Lucene search
+L

677 matches found

nessus
nessus
added 2026/03/16 12:0 a.m.22 views

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-1366)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : tcpbpf: Call skmsgfree when tcpbpfsendverdict fails to allocate psock-cork.CVE-2025-39913 md: fix rcu protection in mdwakeupthreadCVE-2025-68374...

7.8CVSS7.1AI score0.00519EPSS
Exploits7References234
nvd
nvd
added 2026/03/07 6:16 p.m.8 views

CVE-2026-2671

A vulnerability was detected in Mendi Neurofeedback Headset V4. Affected by this vulnerability is an unknown functionality of the component Bluetooth Low Energy Handler. Performing a manipulation results in cleartext transmission of sensitive information. The attack can only be performed from the...

3.1CVSS0.00163EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/03/07 6:2 p.m.3 views

CVE-2026-2671 Mendi Neurofeedback Headset Bluetooth Low Energy cleartext transmission

A vulnerability was detected in Mendi Neurofeedback Headset V4. Affected by this vulnerability is an unknown functionality of the component Bluetooth Low Energy Handler. Performing a manipulation results in cleartext transmission of sensitive information. The attack can only be performed from the...

3.1CVSS5.3AI score0.00163EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/02/28 7:45 p.m.6 views

CVE-2019-25492

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database...

8.8CVSS6AI score0.00315EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/02/28 7:45 p.m.8 views

CVE-2019-25493

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...

8.8CVSS6AI score0.00315EPSS
Exploits1References1
osv
osv
added 2026/02/27 6:16 p.m.5 views

CVE-2019-25494

Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the...

8.2CVSS5.8AI score0.00408EPSS
Exploits1References3
nvd
nvd
added 2026/02/27 6:16 p.m.7 views

CVE-2019-25492

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database...

8.8CVSS0.00315EPSS
Exploits1References3
osv
osv
added 2026/02/27 6:16 p.m.7 views

CVE-2019-25491

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to the admin/cmsgetpagetitle.php endpoint with malicious catid values to extract sensitive...

7.5CVSS5.9AI score0.00321EPSS
Exploits1References3
osv
osv
added 2026/02/27 6:16 p.m.4 views

CVE-2019-25490

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive...

7.5CVSS5.9AI score0.00321EPSS
Exploits1References3
osv
osv
added 2026/02/27 6:16 p.m.4 views

CVE-2019-25493

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...

7.5CVSS5.9AI score0.00315EPSS
Exploits1References3
cvelist
cvelist
added 2026/02/27 5:23 p.m.25 views

CVE-2019-25494 Homey BNB V4 SQL Injection Authentication Bypass via Admin Panel

Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the...

8.8CVSS0.00408EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/02/27 5:23 p.m.5 views

CVE-2019-25494

Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the...

8.8CVSS6AI score0.00408EPSS
Exploits1References3Affected Software1
cve
cve
added 2026/02/27 5:23 p.m.17 views

CVE-2019-25494

CVE-2019-25494 affects Homey BNB V4 and involves an SQL injection vulnerability in the administration panel login. Unauthenticated attackers can bypass authentication by injecting SQL into the username and password fields, potentially gaining unauthorized admin access. Public references indicate ...

8.8CVSS6AI score0.00408EPSS
Exploits1References3Affected Software1
cve
cve
added 2026/02/27 5:23 p.m.18 views

CVE-2019-25490

Homey BNB V4 contains an unauthenticated SQL injection vulnerability in admin/edit.php, exploitable via the id parameter. Time-based payloads can manipulate queries to extract sensitive database information. The description notes high impact on confidentiality and low impact on integrity, with no...

8.8CVSS6AI score0.00321EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2026/02/27 5:23 p.m.26 views

CVE-2019-25490 Homey BNB V4 SQL Injection via admin edit.php

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive...

8.8CVSS0.00321EPSS
Exploits1References3
cve
cve
added 2026/02/27 5:23 p.m.16 views

CVE-2019-25489

CVE-2019-25489 — Normal mode Impacting: Homey BNB V4. The vulnerability is a SQL injection in the hosting_id parameter used by the rooms/ajax_refresh_subtotal endpoint. It allows unauthenticated attackers to manipulate database queries, potentially exfiltrating sensitive data and causing a denial...

9.1CVSS6.1AI score0.00391EPSS
Exploits1References3Affected Software1
ptsecurity
ptsecurity
added 2026/02/27 12:0 a.m.12 views

PT-2026-22357

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting id parameter. Attackers can send GET requests to the rooms/ajax refresh subtotal endpoint with malicious hosting id values to extract...

8.8CVSS6.1AI score0.00391EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/02/27 12:0 a.m.12 views

PT-2026-22362

Name of the Vulnerable Software and Affected Versions Homey BNB version 4 Description Homey BNB V4 contains an SQL injection flaw in the administration panel login. Unauthenticated attackers can bypass authentication by injecting SQL syntax into the username and password fields. Attackers can...

8.8CVSS5.8AI score0.00408EPSS
Exploits1References7
cnnvd
cnnvd
added 2026/02/22 12:0 a.m.9 views

Vaelsys V4 操作系统命令注入漏洞

Vaelsys V4 is an artificial intelligence video analysis platform developed by the Spanish company Vaelsys. Version 4.1.0 of Vaelsys V4 contains a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter xajaxargs in the...

9.8CVSS7.1AI score0.0609EPSS
Exploits1References5
github
github
added 2026/02/06 7:37 p.m.16 views

A single post-release of dydx-v4-client contained obfuscated multi-stage loader

A PyPI user account compromised by an attacker and was able to upload a malicious version 1.1.5.post1 of the dydx-v4-client package. This version contains a highly obfuscated multi-stage loader that ultimately executes malicious code on the host system. While the final payload is not visible...

5.8AI score
Exploits0References3Affected Software1
Rows per page
Query Builder