diff --git a/fingerprint/fingerprint_rules.yaml b/fingerprint/fingerprint_rules.yaml index cc4a062..77ff756 100644 --- a/fingerprint/fingerprint_rules.yaml +++ b/fingerprint/fingerprint_rules.yaml @@ -1530,2297 +1530,2230 @@ - '@tarekraafat/autocomplete\.js@([\d\.]+)/' - version:\\1 generated_by: temu-rules-upstream -- name: xxl-job +- name: dotclear category: Other confidence: 0.55 body: - - 分布式任务调度平台xxl\-job + - powered\ by\ generated_by: temu-rules-upstream -- name: cyberpanel +- name: basic_pdu_firmware category: Other confidence: 0.55 body: - - cyberpanel + - powertek generated_by: temu-rules-upstream -- name: hospital_management_system +- name: sugarcrm category: Other confidence: 0.55 body: - - hospital\ management\ system + - support + - - - + - /citrix/storeweb generated_by: temu-rules-upstream -- name: oracle-siebel-crm +- name: retail_xstore_office category: Other confidence: 0.55 body: - - onload="gotourl\('start\.swe\?swecmd=start'\) - - ot='siebwebmainwindow'> - - scripting\ is\ used\ to\ manage\ data\ interactions\ between\ the\ siebel\ server/web\ - server + - xstoremgwt generated_by: temu-rules-upstream -- name: hanwei-integrated-business-platform +- name: iplanet_web_server category: Other confidence: 0.55 body: - - id="loginpwdcontiner" - - window\.location\.href="/源头数据资源管理/default/default\.aspx" - - content="microsoft\ visual\ studio\ \.net\ 7\.1" - - directlink\ =\ "programstartup\.application" + - oracle\-iplanet\-web\-server generated_by: temu-rules-upstream -- name: jiaozhichu-online-test-system +- name: fusion_middleware category: Other confidence: 0.55 body: - - content="jiaozhichu - - href="/ksxt/h5/images/jiaozhichu\.ico + - weblogic\ application\ server generated_by: temu-rules-upstream -- name: runda-supervisory-platform +- name: access_manager category: Other confidence: 0.55 body: - - class="log_rbox" + - /oam/pages/css/login_page\.css generated_by: temu-rules-upstream -- name: geotrust-cert +- name: microweber category: Other confidence: 0.55 body: - - //smarticon\.geotrust\.com/si\.js + - microweber generated_by: temu-rules-upstream -- name: phpwiki +- name: yearning category: Other confidence: 0.55 body: - - powered\ by\ phpwiki + - id=subnet generated_by: temu-rules-upstream -- name: thinkphp-yfcmf +- name: rpcms category: Other confidence: 0.55 body: - - /public/others/maxlength\.js - - yfcmf - - /yfcmf/yfcmf\.js + - rpcms generated_by: temu-rules-upstream -- name: ecology-oa +- name: jux_real_estate category: Other confidence: 0.55 body: - - /theme/ecology8/jquery/js/zdialog_wev8\.js - - /wui/common/css/w7ovfont\.css - - client/jquery\.client_wev8\.js - - ecology8/lang/weaver_lang_7_wev8\.js + - joomlaux generated_by: temu-rules-upstream -- name: phonix-pacs +- name: starlette category: Other confidence: 0.55 body: - - + - starlette generated_by: temu-rules-upstream -- name: powerweb +- name: wp_go_maps category: Other confidence: 0.55 body: - - server:\ powerweb + - /wp\-content/plugins/duplicator generated_by: temu-rules-upstream -- name: hcl-sametime +- name: changedetection category: Other confidence: 0.55 body: - - href="/chat/sametime192x192\.png + - change\ detection generated_by: temu-rules-upstream -- name: opendocman +- name: enterprise,proton category: Other confidence: 0.55 body: - - target="_new">opendocman - - welcome\ to\ opendocman + - optergy generated_by: temu-rules-upstream -- name: smartcds +- name: traefik category: Other confidence: 0.55 body: - - server:\ smartcds + - content\-security\-policy:\ \*\.traefik\.io; generated_by: temu-rules-upstream -- name: goaccess-log +- name: websvn category: Other confidence: 0.55 body: - - by\ goaccess + - websvn + - subversion generated_by: temu-rules-upstream -- name: scientific-research-instrument-network-service-platform +- name: wp-automatic category: Other confidence: 0.55 body: - - content:\ "/lfsms/user/login2\?go="\ \+\ go + - wp\-content/plugins/wp\-automatic/ generated_by: temu-rules-upstream -- name: barracuda-ssl-vpn +- name: jupyterhub category: Other confidence: 0.55 body: - - barracuda\ ssl\ vpn + - jupyterhub generated_by: temu-rules-upstream -- name: siteserver +- name: jupyterlab category: Other