Lucene search
K

28055 matches found

OSV
OSV
added 2026/02/06 6:23 p.m.6 views

GHSA-4HC4-8599-XH2H OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service

Summary Critical Time-Based Blind SQL Injection vulnerability affecting multiple search modules in OpenSTAManager v2.9.8 allows authenticated attackers to extract sensitive database contents including password hashes, customer data, and financial records through time-based Boolean inference attac...

8.7CVSS6.1AI score0.00366EPSS
Exploits3References3
Snyk
Snyk
added 2026/02/06 6:23 p.m.5 views

SQL Injection

Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the term parameter in the global search functionality. An attacker can extract sensitive database contents, including...

8.8CVSS6.1AI score0.00366EPSS
Exploits3References2
Snyk
Snyk
added 2026/02/06 6:19 p.m.5 views

SQL Injection

Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the idarticolo parameter in the article pricing module's completion handler. An attacker can extract sensitive databa...

9.9CVSS6.1AI score0.00366EPSS
Exploits3References2
Snyk
Snyk
added 2026/02/06 6:6 p.m.5 views

SQL Injection

Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the idanagrafica parameter in the init.php file. An attacker can extract sensitive database information, including...

8.8CVSS6.1AI score0.00354EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2026/02/06 1:30 p.m.6 views

CVE-2025-10258

Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may result in leaking of sensitive information...

6.3CVSS5.6AI score0.00251EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/06 5:47 a.m.5 views

CVE-2026-0598

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

4.2CVSS5.3AI score0.00222EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.6 views

CVE-2023-38010

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...

7.5CVSS5.2AI score0.00292EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.8 views

PT-2026-6676

Name of the Vulnerable Software and Affected Versions Ansible Lightspeed affected versions not specified Description The Ansible Lightspeed API conversation endpoints, which manage AI chat interactions, do not adequately confirm if a conversation identifier corresponds to the authenticated user...

4.2CVSS5.4AI score0.00222EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.7 views

DeepAudit 安全漏洞

DeepAudit is an automated vulnerability auditing tool developed by lintsinghua’s individual developers. Versions of DeepAudit 3.0.4 and earlier contain security vulnerabilities. These vulnerabilities stem from improper access control on the /api/v1/users endpoint, which may allow any authenticate...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.4 views

PT-2026-6848

Summary Critical Time-Based Blind SQL Injection vulnerability affecting multiple search modules in OpenSTAManager v2.9.8 allows authenticated attackers to extract sensitive database contents including password hashes, customer data, and financial records through time-based Boolean inference attac...

8.7CVSS6.4AI score
Exploits0References3
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.6 views

Red Hat Ansible Automation Platform 2 安全漏洞

Red Hat Ansible Automation Platform 2 is software developed by Red Hat Inc. It is used for building, deploying, and managing automation processes. There is a security vulnerability in Red Hat Ansible Automation Platform 2. This vulnerability stems from the dialogue endpoints that handle AI chat...

4.2CVSS5.8AI score0.00222EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/05 9:57 p.m.9 views

Sliver Vulnerable to Website Path Traversal / Arbitrary File Read (Authenticated)

Summary A Path Traversal vulnerability in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated Path Traversal / arbitrary file read issue, and it can expose credentials, configs, and keys. Affected Component - Websit...

6.5CVSS5.6AI score0.00485EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/05 1:22 p.m.5 views

CVE-2025-15482

The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.3 via 'chapaproceed' WooCommerce API endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including t...

5.3CVSS5.3AI score0.00282EPSS
Exploits0References1
ICS
ICS
added 2026/02/05 7:0 a.m.16 views

Ilevia EVE X1 Server

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary shell commands and the disclosure of sensitive system information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...

8.7CVSS6.2AI score0.008EPSS
Exploits1References13
RedhatCVE
RedhatCVE
added 2026/02/05 1:23 a.m.5 views

CVE-2025-33081

IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user...

5.5CVSS5.3AI score0.00088EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.5 views

Microsoft Azure Functions 信息泄露漏洞

Microsoft Azure Functions is a hosted Platform-as-a-Service PaaS provider from Microsoft Corporation USA that delivers event-driven and scheduled compute resources for Azure cloud services. An information disclosure vulnerability exists in Microsoft Azure Functions, which can be exploited by an...

8.2CVSS5.8AI score0.00842EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.6 views

F5 Networks BIG-IP : BIG-IP Edge Client for Windows vulnerability (K000158931)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / None. It is, therefore, affected by a vulnerability as referenced in the K000158931 advisory. A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain acce...

3.3CVSS5.6AI score0.001EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.5 views

phpMyChat Plus SQL注入漏洞

phpMyChat Plus is a chat room system developed by Ciprianmp. Version 1.98 of phpMyChat Plus contains an SQL injection vulnerability. This vulnerability stems from the pmcusername parameter in the deluser.php page, which may lead to the exposure of sensitive database information...

8.8CVSS5.8AI score0.00383EPSS
Exploits1References3
Redos
Redos
added 2026/02/05 12:0 a.m.4 views

ROS-20260205-73-0001

A vulnerability in the net/can/bcm.c component of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability may allow an attacker to gain access to sensitive data and also cause a denial of service...

7.1CVSS7.2AI score0.00204EPSS
Exploits0
CNVD
CNVD
added 2026/02/05 12:0 a.m.2 views

Google Android Information Disclosure Vulnerability (CNVD-2026-10641)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that stems from a key-pairing-based logic error that can be exploited by an attacker to obtain sensitive information...

7.1CVSS5.7AI score0.06942EPSS
Exploits14References1
Rows per page
Query Builder