Lucene search
K

249 matches found

OSV
OSV
added 2026/02/25 9:40 p.m.8 views

CVE-2026-27819 Vikunja has Path Traversal in CLI Restore

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the restoreConfig function in vikunja/pkg/modules/dump/restore.go of the go-vikunja/vikunja repository fails to sanitize file paths within the provided ZIP archive. A maliciously crafted ZIP can bypass the...

7.2CVSS5.8AI score0.00739EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.9 views

PT-2026-22033

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.0.0 Description The restoreConfig function in Vikunja fails to properly validate file paths within ZIP archives used for restoration. A specially crafted ZIP file can bypass directory restrictions, potentially...

9.9CVSS5.4AI score0.22162EPSS
Exploits70References137
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.5 views

CVE-2026-27181

MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...

8.7CVSS5.8AI score0.00708EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.11 views

PT-2026-20640

The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.8. This is due to a missing capability check and nonce verification on the 'ne clean data' AJAX action. This makes it possible for authenticated attackers...

5.4CVSS5.5AI score0.00211EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/18 9:10 p.m.29 views

CVE-2026-27181 MajorDoMo Unauthenticated Module Uninstall via Market Endpoint

MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...

8.7CVSS0.00708EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/18 9:10 p.m.3 views

CVE-2026-27181 MajorDoMo Unauthenticated Module Uninstall via Market Endpoint

MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...

8.7CVSS5.8AI score0.00708EPSS
Exploits1References3
CVE
CVE
added 2026/02/18 9:10 p.m.12 views

CVE-2026-27181

MajorDoMo is affected by an unauthenticated module-uninstall vulnerability via the market endpoint. The market/admin flow reads gr('mode') from $_REQUEST and sets $this->mode before authentication, making all mode-gated paths reachable through /objects/?module=market. The uninstall handler cal...

8.7CVSS5.8AI score0.00708EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 8:58 a.m.11 views

CVE-2023-45084

An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity. This issue...

7CVSS6.8AI score0.00224EPSS
Exploits0References1
OSV
OSV
added 2025/11/24 11:24 p.m.2 views

MAL-2025-191309 Malicious code in @sameepsi/sor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c938c06786ba13f7feed4114c84d12806a6c7ce595360985be178a8ae4844257 The package @sameepsi/sor was found to contain malicious code. Source: ghsa-malware d04547ce27d4c15e2f969770ddc25732ef8f72d46eb21e8dc06f11fc1dc8eea9...

6.8AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/06 12:0 a.m.2 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990423)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990423 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copytouser...

4.1CVSS6AI score0.0022EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.3 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990297)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990297 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copytouser...

4.1CVSS6AI score0.0022EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989894)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989894 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copytouser...

4.1CVSS6AI score0.0022EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/10/30 5:19 p.m.60 views

GPU-Backed-Shellcode-Execution-PoC

GPU-Backed Shellcode...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/10/23 12:0 a.m.11 views

PT-2025-43492

In rebootWipeUserData of RecoverySystem.java, there is a possible way to factory reset the device while in DSU mode due to a missing permission check. This could lead to physical denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.1AI score0.00097EPSS
Exploits0References4
NVD
NVD
added 2025/10/18 7:15 a.m.6 views

CVE-2025-11510

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /filebird/v1/fb-wipe-clear-all-data function in all versions up to, and including, 6.4.9. This makes it possible for...

4.3CVSS0.00234EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/18 6:42 a.m.3 views

CVE-2025-11510 FileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /filebird/v1/fb-wipe-clear-all-data function in all versions up to, and including, 6.4.9. This makes it possible for...

4.3CVSS4.7AI score0.00234EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/18 6:30 a.m.5 views

EUVD-2020-30802

The Async JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.19.07.14. This is due to missing authorization checks on the ajsteps AJAX aciton along with a lack on sanitization on the settings saved via the function. This makes it...

6.4CVSS4.3AI score0.00238EPSS
Exploits0References3
CNVD
CNVD
added 2025/10/13 12:0 a.m.3 views

WordPress Custom Searchable Data Entry System plugin missing privileges vulnerability

WordPress Custom Searchable Data Entry System plugin is a plugin for creating a searchable data entry system in your website that allows users to fill in information based on specific criteria and enables data matching queries. The WordPress Custom Searchable Data Entry System plugin suffers from...

9.1CVSS6.5AI score0.00307EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2010-1796

Malware in sbrugna...

4.9CVSS5.1AI score0.00948EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-0859

Malware in sbrugna...

10CVSS7.2AI score0.01271EPSS
Exploits0References3
Rows per page
Query Builder