Lucene search
K

276256 matches found

NVD
NVD
added 2026/02/01 1:15 p.m.3 views

CVE-2021-47912

PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions...

6.4CVSS0.00217EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/01 12:56 p.m.4 views

EUVD-2021-34750

Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access...

7.1CVSS5.9AI score0.00694EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/01 12:15 p.m.30 views

CVE-2021-47914 PHP Melody 3.0 Persistent XSS Vulnerability via Edit Video Parameter

PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijackin...

6.4CVSS0.00303EPSS
Exploits1References4
OSV
OSV
added 2026/02/01 6:8 a.m.12 views

BELL-CVE-2026-23012

Bulletin has no description...

7.8CVSS7AI score0.00151EPSS
Exploits0References1
OSV
OSV
added 2026/02/01 6:8 a.m.6 views

BELL-CVE-2025-71155

Bulletin has no description...

7.8CVSS7AI score0.00112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/01 3:14 a.m.9 views

CVE-2025-36098

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources...

6.5CVSS5.9AI score0.00347EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/31 9:14 p.m.11 views

CVE-2026-1702

A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument groupid results in improper authorization. The attack can be...

8.8CVSS6.4AI score0.00358EPSS
Exploits1References1
Fedora
Fedora
added 2026/01/31 5:32 p.m.6 views

[SECURITY] Fedora 43 Update: bind9-next-9.21.17-1.fc43

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

7.5CVSS6.1AI score0.08219EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/01/31 7:58 a.m.13 views

Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters. The attacks leverage advanced voice phishing aka vishing and bogus...

6AI score
Exploits0
Chainguard
Chainguard
added 2026/01/31 1:17 a.m.4 views

GHSA-RW66-G8V8-WCWH vulnerabilities

Vulnerabilities for packages: chromium...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.4 views

EulerOS Virtualization 2.10.0 : icu (EulerOS-SA-2026-1173)

According to the versions of the icu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A stack buffer overflow was found in Internationl components for unicode ICU . While running the genrb binary, the 'subtag' struct...

7CVSS6.2AI score0.00296EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-36986

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prey 1.9.6 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated privileges. Attackers can exploit t...

8.5CVSS5.6AI score0.0016EPSS
Exploits0References2
NVD
NVD
added 2026/01/30 11:16 p.m.8 views

CVE-2020-37028

Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability in the 'Output Folder' input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the output folder field to trigger a stack-based buffer...

8.4CVSS0.00157EPSS
Exploits0References3
OSV
OSV
added 2026/01/30 9:15 p.m.1 views

DEBIAN-CVE-2025-24293

Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...

9.2CVSS6AI score0.02388EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/30 5:32 p.m.5 views

CVE-2026-1702 SourceCodester Pet Grooming Management Software User Management user.php improper authorization

A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument groupid results in improper authorization. The attack can be...

6.5CVSS5.6AI score0.00358EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/30 5:32 p.m.4 views

CVE-2026-1702

A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument groupid results in improper authorization. The attack can be...

6.5CVSS5.6AI score0.00358EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/30 3:54 p.m.3 views

CVE-2025-4686

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assessment allows SQL Injection. This issue affects Online Exam and Assessment: through 30012026. NOTE:...

8.6CVSS5.6AI score0.00299EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/30 3:40 p.m.12 views

CVE-2025-7015

Session Fixation vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Session Fixation.This issue affects QR Menu: before s1.05.12...

9.8CVSS5.9AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/30 3:40 p.m.11 views

CVE-2025-7016

Improper Access Control vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Authentication Abuse.This issue affects QR Menu: before s1.05.12...

9.8CVSS5.9AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/30 3:40 p.m.6 views

CVE-2020-37005

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...

7.1CVSS5.9AI score0.00264EPSS
Exploits0References1
Rows per page
Query Builder