Lucene search
K

356 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.7 views

Unity Linux 20.1060e / 20.1070e Security Update: apache-sshd (UTSA-2026-017596)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017596 advisory. A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port...

6.5CVSS7AI score0.03394EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/08 3:25 a.m.105 views

CVE-2026-41900 OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution RCE vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has been patched in...

8.8CVSS0.0091EPSS
Exploits1References3
Patchstack
Patchstack
added 2026/05/01 9:33 a.m.7 views

WordPress Automatic Internal Links for SEO by Pagup plugin <= 2.0.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Internal Linking for SEO traffic & Ranking – Auto internal links 100% automatic versions = 2.0.0...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.9 views

cannelloni 安全漏洞

cannelloni is an Ethernet-based socketCAN tunneling tool from the individual developer Maximilian Güntner. A security vulnerability exists in cannelloni version v2.0.0, which stems from a buffer overflow in the parseCANFrame function in parser.cpp and in the decodeFrame function in decoder.cpp wh...

9.8CVSS6.4AI score0.00544EPSS
Exploits0References1
CVE
CVE
added 2026/05/01 12:0 a.m.11 views

CVE-2026-37539

CVE-2026-37539 affects cannelloni v2.0.0. A buffer overflow in CAN frame parsing (parser.cpp, function parseCANFrame) and in decoding (decoder.cpp, function decodeFrame) enables remote attackers to crash the process or potentially execute arbitrary code by crafting CAN FD frames. This vulnerabili...

9.8CVSS6.3AI score0.00544EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/28 4:28 a.m.8 views

CVE-2026-6809 Social Post Embed <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Threads Embed

The Social Post Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Threads embed handler in all versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on the user-supplied URL. This makes it possible for authenticated...

6.4CVSS5.5AI score0.00195EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/27 12:3 a.m.37 views

CVE-2026-33277

An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user...

8.8CVSS0.01213EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.7 views

CVE-2026-40303

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls makestring, count with no upper bound before any token validation occurs. The function is reached on every request t...

7.5CVSS5.8AI score0.00453EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.9 views

PT-2026-33414

Name of the Vulnerable Software and Affected Versions Unlimited Elements for Elementor versions prior to 2.0.7 Description An arbitrary file read issue exists due to insufficient path traversal sanitization in the URLtoRelative and urlToPath functions, combined with the ability to enable debug...

9.8CVSS5.8AI score0.00901EPSS
Exploits0References96
RedhatCVE
RedhatCVE
added 2026/04/16 1:22 a.m.4 views

CVE-2026-33714

Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...

7.2CVSS6AI score0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 9:29 p.m.24 views

CVE-2026-34602 Chamilo LMS: IDOR in /api/course_rel_users Allows Unauthorized Enrollment of Arbitrary Users into Courses

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/courserelusers endpoint is vulnerable to Insecure Direct Object Reference IDOR, allowing an authenticated attacker to modify the user parameter in the request body to enroll any arbitrary user into...

7.1CVSS0.00203EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:0 p.m.6 views

CVE-2026-33714

Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...

8.8CVSS6AI score0.00276EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/10 5:42 p.m.5 views

EUVD-2026-21525

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cross-Site Scripting XSS vulnerability in the exercise question list admin panel allows an attacker to execute arbitrary JavaScript in an authenticated teacher's browser. The pagination code merges all $GET parameters v...

5.4CVSS6.1AI score0.00141EPSS
Exploits0References2
CVE
CVE
added 2026/04/10 1:30 a.m.10 views

CVE-2026-5998

The CVE-2026-5998 vulnerability affects zhayujie chatgpt-on-wechat CowAgent (up to 2.0.4) in the API Memory Content Endpoint’s dispatch function (service.py). An attacker can manipulate the filename argument, enabling path traversal and remote exploitation. The issue has been publicly reported wi...

6.9CVSS5.6AI score0.00632EPSS
Exploits0References7
CVE
CVE
added 2026/04/10 12:0 a.m.9 views

CVE-2026-31262

CVE-2026-31262 is a Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) version 2.0. The entry states that a remote attacker can obtain sensitive information and execute arbitrary code via a URL parameter. Connected documents consistently describe the issue as XSS in ...

6.1CVSS6.1AI score0.00229EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/08 12:15 a.m.7 views

EUVD-2026-19820

Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization...

9.3CVSS5.9AI score0.0027EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31249

Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapid Car Check Vehicle Data: from n/a through = 2.0...

5.9AI score0.00214EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.6 views

PT-2026-30223

OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To...

7.8CVSS6.3AI score0.00727EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/31 9:18 p.m.3 views

CVE-2026-34406

APTRS Automated Penetration Testing Reporting System is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. Prior to version 2.0.1, the edituser endpoint POST /api/auth/edituser/ allows Any user who can reach that endpoint and submit...

9.4CVSS5.8AI score0.00505EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/31 9:18 p.m.24 views

CVE-2026-34406 APTRS: Privilege Escalation via Mass Assignment of is_superuser in User Edit Endpoint

APTRS Automated Penetration Testing Reporting System is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. Prior to version 2.0.1, the edituser endpoint POST /api/auth/edituser/ allows Any user who can reach that endpoint and submit...

9.4CVSS0.00505EPSS
Exploits1References3
Rows per page
Query Builder