Lucene search
K

719 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/23 5:0 a.m.4 views

CVE-2026-4598

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...

8.7CVSS5.8AI score0.00554EPSS
Exploits1References6
Snyk
Snyk
added 2026/03/20 5:25 p.m.7 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the RemoveProjectBackground process. An attacker can permanently delete background images by sending a DELETE request to the relevant API endpoint with only read-level permissions. Remediation Upgrade...

5.4CVSS5.9AI score0.00211EPSS
Exploits1References2
NVD
NVD
added 2026/03/20 10:16 a.m.5 views

CVE-2026-33124

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Versions prior to 0.17.0-beta1 allow any authenticated user to change their own password without verifying the current password through the /users/username/password endpoint. Changing a password does not...

8.8CVSS0.00247EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/20 8:3 a.m.4 views

CVE-2026-33065 free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leak...

6.9CVSS5.8AI score0.00282EPSS
Exploits1References4
OSV
OSV
added 2026/03/18 9:40 p.m.6 views

CVE-2026-32878 Parse Server vulnerable to schema poisoning via prototype pollution in deep copy

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.20 and 8.6.44, an attacker can bypass the default request keyword denylist protection and the class-level permission for adding fields by sending a crafted request that...

5.3CVSS5.8AI score0.00345EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/18 9:40 p.m.22 views

CVE-2026-32878 Parse Server vulnerable to schema poisoning via prototype pollution in deep copy

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.20 and 8.6.44, an attacker can bypass the default request keyword denylist protection and the class-level permission for adding fields by sending a crafted request that...

5.3CVSS0.00345EPSS
Exploits0References3
CVE
CVE
added 2026/03/18 9:40 p.m.13 views

CVE-2026-32878

Parse Server is vulnerable to prototype pollution in its deep copy path prior to versions 9.6.0-alpha.20 and 8.6.44. An attacker can bypass the default denylist and class-level field-adding permissions by crafting a request, allowing injection of fields into locked schemas and causing permanent s...

7.5CVSS5.8AI score0.00345EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/18 6:31 p.m.11 views

EUVD-2025-208834

MuraCMS through 10.1.10 contains a CSRF vulnerability that allows attackers to permanently destroy all deleted content stored in the trash system through a simple CSRF attack. The vulnerable cTrash.empty function lacks CSRF token validation, enabling malicious websites to forge requests that...

5.8AI score0.00124EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/18 12:0 a.m.3 views

CVE-2025-55046

MuraCMS through 10.1.10 contains a CSRF vulnerability that allows attackers to permanently destroy all deleted content stored in the trash system through a simple CSRF attack. The vulnerable cTrash.empty function lacks CSRF token validation, enabling malicious websites to forge requests that...

5.8AI score0.00124EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/18 12:0 a.m.20 views

CVE-2025-55046

MuraCMS through 10.1.10 contains a CSRF vulnerability that allows attackers to permanently destroy all deleted content stored in the trash system through a simple CSRF attack. The vulnerable cTrash.empty function lacks CSRF token validation, enabling malicious websites to forge requests that...

0.00124EPSS
Exploits0References2
OSV
OSV
added 2026/03/17 3:30 p.m.4 views

CVE-2026-28506 Outline's Information Disclosure in Activity Logs allows User Enumeration of Private Drafts

Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no...

4.3CVSS5.9AI score0.00229EPSS
Exploits1References3
Malwarebytes
Malwarebytes
added 2026/03/16 2:22 p.m.7 views

Delete doesn’t mean gone. Here’s how File Shredder fixes that

You have done it a thousand times. Right-click. Delete. Empty Trash. Done. Except it's not done. That file, your tax return, your private photos, that EmbezzlementPlan.doc… it's all still sitting on your drive. Invisible to you, but not to anyone with a $30 recovery tool downloaded from the...

6AI score
Exploits0
Snyk
Snyk
added 2026/03/05 11:7 p.m.1 views

Incorrect Permission Assignment for Critical Resource

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the tusDeleteHandler in http/tushandlers.go. An attacker can permanently delete any file or directory within the...

9.1CVSS5.8AI score0.00487EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/05 3:21 p.m.33 views

CVE-2026-30793 RustDesk Flutter URI Handler Sets Permanent Password Without Privilege Check or User Confirmation

Cross-Site Request Forgery CSRF vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, FFI bridge modules allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart,...

9.3CVSS0.00306EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/05 3:21 p.m.4 views

CVE-2026-30793 RustDesk Flutter URI Handler Sets Permanent Password Without Privilege Check or User Confirmation

Cross-Site Request Forgery CSRF vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, FFI bridge modules allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart,...

9.3CVSS5.9AI score0.00306EPSS
Exploits1References4
CVE
CVE
added 2026/03/05 3:21 p.m.46 views

CVE-2026-30793

The CVE-2026-30793 entry concerns RustDesk Client (rustdesk-client) on Windows, macOS, Linux, iOS, Android (Flutter URI scheme handler, FFI bridge modules). A Cross-Site Request Forgery (CSRF) vulnerability affects the client via rustdesk://password/ flows and related program routines (flutter/li...

9.8CVSS5.9AI score0.00306EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/02/24 12:18 a.m.5 views

EUVD-2026-7463

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...

8.7CVSS5.3AI score0.00506EPSS
Exploits1References4
Fedora
Fedora
added 2026/02/20 12:53 a.m.15 views

[SECURITY] Fedora 43 Update: microcode_ctl-2.1-71.1.fc43

The microcodectl utility is a companion to the microcode driver written by Tigran Aivazian . The microcode update is volatile and needs to be uploaded on each system boot i.e. it doesn't reflash your cpu permanently, reboot and it reverts back to the old microcode...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.8 views

PT-2026-21279

ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below have an unvalidated command-line argument that allows any user to trigger recursive deletion of arbitrary directories on the Windows filesystem. ADB Explorer accepts an optional path argument to set a custom data...

7.1CVSS5.9AI score0.00223EPSS
Exploits1References4
NVD
NVD
added 2026/02/19 1:16 p.m.6 views

CVE-2019-25415

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the hotspotpermanentusers endpoint. Attackers can send POST requests with JavaScript payloads in the MACADDRESSES parameter to...

6.1CVSS0.00384EPSS
Exploits1References4
Rows per page
Query Builder