confidence: 0.55 body: - - http://www\.siteserver\.cn - - powered\ by - - siteserver - - t_系统首页模板 + - jupyterlab generated_by: temu-rules-upstream -- name: posterous +- name: notebook category: Other confidence: 0.55 body: - - class="posterous_site_data - - content="posterous + - + - + - jupyter\ notebook generated_by: temu-rules-upstream -- name: sinosoft-technology-e-government-system +- name: aurall_rec_monitor category: Other confidence: 0.55 body: - - app_themes/1/style\.css - - homepages/content_page\.aspx - - window\.location\ =\ "homepages/index\.aspx + - aurall generated_by: temu-rules-upstream -- name: nextcloud-product +- name: learnpress category: Other confidence: 0.55 body: - - nextcloud\ –\ 给您所有数据一个安全的家 + - /wp\-content/plugins/learnpress generated_by: temu-rules-upstream -- name: shwatermeter-system +- name: wftpserver category: Other confidence: 0.55 body: - - 关于正则表达式的内容在本书的第10章中有较详细的讨论 + - server:\ wing\ ftp\ server generated_by: temu-rules-upstream -- name: powermta +- name: git category: Other confidence: 0.55 body: - - access\ denied\.\ \ please\ consult\ the\ http\-access\ directive\ - in\ the\ user's\ guide\ for\ more\ information\. + - x\-jenkins generated_by: temu-rules-upstream -- name: tableau +- name: jenkins category: Other confidence: 0.55 body: - - src="/javascripts/api/tableau\- + - 'x\-jenkins\-session:' + - 'x\-jenkins:' + - jenkins\-agent\-protocols generated_by: temu-rules-upstream -- name: micro-focus-open-enterprise-server +- name: solarview_compact_firmware category: Other confidence: 0.55 body: - -

micro\ focus\ open\ enterprise\ server\ 提供市场中的最佳网络、文件和打印服务。

+ - \ title="top + - solarview\ compact + - 'solarview\ compact"\ ' generated_by: temu-rules-upstream -- name: eyou-email-system +- name: solarview_compact category: Other confidence: 0.55 body: - - eyoumail - - eyouws - - /tpl/login/user/images/dbg\.png - - content="亿邮电子邮件系统 + - solarview\ compact generated_by: temu-rules-upstream -- name: waterssslvpn +- name: sv-cpt-mc310_firmware category: Other confidence: 0.55 body: - - welcome\.cgi\?p=logo\&signinid=url_default + - solarview\ compact generated_by: temu-rules-upstream -- name: ibm-lotus +- name: xfilesharing category: Other confidence: 0.55 body: - - domcfg\.nsf - - login\.nsf - - esoaisapp/login\.jsp - - main\.nsf + - /\?op=registration"\ "openssl generated_by: temu-rules-upstream -- name: axis2-web +- name: arcane category: Other confidence: 0.55 body: - - axis2\-web/css/axis\-style\.css + - arcane generated_by: temu-rules-upstream -- name: tencent-exmail +- name: b2evolution category: Other confidence: 0.55 body: - - /cgi\-bin/getinvestigate\?flowid= - - content="登录腾讯企业邮箱 + - /powered\-by\-b2evolution\-150t\.gif + - content="b2evolution + - powered\ by\ b2evolution generated_by: temu-rules-upstream -- name: 天清汉马vpn +- name: fortiportal category: Other confidence: 0.55 body: - - /vpn/common/js/leadsec\.js - - /vpn/user/common/custom/auth_home\.css + - fortiportal generated_by: temu-rules-upstream -- name: power-cpms +- name: fortinet-fortimail category: Other confidence: 0.55 body: - - post\("/ssosaml/saml2signonhandler\.ashx"\) + - + - location="/m/webmail/"; generated_by: temu-rules-upstream -- name: sco-openserver +- name: fortios category: Other confidence: 0.55 body: - - gif/rlogo1\.gif - - sco\ corporate\ web\ site + - /remote/login"\ "xxxxxxxx generated_by: temu-rules-upstream -- name: ibm-cognos +- name: fortiwlm category: Other confidence: 0.55 body: - - /cgi\-bin/cognos\.cgi - - cognos\ \&\#26159;\ international\ business\ machines\ corp + - fortiwlm generated_by: temu-rules-upstream -- name: topper-nms +- name: fortinet-fortigate category: Other confidence: 0.55 body: - - mailto:kenstar@kenstar\-group\.com + - top\.location=window\.location;top\.location="/remote/login"; generated_by: temu-rules-upstream -- name: 天融信-安全管理系统 +- name: odoo category: Other confidence: 0.55 body: - - 天融信安全管理 + - \ different\ functions\ called\ in\ - - content="simbix\ framework\ v - - logo\-lpage\-owner\.png + - gigabit\ dual\ wan\ ssl\ vpn\ firewall\ fvs336gv3 generated_by: temu-rules-upstream -- name: netpas-traffic-management-system +- name: netgear r6850 router category: