Lucene search
K

43 matches found

Vulnrichment
Vulnrichment
added 2026/06/07 3:15 a.m.11 views

CVE-2026-11452 GL.iNet GL-MT3000 SET_USER_PWD glc FUN_0042e200 command injection

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....

7.5CVSS6.8AI score0.01681EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/31 2:28 a.m.15 views

EUVD-2026-33483

The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free remote desktop protocol library and client. All FreeRDP-based clients that use the /video command-line switch may read uninitialized data, interpret it as audio/video, and display the result. Server implementations based on FreeRDP are not affected by this issue. This issue has...

7.5CVSS6.1AI score0.00985EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 9:31 a.m.8 views

EUVD-2026-29391

The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kcseoativetab parameter in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.9CVSS6AI score0.00229EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/05 12:15 a.m.29 views

CVE-2026-5529 Dromara lamp-cloud DefUserController pageUser improper authorization

A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now...

5.3CVSS0.00273EPSS
Exploits0References5
NVD
NVD
added 2026/03/27 8:16 p.m.7 views

CVE-2026-34388

Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all...

8.7CVSS0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/27 7:13 p.m.20 views

CVE-2026-34388 Fleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpoint

Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all...

8.7CVSS0.00263EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.8 views

EulerOS 2.0 SP10 : libarchive (EulerOS-SA-2026-1314)

According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when processing crafted -s...

5.5CVSS6.1AI score0.00157EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/03/05 3:16 p.m.9 views

CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

7.5CVSS5.9AI score0.00566EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/01/19 1:27 p.m.5 views

CVE-2026-0949

PEM versions prior to 9.8.1 are affected by a stored Cross-site Scripting XSS vulnerability that allows users with access to the Manage Charts menu to inject arbitrary JavaScript when creating a new chart, which is then executed by any user accessing the chart. By default only the superuser and...

6.5CVSS5.7AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:49 a.m.9 views

CVE-2020-24220

ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain control of the server...

9CVSS8.2AI score0.02401EPSS
Exploits0References1
NVD
NVD
added 2026/01/02 3:16 p.m.3 views

CVE-2025-62857

A cross-site scripting XSS vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuMagie 2.8.1 and later...

6.2CVSS0.00183EPSS
Exploits0References1
OSV
OSV
added 2025/12/19 5:11 p.m.5 views

CVE-2025-68430 CVAT vulnerable to directory traversal via mounted share listing

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...

5.3CVSS6.5AI score0.0024EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/26 4:56 p.m.7 views

CVE-2025-13588

A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. The impacted element is an unknown function of the file public/proxy.php. Performing manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit has been made public and...

6.5CVSS6.7AI score0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/24 6:32 a.m.8 views

EUVD-2025-198624

A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. The impacted element is an unknown function of the file public/proxy.php. Performing manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit has been made public and...

6.5CVSS6.2AI score0.00218EPSS
Exploits0References7
CVE
CVE
added 2025/11/11 12:17 p.m.10 views

CVE-2025-41104

Summary: CVE-2025-41104 is an HTML injection vulnerability in Fairsketch’s RISE CRM Framework v3.8.1. The issue stems from insufficient validation of user input in the POST parameter custom_field_1 at /estimate_requests/save_estimate_request, enabling HTML injection. Affected software: Fairsketch...

5.4CVSS6.9AI score0.00141EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-10117

Malware in sbrugna...

9.1CVSS9AI score0.01961EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.1 views

EUVD-2022-41785

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00985EPSS
Exploits0References10
Snyk
Snyk
added 2025/08/26 5:20 p.m.5 views

Use of Externally-Controlled Format String

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.8CVSS7.7AI score0.04065EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/26 5:20 p.m.3 views

Use of Externally-Controlled Format String

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

8.8CVSS7.7AI score0.04065EPSS
Exploits1References2
Rows per page
Query Builder