Lucene search
K

276236 matches found

Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.5 views

PT-2026-7183

Name of the Vulnerable Software and Affected Versions FUXA versions 1.2.8 through 1.2.10 Description FUXA is a web-based Process Visualization software used in SCADA/HMI/Dashboard systems. An authorization bypass allows a remote, unauthenticated attacker to create and modify schedulers. This can...

9.3CVSS5.5AI score0.12047EPSS
Exploits1References18
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.5 views

PT-2026-7126

OpenProject is an open-source, web-based project management software. Prior to 17.0.2, users with the Manage Users permission can lock and unlock users. This functionality should only be possible for users of the application, but they were not supposed to be able to lock application administrator...

6.7CVSS5.5AI score0.00321EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.7 views

PT-2026-7110

Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation.This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

6.8CVSS5.4AI score0.00253EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.5 views

FUXA 安全漏洞

FUXA is a web-based process visualization software developed by frangoteam. Versions of FUXA prior to 1.2.11 contained security vulnerabilities. These vulnerabilities were due to defects in the path cleaning logic, which could allow authenticated administrators to bypass directory traversal...

8.6CVSS5.9AI score0.01216EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2026/02/09 12:0 a.m.105 views

📄 Online Admission Software 2.6 SQL Injection

Online Admission Software version 2.6 suffers from a remote SQL injection vulnerability. ============================================================================================================================================= | Title : Online Admission Software 2.6 SQL injection Vulnerabilit...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.6 views

my little forum 代码问题漏洞

My Little Forum is an open-source online forum system based on PHP and MySQL. Versions prior to 20260208.1 had code vulnerabilities; these vulnerabilities stemmed from URL validation not filtering the phar protocol, which could lead to arbitrary file deletion...

9.1CVSS6AI score0.00435EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/02/09 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-14831

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via specially...

5.3CVSS6.7AI score0.00638EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/08 4:32 a.m.7 views

CVE-2026-2135

A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub43F020 of the file /goform/formPdbUpConfig. Performing a manipulation of the argument policyNames results in command injection. It is possible to initiate the attack remotely. The exploit is now...

6.5CVSS6.5AI score0.03852EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/08 2:15 a.m.4 views

CVE-2026-2207

A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a manipulation can lead to information disclosure. It is possible to launch the attack remotely...

5.3CVSS5.3AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/08 12:2 a.m.5 views

CVE-2026-2118

A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub4407D4 of the file /goform/formReleaseConnect of the component rehttpd. Executing a manipulation of the argument IspName can lead to command injection. The attack can be launched remotely. The...

8.6CVSS6.8AI score0.04239EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.7 views

PT-2026-6976

Name of the Vulnerable Software and Affected Versions SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System version 1.0 Description A flaw exists in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System version 1.0 related to cross site scripting. The iss...

5.3CVSS4AI score0.00352EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.9 views

PT-2026-7014

Name of the Vulnerable Software and Affected Versions UTT 进取 521G version 3.1.1-190816 Description A flaw exists in the doSystem function within the /goform/setSysAdm file. Manipulation of the passwd1 argument can result in command injection. This issue may be exploited remotely. The exploit is...

8.6CVSS5.5AI score0.04239EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/02/07 9:59 p.m.5 views

CVE-2026-25859

Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations...

7.1CVSS5.2AI score0.00343EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/07 9:2 p.m.4 views

CVE-2026-2113

A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...

7.5CVSS6.7AI score0.00554EPSS
Exploits3References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/07 7:30 p.m.6 views

CVE-2026-25751

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full...

9.1CVSS5.5AI score0.00269EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/07 9:2 a.m.5 views

EUVD-2026-5733

A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public an...

8.6CVSS5.2AI score0.09369EPSS
Exploits1References5
Fedora
Fedora
added 2026/02/07 1:9 a.m.8 views

[SECURITY] Fedora 42 Update: bind-9.18.44-1.fc42

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

7.5CVSS5.6AI score0.08219EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/07 12:0 a.m.4 views

SoK: DARPA'S AI Cyber Challenge (AIxCC): Competition Design, Architectures, and Lessons Learned

DARPA's AI Cyber Challenge AIxCC, 2023--2025 is the largest competition to date for building fully autonomous cyber reasoning systems CRSs that leverage recent advances in AI -- particularly large language models LLMs -- to discover and remediate vulnerabilities in real-world open-source software...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.7 views

PT-2026-6936

Name of the Vulnerable Software and Affected Versions itsourcecode Society Management System version 1.0 Description A flaw exists in itsourcecode Society Management System 1.0 that allows for remote SQL injection. The issue is located in the /admin/edit expenses.php file, specifically through...

9.8CVSS5.5AI score0.00381EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.7 views

PT-2026-6903

Name of the Vulnerable Software and Affected Versions D-Link DWR-M921 version 1.1.50 Description A security issue exists in D-Link DWR-M921 version 1.1.50 related to command injection. The issue is located in the USSD Configuration component, specifically within the sub 419F20 function of the...

8.6CVSS5.4AI score0.04352EPSS
Exploits1References8
Rows per page
Query Builder