Other confidence: 0.55 body: - - 版权所有\ + - mitel"\ html:"micollab generated_by: temu-rules-upstream -- name: ibm-hmc +- name: shoretel category: Other confidence: 0.55 body: - - + - shoretel generated_by: temu-rules-upstream -- name: apache-forrest +- name: sitecore.net category: Other confidence: 0.55 body: - - content="apache\ forrest - - name="forrest + - sitecore generated_by: temu-rules-upstream -- name: tpshop +- name: sitecore category: Other confidence: 0.55 body: - - tpshop\.css - - tpshop_config + - alt="sitecore"\ id="sclogo"\ /> + - title="sitecore\ documentation\ site"> generated_by: temu-rules-upstream -- name: greencms +- name: taxi_booking_script category: Other confidence: 0.55 body: - - x\-powered\-by:\ greencms + - php\ jabbers\.com generated_by: temu-rules-upstream -- name: 技腾-应用安全网关 +- name: food_delivery_script category: Other confidence: 0.55 body: - - webui/images/basic/login/main_logo\.gif - - 应用安全网关 + - phpjabbers generated_by: temu-rules-upstream -- name: schneider-citectscada +- name: yacht_listing_script category: Other confidence: 0.55 body: - - + - phpjabbers generated_by: temu-rules-upstream -- name: pg-real-estate-solution +- name: callback_widget category: Other confidence: 0.55 body: - - '>pg\ real\ estate\ solution\ \-\ real\ estate\ web\ site\ design' + - phpjabbers generated_by: temu-rules-upstream -- name: spring-framework +- name: shuttle_booking_software category: Other confidence: 0.55 body: - - '","status":404,"error":"not\ found","message":"no\ message\ available","path":"/' - - whitelabel\ error\ page - - www\-authenticate:\ basic\ realm="spring" - - 'x\-application\-context:' + - php\ jabbers\.com generated_by: temu-rules-upstream -- name: carizen-rainmail +- name: ticket_support_script category: Other confidence: 0.55 body: - - \.:\ rainmail\ intranet\ login\ \ :\. - - href="/resources/rainmailvpninstaller\.exe + - phpjabbers generated_by: temu-rules-upstream -- name: 国标sip平台网关 +- name: fundraising_script category: Other confidence: 0.55 body: - -
start\ page
"\?\?\?\*\#e\?<\?q - - sippuaccessserverctx + - phpjabbers generated_by: temu-rules-upstream -- name: grasp-erp +- name: make_an_offer_widget category: Other confidence: 0.55 body: - - \ alert\("欢迎使用\ 【管家婆分销erp\) + - phpjabbers generated_by: temu-rules-upstream -- name: facemeeting-meeting +- name: camaleon_cms category: Other confidence: 0.55 body: - - class="subnav">飞视美 + - camaleon_cms generated_by: temu-rules-upstream -- name: jboss-eap +- name: dse855 category: Other confidence: 0.55 body: - -

your\ jboss\ enterprise\ application\ platform\ is\ running\.

+ - deep\ sea\ electronics generated_by: temu-rules-upstream -- name: oscshop +- name: mastodon category: Other confidence: 0.55 body: - - x\-powered\-by:\ oscshop + - mastodon\- generated_by: temu-rules-upstream -- name: 协同办公系统 +- name: aurora category: Other confidence: 0.55 body: - - id="ckbisaday"\ type="checkbox"\ name="ckbisaday" + - x\-server:\ afterlogicdavserver generated_by: temu-rules-upstream -- name: 广联达oa +- name: afterlogic aurora & webmail category: Other confidence: 0.55 body: - - location:\ /services/identification/login\.ashx\?returnurl=%2f - - gtptdt\.aspx + - x\-server:\ afterlogicdavserver generated_by: temu-rules-upstream -- name: 致远g6-n多组织版 +- name: squirrelmail category: Other confidence: 0.55 body: - - /seeyon/common/images/g6n/favicon\.ico + - function\ squirrelmail_loginpage_onload\(\) generated_by: temu-rules-upstream -- name: gitstack-code +- name: manageengine-servicedesk category: Other confidence: 0.55 body: - - \^gitstack/ + - ',''manageengine\ servicedesk\ plus'',' generated_by: temu-rules-upstream -- name: yuanian-accounting-software +- name: controller category: Other confidence: 0.55 body: - - /image/logo/yuannian\.gif - - yuannian\.css + - aquatronica generated_by: temu-rules-upstream -- name: lenovo-enterprise-network-disk +- name: car_rental_management_system category: Other confidence: 0.55 body: - - alt="联想企业网盘android客户端下载" - - client/android/bin/lenovobox\.apk + - car\ rental\ management\ system generated_by: temu-rules-upstream -- name: wsncm-iot +- name: cockpit category: Other confidence: 0.55 body: - - class="login">物联网供应链与金融风险管理服务 + - cockpit generated_by: temu-rules-upstream -- name: kerio-webstar +- name: casaos category: Other confidence: 0.55 body: - - server:\ kerio_webstar - - server:\ webstar + - /casaos\-ui/public/index\.html generated_by: temu-rules-upstream -- name: iscripts-reservelogic +- name: casbin category: Other confidence: 0.55 body: - - powered\ by\ 格 + - smart管理平台 generated_by: temu-rules-upstream -- name: sangfor-sip +- name: pypiserver category: Other confidence: 0.55 body: - - src="/apps/secvisual/static/js/runtime\.js\? - - url:\ '\.