Lucene search
K

276246 matches found

Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-36365

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage...

7.5CVSS6.6AI score0.00261EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-6001

Name of the Vulnerable Software and Affected Versions Kod8 Individual and SME Website versions through 03022026 Description The Kod8 Individual and SME Website software contains a flaw related to improper neutralization of input during web page generation, leading to a Reflected Cross-Site...

7.6CVSS5.4AI score0.00175EPSS
Exploits0References3
OSV
OSV
added 2026/02/02 11:16 p.m.1 views

DEBIAN-CVE-2025-6597

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects MediaWiki: from before 1.39.13, 1.42.7, 1.43.2, 1.44.0...

5.2AI score0.00454EPSS
Exploits0References1
OSV
OSV
added 2026/02/02 11:16 p.m.1 views

DEBIAN-CVE-2025-6594

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandbox.Js. This issue affects MediaWiki: from 1.27.0 before...

5.2AI score0.0027EPSS
Exploits0References1
OSV
OSV
added 2026/02/02 11:16 p.m.2 views

DEBIAN-CVE-2025-6592

Vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects AbuseFilter: from fe0b1cb9e9691faf4d8d9bd80646589f6ec37615 before 1.43.2, 1.44.0...

2.1CVSS5.2AI score0.00359EPSS
Exploits0References1
OSV
OSV
added 2026/02/02 11:16 p.m.0 views

DEBIAN-CVE-2025-6593

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...

2.1CVSS5.2AI score0.00396EPSS
Exploits0References1
OSV
OSV
added 2026/02/02 11:16 p.m.1 views

DEBIAN-CVE-2025-6590

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php. This issue affects MediaWiki: from through 1.39.12, 1.42.76 1.43.1, 1.44.0...

4.6CVSS5.2AI score0.00325EPSS
Exploits0References1
OSV
OSV
added 2026/02/02 11:2 p.m.4 views

CVE-2026-25228 SignalK Server has Path Traversal leading to information disclosure

Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerability in SignalK Server's applicationData API allows authenticated users on Windows systems to read, write, and list arbitrary files and directories on the filesystem. The...

5CVSS5.6AI score0.00384EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/02 10:44 p.m.7 views

Craft Commerce has Stored XSS in Product Type Name

Summary Stored XSS via Product Type names. The name is not sanitized when displayed in user permissions settings. The vulnerable input source is in Commerce Product Type settings, but the sink is in CMS user permissions settings. Reporting to Commerce GHSA since the input originates here. Users a...

4.8CVSS5.4AI score0.00261EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/02 10:43 p.m.9 views

Craft Commerce has Stored XSS via Order Status Message with potential database exfiltration

Summary A stored XSS vulnerability exists in Craft Commerce’s Order Status History Message. The message is rendered using the |md filter, which permits raw HTML, enabling malicious script execution. If a user has database backup utility permissions which do not require an elevated session, an...

6.2CVSS5.5AI score0.003EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2026/02/02 9:52 p.m.13 views

CVE-2025-36253

CVE-2025-36253 affects IBM Concert versions 1.0.0 through 2.1.0, which reportedly uses weaker cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. The NVD entry estimates CVSSv3.1 base score 7.5 (HIGH) with network access and low attack complexity, while ...

7.5CVSS5.4AI score0.00203EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/02 9:52 p.m.3 views

CVE-2025-36253 Multiple Vulnerabilities in IBM Concert Software.

IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

5.9CVSS5.4AI score0.00203EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/02 8:10 p.m.7 views

CVE-2026-1777

The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output...

8.5CVSS5.6AI score0.00455EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/02 3:20 p.m.29 views

CVE-2025-47363 Integer Overflow or Wraparound in Automotive

Memory corruption when calculating oversized partition sizes without proper checks...

6.8CVSS0.00093EPSS
Exploits0References1
NVD
NVD
added 2026/02/02 1:15 p.m.7 views

CVE-2025-8587

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection. This issue affects SKSPro: through 07012026...

9.8CVSS0.00315EPSS
Exploits0References2
CVE
CVE
added 2026/02/02 12:50 p.m.15 views

CVE-2025-8587

The CVE-2025-8587 entry describes an SQL Injection vulnerability in SKSPro from AKCE Software Technology R&D Industry and Trade Inc. The issue arises from improper neutralization of special elements in SQL commands, affecting SKSPro versions up to 07012026. Multiple feeds (Red Hat, NVD, CVE list,...

9.8CVSS5.6AI score0.00315EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/02 12:50 p.m.26 views

CVE-2025-8587 Time-Based Blind SQLi in AKCE Software's SKSPro

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection. This issue affects SKSPro: through 07012026...

8.6CVSS0.00315EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/02 12:50 p.m.3 views

EUVD-2025-206600

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection.This issue affects SKSPro: through 07012026...

8.6CVSS5.5AI score0.00315EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/02 9:8 a.m.9 views

Malicious code in callapirequests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6e7fadeb48347b57805dea2f58d0f662e43170e0e4439a424f6dec66cf285452 Importing the module downloads and starts remote executable identified as malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

5.4AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/02/02 6:18 a.m.3 views

Multiple Microsoft Office products vulnerable to untrusted search path

Overview Multiple Microsoft Office products contain the following vulnerability. Untrusted search path CWE-426, - CVE-2026-20943 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warni...

7CVSS5.6AI score0.00628EPSS
Exploits0References4
Rows per page
Query Builder