Lucene search
K

121699 matches found

CNNVD
CNNVD
added 2026/04/22 12:0 a.m.8 views

Jellystat SQL注入漏洞

Jellystat is a free and open-source statistical application developed by Thegan Govender as an individual project. Versions of Jellystat prior to 1.1.10 contained a SQL injection vulnerability. This vulnerability stemmed from multiple API endpoints that constructed queries by directly inserting...

9.1CVSS6.2AI score0.0052EPSS
Exploits0References1
CNVD
CNVD
added 2026/04/22 12:0 a.m.4 views

Oracle MySQL Server InnoDB Denial of Service Vulnerability (CNVD-2026-18432)

Oracle MySQL Server is an open source relational database management system with an InnoDB component that provides transaction-safe storage engine functionality. A denial of service vulnerability exists in Oracle MySQL Server. The vulnerability stems from the InnoDB component failing to properly...

4.9CVSS7.4AI score0.00242EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of hcireqsynclock protection in the btintelhwerror function within the btintel driver...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.13 views

PT-2026-37157

Name of the Vulnerable Software and Affected Versions Flarum versions prior to 1.8.16 Flarum versions prior to 2.0.0-rc.1 Description An authenticated administrator can inject an arbitrary @import directive into the compiled forum.css file. This occurs because settings registered as LESS config...

4.9CVSS5.9AI score0.00404EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 1.4.3 contained security vulnerabilities. These vulnerabilities stemmed from the HTTPUEContextTransfer handler’s lack of a default scenario in the Content-Type switch statement. When a...

6.9CVSS5.8AI score0.00282EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

Squidex 代码问题漏洞

Squidex is an open-source content management system developed by Squidex. Versions of Squidex prior to 7.23.0 had code vulnerabilities. These vulnerabilities were caused by a server-side request forgeing issue, allowing users with asset upload permissions to force the server to obtain arbitrary...

8.6CVSS6AI score0.00215EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/04/22 12:0 a.m.115 views

📄 Eclipse Che WebSocket Machine-Exec Remote Code Execution

This Python script is a WebSocket-based client designed to interact with an Eclipse Che / DevSpaces machine-exec service and test for an unauthenticated remote code execution vulnerability...

9CVSS6.4AI score0.01164EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34291

The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. The delete term function, which handles the 'tpmcattt delete term' AJAX action, does not perform any capability check e.g., current user can to verify...

4.3CVSS5.8AI score0.00245EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34569

WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url schema field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network...

8.5CVSS6AI score0.00236EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.9 views

PT-2026-34378

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the media mc and v4l2 components where MEDIA REQUEST IOC REINIT can run concurrently with VIDIOC REQBUFS0 queue teardown paths. This concurrency can cause...

8.8CVSS5.3AI score0.93235EPSS
Exploits31References306
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.8 views

GitLab CE/EE 跨站请求伪造漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.9.6, 18.10.4, and 18.11.1 had a...

8.1CVSS5.8AI score0.00178EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.9 views

PT-2026-34284

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rd ic settings page function when processing settings form submissions. This makes it possible for unauthenticated...

6.1CVSS5.7AI score0.00243EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34275

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds write exists in ksmbd when processing compound requests, such as READ combined with QUERY INFOSecurity. If the initial command consumes most of the response buffer, ksmb...

8.8CVSS5.9AI score0.00507EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34414

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A circular locking dependency exists in the NFC NCI component. The nci close device function flushes rx wq and tx wq while holding the req lock mutex. This creates a conflict because nci...

5.5CVSS5.8AI score0.00095EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34320

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

5.3CVSS5.8AI score0.00606EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.9 views

PT-2026-34445

An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it...

7.4CVSS5.8AI score0.00383EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34286

Name of the Vulnerable Software and Affected Versions Call To Action Plugin versions prior to 3.1.4 Description The plugin is susceptible to Cross-Site Request Forgery due to missing nonce validation in the cbox options page function, which manages the saving, creation, and deletion of plugin...

4.3CVSS5.7AI score0.00208EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2026/04/22 12:0 a.m.3 views

CVE-2026-31192

Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.76.0 allows attackers to obtain sensitive user data via a crafted request...

5.8AI score0.00281EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the concurrent execution of MEDIAGRANT and VIDIOCREQBUFS, potentially leading to reuse after...

7.8CVSS6AI score0.00126EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/04/22 12:0 a.m.31 views

VulnCheck KEV: CVE-2026-33626

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating...

7.5CVSS5.9AI score0.4525EPSS
In wildExploits2References2
Rows per page
Query Builder