\./auth_manage/auth_manage/on_login' - - window\.sessionstorage\.removeitem\('serialcheckobj'\) + - pypiserver generated_by: temu-rules-upstream -- name: haitian-oa +- name: piwigo category: Other confidence: 0.55 body: - - htvos\.js - - images/myjs\.js - - mshtml\ 8\.00\.6001\.19298 + - generator"\ content="piwigo generated_by: temu-rules-upstream -- name: subrion-cms +- name: yealink category: Other confidence: 0.55 body: - - content="subrion\ cms - - href="http://www\.subrion\.com + - yealink\ ctp18 generated_by: temu-rules-upstream -- name: invision-powerboard +- name: wordpress_toolbar category: Other confidence: 0.55 body: - - powered\ by\ powerjob generated_by: temu-rules-upstream -- name: jsf +- name: ninja_forms_file_uploads category: Other confidence: 0.55 body: - - x\-powered\-by:\ jsf + - nfpluginsettings\.js\?ver= generated_by: temu-rules-upstream -- name: ntopng +- name: 74cms category: Other confidence: 0.55 body: - - - - generated\ by\ ntopng - - href="/css/ntopng\.css + - /templates/default/css/common\.css + - content="74cms\.com + - content="74cms\.com" + - content="骑士cms generated_by: temu-rules-upstream -- name: yfidea-oa +- name: processwire category: Other confidence: 0.55 body: - - background="oa/images/index/oalogin\.jpg" + - processwire generated_by: temu-rules-upstream -- name: 软交换防火墙 +- name: woocommerce_ultimate_gift_card category: Other confidence: 0.55 body: - - name="secretkey"\ id="secretkey" - - name="token_code"placeholder="令牌口令" + - /wp\-content/plugins/woocommerce\-ultimate\-gift\-card generated_by: temu-rules-upstream -- name: 圣博润-lansecs第二代防火墙 +- name: chamilo category: Other confidence: 0.55 body: - - lansecs第二代防火墙 + - ixcache + - name="ganglia_form + - onchange="ganglia_form\.submit\(\); generated_by: temu-rules-upstream -- name: uqcms +- name: ganglia-web category: Other confidence: 0.55 body: - - /public/css/common_uqcms\.css + - ganglia_form\.submit\(\) generated_by: temu-rules-upstream -- name: c-lodop +- name: saisies category: Other confidence: 0.55 body: - -

关于c\-lodop免费和注册授权

- - document\.getelementbyid\("reqid"\)\.value==document\.getelementbyid\("licid"\)\.value + - spip generated_by: temu-rules-upstream -- name: mrtg +- name: spip category: Other confidence: 0.55 body: - - /mrtg\-l\.png - - command\ line\ is\ easier\ to\ read\ using\ "view\ page\ properties"\ of\ your\ - browser - - href="http://oss\.oetiker\.ch/mrtg/ + - spip\.php\?page=backend generated_by: temu-rules-upstream -- name: h3cer3200 +- name: rocket-lms category: Other confidence: 0.55 body: - - er3200 - - h3c\.com - - home\.asp + - rocket\ lms generated_by: temu-rules-upstream -- name: 科荣 aio +- name: crmeb category: Other confidence: 0.55 body: - - /loginaction\.do - - www\.krrj\.cn + -

crmeb

generated_by: temu-rules-upstream -- name: yiqi-cms +- name: profilepress category: Other confidence: 0.55 body: - - content="yiqicms + - /wp\-content/plugins/profilepress generated_by: temu-rules-upstream -- name: newton +- name: antd-admin category: Other confidence: 0.55 body: - - name="group_sn" + - '//!