Lucene search
K

26 matches found

RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.5 views

CVE-2026-33737

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexmlloadstring without XXE protection. With LIBXMLNOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3...

6.5CVSS5.9AI score0.0022EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:27 p.m.6 views

CVE-2026-32120

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS6AI score0.00254EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/02/25 1:50 a.m.6 views

EUVD-2026-8583

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing...

6.5CVSS5.5AI score0.00264EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.10 views

PT-2026-21681

Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 6.0.0 Description A sensitive data exposure issue exists in Apache Superset that allows authenticated users to retrieve sensitive user information. The '/api/v1/tag' API endpoint, when enabled, improperly...

6.5CVSS5.9AI score0.004EPSS
Exploits0References10
CVE
CVE
added 2026/01/13 10:52 p.m.7 views

CVE-2022-50938

The CVE-2022-50938 entry affects CONTPAQi AdminPAQ 14.0.0, describing an unquoted service path in the AppKeyLicenseServer service running as LocalSystem. This allows an attacker who can access the service startup to inject malicious code into the service binary path, potentially gaining arbitrary...

8.5CVSS7.1AI score0.00167EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/29 11:54 p.m.12 views

CVE-2024-58040 Crypt::RandomEncryption for Perl uses insecure rand() function during encryption

Crypt::RandomEncryption for Perl version 0.01 uses insecure rand function during encryption...

0.00221EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 10:45 p.m.8 views

CVE-2022-29188

Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...

6.5CVSS6.9AI score0.00793EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:50 p.m.8 views

CVE-2021-3189

The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring...

6.1CVSS6.8AI score0.00526EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/19 12:0 a.m.3 views

VSCode-Diana 安全漏洞

VSCode-Diana is a VSCode plugin that provides basic language support for DianaScript by the individual developer Taine Zhao. A security vulnerability exists in VSCode-Diana version 0.0.1, which stems from an injection issue in the Jinja2 template handling component in the file Gen.py...

5.3CVSS5.7AI score0.00201EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.2 views

WordPress plugin Posten 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.5AI score0.00331EPSS
Exploits0References2
CVE
CVE
added 2025/03/26 11:8 a.m.63 views

CVE-2025-27552

CVE-2025-27552 affects the Perl DBIx::Class::EncodedColumn component, where the salting of password hashes uses the non-cryptographically secure rand() function in Crypt/Eksblowfish/Bcrypt.pm. The issue impacts DBIx::Class::EncodedColumn up to version 0.00032. According to the connected documents...

4CVSS7.3AI score0.0011EPSS
Exploits0References2
OSV
OSV
added 2025/03/03 1:20 p.m.3 views

MAL-2025-1746 Malicious code in business-kpi-manager-1.0.0 (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/06 2:24 a.m.8 views

CVE-2025-22612

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve any existing private keys on a coolify instance in plain text. If the server configuration of IP ...

10CVSS7.5AI score0.00597EPSS
Exploits1References1
CNVD
CNVD
added 2024/04/28 12:0 a.m.7 views

Unspecified vulnerability in Tenda W9 (CNVD-2024-23316)

Tenda W9 is a wireless in-wall access point from Tenda, China. A security vulnerability exists in Tenda W9 version 1.0.0.74456, which stems from an incorrect operation of the parameter ssidIndex that can cause a stack-based buffer overflow. No details of the vulnerability are provided at this tim...

9CVSS7AI score0.01347EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.4 views

Checkmk 输入验证错误漏洞

Checkmk is an editor. Checkmk has a security vulnerability that stems from its incorrect input validation of LDAP user ids allowing an attacker who has control over the LDAP user id to manipulate files on the server. The following versions are affected: 2.1.0p19 and earlier, 2.0.0p32 and earlier,...

8.1CVSS7.6AI score0.00921EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/02/08 12:0 a.m.6 views

PT-2022-6694 · Schneider Electric · Ecostruxure Ev Charging Expert

Name of the Vulnerable Software and Affected Versions: EcoStruxure EV Charging Expert versions prior to V4.0.0.13 Description: A vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within...

8.5CVSS7.2AI score0.00938EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/09/09 12:0 a.m.4 views

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. WordPress plugin More From Google 0.0 .2 before the version o...

6.1CVSS6.1AI score0.00895EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2021/08/25 8:53 p.m.28 views

Error on unsupported architectures in raw-cpuid

nativecpuid::cpuidcount exposes the unsafe cpuidcount intrinsic from core::arch::x86 or core::arch::x8664 as a safe function, and uses it internally, without checking the safety requirement: The CPU the program is currently running on supports the function being called. CPUID is available in most...

5.5CVSS6.1AI score0.00344EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2021/08/06 12:15 p.m.3 views

CVE-2021-38152

index.php/appointment/insertpatientaddappointment in Chikitsa Patient Management System 2.0.0 allows XSS...

5.4CVSS6AI score0.01008EPSS
Exploits4References3
OSV
OSV
added 2021/05/06 6:11 p.m.2 views

GHSA-3C6G-PVG8-GQW2 trentm/json vulnerable to command injection

This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function...

7.2CVSS7.1AI score0.03727EPSS
Exploits1References24
Rows per page
Query Builder