Lucene search
K

146 matches found

ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-46672

Actual is a local-first personal finance app. Prior to 26.6.0, @actual-app/cli ships a hand-rolled CSV serializer in packages/cli/src/output.ts used whenever the global --format csv option is passed, whose escapeCsv helper only handles RFC 4180 delimiter, quote, and newline escaping and does not...

4.6CVSS6.1AI score0.00017EPSS
Exploits0References5Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 10:23 p.m.7 views

Malicious code in uol-simple-api-futebol (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 962c38ed6ec061ce6a530aeea5a960dfc2b75caec56f7a1bc648f6b6cb655271 The package's only documented function, getJogos default export, unconditionally invokes an internal helper named prepareCacheMatchs which POSTs the...

5.8AI score
Exploits0References3
EUVD
EUVD
added 2026/05/13 12:48 a.m.11 views

EUVD-2026-29878

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...

6.1AI score0.00461EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.9 views

kimai 安全漏洞

Kimai is a web-based, multi-user time tracking application developed by Kimai’s individual developers. Versions of Kimai from 2.27.0 to 2.54.0 contained security vulnerabilities. These vulnerabilities stemmed from the possibility for any ROLEUSER to create tags with formula strings as names using...

6.8CVSS5.8AI score0.0022EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/06 3:27 a.m.45 views

CVE-2026-5753 All-in-One WP Migration Unlimited Extension <= 2.83 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Backup Schedule Creation and Backup File Download

The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmveSchedulesController::save' handler for 'adminpostai1wmscheduleeventsave' not verifying user capabilities before saving...

6.5CVSS0.00266EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/29 3:41 p.m.4 views

EUVD-2026-16715

AVideo: Missing Authorization in Playlist Schedule Creation Allows Cross-User Broadcast Hijacking...

6.3CVSS5.8AI score0.00249EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/29 3:41 p.m.4 views

Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization in the add.json.php process. An attacker can gain unauthorized control over another user's broadcast schedules and execute rebroadcasts as th...

6.3CVSS5.8AI score0.00249EPSS
Exploits1References2
CVE
CVE
added 2026/03/27 4:32 p.m.19 views

CVE-2026-34245

WWBN AVideo is affected by CVE-2026-34245: in versions up to 26.0, the endpoint plugin/PlayLists/View/Playlists_schedules/add.json.php allows any authenticated user with streaming permission to create/modify broadcast schedules for any playlist, regardless of ownership. When a scheduled rebroadca...

6.3CVSS5.9AI score0.00249EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/27 4:32 p.m.21 views

CVE-2026-34245 AVideo's Missing Authorization in Playlist Schedule Creation Allows Cross-User Broadcast Hijacking

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the plugin/PlayLists/View/Playlistsschedules/add.json.php endpoint allows any authenticated user with streaming permission to create or modify broadcast schedules targeting any playlist on the platform, regardless...

6.3CVSS0.00249EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/02/10 12:28 a.m.8 views

FUXA Unauthenticated Remote Arbitrary Scheduler Write

Summary An authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on actions. This vulnerability affects FUXA version 1.2.8 through version 1.2.10. This has been patch...

9.3CVSS5.8AI score0.12047EPSS
Exploits1References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/05 12:7 a.m.17 views

CVE-2025-3653

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device contro...

7.3CVSS6.7AI score0.00216EPSS
Exploits0References1
NVD
NVD
added 2026/01/04 12:15 a.m.7 views

CVE-2025-3653

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device contro...

9.8CVSS0.00216EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/03 11:33 p.m.4 views

CVE-2025-3653 Petlibro Smart Pet Feeder through 1.7.31 Platform Improper Access Control via API endpoint

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device contro...

7.3CVSS6.4AI score0.00216EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2025/12/03 12:0 a.m.158 views

RosarioSIS 6.7.2 - Cross-Site Scripting (XSS)

Exploit Title: RosarioSIS 6.7.2 - Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis Software Link: https://gitlab.com/francoisjacquet/rosariosis Version: 6.7.2 Tested on: Windows CVE : CVE-2020-15718 Proof Of Concep...

6.1CVSS6.3AI score0.06325EPSS
Exploits2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-3568

Malware in sbrugna...

7.5CVSS7.5AI score0.00778EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-26251

Malware in sbrugna...

6CVSS5.3AI score0.00984EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-37604

Malicious code in bioql PyPI...

8.8CVSS8.3AI score0.00912EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2021-29305

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.00621EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-36197

Malicious code in bioql PyPI...

8.8CVSS8.3AI score0.00973EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-35834

Malicious code in bioql PyPI...

4.8CVSS5AI score0.00771EPSS
Exploits0References2
Rows per page
Query Builder