Lucene search
+L

1706 matches found

SUSE CVE
SUSE CVE
added 2026/05/21 2:55 a.m.14 views

SUSE CVE-2023-20593

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information...

6.2CVSS6.7AI score0.05794EPSS
Exploits1References63
Cvelist
Cvelist
added 2026/05/13 7:4 p.m.33 views

CVE-2026-0242 Trust Protection Foundation: SQL Injection Vulnerability

A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full...

8.6CVSS0.00248EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 6:30 p.m.13 views

EUVD-2026-29896

Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...

7.2CVSS6AI score0.00375EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 3:16 a.m.7 views

CVE-2026-6888

Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...

7.2CVSS6AI score0.00375EPSS
Exploits0References2Affected Software8
NVD
NVD
added 2026/05/12 6:16 p.m.15 views

CVE-2025-46311

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitive user data...

7.5CVSS0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 2:20 a.m.14 views

CVE-2026-34260 SQL injection vulnerability in SAP S/4HANA (SAP Enterprise Search for ABAP)

SAP S/4HANA SAP Enterprise Search for ABAP contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the...

9.6CVSS5.9AI score0.00466EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 9:31 p.m.10 views

EUVD-2026-29289

A race condition was addressed with additional validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to access sensitive user data...

5.8AI score0.00108EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/11 9:31 p.m.11 views

EUVD-2026-29268

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data...

5.8AI score0.00325EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/11 9:31 p.m.12 views

EUVD-2026-29213

An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data...

5.8AI score0.00112EPSS
Exploits0References2
CVE
CVE
added 2026/05/06 4:15 p.m.29 views

CVE-2026-20193

Cisco Identity Services Engine (ISE) is affected by CVE-2026-20193 due to improper RBAC on the RADIUS Policy API endpoints. An authenticated, remote attacker with read-only Administrator privileges could bypass the web UI and call an affected endpoint to gain unauthorized read access to sensitive...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/27 4:16 p.m.3 views

CVE-2026-41462

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username...

9.8CVSS0.00558EPSS
Exploits2References4
Snyk
Snyk
added 2026/04/20 7:30 p.m.17 views

Permissive Cross-domain Policy with Untrusted Domains

Overview copilot-api is a Turn GitHub Copilot into OpenAI/Anthropic API compatible server. Usable with Claude Code! Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the CORS policy combined with the unauthenticated /token endpoint. An...

7.5CVSS5.8AI score0.00182EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/20 12:0 a.m.9 views

CVE-2026-39110

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page forgot-password.php. This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve...

8.2CVSS5.8AI score0.00295EPSS
Exploits0References4
NCSC
NCSC
added 2026/04/15 8:53 a.m.12 views

Vulnerabilities in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges -...

9.8CVSS7.2AI score0.64095EPSS
Exploits15
EUVD
EUVD
added 2026/04/15 12:31 a.m.6 views

EUVD-2026-22794

Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to access sensitive files or data on the system. Exploitation of this issue requires user interactio...

6.3CVSS5.9AI score0.00155EPSS
Exploits0References2
CVE
CVE
added 2026/04/15 12:0 a.m.27 views

CVE-2026-30615

CVE-2026-30615 affects Windsurf 1.9544.26. The connected sources describe a prompt-injection vulnerability that occurs when Windsurf processes attacker-controlled HTML content, enabling remote command execution and manipulation of the local MCP configuration, including automatic registration of a...

8CVSS6.3AI score0.0026EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/14 4:14 p.m.9 views

SQL Injection

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to SQL Injection via the rottenlead parameter in the...

7.1CVSS5.9AI score0.00191EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.8 views

SAMSUNG Mobile devices 安全漏洞

Samsung Mobile devices are a series of mobile devices produced by South Korea’s Samsung Corporation, including smartphones and tablets. There are security vulnerabilities in Samsung Mobile Devices, which stem from the leakage of sensitive information. This vulnerability may allow neighboring...

6.5CVSS5.8AI score0.00163EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/09 6:57 p.m.3 views

CVE-2026-35556 Plaintext storage of a password in OpenPLC_V3

OpenPLCV3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information...

9.2CVSS5.8AI score0.00297EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 6:57 p.m.4 views

CVE-2026-35556

OpenPLCV3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information...

9.2CVSS5.9AI score0.00297EPSS
Exploits0References2
Rows per page
Query Builder