Lucene search
K

121628 matches found

EUVD
EUVD
added 2026/04/24 12:31 a.m.8 views

EUVD-2026-25304

Server-side request forgery ssrf in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network...

8.6CVSS5.8AI score0.00566EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/24 12:31 a.m.7 views

EUVD-2026-25312

Server-side request forgery ssrf in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network...

10CVSS5.8AI score0.00511EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/24 12:14 a.m.7 views

EUVD-2026-25366

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

4.9CVSS5.8AI score0.00282EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/24 12:14 a.m.5 views

CVE-2026-31955

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

4.9CVSS5.8AI score0.00282EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

LangChain 代码问题漏洞

LangChain is an open-source framework developed by LangChain for creating applications powered by large language models LLMs. Versions of LangChain prior to 1.1.14 contained code vulnerabilities. These vulnerabilities stemmed from the urltosize helper function in langchain-openai, which, after...

3.1CVSS5.8AI score0.00158EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.5 views

openSUSE 16 Security Update : tomcat10 (openSUSE-SU-2026:20612-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20612-1 advisory. - Update to Tomcat 10.1.54 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open...

9.1CVSS5.6AI score0.15831EPSS
Exploits6References31
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.11 views

openSUSE 16 Security Update : tomcat (openSUSE-SU-2026:20611-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20611-1 advisory. - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. -...

9.1CVSS5.6AI score0.15831EPSS
Exploits6References31
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.5 views

PT-2026-35031

Name of the Vulnerable Software and Affected Versions Dgraph versions prior to 25.3.3 Description An issue exists in Dgraph that allows an unauthenticated attacker to gain full read access to all data in the database. This occurs in the default configuration where Access Control Lists ACL are...

9.1CVSS5.3AI score0.00424EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the hwmon powerz code. This vulnerability allows for the reuse of USB devices after they are...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of verification of endpoint indices in the standard request processing routine, potentially...

5.5CVSS5.8AI score0.00125EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the smbdirectsendbatch process. In this process, requests may not be signaled with IBSENDSIGNALED...

9.8CVSS5.8AI score0.00442EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.9 views

PT-2026-35057

Name of the Vulnerable Software and Affected Versions Skim affected versions not specified Description The generate-files job in the '.github/workflows/pr.yml' file checks out code from an attacker-controlled fork and executes it via the cargo run command. This process allows access to the SKIM R...

7.4CVSS5.3AI score0.00281EPSS
Exploits1References11
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.8 views

skim 代码注入漏洞

Skim is a fuzzy search and rapid file location tool developed by skim-rs. Skim has a code injection vulnerability, which stems from the generate-files task in pr.yml checking and executing forked code controlled by the attacker, potentially leading to key leakage. The following versions are...

7.4CVSS5.9AI score0.00281EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/24 12:0 a.m.4 views

EUVD-2025-209575

A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API requests. Changing a captured POST request to a GET request against the /rest/v1/course PostgREST...

6.5CVSS5.2AI score0.00212EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.8 views

PT-2026-34853

CVE-2026-1949 Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service. https://t.co/NRUjOzyfyB...

9.8CVSS5.4AI score0.00611EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.9 views

PT-2026-37169

Name of the Vulnerable Software and Affected Versions Lemmy versions prior to 0.19.18 Description An authenticated low-privileged user can trigger server-side HTTP requests toward internal services. This occurs when a user creates a link post in a public community via the "POST /api/v3/post"...

6.3CVSS5.8AI score0.00184EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.8 views

ClassroomIO.com 访问控制错误漏洞

ClassroomIO.com is an educational platform developed by ClassroomIO as open source. Version 0.1.13 of ClassroomIO.com contains a vulnerability related to access control. This vulnerability arises from ineffective access control, allowing low-privilege student users who are authenticated to access...

6.5CVSS5.8AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.7 views

SenseLive X3050 跨站请求伪造漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a cross-site request forgeing vulnerability. This vulnerability arises from the lack of protection against cross-site request forgeing in the w...

8.4CVSS5.7AI score0.00162EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.11 views

Press 跨站请求伪造漏洞

Press is a custom application developed by Frappe that runs Frappe Cloud. Press has a cross-site request forgeing vulnerability. This vulnerability stems from the press.api.account.createapisecret endpoint, which is vulnerable to CSRF attacks. This endpoint can be accessed via a GET request and...

8.7CVSS5.7AI score0.00165EPSS
Exploits0References1
CISA KEV Catalog
CISA KEV Catalog
added 2026/04/24 12:0 a.m.3 views

D-Link DIR-823X Command Injection Vulnerability

D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/setprohibiting via the corresponding function. The impacted product could be end-of-life EoL and/or end-of-service EoS...

7.2CVSS8.9AI score0.87239EPSS
In wildExploits1
Rows per page
Query Builder