Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.14 views

PT-2026-48717

Name of the Vulnerable Software and Affected Versions PenguinMod-BackendApi versions prior to 1.0.0 Description A NoSQL injection—a method of attacking non-relational databases by manipulating queries—exists in the password reset endpoint. This allows an authenticated user with a registered accou...

8.7CVSS5.2AI score0.00251EPSS
Exploits0References3
OSV
OSV
added 2026/03/23 8:39 p.m.7 views

CVE-2026-23480 Blinko: Low Privilege User Privilege Escalation - upsertUser Endpoint

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is a privilege escalation vulnerability. The upsertUser endpoint has 3 issues: it is missing superAdminAuthMiddleware, any logged-in user can call it; the originalPassword is an optional parameter and if not provided...

5.3CVSS5.8AI score0.00343EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.4 views

Astra Linux – Vulnerability in libpng1.6

LIBPNG is a reference library used in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Starting from version 1.6.0 until 1.6.51, there was a heap buffer overflow vulnerability in the libpng simplified API function pngimagefinishread, when processing...

7.1CVSS6.7AI score0.00224EPSS
Exploits4References3
OSV
OSV
added 2025/08/25 3:38 p.m.4 views

CVE-2025-55301 The Scratch Channel Allows Username Modification

The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account's username locally. This issue has been patched in version 1.1...

6.7CVSS6.6AI score0.00159EPSS
Exploits0References5
OSV
OSV
added 2023/05/25 11:15 p.m.7 views

AZL-26939 CVE-2023-32067 affecting package nodejs18 for versions less than 18.17.1-2

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...

7.5CVSS6.6AI score0.01577EPSS
Exploits0References1
Rows per page
Query Builder