Lucene search
K

3866 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/06 12:32 p.m.8 views

CVE-2026-2054

A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the publi...

6.9CVSS5.2AI score0.00907EPSS
Exploits1References6Affected Software2
EUVD
EUVD
added 2026/02/06 12:32 p.m.8 views

EUVD-2026-5663

A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the publi...

6.9CVSS5.5AI score0.00907EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.6 views

PT-2026-6721

Name of the Vulnerable Software and Affected Versions D-Link DIR-605L version 2.06B01 D-Link DIR-619L version 2.06B01 D-Link DIR-605L version 2.13B01 D-Link DIR-619L version 2.13B01 Description A security issue exists in D-Link DIR-605L and DIR-619L. The issue resides in an unknown function withi...

6.9CVSS5.2AI score0.00907EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.8 views

D-Link DIR-605L 访问控制错误漏洞

The D-Link DIR-605L is a wireless router produced by D-Link Corporation. The D-Link DIR-605L versions 2.06B01/2.13B01 and DIR-619L versions 2.06B01/2.13B01 have a vulnerability related to access control. This vulnerability stems from incorrect operations on the Wifi Setting Handler component, whi...

7.5CVSS6.1AI score0.00907EPSS
Exploits1References6
OSV
OSV
added 2026/02/05 5:16 p.m.5 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References2
CVE
CVE
added 2026/02/05 4:13 p.m.13 views

CVE-2020-37132

CVE-2020-37132 affects UltraVNC Launcher 1.2.4.0. The vulnerability is a denial-of-service condition in the password configuration properties: a local attacker can crash the launcher by entering an overly long 300-character string as a password. The issue is described in multiple connected source...

6.7CVSS5.4AI score0.00229EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/05 12:0 a.m.26 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

0.00177EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.5 views

EPSON WF-2861 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2018-18959)

An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then the device no longe...

7.5CVSS7.2AI score0.01173EPSS
Exploits1References2
CVE
CVE
added 2026/02/04 9:14 a.m.14 views

CVE-2026-1622

Neo4j Enterprise and Community editions prior to 2026.01.3 and 5.26.21 are affected by CVE-2026-1622. The vulnerability stems from the obfuscate_literals setting in query logs failing to redact error information, allowing a user with access to local log files to view unredacted data when queries ...

4.8CVSS5.5AI score0.00144EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/02/03 5:39 a.m.7 views

Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox

Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative artificial intelligence GenAI features. "It provides a single place to block current and future generative AI features in Firefox," Ajit Varma, head of...

5.7AI score
Exploits0
OSV
OSV
added 2026/02/02 8:42 a.m.4 views

BIT-DISCOURSE-2026-21865 Discourse topic conversion permission vulnerability for moderators

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can convert some personal messages to public topics when they shouldn't have access. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a...

6.5CVSS5.3AI score0.00222EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.7 views

Innomic VibroLine Series 访问控制错误漏洞

The Innomic VibroLine Series is a professional vibration measurement and analysis system developed by the German company Innomic. The Innomic VibroLine Series has a access control vulnerability, where unverified remote attackers can obtain full access to affected devices. This occurs because thes...

9.8CVSS5.9AI score0.00527EPSS
Exploits0References2
OSV
OSV
added 2026/01/30 12:15 a.m.3 views

CVE-2026-1638

A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp results in command injection. The attack can be executed remotely. The exploit has been released to...

8.8CVSS5.7AI score0.02027EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/29 9:21 p.m.9 views

CVE-2026-24742

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/28 8:11 p.m.6 views

CVE-2026-24742

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/28 8:11 p.m.29 views

CVE-2026-24742 Discourse staff action logs expose sensitive information to moderators

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...

6.5CVSS0.00255EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/28 8:11 p.m.7 views

EUVD-2026-4869

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 8:11 p.m.5 views

CVE-2026-24742 Discourse staff action logs expose sensitive information to moderators

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/28 7:17 p.m.29 views

CVE-2025-68933 Discourse non-admin moderators can exfiltrate private content via post ownership transfer

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators with the moderatorschangepostownership setting enabled can change ownership of posts in private messages and restricted categories they cannot access, then export...

6.9CVSS0.00135EPSS
Exploits0References1
CVE
CVE
added 2026/01/28 7:17 p.m.15 views

CVE-2025-68933

CVE-2025-68933 (Discourse) is a broken access control vulnerability affecting Discourse versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. Non-admin moderators with the moderators_change_post_ownership setting enabled can change ownership of posts in private messages and restricted cate...

6.9CVSS5.8AI score0.00135EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder