Lucene search
K

82139 matches found

CVE
CVE
added 2026/04/06 4:0 a.m.8 views

CVE-2026-5620

CVE-2026-5620 affects itsourcecode Construction Management System 1.0. The vulnerable element is an unknown function in the file /borrowed_equip_report.php within the Parameter Handler component. Manipulating the argument Home leads to a SQL injection . It can be exploited remotely, and the explo...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.6 views

itsourcecode Construction Management System SQL注入漏洞

itsourcecode Construction Management System is an open-source construction management system developed by itsourcecode. Version 1.0 of the itsourcecode Construction Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of the parameter “Home” in the...

6.5CVSS6.6AI score0.00204EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.5 views

PT-2026-30635

Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation...

7.8CVSS6AI score0.00098EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.5 views

PT-2026-30728

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the reverse proxy proxy.ts set the Content-Security-Policy-Report-Only header instead of the enforcing Content-Security-Policy header. This means cross-site scripting XSS attacks were logged but not blocked...

5.3CVSS6AI score0.00167EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.6 views

PT-2026-30584

A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some unknown processing. Performing a manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed of the problem...

6.9CVSS5.8AI score0.00489EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.5 views

PT-2026-30571

A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be...

7.5CVSS6.7AI score0.00414EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.13 views

PT-2026-30569

A flaw has been found in assafelovic gpt-researcher up to 3.4.3. The impacted element is an unknown function of the file backend/server/app.py of the component Report API. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been...

5.3CVSS4.3AI score0.00337EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.7 views

PT-2026-30563

A vulnerability has been found in itsourcecode Construction Management System 1.0. Affected is an unknown function of the file /borrowed equip report.php of the component Parameter Handler. The manipulation of the argument Home leads to sql injection. It is possible to initiate the attack remotel...

6.5CVSS5.7AI score0.00204EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-34086

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in Wikimedia Foundation AbuseFilter. This issue affects AbuseFilter: from before 1.43.7, 1.44.4, 1.45.2. CVE-2026-34086 Note that Nessus relies on...

2.1CVSS5.5AI score0.00244EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/04 5:0 p.m.3 views

CVE-2026-27655

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report...

7.3CVSS5.9AI score0.00527EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/04 5:0 p.m.9 views

CVE-2026-3879

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report...

7.3CVSS5.9AI score0.00527EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/04 5:0 p.m.6 views

CVE-2026-28756

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report...

7.3CVSS5.9AI score0.00538EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/04 5:0 p.m.6 views

CVE-2026-4107

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report...

7.3CVSS5.9AI score0.00519EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/04 5:0 p.m.6 views

CVE-2026-4108

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report...

7.3CVSS5.9AI score0.00538EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.8 views

PT-2026-30381

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Versions prior to 0.5.1 have a logic flaw in bashToolHasPermission inside src/tools/BashTool/bashPermissions.ts. When the sandbox auto-allow feature is active and no explicit deny rule is...

8.4CVSS5.8AI score0.00232EPSS
Exploits2References4
EUVD
EUVD
added 2026/04/03 6:31 p.m.3 views

EUVD-2026-18807

A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFEMSGGetSize of the file apps/tolab/fsw/src/tolabpassthruencode.c of the component CCSDS Packet Header Handler. Performing a manipulation results in heap-based buffer overflow. The attacker must have access to the local...

6.3CVSS7AI score0.00374EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/03 6:31 p.m.6 views

EUVD-2026-18805

A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manipulation leads to deserialization. The attack needs to be performed locally. The attack requires a high level of complexity. The exploitability is...

4.5CVSS5AI score0.00223EPSS
Exploits0References6
NVD
NVD
added 2026/04/03 6:16 p.m.3 views

CVE-2026-5475

A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFESBTransmitMsg of the file cfesbpriv.c of the component CCSDS Header Size Handler. Executing a manipulation can lead to memory corruption. The project was informed of the problem early through an issue report but...

5.5CVSS0.00218EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/03 5:15 p.m.3 views

CVE-2026-5475 NASA cFS CCSDS Header Size cfe_sb_priv.c CFE_SB_TransmitMsg memory corruption

A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFESBTransmitMsg of the file cfesbpriv.c of the component CCSDS Header Size Handler. Executing a manipulation can lead to memory corruption. The project was informed of the problem early through an issue report but...

5.5CVSS6AI score0.00218EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/03 4:59 p.m.4 views

CVE-2026-3692

In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that results in unintended commands being executed on the server...

8.8CVSS5.9AI score0.0042EPSS
Exploits0References1
Rows per page
Query Builder