Lucene search
+L

115619 matches found

EUVD
EUVD
added 7 hours ago8 views

EUVD-2026-45411

A vulnerability has been found in zevorn rt-claw up to 0.2.0. This impacts the function clawtoolinvoke of the file claw/services/swarm/swarm.c of the component RPC Handler. The manipulation leads to incorrect authorization. Remote exploitation of the attack is possible. The exploit has been...

7.5CVSS6.7AI score
Exploits0References6
CVE
CVE
added yesterday7 views

CVE-2026-16195

The CVE-2026-16195 entry concerns Sipeed PicoClaw up to version 0.2.9. The vulnerability lies in dispatchIncoming within pkg/channels/wecom/wecom.go of the Group Message Handler, where manipulation leads to incorrect authorization. Attack could be launched remotely, and public exploits have been ...

6.5CVSS6.2AI score
Exploits0References6
Cvelist
Cvelist
added yesterday15 views

CVE-2026-16126 zevorn rt-claw Swarm RPC Receiver swarm.c handle_rpc_request authorization

A vulnerability was determined in zevorn rt-claw up to 0.2.0. The impacted element is the function handlerpcrequest of the file claw/services/swarm/swarm.c of the component Swarm RPC Receiver. This manipulation causes incorrect authorization. The attack is possible to be carried out remotely. The...

7.5CVSS
Exploits0References8
NVD
NVD
added yesterday9 views

CVE-2024-58367

SurrealDB versions before 2.0.4 fail to properly enforce field permissions during SELECT, UPDATE, and DELETE operations, allowing authorized users to access unauthorized field values through various query techniques. Attackers can exploit SELECT VALUE operations, field aliasing, function argument...

7.1CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday17 views

CVE-2025-71390 SurrealDB before 2.3.6 deny-net Bypass via DNS Resolution

SurrealDB before 2.2.6, 2.3.6, and 2.1.8 and 3.0.0-alpha.7 and earlier fails to validate DNS-resolved hostnames against --deny-net network access restrictions in its http:: functions. An authenticated user can invoke http:: with a hostname that resolves to a denied IP address, causing the server ...

5.8CVSS
Exploits0References2
EUVD
EUVD
added yesterday10 views

EUVD-2024-55683

SurrealDB versions before 2.0.4 fail to properly enforce field permissions during SELECT, UPDATE, and DELETE operations, allowing authorized users to access unauthorized field values through various query techniques. Attackers can exploit SELECT VALUE operations, field aliasing, function argument...

7.1CVSS5.2AI score
Exploits0References2
CVE
CVE
added yesterday11 views

CVE-2024-58367

SurrealDB before 2.0.4 has an improper authorization flaw in field permissions during SELECT, UPDATE, and DELETE, allowing an authorized user to leak protected field values through techniques such as SELECT VALUE, field aliasing, function arguments, WHERE filters, RETURN BEFORE, and SET clause re...

7.1CVSS5.2AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2024-58367

SurrealDB versions before 2.0.4 fail to properly enforce field permissions during SELECT, UPDATE, and DELETE operations, allowing authorized users to access unauthorized field values through various query techniques. Attackers can exploit SELECT VALUE operations, field aliasing, function argument...

7.1CVSS5.2AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2024-58362

SurrealDB before 1.5.5 and 2.0.0-beta before 2.0.0-beta.3 accepts an arbitrary object in the signin and signup operations of the RPC API without recursively validating it for non-computed values. When a record access method defines a SIGNIN or SIGNUP query and the RPC API is exposed to untrusted...

8.8CVSS5.5AI score
Exploits0References3
EUVD
EUVD
added yesterday8 views

EUVD-2026-45378

A vulnerability was found in nextlevelbuilder GoClaw up to 3.13.2. This affects the function RequestApproval of the file internal/tools/execapproval.go of the component WebSocket Approval Endpoint. Performing a manipulation results in incorrect authorization. The attack is possible to be carried...

6.5CVSS6.1AI score
Exploits0References7
Nuclei
Nuclei
added yesterday48 views

IRTS OP5 Monitor - Cross-Site Scripting

OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting XSS. id: CVE-2021-40272 info: name: IRTS OP5 Monitor - Cross-Site Scripting author: ritikchaddha severity: medium description: | OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting XSS. impac...

6.1CVSS6.1AI score0.01036EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday68 views

TCExam <= 14.8.1 - Sensitive Information Exposure

When installed following the default/recommended settings, TCExam = 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which includes sensitive database backup files. id: CVE-2021-20114 info: name: TCExam = 14.8.1 - Sensitive Information Exposure author: push4d severity:...

7.5CVSS7.3AI score0.05973EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday57 views

Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)

There is a Cross Site Scripting XSS vulnerability in SpotPagelogin.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the dataperformredirect parameter. id: CVE-2021-43725 info: name: Spotweb = 1.5.1 - Cross Site Scripting Reflected author:...

6.1CVSS6.3AI score0.02583EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday70 views

OpenCATS - Open Redirect

OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations. id: CVE-2023-27292 info: name:...

5.4CVSS5.6AI score0.01027EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday87 views

Labstack Echo 4.8.0 - Open Redirect

Labstack Echo 4.8.0 contains an open redirect vulnerability via the Static Handler component. An attacker can leverage this vulnerability to cause server-side request forgery, making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-400...

9.6CVSS8.4AI score0.02333EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday48 views

Complete Online Job Search System 1.0 - SQL Injection

Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/admin/company/index.php?view=edit&id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site...

7.2CVSS7.5AI score0.04522EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday61 views

Car Rental Management System 1.0 - SQL Injection

Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/ajax.php?action=login. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-32022...

7.2CVSS7.5AI score0.04879EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday69 views

ImpressCMS <1.4.3 - Incorrect Authorization

ImpressCMS before 1.4.3 is susceptible to incorrect authorization via include/findusers.php. An attacker can provide a security token and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-26598 info: name: ImpressCMS 1.4.3 - Incorrect...

5.3CVSS5.8AI score0.10528EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday80 views

Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure

Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key RSA disclosure vulnerability. id: CVE-2021-40149 info: name: Reolink E1 Zoom Camera =3.0.0.716 - Private Key Disclosure author: For3stCo1d severity: medium description: | Reolink E1 Zoom Camera versions 3.0.0.716 and...

5.9CVSS6.9AI score0.07443EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday143 views

Cachet <=2.3.18 - SQL Injection

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and...

8.1CVSS7.3AI score0.09752EPSS
Exploits2References5
Rows per page
Query Builder