Lucene search
K

89025 matches found

CVE
CVE
added yesterday8 views

CVE-2026-15605

A security vulnerability has been detected in wandb 0.25.2.dev1. Affected is the function ArtifactManifestEntry.download in the library wandb/sdk/lib/hashutil.py of the component Artifact Integrity Validation. The manipulation leads to use of weak hash. The attack may be initiated remotely. A hig...

3.1CVSS5.5AI score
Exploits0References7
CVE
CVE
added yesterday4 views

CVE-2026-15594

A vulnerability was found in waooAI waoowaoo up to 0.4.1. Impacted is the function stablePublicIdFromStorageKey in the library src/lib/media/hash.ts of the component Media Handler. The manipulation of the argument storageKey results in improper authorization. The attack may be performed from...

6.3CVSS5.5AI score
Exploits0References6
RedHat Linux
RedHat Linux
added yesterday3 views

gimp: GIMP: Arbitrary code execution via heap-based buffer overflow in HDR file parsing

A flaw was found in GIMP. This vulnerability, a heap-based buffer overflow, occurs during the parsing of HDR High Dynamic Range files due to insufficient validation of user-supplied data length. A remote attacker could exploit this by convincing a user to open a specially crafted malicious file,...

7.8CVSS7.3AI score0.00552EPSS
Exploits0References6
NVD
NVD
added yesterday7 views

CVE-2026-15541

A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch...

7.5CVSS0.00316EPSS
Exploits0References7
Cvelist
Cvelist
added yesterday8 views

CVE-2026-15541 will-moss Isaiah Master Websocket server.go Server.Handle authorization

A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch...

7.5CVSS0.00316EPSS
Exploits0References7
CVE
CVE
added yesterday7 views

CVE-2026-15533

CVE-2026-15533 targets DedeCMS 5.7.118. The flaw is in the Column Management module, specifically /plus/search.php, where manipulating the Column Name argument allows code injection. It is exploitable remotely and a public exploit exists. The CVSS-derived assessment in the record indicates MEDIUM...

5.8CVSS5.9AI score0.00248EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday55 views

JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jpyearbuilt leads to cross...

6.1CVSS4.3AI score0.0097EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday173 views

Weaver OA 9.5 - Information Disclosure

A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. id:...

7.5CVSS5.7AI score0.54232EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday94 views

osCommerce v4.0 - Cross-site Scripting

A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. id: CVE-2024-4348 info: name:...

5CVSS4.7AI score0.01828EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday254 views

Weaver E-Office 9.5 - Remote Code Execution

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit h...

9.8CVSS6.4AI score0.32895EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday113 views

SecurEnvoy Two Factor Authentication - LDAP Injection

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the...

9.8CVSS6.1AI score0.03304EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday103 views

Academy LMS 6.2 - Cross-Site Scripting

A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument...

6.1CVSS4.4AI score0.01835EPSS
Exploits4References2
Nuclei
Nuclei
added yesterday38 views

Ellucian Ethos Identity CAS - Cross-Site Scripting

A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. id: CVE-2023-2822...

6.1CVSS4.4AI score0.03301EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday22 views

Landray EKP - Path Traversal

A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sysuicomponent/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to...

6.9CVSS6.2AI score0.05597EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday22 views

Mage AI - Insecure Default Authentication Setup

A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability i...

6.3CVSS5.3AI score0.01045EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday48 views

Bank Locker Management System - Cross-Site Scripting

A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate...

4.8CVSS4.4AI score0.34771EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday91 views

NS-ASG Application Security Gateway 6.3 - Sql Injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The...

9.8CVSS6.5AI score0.17622EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday63 views

Atlassian Jira Confluence - Cross-Site Scripting

Atlassian Jira Confluence before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4, and from version 7.9.0 before version 7.9.2, allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the error messa...

6.1CVSS6.7AI score0.37611EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday39 views

Fortinet FortiWeb - Authentication Bypass to Admin Privilege

A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges o...

8.1CVSS7.1AI score0.09825EPSS
Exploits4References3
EUVD
EUVD
added yesterday6 views

EUVD-2026-43278

A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Name/Username leads to cross site scripting. The attack can be executed remotely. The exploit is...

4.8CVSS4.7AI score0.0021EPSS
Exploits0References6
Rows per page
Query Builder