Lucene search
K

110 matches found

Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.4 views

PT-2026-31684

Name of the Vulnerable Software and Affected Versions Wasmtime versions prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1 Description Wasmtime, a runtime for WebAssembly, may experience a panic when a flags-typed component model value is lifted with the Val type. This occurs if bits are set outside the...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References19
Qualys Blog
Qualys Blog
added 2026/03/23 12:45 p.m.11 views

Meet Agent Val: Closing the Validation Gap in Exposure Management at Machine Speed with Agentic AI

Executive Summary The primary challenge in vulnerability management is proving what is actually exploitable. Many vulnerabilities are not exploited, but still drain resources. Traditional tools often fail to validate real risks. Agent Val, within Qualys Enterprise TruRisk Management, delivers thi...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.6 views

CVE-2026-28497

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...

9.3CVSS5.8AI score0.00467EPSS
Exploits1References1
CVE
CVE
added 2026/03/06 2:51 a.m.28 views

CVE-2026-28497

TinyWeb (Delphi, Win32) before version 2.03 contains an integer overflow in the string-to-integer conversion routine (_Val) that enables an unauthenticated remote attacker to bypass Content-Length checks and perform HTTP Request Smuggling. This affects servers using persistent connections (Keep-A...

9.3CVSS6AI score0.00467EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/02/27 6:31 p.m.6 views

EUVD-2019-19719

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...

8.8CVSS6AI score0.00315EPSS
Exploits1References4
OSV
OSV
added 2026/02/27 6:16 p.m.4 views

CVE-2019-25493

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...

7.5CVSS5.9AI score0.00315EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/27 5:23 p.m.25 views

CVE-2019-25493 Homey BNB V4 SQL Injection via getrecord.php

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...

8.8CVSS0.00315EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/27 5:23 p.m.5 views

CVE-2019-25493

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...

8.8CVSS6AI score0.00315EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 5:23 p.m.5 views

CVE-2019-25493 Homey BNB V4 SQL Injection via getrecord.php

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...

8.8CVSS6AI score0.00315EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.8 views

PT-2026-22361

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...

8.8CVSS6AI score0.00315EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.8 views

Doditsolutions Homey BNB SQL注入漏洞

Doditsolutions Homey BNB is a homestay reservation system operated by the Indian company Doditsolutions. Doditsolutions Homey BNB V4 has a SQL injection vulnerability; this vulnerability stems from the val parameter being susceptible to SQL injections, which may allow unverified attackers to...

8.8CVSS5.8AI score0.00315EPSS
Exploits1References4
EUVD
EUVD
added 2025/11/11 7:26 a.m.2 views

EUVD-2025-80084

Malicious code in waldo-wallet-val npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/11/11 7:26 a.m.2 views

MAL-2025-110650 Malicious code in waldo-wallet-val (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8397fb5436e0bf8164d9bfde11b73721649d47b5824daa265bac1944d2a44ee0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/11/11 7:26 a.m.1 views

EUVD-2025-80148

Malicious code in val-soluble-pot npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 7:26 a.m.3 views

Malicious code in waldo-wallet-val (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8397fb5436e0bf8164d9bfde11b73721649d47b5824daa265bac1944d2a44ee0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/10/07 3:19 p.m.5 views

EUVD-2025-32826

In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr I experience issues when putting a lkbsb on the stack and have sblvbptr field to a dangled pointer while not using DLMLKFVALBLK. It will crash with the following kernel message, the...

5.8AI score0.00155EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-2165

Malware in sbrugna...

7.5CVSS7.6AI score0.01536EPSS
Exploits1References2
NVD
NVD
added 2025/09/18 4:15 p.m.4 views

CVE-2022-50407

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - increase the memory of local variables Increase the buffer to prevent stack overflow by fuzz test. The maximum length of the qos configuration buffer is 256 bytes. Currently, the value of the 'val buffer' i...

5.5CVSS0.0016EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/09/18 4:3 p.m.10 views

CVE-2022-50407

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - increase the memory of local variables Increase the buffer to prevent stack overflow by fuzz test. The maximum length of the qos configuration buffer is 256 bytes. Currently, the value of the 'val buffer' i...

5.5CVSS5.5AI score0.0016EPSS
Exploits0
CVE
CVE
added 2025/09/18 4:3 p.m.32 views

CVE-2022-50407

The CVE-2022-50407 entry concerns the Linux kernel crypto: hisilicon/qm component, where the code path allocates a small local buffer for a QoS value and uses sscanf without validating destination length, enabling a stack overflow. Public documents in connected sources confirm the issue and descr...

5.5CVSS6.4AI score0.0016EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder