Lucene search
K

112 matches found

CVE
CVE
added 2026/06/20 3:24 p.m.19 views

CVE-2026-56282

Capgo before 12.128.2 has an information-disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry (e.g., replication slot names, confirmed_flush_lsn, restart_lsn) and database error messages. Access to this endpoint does not requ...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 3:24 p.m.5 views

CVE-2026-56282

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry including slot names and WAL LSN positions. Attackers can access this endpoint without authentication to retrieve sensitive...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References3
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.7 views

CVE-2026-40996: Inbound WS-Security allows RSA PKCS#1 v1.5 key transport by default

Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true , overriding Apache WSS4J’s safer default for validation RequestData . Inbound WS-Security decryption could therefore accept RSA PKCS1 v1.5 rsa-15 encrypted key material unless operators explicitly reconfigured the flag,...

4.8CVSS5.9AI score0.00129EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/09 12:20 a.m.17 views

CVE-2026-43442

A flaw was found in the Linux kernel's iouring subsystem. An incorrect bounds check for 128-byte Submission Queue Entry SQE operations, when IORINGSETUPSQEMIXED is used without IORINGSETUPNOSQARRAY, allows an unprivileged local user to remap logical SQE positions to arbitrary physical indices. Th...

7.1CVSS5.9AI score0.00131EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.9 views

SUSE CVE-2026-42483

A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects modulehashdecode in multiple Kerberos-related modules because accountinfolen is...

9.8CVSS6.4AI score0.00304EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/17 7:45 a.m.29 views

CVE-2026-6451 CMS für Motorrad Werkstätten <= 1.0.0 - Cross-Site Request Forgery

The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.0.0. This is due to missing nonce validation on all eight AJAX deletion handlers: vehiclescfmwdvehicle, contactscfmwdcontact, supplierscfmwdsupplier,...

4.3CVSS0.00225EPSS
Exploits0References19
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.11 views

WordPress plugin cms-fuer-motorrad-werkstaetten 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/04/13 11:26 p.m.4 views

SUSE CVE-2026-31418

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: drop logically empty buckets in mtypedel mtypedel counts empty slots below n-pos in k, but it only drops the bucket when both n-pos and k are zero. This misses buckets whose live entries have all been removed...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.7 views

Marginal 安全漏洞

Marginal is an asset trading platform developed by Marginal OpenSource. There is a security vulnerability in Marginal, which stems from the execution of insecure downcasting operations. This vulnerability could allow attackers to settle large debt positions at a negligible cost for assets...

8.6CVSS5.9AI score0.00257EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.7 views

Valkey 缓冲区错误漏洞

Valkey is a flexible distributed key-value database developed by Valkey OpenSource. Versions prior to Valkey 9.0.2, 8.1.6, 8.0.7, and 7.2.12 contain a buffer error vulnerability. This vulnerability arises from the lack of validation of extended data packet positions in the cluster bus data packet...

7.5CVSS6AI score0.00552EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

WordPress plugin Advanced Ads – Ad Manager & AdSense 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00284EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:34 p.m.6 views

CVE-2023-45378

In the module "PrestaBlog" prestablog version 4.4.7 and before from HDclic for PrestaShop, a guest can perform SQL injection. The script ajax sliderpositions.php has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...

9.8CVSS7.7AI score0.00504EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-29813

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00365EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/09/19 8:37 p.m.7 views

CVE-2025-10617

A weakness has been identified in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been made...

8.8CVSS7.1AI score0.00365EPSS
Exploits0References1
NVD
NVD
added 2025/09/17 9:15 p.m.7 views

CVE-2025-10617

A weakness has been identified in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been made...

8.8CVSS0.00365EPSS
Exploits0References7
OSV
OSV
added 2025/09/17 9:15 p.m.5 views

CVE-2025-10617

A weakness has been identified in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been made...

8.8CVSS5.8AI score0.00365EPSS
Exploits0References7
CVE
CVE
added 2025/09/17 8:32 p.m.22 views

CVE-2025-10617

CVE-2025-10617 affects SourceCodester Online Polling System 1.0. The vulnerability is in the sensitive file /admin/positions.php , where manipulation of the ID argument leads to an SQL injection. The attack can be initiated remotely and, per sources, the exploit has been publicly released. Connec...

8.8CVSS6.7AI score0.00365EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2025/09/17 8:32 p.m.12 views

CVE-2025-10617 SourceCodester Online Polling System positions.php sql injection

A weakness has been identified in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been made...

6.5CVSS0.00365EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/09/17 8:32 p.m.5 views

CVE-2025-10617 SourceCodester Online Polling System positions.php sql injection

A weakness has been identified in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been made...

6.5CVSS6.4AI score0.00365EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.2 views

SourceCodester Online Polling System SQL注入漏洞

SourceCodester Online Polling System is a SourceCodester open source online polling system. A SQL injection vulnerability exists in SourceCodester Online Polling System version 1.0, which stems from incorrect manipulation of the parameter ID in the file /admin/positions.php, which could lead to a...

8.8CVSS7AI score0.00365EPSS
Exploits0References7
Rows per page
Query Builder