Lucene search
K

46 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/10 6:32 p.m.6 views

CVE-2026-50639

Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions such as dogstatsd allow mutiple metrics, separated by newlines, to be sent per packet. Metrics::Any::Adapter::SignalFx which extends...

9.1CVSS5.8AI score0.00343EPSS
Exploits0References5
NVD
NVD
added 2026/05/25 11:16 p.m.18 views

CVE-2026-32389

Missing Authorization vulnerability in Linethemes NanoCare allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects NanoCare: from n/a before 1.2.2...

5.4CVSS0.00223EPSS
Exploits0References1
PyPA
PyPA
added 2026/05/11 6:16 p.m.30 views

PYSEC-2026-128

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .. after replacement partial removal, leaving .. which can be exploited when the path is later resolve...

6.5CVSS5.8AI score0.00342EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/05/04 4:47 p.m.9 views

EUVD-2026-27007

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download fetch command allows attackers to write files to arbitrary locations on the filesystem. The --out= flag accepts user-provided paths without validation, enabli...

8.1CVSS5.9AI score0.00567EPSS
Exploits0References2
CVE
CVE
added 2026/04/29 1:2 p.m.13 views

CVE-2026-5140

CVE-2026-5140 is a CRLF injection vulnerability in Pardus (TUBITAK BILGEM Software Technologies Research Institute). Affected: Pardus

8.8CVSS5.8AI score0.00481EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.11 views

MCP Server with OpenAI, Git, Filesystem, and Prometheus Integration 注入漏洞

MCP Server with OpenAI, Git, Filesystem, and Prometheus Integration is an integrated model control plane server developed by DVladimirov, which integrates OpenAI, Git, a file system, and Prometheus. Versions of MCP Server with OpenAI, Git, Filesystem, and Prometheus Integration prior to 0.1.0 hav...

7.5CVSS7.2AI score0.01338EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/04/09 11:26 p.m.4 views

SUSE CVE-2026-33753

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...

7.5CVSS5.8AI score0.00188EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/08 5:53 p.m.10 views

CVE-2026-30817 Arbitrary File Reading Vulnerability in dnsmasq Module in TP-Link AX53

An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device,...

6.8CVSS6AI score0.00276EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/07 7:49 p.m.2 views

CVE-2026-39380

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Stock Locations configuration feature. The application fails to properly sanitize user input supplied throug...

5.4CVSS6AI score0.00162EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.11 views

PT-2026-30027

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report...

7.3CVSS5.9AI score0.00538EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/09 10:54 p.m.2 views

CVE-2026-30919 facileManager Affected by Stored Cross-Site Scripting (XSS)

facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , stored XSS also known as persistent or second-order XSS occurs when an application receives data from an untrusted source and includes that data in its subsequent HTTP responses in an unsafe manner. Thi...

7.6CVSS5.8AI score0.00187EPSS
Exploits1References1
NVD
NVD
added 2026/03/02 8:16 p.m.6 views

CVE-2026-25884

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8...

8.1CVSS0.00307EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/06 5:52 p.m.7 views

CVE-2026-25722 Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection

Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protecti...

7.7CVSS5.4AI score0.00357EPSS
Exploits0References1
OSV
OSV
added 2026/02/02 8:43 p.m.4 views

CVE-2026-23515 RCE - Command Injection in Signal K set-system-time plugin

Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated...

9.9CVSS5.9AI score0.04163EPSS
Exploits1References4
CVE
CVE
added 2026/01/27 8:56 a.m.13 views

CVE-2026-24820

CVE-2026-24820 is described across multiple sources as an Out-of-bounds Read vulnerability in turanszkij WickedEngine, specifically linked to WickedEngine/LUA modules and a code segment in ldebug.C. Affected software is WickedEngine prior to version 0.71.705. The connected documents do not provid...

5.1CVSS5.9AI score0.00123EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/27 12:43 a.m.2 views

CVE-2026-24479

HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problemimportqduoj.php and problemimporthoj.php modules fail to properly sanitize filenames within uploaded ZIP archives. Attackers can craft a malicious ZIP file...

9.8CVSS6AI score0.07895EPSS
Exploits4References4Affected Software1
Cvelist
Cvelist
added 2026/01/19 8:37 p.m.20 views

CVE-2026-23849 File Browser vulnerable to Username Enumeration via Timing Attack in /api/login

File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the JSONAuth. Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuri...

5.3CVSS0.00417EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/16 7:47 p.m.5 views

CVE-2026-23729 WeGIA has an Open Redirect Vulnerability in control.php Endpoint via nextPage Parameter (metodo=listarDescricao, nomeClasse=ProdutoControle)

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarDescricao and...

4.8CVSS6.4AI score0.00212EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/16 7:41 p.m.5 views

CVE-2026-23727 WeGIA has an Open Redirect Vulnerability in control.php Endpoint via nextPage Parameter (metodo=listarTodos, nomeClasse=TipoSaidaControle)

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=TipoSaidaControl...

4.8CVSS6.4AI score0.0018EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/05 12:0 a.m.4 views

Amazon Linux 2 : python-urllib3, --advisory ALAS2-2025-3110 (ALAS-2025-3110)

The version of python-urllib3 installed on the remote host is prior to 1.25.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3110 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number...

8.9CVSS7.5AI score0.00633EPSS
Exploits0References6
Rows per page
Query Builder