\ umi\ version:' + - /@@/devscripts\.js + - /umi\.js + - /umi\.js"\ html:"@@/devscripts\.js generated_by: temu-rules-upstream -- name: ultracrm +- name: strapi category: Other confidence: 0.55 body: - - \ tonethink\.soft\ \ all\ rights\ reserved + - welcome\ to\ your\ strapi\ app generated_by: temu-rules-upstream -- name: dpfax +- name: phpmyadmin category: Other confidence: 0.55 body: - - merge\ pacs + - prometheus generated_by: temu-rules-upstream -- name: neusoft-neteye防火墙 +- name: usualtoolcms category: Other confidence: 0.55 body: - - 'name="login_form"\ action="/fwm4/fwm\.cgi/usrlgin"\ ' - - neteye防火墙系统 + - usualtool generated_by: temu-rules-upstream -- name: leadsec-ssl-vpn +- name: cyberpanel category: Other confidence: 0.55 body: - - /ssl/down/usbkey\.exe - - 欢迎使用leadsec网御ssl\ vpn + - cyberpanel generated_by: temu-rules-upstream -- name: reremouse-exam-system +- name: pyload category: Other confidence: 0.55 body: - - src="/resources/js/upscroll\.js" - - 博库医学在线考试系统,技术支持:杭州博库科技有限公司 - - 蝙蝠在线考试系统 + - pyload generated_by: temu-rules-upstream -- name: nsfocus-下一代防火墙 +- name: proxmox_mail_gateway category: Other confidence: 0.55 body: - - /login_logo_nf_zh_cn\.png - - nsfocus\ nf + - proxmox\ =\ \{ generated_by: temu-rules-upstream -- name: irainone-parkingsystem +- name: jellyfin category: Other confidence: 0.55 body: - - src="/static/img/allstar\.png" + - <title>jellyfin + - content="jellyfin" generated_by: temu-rules-upstream -- name: mkportal +- name: atmail category: Other confidence: 0.55 body: - - content="mkportal - - target="_blank">mkportal + - /index\.php/mail/auth/processlogin + - photopost - - src="adm\-misc\.php\?admact=mainmenu + - listserv generated_by: temu-rules-upstream -- name: spark +- name: wso2 category: Other confidence: 0.55 body: - - serversparkversion + - wso2\ carbon\ server generated_by: temu-rules-upstream -- name: 合正软件-网站群内容管理系统-hzcms +- name: sympa category: Other confidence: 0.55 body: - - produced\ by\ cms\ 网站群内容管理系统 + - sympa generated_by: temu-rules-upstream -- name: dspace +- name: wpb-show-core category: Other confidence: 0.55 body: - - dspace\ software - - content="dspace + - wp\-content/plugins/wpb\-show\-core/ generated_by: temu-rules-upstream -- name: sarg +- name: opencode category: Other confidence: 0.55 body: - - class="logo"> - - cisco - - href="/acsadmin">launch\ acs + - zoneminder\ login generated_by: temu-rules-upstream -- name: uccc-iot +- name: whatsup_gold category: Other confidence: 0.55 body: - - hidden\-xs">物联网云平台 + - whatsup\ gold generated_by: temu-rules-upstream -- name: confluence +- name: boa category: Other confidence: 0.55 body: - - location:\ /login\.action\?os_destination= - - 'x\-confluence\-request\-time:' - - id="com\-atlassian\-confluence - - name="confluence\-base\-url" + - server:\ boa/0\.94\.13 generated_by: temu-rules-upstream -- name: conexant-emweb +- name: seafile category: Other confidence: 0.55 body: - - server:\ virata\-emweb + - css/seahub\.min\.css generated_by: temu-rules-upstream -- name: maipu-安全网关 +- name: spark category: Other confidence: 0.55 body: - - /webui/images/maipu/login/login_adminbg_a\.gif"\? + - /apps/imt/html/ generated_by: temu-rules-upstream -- name: mikrotik-httpproxy +- name: nifi category: Other confidence: 0.55 body: - - server:\ mikrotik\ httpproxy + - /nifi generated_by: temu-rules-upstream -- name: forcepoint-websense-email-security-gateway +- name: apache-ofbiz category: Other confidence: 0.55 body: - - websense\ email\ security\ gateway + - powered\ by\ ofbiz generated_by: temu-rules-upstream -- name: ibm-imm +- name: apache-mesos category: Other confidence: 0.55 body: - - /ibmdojo/ - - - - ibm\.stg\.inlinemessage\.messagetypes\.msg_critical + - generated_by: temu-rules-upstream -- name: fanpusoft-construction-work-oa +- name: apache-axis2 category: Other confidence: 0.55 body: - - /dwr/interface/loginservice\.js + - axis2\-admin + - axis2\-web generated_by: temu-rules-upstream -- name: socomec-webserver +- name: apache-http category: Other confidence: 0.55 body: - - diag\.htm\?src=index + - server:\ apache generated_by: temu-rules-upstream -- name: xdcms +- name: ranger category: Other confidence: 0.55 body: - - system/templates/xdcms/ + - generated_by: temu-rules-upstream -- name: learun-system +- name: kafka_connect category: Other confidence: 0.55 body: - - content="力软敏捷开发框架,是一个web可视化开发平台 + - apache\ druid generated_by: temu-rules-upstream -- name: whir +- name: apache-couchdb category: Other confidence: 0.55 body: - - css/css_whir\.css + - server:\ couchdb + - x\-couchdb\-body\-time:\ 0 generated_by: temu-rules-upstream -- name: modlogan +- name: apache-skywalking category: Other confidence: 0.55 body: - - '>modlogan' - - modlogan\.css + - sorry\ but\ skywalking\ doesn't\ work generated_by: temu-rules-upstream -- name: 金蝶apusic应用服务器 +- name: apache-cocoon category: Other confidence: 0.55 body: - - server:\ apusic\ application\ server - - 管理apusic应用服务器 + - 'x\-cocoon\-version:' generated_by: temu-rules-upstream -- name: netscape-fasttrack +- name: apache-ambari category: Other confidence: 0.55 body: - - server:\ netscape\-fasttrack + - '"/licenses/notice\.txt"' + - ambari generated_by: temu-rules-upstream -- name: huaease-medication +- name: karaf category: Other confidence: 0.55 body: - - content="专业的web医学影像浏览器 + - realm="karaf generated_by: temu-rules-upstream -- name: pg-roomate-finder-solution +- name: apache-flink category: Other confidence: 0.55 body: - - powered\ by\ - - 科业开发团队出品 + - www\-authenticate:\ basic\ realm="dubbo" generated_by: temu-rules-upstream -- name: leadsec-employee-internet-management +- name: apache-superset category: Other confidence: 0.55 body: - - asdf\-\-> - - txtmac + - superset + - src="/static/assets/images/superset\-logo\- generated_by: temu-rules-upstream -- name: tq-cloud-call-center +- name: apache-solr category: Other confidence: 0.55 body: - - tq\.cn/floatcard\? + - location:\ /solr/ generated_by: temu-rules-upstream -- name: seller-狮子鱼管理后台 +- name: apache-unomi category: Other confidence: 0.55 body: - - seller\.php\?s=/public/login + - logo\ apache\ unomi generated_by: temu-rules-upstream -- name: 云时空社会化商业erp系统 +- name: apache-struts category: Other confidence: 0.55 body: - - set\-cookie:\ emscm\.session\.id - - \ 云时空社会化商业erp系统 + - " + - apache\ activemq generated_by: temu-rules-upstream -- name: phpoa +- name: apache-airflow category: Other confidence: 0.55 body: - - admin_img/msg_bg\.png - - url\(template/default/images/admin_img/msg\.png\) + - airflow + - airflow + - src="/static/pin_100\.png" generated_by: temu-rules-upstream -- name: 致远m3 server v2.0 +- name: apache-druid category: Other confidence: 0.55 body: - - /mobile_portal/api/m3/core/server/service - - m3\ server\ v2\.0 + - content="apache\ druid\ console" generated_by: temu-rules-upstream -- name: 九思协同办公系统 +- name: apache-shiro category: Other confidence: 0.55 body: - - location:\ /jsoa/login\.jsp - - location\.href="/jsoa/login\.jsp"; + - \ shiro + - set\-cookie:\ rememberme generated_by: temu-rules-upstream -- name: 安恒信息-明鉴网站安全监测平台 +- name: apache-tomcat category: Other confidence: 0.55 body: - - 网站安全检测平台 - - 网站安全监测平台 + - /manager/html + - /manager/status + -

apache\ tomcat + - apache\ tomcat/ generated_by: temu-rules-upstream -- name: couchbase +- name: apache-hadoop category: Other confidence: 0.55 body: - - server:\ couchbase + - /static/hadoop\-st\.png + - parsehadoopprogress generated_by: temu-rules-upstream -- name: baishijia-cms +- name: apache-kylin category: Other confidence: 0.55 body: - - /resource/images/cms\.ico + - <meta\ http\-equiv="refresh"\ content="1;url=kylin"> + - href="/kylin/" generated_by: temu-rules-upstream -- name: xtoa-oa +- name: wechat category: Other confidence: 0.55 body: - - /app_qjuserinfo/qjuserinfoadd\.jsp - - /images/default/first/xtoa_logo\.png - - src="systemfiles/js/iawebclientactivexcheck\.js" + - wework_admin\.normal_layout generated_by: temu-rules-upstream -- name: kouton-ctbs +- name: download_manager category: Other confidence: 0.55 body: - - 欢迎使用\ kouton\ ctbs\ advanced\ web\ client\ 系统! + - wp\-content/plugins/download\-manager/ generated_by: temu-rules-upstream -- name: comcast-business +- name: intouch_access_anywhere category: Other confidence: 0.55 body: - - cmn/css/common\-min\.css + - intouch\ access\ anywhere generated_by: temu-rules-upstream -- name: bitrix-site-manager +- name: netalertx category: Other confidence: 0.55 body: - - bitrix_sm_time_zone - - bx\.setcsslist + - netalert\ x generated_by: temu-rules-upstream -- name: ipcop-firewall +- name: owncast category: Other confidence: 0.55 body: - - <!