Lucene search
K

415 matches found

Nuclei
Nuclei
added yesterday65 views

ZimaOS <= v1.2.4 - Sensitive Information Disclosure

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as http:///v1/users/image?path=/var/lib/casaos/1/apporder.json and http:///v1/users/image?path=/var/lib/casaos/1/system.json,...

7.5CVSS6.1AI score0.20599EPSS
Exploits1References3
NVD
NVD
added 2026/07/02 12:17 p.m.6 views

CVE-2026-57752

Contributor SQL Injection in iNET Webkit 1.2.4 versions...

8.5CVSS0.0029EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.22 views

CVE-2026-57752

The CVE-2026-57752 entry covers a Contributor SQL Injection in the WordPress iNET Webkit plugin version 1.2.4. The vulnerability is described without attack details; CVSS 3.1 base score 8.5 (Network attack, Low complexity, Privileges Required: Low, User Interaction: None, Confidentiality Impact: ...

8.5CVSS5.8AI score0.0029EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.38 views

CVE-2026-57752 WordPress iNET Webkit plugin 1.2.4 - SQL Injection vulnerability

Contributor SQL Injection in iNET Webkit 1.2.4 versions...

8.5CVSS0.0029EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 11:15 a.m.8 views

EUVD-2026-41308

Contributor SQL Injection in iNET Webkit 1.2.4 versions...

8.5CVSS5.8AI score0.0029EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.18 views

PT-2026-55040

Name of the Vulnerable Software and Affected Versions iNET Webkit version 1.2.4 Description A SQL Injection issue exists that allows users with Contributor privileges to execute arbitrary SQL commands on the database. Recommendations At the moment, there is no information about a newer version th...

8.5CVSS6.3AI score0.0029EPSS
Exploits0References5
OSV
OSV
added 2026/06/10 9:55 p.m.2 views

CVE-2026-42305 Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows

Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...

8.8CVSS6.7AI score0.00635EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/10 9:47 p.m.9 views

CVE-2026-42563 Dulwich Vulnerable to Command Injection via Merge Driver Path

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

7.7CVSS5.8AI score0.00555EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 2:31 p.m.12 views

EUVD-2026-36050

A missing authentication check on the Aix‑DB "/llm/processllmout" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

7.1CVSS6AI score0.00195EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 8:2 p.m.24 views

Inefficient CPU Computation

Overview Nerdbank.MessagePack is an A modern, fast and NativeAOT-compatible MessagePack serialization library Affected versions of this package are vulnerable to Inefficient CPU Computation in the WithExpandoObjectConverter. An attacker can cause excessive CPU consumption by deserializing special...

6.9CVSS5.8AI score
Exploits0References2
Patchstack
Patchstack
added 2026/05/27 9:14 a.m.13 views

WordPress NS Product icon badge plugin <= 1.2.4 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin NS Product icon badge versions = 1.2.4...

6.1CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/27 7:16 a.m.20 views

CVE-2026-8707

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS0.00211EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.15 views

CVE-2026-8707

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6AI score0.00211EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.36 views

CVE-2026-8707 NS Product icon badge <= 1.2.4 - Reflected Cross-Site Scripting via PHP_SELF

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS0.00211EPSS
Exploits0References5
CVE
CVE
added 2026/05/27 5:31 a.m.25 views

CVE-2026-8707

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF in all versions up to 1.2.4 due to insufficient input sanitization and output escaping. Affected: WordPress plugin NS Product icon badge; vulnerable component: code handling user input/outp...

6.1CVSS6AI score0.00211EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.12 views

CVE-2026-8707 NS Product icon badge <= 1.2.4 - Reflected Cross-Site Scripting via PHP_SELF

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS6AI score0.00211EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/26 8:59 p.m.18 views

CVE-2026-47672

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g.,...

6.5CVSS5.9AI score0.00162EPSS
Exploits0References3Affected Software1
CBLMariner
CBLMariner
added 2026/05/06 12:10 a.m.12 views

CVE-2026-41205 affecting package python-mako for versions less than 1.2.4-3

CVE-2026-41205 affecting package python-mako for versions less than 1.2.4-3. A patched version of the package is available...

8.7CVSS5.8AI score0.00361EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/11 1:21 a.m.5 views

CVE-2026-5802

A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of the component HTTP Interface. Such manipulation of the argument jarFilePath leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might...

7.5CVSS6.8AI score0.01651EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 8:16 p.m.10 views

CVE-2026-5802

A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of the component HTTP Interface. Such manipulation of the argument jarFilePath leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might...

7.5CVSS0.01651EPSS
Exploits0References6
Rows per page
Query Builder