Lucene search
K

50 matches found

NVD
NVD
added 2026/06/26 8:17 p.m.6 views

CVE-2026-44736

OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/relations endpoint allows any authenticated user to retrieve relations — and the subject title of work packages they have no permission to view — by supplying an arbitrary work package ID in the...

6.5CVSS0.00286EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:11 p.m.11 views

CVE-2026-23513

CVE-2026-23513 affects FOSSBilling prior to 0.8.0. A query-construction flaw in client list endpoints (ServiceTransaction::getSearchQuery and Order\Service::getSearchQuery) fails to group OR-based filters, allowing authenticated clients to bypass tenant scoping and retrieve other clients’ data (i...

7.1CVSS5.9AI score0.00282EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 12:0 a.m.14 views

CVE-2025-69600

CVE-2025-69600 affects RayVentory Raynet RVIA 12.6.4392.49-amd64.deb. Root cause is Argument Injection in an improperly terminated find command used to locate Java, enabling local attackers to execute arbitrary code via commands injected through getconfig, upload, or oracle options (and inventory...

7.8CVSS5.9AI score0.00826EPSS
Exploits2References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/04/23 7:57 a.m.8 views

Multiple vulnerabilities in LogonTracer

Overview LogonTracer provided by Japan Computer Emergency Response Team Coordination Center JPCERT/CC is a tool to investigate malicious Windows logons by visualizing and analyzing Windows event logs. LogonTracer contains multiple vulnerabilities listed below. OS command injection CWE-78 -...

8.8CVSS5.7AI score0.01213EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/03 8:13 p.m.14 views

CVE-2026-35559 Out-of-bounds write in query processing components in Amazon Athena ODBC driver

Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations. To remediate this issue, users should upgrade to version 2.1.0...

7.1CVSS0.00271EPSS
Exploits0References6
CVE
CVE
added 2026/03/18 10:0 p.m.14 views

CVE-2026-32730

CVE-2026-32730 affects ApostropheCMS: the bearer token authentication flow can bypass MFA/TOTP if a password-verification token (incompleteToken) is used as a bearer token. The root cause is a MongoDB query bug in the getBearer() logic: it checks for requirementsToVerify with $ne: [] (not equal t...

8.1CVSS5.8AI score0.00362EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/03/18 7:48 p.m.5 views

EUVD-2026-12975

ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware...

8.1CVSS5.8AI score0.00362EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.8 views

MiracleLinux 9 : aardvark-dns-1.14.0-1.el9 (AXSA:2025-10147:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10147:01 advisory. containers/aardvark-dns: TCP Query Handling Flaw in Aardvark-dns Leading to Denial of Service CVE-2024-8418 Tenable has extracted the preceding description...

7.5CVSS7.3AI score0.00759EPSS
Exploits1References2
NVD
NVD
added 2025/11/17 5:15 p.m.5 views

CVE-2024-44648

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adminremark parameters in quote-details.php...

6.5CVSS0.0021EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-7604

Malware in sbrugna...

7.8CVSS7.6AI score0.0383EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2025/10/04 12:11 a.m.11 views

aardvark-dns security update

An update is available for aardvark-dns. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Authoritative DNS server for A/AAAA container records Forwards other...

7.5CVSS6.6AI score0.00759EPSS
Exploits1
OSV
OSV
added 2025/10/04 12:11 a.m.5 views

RLSA-2025:7094 Moderate: aardvark-dns security update

Authoritative DNS server for A/AAAA container records Forwards other request to configured resolvers. Read more about configuration in src/backend/mod.rs. Security Fixes: containers/aardvark-dns: TCP Query Handling Flaw in Aardvark-dns Leading to Denial of Service CVE-2024-8418 For more details...

7.5CVSS7.2AI score0.00759EPSS
Exploits1References2
CVE
CVE
added 2025/08/08 6:10 p.m.35 views

CVE-2012-10047

CVE-2012-10047 concerns Cyclope Employee Surveillance Solution, version 6.x. A SQL injection flaw in the login flow (auth-login) arises because the username parameter is not properly sanitized, enabling an attacker to inject arbitrary SQL. According to connected documents, this can be leveraged t...

10CVSS6.9AI score0.00865EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2025/08/05 12:0 a.m.7 views

The vulnerability in the WeGIA web manager’s script /html/funcionario/dependente_editarInfoPessoal.php allows a perpetrator to disclose confidential information, increase their privileges, or execute arbitrary code.

The vulnerability of the WeGIA web manager’s script /html/funcionario/dependenteeditarInfoPessoal.php is related to the lack of protection for the SQL query structure during the processing of the parameter idatendidofamiliares. Exploiting this vulnerability can allow an attacker to disclose...

9.9CVSS5.8AI score0.00458EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.6 views

The vulnerability of the ExportCertificate method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the ExportCertificate method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allo...

9CVSS6.1AI score0.00335EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.6 views

The vulnerability of the LockUser method in software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the LockUser method in software for managing and monitoring removed objects in telemetry and telemechanics systems related to the TeleControl Server Basic is associated with the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a...

9CVSS6.1AI score0.00604EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 11:6 p.m.11 views

CVE-2022-34872

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of ...

6.5CVSS6.4AI score0.01766EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/05/13 12:0 a.m.23 views

RHEL 9 : aardvark-dns (RHSA-2025:7094)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:7094 advisory. Authoritative DNS server for A/AAAA container records Forwards other request to configured resolvers. Read more about configuration in...

7.5CVSS7.3AI score0.00759EPSS
Exploits1References7
OSV
OSV
added 2025/05/13 12:0 a.m.5 views

ALSA-2025:7094 Moderate: aardvark-dns security update

Authoritative DNS server for A/AAAA container records Forwards other request to configured resolvers. Read more about configuration in src/backend/mod.rs. Security Fixes: containers/aardvark-dns: TCP Query Handling Flaw in Aardvark-dns Leading to Denial of Service CVE-2024-8418 For more details...

7.5CVSS7.3AI score0.00759EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2025/04/14 12:0 a.m.5 views

The vulnerability of the graphical interface of the Fortinet FortiPorta security analysis and management tool allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Fortinet FortiPortal graphical interface for security analysis and management lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to gain unauthorized access to protected information by...

4.3CVSS5.6AI score0.00359EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder