Lucene search
K

3866 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/21 7:36 p.m.4 views

CVE-2025-68139

EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminateconnectiononfailedresponse is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the modul...

4.3CVSS5AI score0.00145EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/21 7:36 p.m.6 views

CVE-2025-68139 In EVerest, by default, the EV is responsible for closing the connection if the module encounters an error during request processing

EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminateconnectiononfailedresponse is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the modul...

4.3CVSS5.3AI score0.00145EPSS
Exploits0References3
OSV
OSV
added 2026/01/21 4:16 p.m.5 views

CVE-2025-70651

Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the formfastsettingwifiset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

7.5CVSS5.9AI score0.00311EPSS
Exploits1References1
OSV
OSV
added 2026/01/21 3:31 p.m.2 views

GHSA-VC2W-4V3P-2MQW Apache Solr: Insufficient file-access checking in standalone core-creation requests

The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...

7.1CVSS5.9AI score0.00654EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.5 views

PT-2026-3852

EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminate connection on failed response is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the...

4.3CVSS5.3AI score0.00145EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.5 views

Everest-core authorization issue vulnerability

Everest-core is a major component of the open-source electric vehicle charging software stack developed by EVerest. Versions of Everest-core prior to 2025.12.1 contained an authorization vulnerability. This vulnerability stemmed from the default configuration of...

4.3CVSS5.7AI score0.00145EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/21 12:0 a.m.7 views

EUVD-2026-3654

Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the formfastsettingwifiset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

7.5CVSS5.6AI score0.00311EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 9 : systemd-250-12.el9.3.ML.1 (AXSA:2023-5194:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5194:06 advisory. systemd: local information leak due to systemd-coredump not respecting fs.suiddumpable kernel setting CVE-2022-4415 systemd: deadlock in...

5.5CVSS8.4AI score0.00867EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/18 2:26 a.m.7 views

CVE-2025-15403

The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'addmenu' function is accessible via the 'rmuserexists' AJAX action and allows arbitrary updates to the 'adminorder' setting. This makes it possible f...

9.8CVSS6.3AI score0.00461EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/17 8:19 a.m.6 views

CVE-2026-20894

Cross-site scripting vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation. If an attacking administrator configures the affected product with some malicious input, an arbitrary script may be executed on the web browser of a victim administrator who accesse...

4.8CVSS6.6AI score0.00202EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/17 2:22 a.m.4 views

EUVD-2026-3164

The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'addmenu' function is accessible via the 'rmuserexists' AJAX action and allows arbitrary updates to the 'adminorder' setting. This makes it possible f...

9.8CVSS5.8AI score0.00461EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2026/01/16 8:16 a.m.2 views

CVE-2026-20894

Cross-site scripting vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation. If an attacking administrator configures the affected product with some malicious input, an arbitrary script may be executed on the web browser of a victim administrator who accesse...

4.8CVSS6.2AI score0.00202EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/15 6:21 a.m.11 views

CVE-2025-15377

The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'adminpagecontent' function. This makes it possible for unauthenticated attackers to update the plugin's settings via...

4.3CVSS5.3AI score0.0014EPSS
Exploits0References1
OSV
OSV
added 2026/01/14 3:7 p.m.3 views

CVE-2025-71137 octeontx2-pf: fix "UBSAN: shift-out-of-bounds error"

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" This patch ensures that the RX ring size rxpending is not set below the permitted length. This avoids UBSAN shift-out-of-bounds errors when users passes small or zero ring size...

7.8CVSS5.2AI score0.00157EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/01/14 5:28 a.m.25 views

CVE-2025-13627 Makesweat <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'makesweat_clubid' Setting

The Makesweat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'makesweatclubid' setting in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level acce...

4.4CVSS0.00211EPSS
Exploits0References6
CVE
CVE
added 2026/01/14 5:28 a.m.17 views

CVE-2025-13627

CVE-2025-13627 affects the WordPress plugin Makesweat (versions

4.4CVSS4.7AI score0.00211EPSS
Exploits0References6
OSV
OSV
added 2026/01/12 5:55 p.m.4 views

CVE-2026-22251 wlc may leak API keys due to an insecure API key configuration

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers...

5.3CVSS7AI score0.00141EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.3 views

CVE-2023-31043

EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...

7.5CVSS6.9AI score0.0043EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:57 a.m.10 views

CVE-2018-4073

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/EmbededAceTLSetTask.cgi is a very similar endpoint that is designed for use with setting table values th...

8.8CVSS6.8AI score0.25393EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.7 views

CVE-2022-31757

The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality...

7.5CVSS6.9AI score0.0062EPSS
Exploits0References1
Rows per page
Query Builder