Lucene search
K

276237 matches found

Cvelist
Cvelist
added 2026/02/09 10:21 p.m.28 views

CVE-2026-25939 FUXA Unauthenticated Remote Arbitrary Scheduler Write

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through version 1.2.10, an authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on...

9.3CVSS0.12047EPSS
Exploits1References3
OSV
OSV
added 2026/02/09 10:21 p.m.4 views

CVE-2026-25939 FUXA Unauthenticated Remote Arbitrary Scheduler Write

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through version 1.2.10, an authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on...

9.3CVSS5.8AI score0.12047EPSS
Exploits1References5
CVE
CVE
added 2026/02/09 10:21 p.m.20 views

CVE-2026-25939

Summary : FUXA is a web-based SCADA/HMI/dashboard. From v1.2.8 to v1.2.10, an authorization bypass allows an unauthenticated, remote attacker to create/modify arbitrary schedulers via the REST endpoint (notably POST/DELETE /api/scheduler), exposing connected ICS/SCADA environments to follow-on ac...

9.3CVSS5.7AI score0.12047EPSS
In wildExploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/09 10:18 p.m.2 views

CVE-2026-25938 FUXA Unauthenticated Remote Code Execution in Node-RED Integration

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

9.5CVSS6.2AI score0.00977EPSS
Exploits0References3
CVE
CVE
added 2026/02/09 10:18 p.m.32 views

CVE-2026-25938

CVE-2026-25938 affects FUXA (web-based Process Visualization) versions 1.2.8–1.2.10. A vulnerability in the Node-RED plugin allows an unauthenticated attacker to bypass authentication and execute arbitrary code on the server. The issue has been fixed in version 1.2.11. The CVSS v4.0 base score is...

9.8CVSS6.2AI score0.00977EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/02/09 10:16 p.m.6 views

CVE-2026-25808

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is...

7.5CVSS0.0045EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/09 9:56 p.m.6 views

CVE-2026-25923

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file disguised as JPEG via the image...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/09 9:56 p.m.29 views

CVE-2026-25923 Phar Deserialization leading to Arbitrary File Deletion in my little forum

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file disguised as JPEG via the image...

8.7CVSS0.00435EPSS
Exploits1References2
CVE
CVE
added 2026/02/09 9:50 p.m.9 views

CVE-2026-25808

Hollo (federated single-user microblogging) is affected by a vulnerability in the ActivityPub outbox that exposed DMs and followers-only posts prior to version 0.6.20 and 0.7.2. The issue is resolved in those versions (0.6.20 and 0.7.2). The CVSS is provided (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N; ...

7.5CVSS5.5AI score0.0045EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/09 9:50 p.m.3 views

CVE-2026-25808 Hollo DMs get leaked and can be seen on Webfinger Browser

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is...

7.5CVSS5.5AI score0.0045EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/09 9:18 p.m.5 views

CVE-2026-25889

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, a case-sensitivity flaw in the password validation logic allows any authenticated user to change their password or an admin to change...

5.4CVSS5.5AI score0.00325EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/02/09 8:15 p.m.15 views

CVE-2026-25230

FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is...

5.4CVSS0.00203EPSS
Exploits1References4
Snyk
Snyk
added 2026/02/09 5:25 p.m.3 views

Malicious Package

Overview json-web-sources is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
OSV
OSV
added 2026/02/09 3:16 p.m.2 views

DEBIAN-CVE-2025-59024

Crafted delegations or IP fragments can poison cached delegations in Recursor...

6.5CVSS5.2AI score0.00122EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/09 12:30 p.m.6 views

Apache Shiro has an Authentication Bypass

Impact Authentication Bypass: A vulnerability exists in Apache Shiro that allows authentication bypass for static files when served from a case-insensitive filesystem such as the default configuration on macOS or Windows. The issue arises when Shiro's URL filters are configured with lower-case...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/02/09 12:15 p.m.4 views

CVE-2025-7708

Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation. This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

6.8CVSS0.00253EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/09 11:45 a.m.5 views

CVE-2025-7708

Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation. This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

6.8CVSS5.4AI score0.00253EPSS
Exploits0References3
CVE
CVE
added 2026/02/09 11:45 a.m.12 views

CVE-2025-7708

CVE-2025-7708 describes Insertion of Sensitive Information Into Sent Data in Atlas Educational Software Industry Ltd. Co. K12net, affecting the k12net component up to version 09022026. The underlying issue is that sensitive information can be inserted into data that is sent, enabling potential co...

6.8CVSS5.2AI score0.00253EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/09 11:45 a.m.5 views

CVE-2025-7708 Sensitive Data Exposure in Atlas Software's k12net

Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation. This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

6.8CVSS5.4AI score0.00253EPSS
Exploits0References2
OSV
OSV
added 2026/02/09 4:15 a.m.4 views

CVE-2025-66603

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts the OPTIONS method. An attacker could potentially use this information to carry out other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...

9.8CVSS5.7AI score0.0026EPSS
Exploits0References1
Rows per page
Query Builder