Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

81 matches found

RedhatCVE
RedhatCVEadded 3 days ago6 views

CVE-2026-4387

StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...

2CVSS5.9AI score0.00008EPSS
Exploits0References1
SUSE CVE
SUSE CVEadded 5 days ago6 views

SUSE CVE-2026-49130

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

6.9CVSS5.8AI score0.00064EPSS
Exploits0References3
NVD
NVDadded 6 days ago10 views

CVE-2026-4387

StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...

2CVSS0.00008EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 6 days ago5 views

CVE-2026-49130

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

6.9CVSS5.8AI score0.00064EPSS
Exploits0References1
Cvelist
Cvelistadded 6 days ago23 views

CVE-2026-4387 Unencrypted storage of authentication state in StrongDM Desktop Application state.kv file

StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...

2CVSS0.00008EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 6 days ago6 views

CVE-2026-4387

StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...

2CVSS5.9AI score0.00008EPSS
Exploits0References2
NVD
NVDadded last week8 views

CVE-2026-49130

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

6.9CVSS0.00064EPSS
Exploits0References7
Debian CVE
Debian CVEadded last week6 views

CVE-2026-49130

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

6.9CVSS5.8AI score0.00064EPSS
Exploits0
Cvelist
Cvelistadded last week23 views

CVE-2026-49130 Music Player Daemon < 0.24.11 CRLF Injection via XspfPlaylistPlugin.cxx

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

6.9CVSS0.00064EPSS
Exploits0References7
RedhatCVE
RedhatCVEadded 2026/05/26 11:16 a.m.11 views

CVE-2026-8997

A flaw was found in vifm, a file manager. This vulnerability, a heap buffer overflow, occurs when the application saves its state file vifminfo.json during the history merge process. A local user could exploit this by introducing a specially crafted, excessively long path or command into the...

4.8CVSS5.8AI score0.00022EPSS
Exploits0References2
NVD
NVDadded 2026/05/22 2:16 p.m.3 views

CVE-2026-8997

vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file vifminfo.json. This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the...

4.8CVSS0.00022EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/22 1:26 p.m.3 views

CVE-2026-8997

vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file vifminfo.json. This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the...

4.8CVSS6AI score0.00022EPSS
Exploits0References3Affected Software1
EUVD
EUVDadded 2026/05/12 6:30 p.m.3 views

EUVD-2026-29502

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When loading a model state dictionary from a statedict.pt file via torch.load, the function does not...

6.3AI score0.00164EPSS
Exploits0References3
CVE
CVEadded 2026/05/04 4:15 a.m.7 views

CVE-2026-7731

CVE-2026-7731 affects code-projects BloodBank Managing System 1.0. The vulnerability is an SQL injection in an unknown function within get_state.php triggered by manipulating the G_STATE_ID argument. It allows remote exploitation and the exploit has been publicly disclosed. Connected sources prov...

6.5CVSS6.4AI score0.00011EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2026/05/04 12:0 a.m.4 views

PT-2026-36760

A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. The affected element is an unknown function of the file get state.php. The manipulation of the argument G STATE ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been...

6.5CVSS6.4AI score0.00011EPSS
Exploits1References6
RedhatCVE
RedhatCVEadded 2026/04/02 5:4 a.m.0 views

CVE-2026-5240

A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. This affects an unknown part of the file /adminstate.php. The manipulation of the argument statename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

5.3CVSS4.2AI score0.00013EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/01 12:31 a.m.0 views

EUVD-2026-17735

A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. This affects an unknown part of the file /adminstate.php. The manipulation of the argument statename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

5.3CVSS4.2AI score0.00013EPSS
Exploits0References6
NVD
NVDadded 2026/04/01 12:16 a.m.0 views

CVE-2026-5240

A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. This affects an unknown part of the file /adminstate.php. The manipulation of the argument statename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

5.3CVSS0.00013EPSS
Exploits0References5
CVE
CVEadded 2026/03/31 11:45 p.m.2 views

CVE-2026-5240

CVE-2026-5240 affects code-projects BloodBank Managing System 1.0. The issue arises in an unknown part of /admin_state.php where manipulating the statename argument causes a cross-site scripting (XSS) vulnerability. The description notes remote initiation and that the exploit has been publicly di...

5.3CVSS4.2AI score0.00013EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/03/31 11:45 p.m.0 views

CVE-2026-5240 code-projects BloodBank Managing System admin_state.php cross site scripting

A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. This affects an unknown part of the file /adminstate.php. The manipulation of the argument statename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

5.3CVSS4.2AI score0.00013EPSS
Exploits0References5
Rows per page
Query Builder