Lucene search
K

2772 matches found

Positive Technologies
Positive Technologies
β€’added 2025/06/20 12:0 a.m.β€’7 views

PT-2025-26257 Β· Code Projects Β· Code-Projects Hospital Management System

Name of the Vulnerable Software and Affected Versions: code-projects Hostel Management System version 1.0 Description: A critical issue affects the processing of the file /contact manager.php, where the manipulation of the student roll no argument leads to SQL injection. The attack can be initiat...

9.8CVSS7.6AI score0.00415EPSS
Exploits1References12
Positive Technologies
Positive Technologies
β€’added 2025/06/20 12:0 a.m.β€’3 views

PT-2025-26302 Β· Unknown Β· Phpgurukul Directory Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Directory Management System version 2.0 Description: A critical issue has been found in the PHPGurukul Directory Management System, affecting some unknown functionality of the file /admin/manage-directory.php. The manipulation of t...

8.8CVSS6.9AI score0.00318EPSS
Exploits1References9
RedhatCVE
RedhatCVE
β€’added 2025/06/19 7:38 p.m.β€’6 views

CVE-2022-49970

In the Linux kernel, the following vulnerability has been resolved: bpf, cgroup: Fix kernel BUG in purgeeffectiveprogs Syzkaller reported a triggered kernel BUG as follows: ------------ cut here ------------ kernel BUG at kernel/bpf/cgroup.c:925! invalid opcode: 0000 1 PREEMPT SMP NOPTI CPU: 1...

4.7CVSS7.2AI score0.00228EPSS
Exploits0References4
NVD
NVD
β€’added 2025/06/19 3:15 p.m.β€’5 views

CVE-2025-48886

Hydra is a layer-two scalability solution for Cardano. Prior to version 0.22.0, the process assumes L1 event finality and does not consider failed transactions. Currently, Cardano L1 is monitored for certain events which are necessary for state progression. At the moment, Hydra considers those...

4.8CVSS0.00246EPSS
Exploits0References3
Vulnrichment
Vulnrichment
β€’added 2025/06/19 3:40 a.m.β€’3 views

CVE-2025-52474 WeGIA SQL Injection Vulnerability in id Parameter on control.php Endpoint

WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, a SQL Injection vulnerability was identified in the id parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as...

8.3CVSS7.6AI score0.00408EPSS
Exploits1References2
Vulnrichment
Vulnrichment
β€’added 2025/06/19 3:34 a.m.β€’5 views

CVE-2025-50201 WeGIA OS Command Injection in debug_info.php parameter 'branch'

WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection vulnerability was identified in the /html/configuracao/debuginfo.php endpoint. The branch parameter is not properly sanitized before being concatenated and executed in a shell command on the server...

9.8CVSS10AI score0.04884EPSS
Exploits1References2
Cvelist
Cvelist
β€’added 2025/06/19 2:50 a.m.β€’17 views

CVE-2025-52467 pgai secrets exfiltration via `pull_request_target`

pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In particular, the GITHUBTOKEN with write permissio...

9.1CVSS0.00339EPSS
Exploits0References3
OSV
OSV
β€’added 2025/06/19 2:50 a.m.β€’4 views

CVE-2025-52467 pgai secrets exfiltration via `pull_request_target`

pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In particular, the GITHUBTOKEN with write permissio...

9.1CVSS7.3AI score0.00339EPSS
Exploits0References5
OSV
OSV
β€’added 2025/06/19 2:20 a.m.β€’7 views

CVE-2025-50183 OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer

OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in tags may be interpreted and executed as HTML in certain modes. Th...

6.5CVSS5.9AI score0.00277EPSS
Exploits0References4
NVD
NVD
β€’added 2025/06/19 1:15 a.m.β€’6 views

CVE-2025-50181

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attemptin...

6.1CVSS0.004EPSS
Exploits1References3
Wordfence Blog
Wordfence Blog
β€’added 2025/06/18 9:1 p.m.β€’9 views

100,000 WordPress Sites Affected by Privilege Escalation via MCP in AI Engine WordPress Plugin

🌞Spring Into Summer Challenge: Critical Threats = Critical Rewards. 🌞 πŸ”₯ Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our β€˜High Threat’ list in software with fewer than 5 million active installs. Submit bold. Earn big! πŸ”₯ On May 21st, 2025, our Wordfence Thre...

