Lucene search
K

276248 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/02/02 6:18 a.m.3 views

Multiple Microsoft Office products vulnerable to untrusted search path

Overview Multiple Microsoft Office products contain the following vulnerability. Untrusted search path CWE-426, - CVE-2026-20943 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warni...

7CVSS5.6AI score0.00628EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/02/02 6:18 a.m.5 views

OS command injection in raspap-webgui

Overview RaspAP raspap-webgui contains the following vulnerability. OS command injection CWE-78 - CVE-2026-24788 Taihei Kusayanagi of NTT Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

8.8CVSS5.8AI score0.0133EPSS
Exploits0References4
OSV
OSV
added 2026/02/02 6:7 a.m.5 views

BELL-CVE-2026-23016

Bulletin has no description...

5.5CVSS6AI score0.00128EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.7 views

ABC PRO EAP Legislator 路径遍历漏洞

ABC PRO EAP Legislator is a software developed by the Polish company ABC PRO, used for managing legislative processes and editing legal documents. ABC PRO EAP Legislator has a path traversal vulnerability; this vulnerability arises from the file extraction function’s ability to traverse paths,...

8.6CVSS5.8AI score0.00344EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.5 views

PT-2026-5656

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection.This issue affects SKSPro: through 07012026...

8.6CVSS5.5AI score0.00315EPSS
Exploits0References2
CNVD
CNVD
added 2026/02/02 12:0 a.m.2 views

Delta Electronics DIAView Command Injection Vulnerability

Delta Electronics DIAView is an industrial configuration software from Delta Electronics, mainly used in SCADA systems. A command injection vulnerability exists in Delta Electronics DIAView, which can be exploited by an attacker to execute arbitrary commands on the system...

9.8CVSS7.4AI score0.01356EPSS
Exploits0
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.7 views

raspap-webgui 操作系统命令注入漏洞

Raspap-webgui is an open-source wireless router configuration software developed by RaspAP. Versions of raspap-webgui prior to 3.3.6 contained a vulnerability related to operating system command injection. This vulnerability was due to the susceptibility to OS command injection attacks, which cou...

8.8CVSS7.5AI score0.0133EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2026/02/02 12:0 a.m.3 views

Progress Software Kemp LoadMaster delapikey OS Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of user data passed to the delapikey command. The issue resul...

6.8CVSS6.2AI score0.25389EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.7 views

Tendenci 安全漏洞

Tendenci is a membership management software developed by Tendenci Inc. in the United States, primarily used by non-profit organizations and associations. This software supports functions such as member management, content management, event management, and online donation management. Version 15.3...

5.4CVSS5.8AI score0.00235EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.8 views

Tendenci 安全漏洞

Tendenci is a membership management software developed by Tendenci Inc. in the United States, primarily used by non-profit organizations and associations. This software supports functions such as member management, content management, event management, and online donation management. Version 15.3...

5.4CVSS5.8AI score0.00235EPSS
Exploits1References2
Zero Day Initiative
Zero Day Initiative
added 2026/02/02 12:0 a.m.3 views

Progress Software Kemp LoadMaster getcipherset Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of user data passed to the getcipherset command. Th...

7.1CVSS6.2AI score0.25389EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.7 views

PT-2026-5693

Name of the Vulnerable Software and Affected Versions LUNA software version 7.5.5.6 Description A stored Cross-Site Scripting XSS issue exists in LUNA software. This allows an attacker to execute JavaScript code in a victim’s browser by injecting a malicious payload through the 'Edit Batch Name'...

5.1CVSS5.6AI score0.00243EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.9 views

PT-2026-5709

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

8.2CVSS5.4AI score0.00244EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2026/02/02 12:0 a.m.158 views

Piranha CMS 12.0 - Stored XSS in Text Block

Exploit Title: Piranha CMS 12.0 - Stored Cross Site Scripting Date: 2025-09-26 Exploit Author: Chidubem Chukwu Terminal Venom LinkedIn : https://www.linkedin.com/in/chidubem-chukwu-20bb202a9? Vendor Homepage: https://piranhacms.org Software Link:...

6.8CVSS5.2AI score0.003EPSS
Exploits3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/01 9:0 p.m.7 views

Malicious code in hultine (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c6e91ab35953cced9cf886a16976bb282de1dcf804938f4179a2dcf8dc1af731 Package exploits dependency confusion. A beacon request is used to report usage back, but no additional information are exfiltrated. --- Category:...

5.9AI score
Exploits0References1
NVD
NVD
added 2026/02/01 1:15 p.m.3 views

CVE-2021-47912

PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions...

6.4CVSS0.00217EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/01 12:56 p.m.4 views

EUVD-2021-34750

Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access...

7.1CVSS5.9AI score0.00694EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/01 12:15 p.m.29 views

CVE-2021-47914 PHP Melody 3.0 Persistent XSS Vulnerability via Edit Video Parameter

PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijackin...

6.4CVSS0.00303EPSS
Exploits1References4
OSV
OSV
added 2026/02/01 6:8 a.m.12 views

BELL-CVE-2026-23012

Bulletin has no description...

7.8CVSS7AI score0.00151EPSS
Exploits0References1
OSV
OSV
added 2026/02/01 6:8 a.m.6 views

BELL-CVE-2025-71155

Bulletin has no description...

7.8CVSS7AI score0.00112EPSS
Exploits0References1
Rows per page
Query Builder