Lucene search
K

895 matches found

CVE
CVE
added 2026/07/08 12:0 a.m.7 views

CVE-2026-39178

The CVE-2026-39178 issue affects SOGo up to version 5.12.6, where the contact search component exposes a SQL injection via the allContactSearch endpoint’s search parameter. The root cause is insufficient protection of the SQL query structure, enabling authenticated users to execute arbitrary SQL ...

6.3CVSS7.5AI score0.00157EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/04 8:38 p.m.7 views

EUVD-2024-55648

The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...

4.8CVSS5.9AI score0.00191EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.13 views

itsourcecode Courier Management System SQL注入漏洞

itsourcecode Courier Management System is an open-source courier management system developed by itsourcecode. Version 1.0 of the itsourcecode Courier Management System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameter IDs in the file/manageuser.php,...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/15 8:37 p.m.10 views

CVE-2026-45401

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the validateurl function in backend/openwebui/retrieval/web/utils.py only validates the initial URL submitted by the caller. The HTTP clients used downstream sync requests, async...

8.5CVSS5.8AI score0.003EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.6 views

CVE-2026-7612

A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edituser.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may ...

5.8CVSS5.7AI score0.00206EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/21 3:20 p.m.14 views

OpenMage LTS: Cross-user wishlist import leads to private option & file disclosure

Cross-user wishlist item import via shared wishlist code, leading to private option disclosure and file-disclosure variant Summary The shared wishlist add-to-cart endpoint authorizes access with a public sharingcode, but loads the acted-on wishlist item by a separate global wishlistitemid and nev...

5.4CVSS5.7AI score0.00176EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/04/14 3:30 p.m.5 views

EUVD-2026-22272

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manageuser.php...

2.7CVSS5.9AI score0.0019EPSS
Exploits0References2
CVE
CVE
added 2026/04/08 7:24 p.m.17 views

CVE-2026-35478

CVE-2026-35478 affects InvenTree Open Source Inventory Management System (versions 0.16.0 through before 1.2.7). The issue allows any authenticated InvenTree user to create a valid API token for any other user (including admins) by supplying the target user’s ID in the POST /api/user/tokens/ requ...

8.3CVSS6AI score0.00303EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/25 9:30 p.m.5 views

EUVD-2025-209029

IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control...

5.1CVSS5.8AI score0.00147EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003626)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003626 advisory. In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service TM Bad Thing...

5.5CVSS6.5AI score0.00589EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000727)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000727 advisory. The keyctlreadkey function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may b...

5.5CVSS6.4AI score0.00449EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/01/09 12:6 p.m.9 views

CVE-2018-6207

In Max Secure Anti Virus 19.0.3.019,, the driver file MaxProtector32.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019...

7.8CVSS7.4AI score0.00399EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:21 a.m.9 views

CVE-2008-6819

win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service system crash via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of the...

7.2CVSS6.4AI score0.06753EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:39 a.m.7 views

CVE-2006-1656

vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root...

7.2CVSS7.1AI score0.00348EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:29 a.m.11 views

CVE-2023-50306

IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337...

4CVSS6.1AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:9 a.m.8 views

CVE-2019-20731

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D8500 before 1.0.3.39, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120...

6.7CVSS7.3AI score0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:9 a.m.10 views

CVE-2019-20740

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, R7300 before 1.0.0.70, R8300 before 1.0.2.130, and R8500 before 1.0.2.130...

6.8CVSS7.2AI score0.00462EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:4 a.m.22 views

CVE-2024-39836

Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0 and 9.8.x = 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged email addresses, created by shared channels, to be used to receive email notifications and to reset...

6.5CVSS6.4AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.18 views

CVE-2022-31599

NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to oth...

8.2CVSS7AI score0.00243EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.7 views

CVE-2024-41135

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as...

7.2CVSS7.6AI score0.00754EPSS
Exploits0References1
Rows per page
Query Builder