Lucene search
K

509 matches found

CNNVD
CNNVD
added 2026/02/25 12:0 a.m.10 views

Sz-Admin 安全漏洞

Sz-Admin is a mid-tier management software developed by INS6+ individuals. Versions of Sz-Admin such as 1.3.2-beta and earlier contained security vulnerabilities. These vulnerabilities stemmed from incorrect handling of the parameter userId in files/api/admin/sys-user/reset/password/, which could...

6.5CVSS6.6AI score0.00222EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/02/24 12:32 a.m.4 views

CVE-2026-3049

A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horillagenerics/globalsearch.py of the component Query Parameter Handler. The manipulation of the argument prevurl results in open redirect. The attack can be executed remotely...

5.3CVSS5AI score0.00377EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.9 views

Horilla 输入验证错误漏洞

Horilla is a free open-source human resources software developed by Horilla Company. Versions of Horilla 1.0.2 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from incorrect handling of the parameter prevurl in the Query Parameter Handler...

6.1CVSS5.8AI score0.00377EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.8 views

PJSIP 安全漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. PJSIP versions 2.16 and earlier contained security vulnerabilities, which stemmed from buffer overflows when...

9.8CVSS7.4AI score0.01927EPSS
Exploits3References4
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.5 views

Intel Optane PMem management software 代码问题漏洞

Intel Optane PMem management software is a persistent memory management software developed by Intel Corporation. Previous versions of Intel Optane PMem management software, such as CRMGMT02.00.00.4052 and CRMGMT03.00.00.0538, contained code vulnerabilities due to improper conditional checks, whic...

6.7CVSS5.9AI score0.00097EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-6200

Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2 Description The Open eClass platform, previously known as GUnet eClass, is a course management system. A broken access control issue allows authenticated students to add content to existing course units, despi...

6.5CVSS5.4AI score0.00207EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.4 views

Azure Linux 3.0 Security Update: kernel (CVE-2025-38191)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38191 advisory. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in...

5.5CVSS5.3AI score0.00482EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/19 3:57 p.m.3 views

CVE-2025-11044 Vulnerability on Automation Runtime my cause DoS Conditions

An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B&R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition, resulting in permanent denial-of-service...

8.9CVSS5.6AI score0.00313EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2026/01/13 12:0 a.m.30 views

.NET 9.0 Update - January 13, 2026

.NET 9.0 Update - January 13, 2026 .NET 9.0 has been refreshed with the latest update as of January 13, 2026. This update contains non-security fixes. See the release notes for details about updated packages..NET 9.0 servicing updates are upgrades. The latest servicing update for 9.0 will remove...

6.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 10:6 a.m.8 views

CVE-2019-20842

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels...

7.2CVSS8AI score0.00967EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/08 12:0 a.m.4 views

Commvault CommandCenter < 11.36.60 Unauthorized API Access

Commvault CommandCenter versions prior to 11.36.60 contain a vulnerability in a known login mechanism that allows unauthenticated attackers to execute API calls without requiring user credentials. No source data...

6.9CVSS7.2AI score0.02721EPSS
Exploits4References3
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.10 views

PT-2026-25910

Summary Decompressing invalid LZ4 data can leak data from uninitialized memory, or can leak content from previous decompression operations when reusing an output buffer. Details The LZ4 block format defines a "match copy operation" which duplicates previously written data or data from the...

8.2CVSS6AI score0.00608EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/12/30 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992439)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992439 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: fix overlap expiration walk The lazy gc on insert that should remove...

5.5CVSS6AI score0.00146EPSS
Exploits0References4
OSV
OSV
added 2025/12/19 2:16 a.m.7 views

CVE-2025-67846

The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure of a previous deployment that...

6.5CVSS6AI score0.00375EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.6 views

PT-2025-52609

CVE-2025-67047 - Apache OpenSSH Remote Code Execution Vulnerability CVE ID : CVE-2025-67047 Published : Dec. 19, 2025, 4:15 p.m. | 2 hours, 8 minutes ago Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67036. Reason: This record is a reservation duplicate of...

7.4AI score0.00302EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/13 7:20 a.m.8 views

Improper Authentication

ibexa/user is vulnerable to improper authentication. The vulnerability is due to an error in the password validation logic during the transition from v4 to v5, which allows an attacker to change the account password without knowing the previous password by exploiting an active authenticated sessi...

8.5CVSS5.8AI score0.00123EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/10 6:23 p.m.2 views

CVE-2025-64607 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.1AI score0.00214EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/12/10 6:20 p.m.8 views

Ibexa User Bundle is missing password change validation

Impact The vulnerability is in the password change dialog in the back office. During the transition from v4 to v5 a mistake was made in the validation code which caused the validation of the previous password to not run as expected. This made it possible for a logged in user to change password in...

8.5CVSS7AI score0.00123EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.5 views

Adobe ColdFusion 输入验证错误漏洞

Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. An improper input validation vulnerability exists in Adobe ColdFusion, whi...

6.2CVSS5.9AI score0.00668EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/12/09 3:25 p.m.10 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.6 release and security update

An update is now available for Red Hat JBoss Web Server 5.8 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS7AI score0.66535EPSS
Exploits5References5
Rows per page
Query Builder