Lucene search
K
VulnrichmentRecent

160287 matches found

Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-14705 code-projects Online Examination head.php sql injection

A vulnerability was determined in code-projects Online Examination 1.0. Affected by this issue is some unknown functionality of the file head.php. Executing a manipulation of the argument uname/password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-14700 code-projects Internship Management System Employer Login Endpoint login.php sql injection

A security vulnerability has been detected in code-projects Internship Management System 1.0. The impacted element is an unknown function of the file employer/login.php of the component Employer Login Endpoint. The manipulation of the argument email/password leads to sql injection. Remote...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-14692 SourceCodester Multi-Vendor Online Grocery Management System POST Parameter Master.php save_shop_type sql injection

A vulnerability was detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. Affected is the function saveshoptype of the file classes/Master.php of the component POST Parameter Handler. Performing a manipulation results in sql injection. The attack is possible to be...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-14570 Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

5.9AI score0.00209EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-14686 HdrHistogram Range Check DoubleHistogram.java org.HdrHistogram.DoubleHistogram.recordValue comparison

A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of the component Range Check. Performing a manipulation results in incorrect comparison. The attack i...

4.8CVSS5.5AI score0.0024EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-14658 code-projects Assessment Management marking-scheme.php sql injection

A vulnerability was detected in code-projects Assessment Management 1.0. This vulnerability affects unknown code of the file /lecturer/marking-scheme.php. The manipulation of the argument smarksrange results in sql injection. It is possible to launch the attack remotely. The exploit is now public...

6.5CVSS6.5AI score0.00319EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2024-1248 Role Overwriting via Silent JIT Provisioning in Multiple WSO2 Products Enables Privilege Escalation

The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...

4.8CVSS5.9AI score0.00205EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-14652 SourceCodester Simple and Nice Shopping Cart Script Admin Login login.php sql injection

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit ha...

7.5CVSS6.8AI score0.00412EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-14642 SourceCodester Class and Exam Timetabling System edit_class2.php sql injection

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /editclass2.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit is...

7.5CVSS6.9AI score0.00412EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-12740 Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

5.9AI score0.00131EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-12746 Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authenticationurl method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting...

0.00151EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-14636 kirilkirkov Ecommerce-CodeIgniter-Bootstrap Vendor Image Manager AddProduct.php do_upload_others_images path traversal

A weakness has been identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 23105f25dadf57b4314fc015a63a7c6e910c89df. Impacted is the function douploadothersimages of the file application/modules/vendor/controllers/AddProduct.php of the component Vendor Image Manager. Executing a...

5.5CVSS0.00323EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-14534 Fickling check_safety() bypass via unlisted standard library modules (_posixsubprocess, site, atexit)

Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...

8.8CVSS0.00328EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-14629 RT-Thread Parameter lwp_syscall.c sys_ioctl divide by zero

A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sysioctl of the file components/lwp/lwpsyscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may...

5.3CVSS0.00309EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2025-13475 Cross-Tenant Access via Application Consent Mismanagement in Multiple WSO2 Products Allows Unauthorized Data Exposure

In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants,...

3.5CVSS5.9AI score0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-12196 HestiaCP Admin Takeover

HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover of administrator users in the application and the underlyi...

8.3CVSS6AI score0.00256EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-14623 omec-project amf NGAP Message RRCInactiveTransitionReport denial of service

A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclos...

5.3CVSS0.00522EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2025-71380 n8n - Arbitrary Command Execution via Execute Command Node

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or...

8.8CVSS6.2AI score0.00413EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2025-71367 picklescan - Remote Code Execution via _operator.attrgetter Detection Bypass

picklescan before 0.0.34 fails to detect operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using operator.attrgetter in reduce methods to execute arbitrary code when pickle.load processes the file...

8.1CVSS0.00445EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2025-71366 picklescan - Arbitrary Code Execution via torch.utils.bottleneck.__main__.run_cprofile

picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.main.runcprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2025-71356 picklescan - Arbitrary Code Execution via torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression

picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolicshapes.ShapeEnv.evaluateguardsexpression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when loaded by victims...

8.1CVSS0.003EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2025-71353 picklescan - Remote Code Execution via torch._dynamo.guards.GuardBuilder.get

picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch.dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-14611 DeepMyst Mysti Per-Project Auto-Memory MemoryManager.ts initProjectMemory exposure of resource

A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attac...

5.3CVSS0.00253EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-14355 ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-58426 Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write...

9.6CVSS0.00177EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-58424 Permanent Fork PR Workflow Approval Gate Bypass

Permanent Fork PR Workflow Approval Gate Bypass...

8.9CVSS0.00201EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 3 days ago2 views

CVE-2026-58294 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

...

7.5CVSS5.9AI score0.00348EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-58292 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

...

7.5CVSS5.9AI score0.00285EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-58289 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

...

9CVSS5.9AI score0.0053EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-58288 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

...

8.3CVSS5.9AI score0.00448EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago2 views

CVE-2026-58285 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

...

8.3CVSS5.9AI score0.00448EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-58276 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

...

7.5CVSS5.9AI score0.00438EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago2 views

CVE-2026-58284 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

...

8.3CVSS5.9AI score0.00414EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-57991 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

...

7.4CVSS5.9AI score0.00762EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-57986 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

...

7.5CVSS5.9AI score0.00438EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-57981 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

...

8.8CVSS5.9AI score0.00568EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago2 views

CVE-2026-58522 Microsoft Edge for Android Information Disclosure Vulnerability

...

6.8CVSS5.9AI score0.0029EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-57992 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

...

7.5CVSS5.9AI score0.00438EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-57988 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

...

7.1CVSS5.9AI score0.00543EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-57985 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

...

7.6CVSS5.9AI score0.00419EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-57984 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

...

7.5CVSS5.9AI score0.00438EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-57983 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

...

8.7CVSS5.9AI score0.00464EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-57975 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

...

7.5CVSS5.9AI score0.00438EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-55945 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

...

4.2CVSS5.9AI score0.00148EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-46466

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with...

2.7CVSS0.00109EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-44268

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A hi...

4.4CVSS0.00104EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-10054

In affected versions of Eclipse Theia 1.8.1 and later, the browser backend exposes privileged terminal RPC over WebSocket /services/shell-terminal, /services/terminals/:id without service-level authentication. WebSocket origin validation in @theia/core is fail-open: connections are accepted when...

8.8CVSS0.00159EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-5137 RTMKit <= 2.0.7 - Authenticated (Contributor+) Limited Local File Inclusion via 'template' Parameter

The RTMKit rometheme-for-elementor plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7 This is due to insufficient path validation on the 'template' parameter in the rendertemplates AJAX endpoint, which is used directly in a require/include statement...

4.3CVSS0.00266EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-11398 LatePoint <= 5.6.1 - Missing Authorization to Unauthenticated Arbitrary Customer Data Modification via process_step_customer() Booking Form Customer Step

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS6AI score0.00338EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-14544 Hplip: incomplete fix for cve-2026-8631

A flaw was found in HPLIP HP Linux Imaging and Printing Software. This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling...

9.8CVSS0.00511EPSS
Exploits0References2
Total number of security vulnerabilities160287