Lucene search
K

276238 matches found

Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.4 views

PT-2026-6911

Name of the Vulnerable Software and Affected Versions SourceCodester Online Class Record System version 1.0 Description A flaw exists in the processing of the /admin/message/search.php file within the software. Manipulating the term argument can result in SQL injection. This issue can be exploite...

9.8CVSS5.6AI score0.00312EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.7 views

PT-2026-6936

Name of the Vulnerable Software and Affected Versions itsourcecode Society Management System version 1.0 Description A flaw exists in itsourcecode Society Management System 1.0 that allows for remote SQL injection. The issue is located in the /admin/edit expenses.php file, specifically through...

9.8CVSS5.5AI score0.00381EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.7 views

PT-2026-6903

Name of the Vulnerable Software and Affected Versions D-Link DWR-M921 version 1.1.50 Description A security issue exists in D-Link DWR-M921 version 1.1.50 related to command injection. The issue is located in the USSD Configuration component, specifically within the sub 419F20 function of the...

8.6CVSS5.4AI score0.04352EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.8 views

PT-2026-6907

Name of the Vulnerable Software and Affected Versions SourceCodester Online Class Record System version 1.0 Description A flaw exists in SourceCodester Online Class Record System 1.0. The issue is related to the manipulation of the user email argument within the file '/admin/login.php', leading t...

7.5CVSS5.5AI score0.00312EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/02/06 11:14 p.m.31 views

CVE-2020-37109 aSc TimeTables 2020.11.4 - Denial of Service

aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Subject title field with a large buffer. Attackers can generate a 1000-character buffer and paste it into the Subject title to trigger an application crash and...

7.5CVSS0.00361EPSS
Exploits0References3
Circl
Circl
added 2026/02/06 10:41 p.m.5 views

CVE-2026-25791

creationtimestamp| type| source ---|---|--- 2026-02-06 22:41:59+00:00| published-proof-of-concept| https://github.com/BishopFox/sliver/security/advisories/GHSA-wxrw-gvg8-fqjp 2026-02-09 21:20:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3meheu7qmj72g 2026-02-09...

7.5CVSS5.8AI score0.00407EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2026/02/06 8:30 p.m.353 views

Exploit for CVE-2025-2304

CVE-2025-2304 - Camaleon CMS 2.9.0 - Privilege Escalation Expl...

9.4CVSS5.8AI score0.00566EPSS
Exploits16
Vulnrichment
Vulnrichment
added 2026/02/06 7:18 p.m.4 views

CVE-2025-15320 Tanium addressed a denial of service vulnerability in Tanium Client.

Tanium addressed a denial of service vulnerability in Tanium Client...

3.3CVSS5.3AI score0.00096EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/06 7:8 p.m.8 views

Claude Code has Permission Deny Bypass Through Symbolic Links

Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file such as /etc/passwd and Claude Code had access to a symbolic link pointing to that file, it was possible for Claude...

7.5CVSS5.4AI score0.00376EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/06 7:7 p.m.33 views

CVE-2026-25751 FUXA Unauthenticated Exposure of Plaintext Database Credentials

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full...

9.1CVSS0.00269EPSS
Exploits0References2
OSV
OSV
added 2026/02/06 7:7 p.m.5 views

CVE-2026-25751 FUXA Unauthenticated Exposure of Plaintext Database Credentials

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full...

9.1CVSS5.6AI score0.00269EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/06 7:5 p.m.4 views

CVE-2026-25752

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...

9.3CVSS5.5AI score0.00479EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/06 7:5 p.m.2 views

CVE-2026-25752 FUXA Unauthenticated Remote Arbitrary Device Tag Write

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...

9.3CVSS5.6AI score0.00479EPSS
Exploits0References2
OSV
OSV
added 2026/02/06 7:5 p.m.6 views

CVE-2026-25752 FUXA Unauthenticated Remote Arbitrary Device Tag Write

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...

9.3CVSS5.5AI score0.00479EPSS
Exploits0References4
NVD
NVD
added 2026/02/06 6:15 p.m.4 views

CVE-2026-24419

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the Prima Nota Journal Entry module's add.php file. The application fails to validate that comma-separated...

8.7CVSS0.00344EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/02/06 5:52 p.m.31 views

CVE-2026-25723 Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...

7.7CVSS0.00264EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/06 11:10 a.m.10 views

Malicious code in @hashicorp-internal/vault-reporting (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85e2c508de22734977cac24ec430b5cfece85e6367f577df76caa740b5594eb7 The package @hashicorp-internal/vault-reporting was found to contain malicious code. Source: ghsa-malware...

5.4AI score
Exploits0References1
NCSC
NCSC
added 2026/02/06 9:20 a.m.5 views

Vulnerability fixed in Cisco TelePresence Collaboration Endpoint

Cisco has fixed a vulnerability in Cisco TelePresence Collaboration Endpoint and RoomOS Software. The vulnerability is in how the text viewer system does not perform sufficient input control. This can be exploited by unauthenticated remote attackers, leading to a denial-of-service DoS and affecti...

7.5CVSS5.5AI score0.0037EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/06 2:7 a.m.10 views

Malicious code in adobe_pipeline_test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7e438937c9c04fd06645a505f5bd509ee3c1fa942be02cefa881023f849b781 The package adobepipelinetest was found to contain malicious code...

5.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/06 1:26 a.m.5 views

CVE-2025-70073

An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function...

7.2CVSS6AI score0.00657EPSS
Exploits1References1
Rows per page
Query Builder