Lucene search
K

3873 matches found

OSV
OSV
added 2026/01/14 3:7 p.m.4 views

CVE-2025-71137 octeontx2-pf: fix "UBSAN: shift-out-of-bounds error"

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" This patch ensures that the RX ring size rxpending is not set below the permitted length. This avoids UBSAN shift-out-of-bounds errors when users passes small or zero ring size...

7.8CVSS5.2AI score0.00157EPSS
Exploits0References10
CVE
CVE
added 2026/01/14 5:28 a.m.17 views

CVE-2025-13627

CVE-2025-13627 affects the WordPress plugin Makesweat (versions

4.4CVSS4.7AI score0.00211EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/14 5:28 a.m.26 views

CVE-2025-13627 Makesweat <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'makesweat_clubid' Setting

The Makesweat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'makesweatclubid' setting in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level acce...

4.4CVSS0.00211EPSS
Exploits0References6
OSV
OSV
added 2026/01/12 5:55 p.m.4 views

CVE-2026-22251 wlc may leak API keys due to an insecure API key configuration

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers...

5.3CVSS7AI score0.00164EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.3 views

CVE-2023-31043

EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...

7.5CVSS6.9AI score0.0043EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:57 a.m.10 views

CVE-2018-4073

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/EmbededAceTLSetTask.cgi is a very similar endpoint that is designed for use with setting table values th...

8.8CVSS6.8AI score0.25393EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.8 views

CVE-2022-31757

The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality...

7.5CVSS6.9AI score0.0062EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.19 views

CVE-2019-18935

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...

9.8CVSS9.9AI score0.99737EPSS
Exploits20References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:56 a.m.8 views

CVE-2020-12473

MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program...

9CVSS7.6AI score0.01439EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:50 a.m.7 views

CVE-2020-24861

GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page...

5.4CVSS6.5AI score0.00881EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:34 a.m.5 views

CVE-2024-41630

Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10EN allows a remote attacker to execute arbitrary code via the ssid parameter at ip/goform/fastsettingwifiset...

7.6CVSS8.5AI score0.0096EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:30 a.m.4 views

CVE-2023-43754

Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled...

4.3CVSS6.8AI score0.00506EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.7 views

CVE-2025-23194

SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confidentiality or availability of the application...

5.3CVSS7AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.8 views

CVE-2023-4704

External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

8.8CVSS6.8AI score0.00739EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/08 5:55 a.m.3 views

EUVD-2026-1647

Malicious code in jsonify-setting npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/08 5:55 a.m.7 views

Malicious code in jsonify-setting (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8183b50e15a97c7409271a1f226a25472121ef2ff9abbd954ba9693ba63c6f6e The package jsonify-setting was found to contain malicious code. Source: ghsa-malware d31a9557fd6798ea1a21705b70127ad9840b9f527f34ed29161e68230fd1a86...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2026/01/08 5:55 a.m.2 views

Malicious Package

Overview jsonify-setting is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2026/01/08 5:55 a.m.4 views

MAL-2026-161 Malicious code in jsonify-setting (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8183b50e15a97c7409271a1f226a25472121ef2ff9abbd954ba9693ba63c6f6e The package jsonify-setting was found to contain malicious code. Source: ghsa-malware d31a9557fd6798ea1a21705b70127ad9840b9f527f34ed29161e68230fd1a86...

6.8AI score
Exploits0References1
Veracode
Veracode
added 2026/01/07 3:10 p.m.6 views

Out-of-bounds Write

wasm3 is vulnerable to Out-of-bounds Write. The vulnerability is due to improper handling of slot setting and indirect function calls in opSetSloti32 and opCallIndirect, which allows a local attacker to manipulate execution and trigger memory corruption...

7.8CVSS6.8AI score0.00175EPSS
Exploits1References8Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:43 a.m.8 views

CVE-1999-0809

Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed"...

5CVSS6.9AI score0.01403EPSS
Exploits0References1
Rows per page
Query Builder