Lucene search
K

73 matches found

Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.19 views

PT-2026-51208

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description An authentication bypass exists in the SSO Debug Flow component. A remote attacker can manipulate the json.dumps function within the file litellm/proxy/management endpoints/ui sso.py, which...

7.5CVSS7.1AI score0.00508EPSS
Exploits1References13
Redos
Redos
added 2026/06/15 12:0 a.m.6 views

ROS-20260615-73-0021

The vulnerability of the xfAppUpdateWindowFromSurface function in the RDP client FreeRDP relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

9.8CVSS8.3AI score0.00587EPSS
Exploits1
Cvelist
Cvelist
added 2026/05/25 1:0 a.m.35 views

CVE-2026-9412 SourceCodester Indian Invoicing System Backend Endpoint access control

A vulnerability was determined in SourceCodester Indian Invoicing System 1.0. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access controls. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

6.5CVSS0.00201EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/18 12:0 a.m.38 views

CVE-2026-36438

An issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T allows a remote attacker to obtain sensitive information via password reset functionality under /OutsideCmd...

5.3CVSS0.00349EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/20 11:30 a.m.6 views

CVE-2026-6634

A weakness has been identified in usememos memos up to 0.22.1. This affects the function memosaccesstoken of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be...

6.5CVSS6.2AI score0.00252EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/03 4:59 p.m.5 views

CVE-2026-5330

A vulnerability was found in SourceCodester/mayurik Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=deleteuser of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access...

6.9CVSS6.3AI score0.00314EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/15 1:32 p.m.2 views

CVE-2026-4180 D-Link DIR-816 goahead redirect.asp access control

A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impacted element is an unknown function of the file redirect.asp of the component goahead. The manipulation of the argument tokenid leads to improper access controls. The attack may be initiated remotely. The exploit is publicly...

7.5CVSS5.5AI score0.01357EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.3 views

PT-2026-25568

A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function...

7.5CVSS5.4AI score0.0077EPSS
Exploits1References10
EUVD
EUVD
added 2026/03/07 6:30 p.m.7 views

EUVD-2026-10175

A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high...

3.1CVSS5.4AI score0.0027EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/03 7:42 a.m.13 views

CVE-2025-15597

A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS5.5AI score0.0055EPSS
Exploits1References1
CVE
CVE
added 2026/02/22 8:32 a.m.19 views

CVE-2026-2938

The CVE-2026-2938 entry relates to SourceCodester Student Result Management System 1.0, affecting the file /srms/script/admin/core/update_smtp.php. The root cause is an unspecified function allowing improper access controls, enabling remote initiation of an attack. Public exploit disclosure is no...

7.5CVSS6.8AI score0.00567EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.4 views

CVE-2026-2667

A vulnerability has been found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. The impacted element is an unknown function of the file /dispatch/api?cmd=userinfo. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit h...

6.9CVSS5.2AI score0.00553EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/18 8:32 p.m.2 views

CVE-2026-2668 Rongzhitong Visual Integrated Command and Dispatch Platform User add access control

A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handler. The manipulation results in improper access controls. The attack may be launched remotely. The...

7.5CVSS5.2AI score0.00469EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/01 12:0 a.m.12 views

PT-2026-5586

A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be launched remotely. The...

6.9CVSS5.6AI score0.00474EPSS
Exploits1References6
OSV
OSV
added 2026/01/17 8:15 p.m.5 views

CVE-2026-1062

A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

9.8CVSS5.5AI score0.00365EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/01/02 2:55 p.m.3 views

CVE-2025-53591 QTS, QuTS hero

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...

5.1CVSS6.5AI score0.00285EPSS
Exploits0References1
NVD
NVD
added 2025/12/26 3:15 a.m.7 views

CVE-2025-15097

A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used...

7.5CVSS0.00542EPSS
Exploits0References6
CVE
CVE
added 2025/12/15 2:2 a.m.9 views

CVE-2025-14697

CVE-2025-14697 affects Shenzhen Sixun Software Sixun Shanghui Group Business Management System (v4.10.24.3). The vulnerability targets an accessible component under the file path /ExportFiles/ where manipulation can cause files or directories to be accessible. It is described as exploitable remot...

6.3CVSS6.1AI score0.00274EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/11 12:6 p.m.9 views

Security Bulletin: IBM Sterling Transformation Extender is affected by multiple IBM Semeru Java 17 vulnerabilities

Summary IBM Sterling Transformation Extender uses IBM Semeru Runtime Certified Edition, Version 17 and is affected by multiple vulnerabilities CVE-2025-53057, CVE-2025-53066, CVE-2025-50059, CVE-2025-50106, CVE-2025-30749, CVE-2025-30761 and CVE-2025-30754. Vulnerability Details...

8.6CVSS6.8AI score0.01058EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-5459

Malware in sbrugna...

7.5CVSS6.4AI score0.01839EPSS
Exploits1References7
Rows per page
Query Builder