Lucene search
K

276256 matches found

RedhatCVE
RedhatCVE
added 2026/01/30 3:40 p.m.11 views

CVE-2025-7015

Session Fixation vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Session Fixation.This issue affects QR Menu: before s1.05.12...

9.8CVSS5.9AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/30 3:40 p.m.11 views

CVE-2025-7016

Improper Access Control vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Authentication Abuse.This issue affects QR Menu: before s1.05.12...

9.8CVSS5.9AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/30 3:40 p.m.6 views

CVE-2020-37005

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...

7.1CVSS5.9AI score0.00264EPSS
Exploits0References1
OSV
OSV
added 2026/01/30 3:3 p.m.7 views

CLEANSTART-2026-LP38773 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00459EPSS
Exploits2References7
OSV
OSV
added 2026/01/30 2:6 p.m.3 views

CLEANSTART-2026-YM28538 Prometheus Blackbox Exporter through 0

Multiple security vulnerabilities affect the prometheus-blackbox-exporter package. Prometheus Blackbox Exporter through 0. See references for individual vulnerability details...

9.8CVSS5.5AI score0.02698EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/30 2:2 p.m.26 views

CVE-2026-1683 Free5GC SMF PFCP handler.go HandlePfcpSessionReportRequest denial of service

A vulnerability has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the function HandlePfcpSessionReportRequest of the file internal/pfcp/handler/handler.go of the component PFCP. The manipulation leads to denial of service. Remote exploitation of the attack is possible...

6.9CVSS0.00639EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/01/30 2:2 p.m.28 views

CVE-2026-1682 Free5GC SMF PFCP UDP Endpoint handler.go HandlePfcpAssociationReleaseRequest null pointer dereference

A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The...

6.9CVSS0.00667EPSS
Exploits1References8
OSV
OSV
added 2026/01/30 2:0 p.m.5 views

CLEANSTART-2026-GY69323 Moby is an open-source project created by Docker for software containerization

Multiple security vulnerabilities affect the docker package. Moby is an open-source project created by Docker for software containerization. See references for individual vulnerability details...

9.8CVSS5.8AI score0.18828EPSS
Exploits5References27
The Hacker News
The Hacker News
added 2026/01/30 7:35 a.m.7 views

Ex-Google Engineer Convicted for Stealing AI Secrets for China Startup

A former Google engineer accused of stealing thousands of the company's confidential documents to build a startup in China has been convicted in the U.S., the Department of Justice DoJ announced Thursday. Linwei Ding aka Leon Ding, 38, was convicted by a federal jury on seven counts of economic...

6.1AI score
Exploits0
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.5 views

IBM Db2 安全漏洞

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial of service vulnerability that originates from improper neutralization of...

6.5CVSS5.9AI score0.00328EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.5 views

HotCRP Conference Review Software Cross-Site Script Vulnerabilities

HotCRP Conference Review Software is a software developed by Eddie Kohler. It is used to manage review processes, especially for academic conferences. The version of HotCRP Conference Review Software dated October 2025 to January 2026 contained a cross-site scripting vulnerability. This...

7.3CVSS5.6AI score0.00227EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.10 views

PT-2026-5431

Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0 Description A flaw exists in the User Management component of the software, specifically within the file /admin/operation/user.php. Manipulation of the group id argument can lead to...

8.8CVSS6.3AI score0.00358EPSS
Exploits1References10
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.5 views

Drive Software Atomic Alarm Clock: Code-related vulnerabilities

Drive Software Atomic Alarm Clock is a desktop enhancement tool developed by Drive Software. Version 6.3 of Drive Software Atomic Alarm Clock contains a code vulnerability caused by a local privilege escalation issue in service configurations. This vulnerability could allow attackers to execute...

8.5CVSS6.2AI score0.00162EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/01/30 12:0 a.m.6 views

Uncovering Hidden Inclusions of Vulnerable Dependencies in Real-World Java Projects

Open-source software OSS dependencies are a dominant component of modern software code bases. Using proven and well-tested OSS components lets developers reduce development time and cost while improving quality. However, heavy reliance on open-source software also introduces significant security...

5.6AI score
Exploits0
OSV
OSV
added 2026/01/29 3:16 p.m.3 views

CVE-2025-7714

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows Command Line Execution through SQL Injection.This issue affects Content Management System CMS: through 21072025...

9.8CVSS5.9AI score0.00321EPSS
Exploits0References1
NVD
NVD
added 2026/01/29 3:16 p.m.9 views

CVE-2020-37005

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...

7.1CVSS0.00264EPSS
Exploits0References3
CVE
CVE
added 2026/01/29 2:28 p.m.7 views

CVE-2020-37010

CVE-2020-37010 affects BearShare Lite 5.2.5. The issue is a buffer overflow in the Advanced Search keywords input that can allow arbitrary code execution by crafting a payload to overwrite the EIP and run shellcode when content is pasted into the search keywords field. Documented impact is high (...

9.8CVSS6.3AI score0.00436EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/29 2:28 p.m.32 views

CVE-2020-37005 TimeClock Software 1.01 Authenticated Time-Based SQL Injection

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...

7.1CVSS0.00264EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/29 2:28 p.m.4 views

CVE-2020-37005 TimeClock Software 1.01 Authenticated Time-Based SQL Injection

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...

7.1CVSS5.9AI score0.00264EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/29 2:28 p.m.5 views

CVE-2020-37005

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...

7.1CVSS5.9AI score0.00264EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder