Lucene search
+L

147 matches found

NVD
NVD
added 2026/07/02 3:17 p.m.9 views

CVE-2026-56004

A shellcode injection in the mercurial handler of the obs tarscm source service before version 0.12.4 could be used by attackers able to provide a service file to execute code as the source service or the local user checking out the malicious services...

10CVSS0.00375EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 2:54 p.m.7 views

EUVD-2026-41404

A shellcode injection in the mercurial handler of the obs tarscm source service before version 0.12.4 could be used by attackers able to provide a service file to execute code as the source service or the local user checking out the malicious services...

10CVSS5.9AI score0.00375EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 2:54 p.m.36 views

CVE-2026-56004 obs-service-tar_scm: command injection via mercurial handler

A shellcode injection in the mercurial handler of the obs tarscm source service before version 0.12.4 could be used by attackers able to provide a service file to execute code as the source service or the local user checking out the malicious services...

10CVSS0.00375EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:54 p.m.8 views

CVE-2026-56004

A shellcode injection in the mercurial handler of the obs tarscm source service before version 0.12.4 could be used by attackers able to provide a service file to execute code as the source service or the local user checking out the malicious services...

10CVSS5.9AI score0.00375EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 2:54 p.m.5 views

CVE-2026-56004 obs-service-tar_scm: command injection via mercurial handler

A shellcode injection in the mercurial handler of the obs tarscm source service before version 0.12.4 could be used by attackers able to provide a service file to execute code as the source service or the local user checking out the malicious services...

10CVSS6.1AI score0.00375EPSS
Exploits0References4
OSV
OSV
added 2026/06/12 1:59 p.m.10 views

SUSE-SU-2026:2388-1 Security update for qemu

This update for qemu fixes the following issues: Security fixes: - CVE-2026-2243: incorrect bounds check leads to heap out-of-bounds read and a 12-byte information leak when processing specially crafted VMDK files bsc1258509. - CVE-2026-3842: hyperv/syndbg: missing mapped-length guard after...

7.8CVSS7.1AI score0.00117EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.9 views

CVE-2026-7061

A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the component MCP/HTTP. This manipulation causes os command injection. Remote exploitation of the attack is possible. The...

7.5CVSS6.9AI score0.01353EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2026/05/20 12:0 a.m.24 views

oci-utils security update

-- 0.14.0-22 - Rework systemd service file creation. Orabug: 39316494...

5.8AI score
Exploits0
CVE
CVE
added 2026/05/06 12:30 p.m.23 views

CVE-2026-8026

FlowiseAI Flowise up to version 3.0.12 contains a security flaw in the API Response Handler, specifically in the function Login of packages/server/src/enterprise/services/account.service.ts. The manipulation leads to information disclosure and can be exploited remotely. The reported attack comple...

6.3CVSS5.2AI score0.00259EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/26 10:0 p.m.39 views

CVE-2026-7061 Toowiredd chatgpt-mcp-server MCP/HTTP docker.service.ts os command injection

A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the component MCP/HTTP. This manipulation causes os command injection. Remote exploitation of the attack is possible. The...

7.5CVSS0.01353EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/13 3:31 p.m.4 views

EUVD-2026-21968

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/viewservice.php...

2.7CVSS5.9AI score0.0022EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/13 12:0 a.m.3 views

CVE-2026-36947

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/viewservice.php...

5.9AI score0.0022EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/13 12:0 a.m.30 views

CVE-2026-36947

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/viewservice.php...

0.0022EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.9 views

SourceCodester Computer and Mobile Repair Shop Management system 安全漏洞

The SourceCodester Computer and Mobile Repair Shop Management system is a simple PHP project open source by SourceCodester. It provides a website that displays information about the store. This project also manages customers’ repair records; if their devices have been repaired or serviced,...

2.7CVSS5.9AI score0.0022EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-23921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL...

8.7CVSS6.2AI score0.0024EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/21 10:2 p.m.4 views

CVE-2026-4528 trueleaf ApiFlow URL Validation http_proxy.service.ts validateUrlSecurity server-side request forgery

A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/httpproxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Remote exploitation ...

7.5CVSS5.4AI score0.003EPSS
Exploits0References4
OSV
OSV
added 2026/03/05 9:58 p.m.5 views

GHSA-JC5M-WRP2-QQ38 Flowise Vulnerable to PII Disclosure on Unauthenticated Forgot Password Endpoint

Summary The /api/v1/account/forgot-password endpoint returns the full user object including PII id, name, email, status, timestamps in the response body instead of a generic success message. This exposes sensitive user information to unauthenticated attackers who only need to know a valid email...

6.9CVSS5.9AI score0.00328EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.8 views

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from improper input validation in multiple functions of the ProfilingService.java file. These vulnerabilities may lead to persistent...

6.2CVSS5.8AI score0.00094EPSS
Exploits0References2
CVE
CVE
added 2026/02/05 3:7 a.m.22 views

CVE-2025-10314

CVE-2025-10314 concerns Mitsubishi Electric Corporation FREQSHIP-mini for Windows (versions 8.0.0–8.0.2). Affected component is the installation directory’s service executables or DLLs, with root cause described as incorrect default permissions. Local attackers can execute arbitrary code with sys...

8.8CVSS6.1AI score0.00148EPSS
Exploits0References3
OSV
OSV
added 2026/01/19 10:42 a.m.7 views

OPENSUSE-SU-2026:20060-1 Security update for cargo-c

This update for cargo-c fixes the following issues: - CVE-2025-4574: crossbeam-channel: Fixed double-free on drop in Channel::discardallmessages bsc1243179 - CVE-2025-58160: tracing-subscriber: Fixed log pollution bsc1249012 - CVE-2024-12224: idna: Fixed improper validation of Punycode labels...

8.8CVSS5.9AI score0.00484EPSS
Exploits1References6
Rows per page
Query Builder