Lucene search
K

994 matches found

OSV
OSV
added 2026/02/21 7:18 a.m.6 views

CVE-2026-27467 BigBlueButton: Audio from participants to the server initially unmuted

BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. Media is discarded at the server side, so it isn't audible to any participants, but this may allo...

2CVSS5.5AI score0.00174EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/21 12:0 a.m.5 views

PT-2026-21365

BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. Media is discarded at the server side, so it isn't audible to any participants, but this may allo...

2CVSS5.5AI score0.00174EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/14 7:22 p.m.11 views

CVE-2026-25964

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import permissions to read arbitrary files on the server. This...

4.9CVSS5.8AI score0.0042EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2026/02/13 3:31 a.m.8 views

Cloudflare Agents is Vulnerable to Reflected Cross-Site Scripting in the AI Playground's OAuth callback handler

Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...

6.2CVSS5.9AI score0.00371EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/02/10 8:18 p.m.18 views

CVE-2026-1495

CVE-2026-1495 concerns an information-insertion vulnerability in AVEVA PI to CONNECT Agent. The CVE describes that an attacker with Event Log Reader privileges (S-1-5-32-573) can access proxy details, including the proxy URL and credentials, from the PI to CONNECT event log files. This could enab...

6.5CVSS5.5AI score0.00112EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/01/26 12:30 p.m.11 views

Apache Continuum vulnerable to Command Injection through Installations REST API

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the Installations REST API can use this to invoke arbitrary commands on the...

9.9CVSS5.9AI score0.03732EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/01/22 3:15 a.m.7 views

CVE-2026-24002

Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...

9.6CVSS0.005EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/01/20 11:12 a.m.16 views

Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers

Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment ACME validation logic that made it possible to bypass security controls and access origin servers. "The vulnerability was rooted in how our edge network processed requests destined for the...

6.2AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/01/19 7:42 p.m.5 views

CVE-2026-23846

Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...

9.1CVSS5.4AI score0.00403EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/01/13 11:15 p.m.5 views

CVE-2022-50890

Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the...

8.7CVSS5.8AI score0.00932EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/09 11:29 a.m.6 views

CVE-2021-27509

In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code...

7.5CVSS7AI score0.00972EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.5 views

CVE-2021-22773

A CWE-620: Unverified Password Change vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker...

6.5CVSS6.9AI score0.00833EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:10 a.m.10 views

CVE-2019-11611

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/download.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information...

7.5CVSS6.5AI score0.03869EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:55 a.m.5 views

CVE-2020-12715

RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control...

8.8CVSS7AI score0.01207EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:50 a.m.6 views

CVE-2020-10537

An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 server with a default configuration is running on TCP port 4848. No password is required to access it with the administrator account...

7.8CVSS7AI score0.00339EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:49 a.m.8 views

CVE-2021-22255

SSRF in URL file upload in Baserow 1.1.0 allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address...

7.7CVSS6.5AI score0.01288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:42 a.m.8 views

CVE-1999-0283

The Java Web Server would allow remote users to obtain the source code for CGI programs...

10CVSS7.2AI score0.08852EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/30 12:0 a.m.4 views

FreeBSD : Forgejo -- Symbolic Link (Symlink) Following (963f4e9d-e4d5-11f0-984f-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 963f4e9d-e4d5-11f0-984f-b42e991fc52e advisory. https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md reports:...

9.5CVSS5.6AI score0.00489EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/26 12:29 a.m.6 views

CVE-2025-68937

A flaw was found in Forgejo. This vulnerability allows a remote attacker to write to unintended files and potentially gain server shell access. The flaw occurs due to mishandling of symlink destinations that point outside of the repository when processing template repositories. This could lead to...

9.9CVSS6.7AI score0.00489EPSS
Exploits0References8
NVD
NVD
added 2025/12/26 12:16 a.m.13 views

CVE-2025-68937

Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later...

9.5CVSS0.00489EPSS
Exploits0References6
Rows per page
Query Builder