Lucene search
K

1021 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/20 11:19 p.m.3 views

CVE-2026-24060

Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...

9.1CVSS5.8AI score0.002EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.7 views

PT-2026-26712

Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...

9.1CVSS5.8AI score0.002EPSS
Exploits0References4
Hacker One
Hacker One
added 2026/03/07 11:44 a.m.24 views

Nextcloud: position: fixed !important bypasses CSS sanitizer's fixed-position mitigation, enabling full-viewport phishing overlays.

A vulnerability was discovered in the CSS sanitization process of the Roundcube webmail application. The sanitizer failed to properly handle the "position: fixed !important" CSS declaration, allowing an attacker to bypass the mitigation for fixed-position overlays. This could enable the creation ...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/03/04 6:31 p.m.5 views

EUVD-2026-9418

A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or...

4.3CVSS5.8AI score0.00147EPSS
Exploits0References2
OSV
OSV
added 2026/02/22 8:15 a.m.5 views

CVE-2026-2932

A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/DadPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting. The attack is...

4.8CVSS4AI score
Exploits0References6
Cvelist
Cvelist
added 2026/02/22 7:32 a.m.28 views

CVE-2026-2932 YiFang CMS Extended Management D_adPosition.php update cross site scripting

A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/DadPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting. The attack is...

4.8CVSS0.00218EPSS
Exploits1References6
CVE
CVE
added 2026/02/13 12:22 a.m.18 views

CVE-2025-9293

The CVE-2025-9293 entry describes a vulnerability in TLS certificate validation across multiple mobile applications. Root cause: insufficient validation of server identities during TLS, enabling an attacker in a privileged network position to intercept or modify traffic. Impact includes confident...

8.1CVSS5.6AI score0.00224EPSS
Exploits0References2Affected Software14
NVD
NVD
added 2026/02/11 11:16 p.m.5 views

CVE-2026-20650

A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets...

7.5CVSS0.0047EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/11 10:58 p.m.3 views

CVE-2026-20650

A denial-of-service issue was addressed with improved validation. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets...

5.5AI score0.0047EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/11 10:58 p.m.25 views

CVE-2026-20650

A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets...

0.0047EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.6 views

CVE-2026-1897

A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipulation results in missing authorization. The attack may be performed from remote. Upgrading to...

5.3CVSS4.6AI score0.003EPSS
Exploits0References1
NVD
NVD
added 2026/02/05 1:15 a.m.8 views

CVE-2026-1897

A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipulation results in missing authorization. The attack may be performed from remote. Upgrading to...

5.3CVSS0.003EPSS
Exploits0References6
OSV
OSV
added 2026/02/05 1:15 a.m.5 views

CVE-2026-1897

A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipulation results in missing authorization. The attack may be performed from remote. Upgrading to...

4.3CVSS4.9AI score
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/05 12:2 a.m.5 views

CVE-2026-1897 WeKan Position-History Tracking positionHistory.js PositionHistoryBleed authorization

A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipulation results in missing authorization. The attack may be performed from remote. Upgrading to...

5.3CVSS4.6AI score0.003EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/05 12:2 a.m.32 views

CVE-2026-1897 WeKan Position-History Tracking positionHistory.js PositionHistoryBleed authorization

A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipulation results in missing authorization. The attack may be performed from remote. Upgrading to...

5.3CVSS0.003EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/05 12:2 a.m.5 views

CVE-2026-1897

A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipulation results in missing authorization. The attack may be performed from remote. Upgrading to...

5.3CVSS4.9AI score0.003EPSS
Exploits0References7
EUVD
EUVD
added 2026/02/05 12:2 a.m.5 views

EUVD-2026-5536

A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipulation results in missing authorization. The attack may be performed from remote. Upgrading to...

5.3CVSS4.9AI score0.003EPSS
Exploits0References6
CVE
CVE
added 2026/02/05 12:2 a.m.17 views

CVE-2026-1897

The CVE-2026-1897 entry describes a vulnerability in WeKan up to version 8.20 affecting the Position-History Tracking component, specifically the file server/methods/positionHistory.js. The issue is a missing authorization vulnerability that could allow remote manipulation. The documented remedia...

5.3CVSS4.7AI score0.003EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.9 views

PT-2026-6076

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.21 Description A flaw exists in WeKan related to missing authorization within the Position-History Tracking component, specifically in the file server/methods/positionHistory.js. This issue allows for remote...

5.3CVSS5.4AI score0.003EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.7 views

WeKan 安全漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained security vulnerabilities. These vulnerabilities were caused by operations on unknown functions in the file server/methods/positionHistory.js, resulting in a lack of authorization...

5.3CVSS5.8AI score0.003EPSS
Exploits0References6
Rows per page
Query Builder