

6.5CVSS6.5AI score0.00214EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

Termix 安全漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from the insecure handling of path parameters by the GET /ssh/filemanager/ssh/resolvePath endpoint, which caused...

9CVSS5.5AI score0.00294EPSS
Exploits1References3
Rows per page
Query Builder