Lucene search
K

997 matches found

EUVD
EUVD
added 2026/05/08 9:38 p.m.12 views

EUVD-2026-28840

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor files is resolved by GpplDocumentLinkHandler into a clickable link VS Code textDocument/documentLin...

5.1CVSS5.9AI score0.00454EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 9:38 p.m.31 views

CVE-2026-42213 SolidCAM-GPPL-IDE: Path traversal in `inc` directive enables file probing and NTLM-hash leak

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor files is resolved by GpplDocumentLinkHandler into a clickable link VS Code textDocument/documentLin...

5.1CVSS0.00454EPSS
Exploits0References3
CVE
CVE
added 2026/05/08 9:38 p.m.15 views

CVE-2026-42213

SolidCAM-GPPL-IDE (unofficial GPPL Postprocessor IDE) contains a vulnerability in the inc "filename" directive handling. GpplDocumentLinkHandler resolves the directive into clickable links and probes arbitrary paths (absolute, relative with .., UNC paths, etc.) using File.Exists to decide renderi...

5.1CVSS5.9AI score0.00454EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/08 9:35 p.m.16 views

EUVD-2026-28839

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/08 9:35 p.m.10 views

CVE-2026-42212 SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-laughs DoS in VMID parser

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/08 9:35 p.m.9 views

CVE-2026-42212

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCve
added 2026/05/08 8:16 a.m.9 views

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/08 7:13 a.m.54 views

CVE-2026-44927

In uriparser before 1.0.2, there is pointer difference truncation to int in various places...

2.9CVSS0.00211EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-44927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In uriparser before 1.0.2, there is pointer difference truncation to int in various places. CVE-2026-44927 Note that Nessus relies on the presence of the packag...

5.3CVSS5.4AI score0.00211EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/06 9:31 p.m.10 views

Malicious code in b2bneo-rest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81aa2ce0b474a6829ca4aa8dca5776be81b750b88d093c610de24760671b8fb6 The package b2bneo-rest was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.9 views

CVE-2026-7600

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...

6.5CVSS6.3AI score0.0111EPSS
Exploits0References1
CVE
CVE
added 2026/05/02 12:15 a.m.23 views

CVE-2026-7600

ArtMin96 yii2-mcp-server 1.0.2 is affected. The vulnerability resides in the MCP Interface’s src/index.ts, specifically the yii_command_help/yii_execute_command functions, enabling remote os command injection. Attack requires no authentication and can be exploited remotely; an exploit has been pu...

6.5CVSS6.3AI score0.0111EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

Yii2 MCP Server 命令注入漏洞

Yii2 MCP Server is a database and project management tool developed by Arthur Minasyan for the Yii2 framework. Version 1.0.2 of Yii2 MCP Server contains a command injection vulnerability. This vulnerability stems from improper handling of the yiicommandhelp/yiiexecutecommand function in the MCP...

6.5CVSS6.6AI score0.0111EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/29 2:18 p.m.3 views

CVE-2026-5141

Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process. This issue affects Pardus Software Center: from 1.0.2 before 1.0.3...

8.8CVSS5.2AI score0.00228EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/29 2:18 p.m.11 views

CVE-2026-5141

CVE-2026-5141 affects Pardus Software Center (before 1.0.3). The issue is due to improper privilege management and access control, enabling hijacking of a privileged process. The connected sources confirm the affected product and version range, but do not provide a remediation or patch details. N...

8.8CVSS5.2AI score0.00228EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.8 views

Vmware Spring gRPC 安全漏洞

Vmware Spring gRPC is an extension component for Spring application development developed by Vmware, a company in the United States. Versions 1.0.0 to 1.0.2 of Vmware Spring gRPC contain security vulnerabilities. These vulnerabilities arise when authenticated users are denied access to gRPC...

8.8CVSS5.8AI score0.00171EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/26 1:19 p.m.8 views

EUVD-2018-21817

Wansview 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can inject 2000-byte payloads into the Camera name and DID number fields during camera addition to trigger application crashes...

6.9CVSS5.7AI score0.00118EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.10 views

Faleemi Plus 安全漏洞

Faleemi Plus is a network video monitoring device designed for households and small venues by the American company Faleemi. Version 1.0.2 of Faleemi Plus contains a security vulnerability. This vulnerability stems from a buffer overflow issue when entering excessively long strings, which may allo...

6.9CVSS6.1AI score0.00136EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/22 1:11 p.m.3 views

CVE-2026-41651 PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use TOCTOU race condition on transaction flags that...

8.8CVSS6AI score0.0046EPSS
Exploits10References5
EUVD
EUVD
added 2026/04/22 9:31 a.m.6 views

EUVD-2026-24694

The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slideShowProSC shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.9AI score0.00227EPSS
Exploits0References4
Rows per page
Query Builder