8.8CVSS7.7AI score0.00603EPSS
Exploits0
CVE
CVE
β€’added 2025/06/18 11:3 a.m.β€’81 views

CVE-2022-50185

In CVE-2022-50185, the Linux kernel drm/radeon path ni_set_mc_special_registers() is vulnerable to a potential buffer overflow. The last case label could write mc_reg_address[j] and mc_data[j] when j equals SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE due to missing bounds checks after the last j++. The f...

7.8CVSS7AI score0.00232EPSS
Exploits0References8Affected Software1
CVE
CVE
β€’added 2025/06/18 11:1 a.m.β€’112 views

CVE-2022-50020

CVE-2022-50020 affects the Linux kernel ext4 filesystem: the patch prevents online resizing to an unaligned/partial cluster boundary. The issue could cause the last resize iteration to grow the filesystem by a negative amount, tripping a BUG_ON and leaving the in-memory superblock corrupted. Conn...

5.5CVSS6.3AI score0.00157EPSS
Exploits0References6Affected Software1
NVD
NVD
β€’added 2025/06/18 10:15 a.m.β€’5 views

CVE-2025-38054

In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Limit signal/freq counts in summary output functions The debugfs summary output could access uninitialized elements in the freqin and signalout arrays, causing NULL pointer dereferences and triggering a kernel Oops...

5.5CVSS0.00154EPSS
Exploits0References3
CVE
CVE
β€’added 2025/06/18 9:33 a.m.β€’51 views

CVE-2025-38054

The CVE-2025-38054 issue affects the Linux kernel PTP clock framework (ocp) in debugfs summary output. It could dereference NULL or access out-of-bounds elements in freq_in[] and signal_out[] due to uninitialized elements. The fix adds per-array counters (nr_freq_in, nr_signal_out) with a maximum...

5.5CVSS6.3AI score0.00154EPSS
Exploits0References3Affected Software1
CVE
CVE
β€’added 2025/06/18 9:28 a.m.β€’93 views

CVE-2025-38022

The CVE-2025-38022 issue resides in the Linux kernel RDMA/core where KASAN reports a slab-use-after-free Read in ib_register_device. Root cause: ib_device_rename() renames the device name under a lock while kobject_uevent() accesses the name without lock protection, leading to a race. The fix is ...

7.8CVSS6.5AI score0.00161EPSS
Exploits0References7Affected Software1
OSV
OSV
β€’added 2025/06/17 6:15 a.m.β€’5 views

CVE-2025-6166

A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function imageget of the file /python/api/imageget.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to address this issue. The...

5.1CVSS7.2AI score
Exploits0References7
Vulnrichment
Vulnrichment
β€’added 2025/06/17 2:21 a.m.β€’3 views

CVE-2025-49823 Conda Constructor Command Injection via Unsanitized User Input (Low)

conda Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix userprefix using an eval statement, which executes unsanitized user input as shell code. Although the script runs...

4.2AI score0.00141EPSS
Exploits0References2
Cvelist
Cvelist
β€’added 2025/06/16 10:17 p.m.β€’15 views

CVE-2025-48992 Group-Office vulnerable to blind XSS

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting XSS vulnerability exists in the Name Field of the user profile. A malicious attacker can change their name to a javascript payload, whi...

6.3CVSS0.00224EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
β€’added 2025/06/16 6:51 p.m.β€’16 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition due to Node.js module snowflake ( CVE-2025-46328 )

Summary IBM App Connect Enterprise Discovery Connectors is vulnerable to Time-of-check Time-of-use TOCTOU Race Condition due to Node.js module snowflake Vulnerability Details CVEID:CVE-2025-46328 DESCRIPTION: snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10...

7CVSS6.7AI score0.00141EPSS
Exploits0Affected Software1
Rows per page
Query Builder