Lucene search
K

1204 matches found

RedhatCVE
RedhatCVE
added 2026/01/16 2:23 p.m.10 views

CVE-2026-22912

Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...

6.1CVSS6.8AI score0.00324EPSS
Exploits0References1
OSV
OSV
added 2026/01/15 1:16 p.m.2 views

CVE-2026-22912

Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...

6.1CVSS5.8AI score0.00324EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/01/15 1:3 p.m.2 views

CVE-2026-22912

Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...

6.1CVSS5.5AI score0.00324EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/01/15 1:3 p.m.3 views

CVE-2026-22912

Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...

4.3CVSS6.4AI score0.00324EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.3 views

PT-2026-2993

Name of the Vulnerable Software and Affected Versions affected versions not specified Description Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication, potentially leading to credential theft. Recommendations At the moment, ther...

6.1CVSS6.4AI score0.00324EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.5 views

PT-2026-2597

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The open parameters in the drm/xe/oa module did not validate the num syncs value, potentially allowing userspace to provide excessively large values. This could lead to excessive memory...

5.5CVSS5.7AI score0.00121EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.7 views

PT-2026-1799

Name of the Vulnerable Software and Affected Versions WorkDo's TicketGo affected versions not specified Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The issue involves sending a POST request to the ''/ticketgo-saas/home'' API...

5.1CVSS5.8AI score0.00251EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.9 views

PT-2026-2127

Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3 Description CryptoLib is a software-only solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight Syste...

7.3CVSS6.8AI score0.00261EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/01/09 10:46 a.m.4 views

CVE-2022-0346

The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allowurlinclude is turned on...

6.1CVSS6.2AI score0.02205EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.9 views

CVE-2019-18619

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave all versions prior to 2019-11-15 allows a local user to execute arbitrary code in the enclave that can compromise confidentiality of enclave data via APIs that accept invalid pointers...

7.8CVSS7.5AI score0.0047EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:30 a.m.6 views

CVE-2023-29087

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Retry-After...

7.5CVSS7.1AI score0.00794EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:58 a.m.8 views

CVE-2023-45347

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'verified' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS8.3AI score0.007EPSS
Exploits1References1
OSV
OSV
added 2026/01/05 9:30 p.m.2 views

GHSA-VP8W-WJ4M-3R7J evershop allows unauthenticated attackers to force server to initiate HTTP request via "GET /images" API

A Blind Server-Side Request Forgery SSRF vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. The vulnerability occurs due to insufficient validation of the "src" query parameter, which permits...

6.9CVSS7.1AI score0.00175EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.3 views

EverShop 安全漏洞

EverShop is a NodeJS e-commerce platform open-sourced by EverShop. A security vulnerability exists in EverShop 2.1.0 and earlier versions, which stems from insufficient validation of the src query parameter and could lead to a server-side request forgery attack...

6.5CVSS6.4AI score0.00175EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/27 12:0 a.m.3 views

StreamVault 操作系统命令注入漏洞

StreamVault is a video parsing and downloading tool from the individual developers at MochiMoon. An operating system command injection vulnerability exists in StreamVault versions prior to 251126, which stems from an insufficiently validated configuration of the yt-dlp parameter and could lead to...

9.9CVSS8.4AI score0.00671EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/12/24 9:19 p.m.4 views

CVE-2025-14499

IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

8.8CVSS6.7AI score0.00668EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.3 views

LogicalDOC Enterprise 安全漏洞

LogicalDOC Enterprise is a document management system from the Italian company LogicalDOC. A security vulnerability exists in LogicalDOC Enterprise version 7.7.4, which stems from insufficient validation of the suffix and fileVersion parameters and could lead to arbitrary file disclosure...

7.5CVSS6.7AI score0.00984EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.3 views

VideoFlow Digital Video Protection 安全漏洞

VideoFlow Digital Video Protection is a broadcast-quality video delivery device from VideoFlow, Inc. A security vulnerability exists in VideoFlow Digital Video Protection version 2.10, which stems from insufficient validation of the ID parameter and could lead to a directory traversal attack...

7.1CVSS6.7AI score0.00543EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/23 9:19 p.m.24 views

CVE-2025-14499 IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability

IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

8.8CVSS0.00668EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/23 9:19 p.m.2 views

CVE-2025-14499 IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability

IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

8.8CVSS8.4AI score0.00668EPSS
Exploits0References2
Rows per page
Query Builder