Lucene search
K

151 matches found

CVE
CVE
added 2026/03/03 10:59 p.m.22 views

CVE-2026-28289

FreeScout suffers CVE-2026-28289 (affecting

10CVSS6.1AI score0.3114EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2026/03/03 10:59 p.m.4 views

CVE-2026-28289 FreeScout 1.8.206 Patch Bypass for CVE-2026-27636 via Zero-Width Space Character Leads to Remote Code Execution

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Execution RCE on the server by uploading a maliciou...

10CVSS5.9AI score0.3114EPSS
Exploits3References5
OSV
OSV
added 2026/02/10 4:16 p.m.6 views

CVE-2025-68686

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypas...

5.9CVSS5.9AI score0.00477EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/10 3:39 p.m.8 views

CVE-2025-68686

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypas...

5.9CVSS5.7AI score0.00477EPSS
Exploits1References1
CVE
CVE
added 2026/02/10 3:39 p.m.48 views

CVE-2025-68686

CVE-2025-68686 concerns a publicly exposed information disclosure in Fortinet FortiOS. A remote, unauthenticated attacker could bypass a patch related to the symbolic link persistency mechanism after compromising the product at the filesystem level, and then issue crafted HTTP requests to exfiltr...

5.9CVSS5.7AI score0.00477EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.10 views

Fortinet Fortigate SSL-VPN Symlink Persistence Patch Bypass (FG-IR-25-934)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-934 advisory. - An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 vulnerability in Fortinet FortiOS 7.6.0...

5.9CVSS5.8AI score0.00477EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2026/01/20 12:0 a.m.9 views

VulnCheck KEV: CVE-2025-26399

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...

9.8CVSS6.4AI score0.8833EPSS
In wildExploits1References4
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.6 views

PT-2026-28319

Name of the Vulnerable Software and Affected Versions Node.js versions 20.x through 25.x Description A flaw exists in the Node.js Permission Model's filesystem enforcement, specifically leaving the fs.realpathSync.native function without the necessary read permission checks. Comparable filesystem...

5.9CVSS6.3AI score0.00385EPSS
Exploits0References179
Vulnrichment
Vulnrichment
added 2025/12/19 12:0 a.m.4 views

CVE-2025-67846

The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure of a previous deployment that...

4.9CVSS6.8AI score0.00375EPSS
Exploits1References4
CVE
CVE
added 2025/12/19 12:0 a.m.23 views

CVE-2025-67846

CVE-2025-67846 affects Mintlify Platform prior to 2025-11-15, where the Deployment Infrastructure allows remote attackers to bypass security patches and perform downgrade attacks by using predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure o...

6.5CVSS6.8AI score0.00375EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/12/19 12:0 a.m.5 views

EUVD-2025-204424

The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure of a previous deployment that...

4.9CVSS6.7AI score0.00375EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/19 12:0 a.m.28 views

CVE-2025-67846

The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure of a previous deployment that...

4.9CVSS0.00375EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.7 views

PT-2025-52407

Name of the Vulnerable Software and Affected Versions Mintlify Platform versions prior to 2025-11-15 Description The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows attackers to bypass security patches and execute downgrade attacks. This is possible through predictable...

6.5CVSS6.8AI score0.00375EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2025/12/10 12:28 a.m.14 views

CVE-2025-66481

DeepChat is an open-source AI chat platform that supports cloud models and LLMs. Versions 0.5.1 and below are vulnerable to XSS attacks through improperly sanitized Mermaid content. The recent security patch for MermaidArtifact.vue is insufficient and can be bypassed using unquoted HTML attribute...

9.6CVSS6.7AI score0.0049EPSS
Exploits1References1
Hacker One
Hacker One
added 2025/12/03 12:21 a.m.17 views

Node.js: CVE-2024-36137 Patch Bypass - FileHandle.chmod/chown

Vulnerability description not provided...

3.3CVSS6.6AI score0.00395EPSS
Exploits0
HackRead
HackRead
added 2025/10/31 12:45 p.m.5 views

Hackers Exploit WSUS Flaw to Spread Skuld Stealer Despite Microsoft Patch

Cybercriminals exploit a WSUS vulnerability to deploy Skuld Stealer malware, even after Microsoft released an urgent security patch...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-30842

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.8833EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/09/25 2:53 a.m.3 views

CVE-2025-26399

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...

9.8CVSS8.4AI score0.8833EPSS
Exploits1References1
OSV
OSV
added 2025/09/23 5:15 a.m.5 views

CVE-2025-26399

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...

9.8CVSS6.4AI score0.8833EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/09/23 5:7 a.m.2 views

CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...

9.8CVSS8AI score0.8833EPSS
Exploits1References2
Rows per page
Query Builder