Lucene search
K

121692 matches found

Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29509

Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...

6.9CVSS6AI score0.00195EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.5 views

IBM Verify Identity Access Container和IBM Verify Identity Access 环境问题漏洞

IBM Verify Identity Access Container and IBM Verify Identity Access are products of IBM Corporation. IBM Verify Identity Access Container is a containerized software that provides authentication and authorization functions for applications. IBM Verify Identity Access is an enterprise-level securi...

5.3CVSS5.9AI score0.00371EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.6 views

Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2026-1526)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1526 advisory. Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 request...

9.8CVSS7.1AI score0.0115EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.8 views

Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2026-1525)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1525 advisory. Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 request...

9.8CVSS7.2AI score0.0115EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.5 views

IBM DataPower Gateway 跨站请求伪造漏洞

IBM DataPower Gateway is an enterprise-grade application security gateway that provides API management and traffic control capabilities. A cross-site request forgery vulnerability exists in IBM DataPower Gateway. The vulnerability arises because the system fails to effectively validate the source...

8.8CVSS5.7AI score0.00167EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29536

Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via a crafted login request...

5.9AI score0.0026EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.7 views

PT-2026-29669

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.1 Description phpMyFAQ is susceptible to arbitrary file deletion due to missing path traversal validation and CSRF token verification in the MediaBrowserController::index method. Specifically, when the fileRemove...

8.7CVSS6AI score0.00693EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.5 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server from 2026.1.1 to 2026.1.11, as well as those from 2025.3.1 to 2025.3.17, have security...

4.3CVSS6AI score0.00162EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29539

Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-enforced restrictions and remove their own multi-factor authentication MFA configuration via a crafted request. This issue affects Server: from 2026.1.6 through 2026.1.11...

5.9AI score0.00194EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.7 views

Frostmourne 代码问题漏洞

Frostmourne is a multi-data-source monitoring and alert system developed by AutohomeCorp. Versions of Frostmourne 1.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect operations on the file...

6.5CVSS6.7AI score0.00201EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.6 views

PT-2026-29663

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, in src/endpoints/search.js, the hostname is checked against /^d+.d+.d+.d+$/. This only...

5CVSS5.8AI score0.00213EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29548

A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request...

9.8CVSS6.2AI score0.01531EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2026/04/01 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-14437

The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials...

7.5CVSS5.8AI score0.01986EPSS
In wildExploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.3 views

PT-2026-29619

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive...

5.3CVSS5.9AI score0.00371EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/04/01 12:0 a.m.11 views

VulnCheck KEV: CVE-2022-3254

The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection...

9.8CVSS5.9AI score0.05103EPSS
In wildExploits2References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29549

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attack...

6.1CVSS6.2AI score0.00242EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29540

Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request. This issue affects Server: from 2026.1.6 through 2026.1.11...

5.9AI score0.00224EPSS
Exploits0References2
CVE
CVE
added 2026/04/01 12:0 a.m.8 views

CVE-2024-43028

CVE-2024-43028 is a reported command-injection vulnerability in the Jeecg Boot platform, affecting the /jmreport/show component from v3.0.0 to v3.5.3. The issue allows an attacker to execute arbitrary code via a crafted HTTP request, with network access (no authentication) required. The CVSS v3.1...

9.8CVSS6.2AI score0.01531EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:11 p.m.5 views

Admidio has Missing CSRF Protection on Registration Approval Actions

Summary The createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which correctly validates the token, these three approval actions read thei...

7.3CVSS6AI score0.00169EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/31 11:11 p.m.3 views

GHSA-PH84-R98X-2J22 Admidio has Missing CSRF Protection on Registration Approval Actions

Summary The createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which correctly validates the token, these three approval actions read thei...

4.5CVSS6AI score0.00169EPSS
Exploits1References4
Rows per page
Query Builder