Lucene search
K

606 matches found

EUVD
EUVD
added 2026/03/19 8:23 p.m.8 views

EUVD-2026-13221

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function AclMain::zhAclCheck only checks for the presence of any "allow" user or group. It never checks for explicit "deny" allowed=0. As a result,...

8.6CVSS5.8AI score0.00315EPSS
Exploits1References2
CVE
CVE
added 2026/03/19 7:30 p.m.17 views

CVE-2026-32238

OpenEMR CVE-2026-32238: A command injection vulnerability in the backup functionality affects versions prior to 8.0.0.2 due to insufficient input validation. An authenticated attacker could exploit this weakness. The issue is fixed in version 8.0.0.2. Remediation: upgrade to 8.0.0.2 or apply the ...

9.1CVSS5.8AI score0.01889EPSS
Exploits3References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.5 views

PT-2026-26344

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function AclMain::zhAclCheck only checks for the presence of any "allow" user or group. It never checks for explicit "deny" allowed=0. As a result,...

8.6CVSS5.8AI score0.00315EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/16 3:30 p.m.7 views

Vanna has a SQL injection in the remove_training_data function

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

7.5CVSS5.6AI score0.00254EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.6 views

RealtyScript SQL注入漏洞

RealtyScript is a real estate website management system developed by RealtyScript Inc. Version 4.0.2 of RealtyScript has a SQL injection vulnerability. This vulnerability stems from time-based blind SQL injections, which may allow unverified attackers to extract database information by injecting...

9.8CVSS5.8AI score0.00417EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

Vanna SQL注入漏洞

Vanna is a personalized AI SQL proxy from Vanna Inc. Versions of Vanna 2.0.2 and earlier had an SQL injection vulnerability. This vulnerability stemmed from improper handling of the parameter ID in the function removetrainingdata located in the file src/vanna/legacy/google/bigqueryvector.py. An S...

7.5CVSS7.1AI score0.00254EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

Vanna SQL注入漏洞

Vanna is a personalized AI SQL proxy from Vanna Corporation. Versions of Vanna 2.0.2 and earlier had a SQL injection vulnerability. This vulnerability stemmed from improper handling of the updatesql function in the src/vanna/legacy/flask/init.py file of the component endpoint, which could lead to...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

202CMS SQL注入漏洞

202CMS is a content management system developed by konradpl99. The 202CMS v10 beta version has a SQL injection vulnerability. This vulnerability stems from the loguser parameter, which allows for SQL injections, potentially enabling unverified attackers to manipulate database queries...

8.8CVSS5.9AI score0.00415EPSS
Exploits1References3
OSV
OSV
added 2026/03/12 12:0 a.m.6 views

ALSA-2026:4455 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.125 and .NET Runtime...

7.5CVSS5.8AI score0.02818EPSS
Exploits0References4
OSV
OSV
added 2026/03/08 2:15 p.m.5 views

CVE-2026-3739

A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The...

6.3CVSS5.5AI score
Exploits0References8
OSV
OSV
added 2026/03/07 5:19 a.m.5 views

CVE-2026-30827 express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting (all IPv4 clients share one bucket on dual-stack servers)

express-rate-limit is a basic rate-limiting middleware for Express. In versions starting from 8.0.0 and prior to versions 8.0.2, 8.1.1, 8.2.2, and 8.3.0, the default keyGenerator in express-rate-limit applies IPv6 subnet masking /56 by default to all addresses that net.isIPv6 returns true for. Th...

7.5CVSS5.7AI score0.00455EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/05 6:45 a.m.35 views

CVE-2026-2743 SEPPmail User Web Interface Arbitrary File Write to RCE

Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer LFT. This issue affects SeppMail: 15.0.2.1 and before...

10CVSS0.00842EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/05 5:53 a.m.41 views

CVE-2026-24960 WordPress Charety theme < 2.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Charety charety allows Using Malicious Files.This issue affects Charety: from n/a through 2.0.2...

9.9CVSS0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/03 7:48 p.m.26 views

CVE-2025-14604 The following vulnerabilities, which may affect IBM Storage Scale when a directory has a specific ACL composition and could lead to improper execute permissions, have been remediated in Storage Scale versions 5.2.3.6 and 6.0.0.2

IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors...

6.6CVSS0.00132EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/02 7:17 p.m.12 views

EUVD-2026-9256

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0...

8.4CVSS5.8AI score0.00177EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/02/26 12:0 a.m.25 views

VulnCheck KEV: CVE-2026-1207

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on RasterField only implemented on PostGIS allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluate...

5.4CVSS5.9AI score0.09436EPSS
In wildExploits1References3
EUVD
EUVD
added 2026/02/25 11:7 p.m.7 views

EUVD-2026-8765

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service DoS vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large Content-Length header e.g.,...

8.7CVSS5.7AI score0.00436EPSS
Exploits0References3
NVD
NVD
added 2026/02/23 8:28 p.m.8 views

CVE-2025-67733

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...

8.5CVSS0.00586EPSS
Exploits0References7
CVE
CVE
added 2026/02/20 3:46 p.m.13 views

CVE-2025-53217

The CVE-2025-53217 entry concerns the WordPress plugin AIO WP Builder (staviravn all-in-one-wp-builder) with versions up to and including 2.0.2, where a Missing Authorization vulnerability allows exploitation of incorrectly configured access control. The root cause is broken access control in the...

7.6CVSS5.5AI score0.00204EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/02/19 3:49 p.m.6 views

CVE-2026-25766

Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In middleware/static.go, the requested path is unescaped and...

5.3CVSS8.5AI score0.00329EPSS
Exploits1
Rows per page
Query Builder