\-\-\ ipcop\ logo\ row\ \-\-> - - href='http://sf\.net/projects/ipcop/ - - href='https://sourceforge\.net/projects/ipcop/ + - owncast generated_by: temu-rules-upstream -- name: sangfor-tamper-resistance +- name: ckan category: Other confidence: 0.55 body: - - <li\ style="color:\#999999;margin\-left:6px;list\-style:circle\ inside;">如忘记密码,请与防火墙管理员联系</li> - - href="tamper/style/control\.css" + - ckan\ 2\.8\.2" + - html:"ckan\ 2\.3 generated_by: temu-rules-upstream -- name: 奇安信-天眼 +- name: woocommerce-delivery-notes category: Other confidence: 0.55 body: - - 360天眼 + - wp\-content/plugins/woocommerce\-delivery\-notes/ generated_by: temu-rules-upstream -- name: nitc-cms +- name: turbomeeting category: Other confidence: 0.55 body: - - /images/nitc1\.png - - nitc\ web\ marketing\ service + - turbomeeting generated_by: temu-rules-upstream -- name: 泛微-oa e-cology8 +- name: rg-ew1200g_firmware category: Other confidence: 0.55 body: - - /js/ecology8/lang/weaver_lang_7_wev8\.js - - /js/jquery/plugins/client/jquery\.client_wev8\.js + - app\.2fe6356cdd1ddd0eb8d6317d1a48d379\.css generated_by: temu-rules-upstream -- name: entrance-guard-system +- name: rg-uac category: Other confidence: 0.55 body: - - /media/images/zkeco16\.ico + - bbs\.ruijie\.com\.cn + - 锐捷统一上网行为管理与审计系统 + - src='images/free_login\.png' generated_by: temu-rules-upstream -- name: ecshop +- name: rg-uac_firmware category: Other confidence: 0.55 body: - - content="ecshop - - id="ecs_cartinfo" - - set\-cookie:\ ecs_id= + - get_verify_info generated_by: temu-rules-upstream -- name: bithighway-product +- name: rg-nbs2009g-p, rg-nbs2009g-p_firmware category: Other confidence: 0.55 body: - - href='http://www\.bithighway\.com'\ target=_blank>北京碧海威科技有限公司< + - ruijie\.com\.cn generated_by: temu-rules-upstream -- name: taocms +- name: gnuboard category: Other confidence: 0.55 body: - - src="/taocms/code/calendar\.js" - - template/taocms + - body:"gnuboard5 + - gnuboard5 generated_by: temu-rules-upstream -- name: dell-open-manage +- name: builder category: Other confidence: 0.55 body: - - <img\ title="open\ manage"\ alt="open\ manage + - wp\-content/plugins/themify\-builder/ generated_by: temu-rules-upstream -- name: ektron-cms +- name: artica_proxy category: Other confidence: 0.55 body: - - /java/ektron\.js + - artica generated_by: temu-rules-upstream -- name: kayako-supportsuite +- name: lansweeper category: Other confidence: 0.55 body: - - help\ desk\ software\ by\ kayako\ esupport - - powered\ by\ kayako\ esupport + - <title>lansweeper\ \-\ login generated_by: temu-rules-upstream -- name: smartermail +- name: code-server category: Other confidence: 0.55 body: - - /lms/admin.php. detection: payload: null verify: null @@ -280,24 +252,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2022-24292 - - https://support.hp.com/us-en/document/ish_5950417-5950443-16 + - https://nvd.nist.gov/vuln/detail/CVE-2020-25514 + - https://github.com/Ko-kn3t/CVE-2020-25514 + - https://www.sourcecodester.com generated_from: - nvd - status: candidate executable: false - id: CVE-2022-24293-CANDIDATE - cve_id: CVE-2022-24293 - name: Candidate detection for CVE-2022-24293 - severity: critical - cvss: 9.8 + id: CVE-2020-25515-CANDIDATE + cve_id: CVE-2020-25515 + name: Candidate detection for CVE-2020-25515 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Certain HP Print devices may be vulnerable to potential information - disclosure, denial of service, or remote code execution. + description: Sourcecodester Simple Library Management System 1.0 is affected by + Insecure Permissions via Books > New Book , http:///lms/index.php?page=books. detection: payload: null verify: null @@ -305,26 +278,31 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2022-24293 - - https://support.hp.com/us-en/document/ish_5950417-5950443-16 + - https://nvd.nist.gov/vuln/detail/CVE-2020-25515 + - https://github.com/Ko-kn3t/CVE-2020-25515 + - https://www.sourcecodester.com generated_from: - nvd - status: candidate executable: false - id: CVE-2023-0645-CANDIDATE - cve_id: CVE-2023-0645 - name: Candidate detection for CVE-2023-0645 - severity: medium - cvss: 5.3 + id: CVE-2018-5353-CANDIDATE + cve_id: CVE-2018-5353 + name: Candidate detection for CVE-2018-5353 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "An out of bounds read exists in libjxl. An attacker using a specifically\ - \ crafted file could cause an out of bounds read in the exif handler. We recommend\ - \ upgrading to version 0.8.1 or past commit\_ https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159\ - \ https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 " + description: The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before + 5.5 build 5517 allows remote attackers to execute code and escalate privileges + via spoofing. It does not authenticate the intended server before opening a browser + window. An unauthenticated attacker capable of conducting a spoofing attack can + redirect the browser to gain execution in the context of the WinLogon.exe process. + If Network Level Authentication is not enforced, the vulnerability can be exploited + via RDP. Additionally, if the web server has a misconfigured certificate then + no spoofing attack is required detection: payload: null verify: null @@ -332,25 +310,30 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2023-0645 - - https://github.com/libjxl/libjxl/pull/2101 - - https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 + - https://nvd.nist.gov/vuln/detail/CVE-2018-5353 + - https://github.com/missing0x00/CVE-2018-5353 + - https://www.manageengine.com/products/self-service-password/release-notes.html generated_from: - nvd - status: candidate executable: false - id: CVE-2023-27971-CANDIDATE - cve_id: CVE-2023-27971 - name: Candidate detection for CVE-2023-27971 - severity: critical - cvss: 9.8 + id: CVE-2018-5354-CANDIDATE + cve_id: CVE-2018-5354 + name: Candidate detection for CVE-2018-5354 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Certain HP LaserJet Pro print products are potentially vulnerable to - Buffer Overflow and/or Elevation of Privilege. + description: The custom GINA/CP module in ANIXIS Password Reset Client before version + 3.22 allows remote attackers to execute code and escalate privileges via spoofing. + When the client is configured to use HTTP, it does not authenticate the intended + server before opening a browser window. An unauthenticated attacker capable of + conducting a spoofing attack can redirect the browser to gain execution in the + context of the WinLogon.exe process. If Network Level Authentication is not enforced, + the vulnerability can be exploited via RDP. detection: payload: null verify: null @@ -358,15 +341,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2023-27971 - - https://support.hp.com/us-en/document/ish_7919962-7920003-16/hpsbpi03839 + - https://nvd.nist.gov/vuln/detail/CVE-2018-5354 + - https://github.com/missing0x00/CVE-2018-5354 generated_from: - nvd - status: candidate executable: false - id: CVE-2023-27972-CANDIDATE - cve_id: CVE-2023-27972 - name: Candidate detection for CVE-2023-27972 + id: CVE-2020-25466-CANDIDATE + cve_id: CVE-2020-25466 + name: Candidate detection for CVE-2020-25466 severity: critical cvss: 9.8 risk_level: unknown @@ -374,8 +357,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: Certain HP LaserJet Pro print products are potentially vulnerable to - Buffer Overflow and/or Remote Code Execution. + description: A SSRF vulnerability exists in the downloadimage interface of CRMEB + 3.0, which can remotely download arbitrary files on the server and remotely execute + arbitrary code. detection: payload: null verify: null @@ -383,24 +367,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2023-27972 - - https://support.hp.com/us-en/document/ish_7920078-7920104-16/hpsbpi03840 + - https://nvd.nist.gov/vuln/detail/CVE-2020-25466 + - https://github.com/crmeb/CRMEB + - https://github.com/crmeb/CRMEB/issues/22 generated_from: - nvd - status: candidate executable: false - id: CVE-2023-27973-CANDIDATE - cve_id: CVE-2023-27973 - name: Candidate detection for CVE-2023-27973 - severity: critical - cvss: 9.8 + id: CVE-2020-27388-CANDIDATE + cve_id: CVE-2020-27388 + name: Candidate detection for CVE-2020-27388 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Certain HP LaserJet Pro print products are potentially vulnerable to - Heap Overflow and/or Remote Code Execution. + description: Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in + the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify + a PHP plugin with a malicious payload and upload it, resulting in multiple stored + XSS issues. detection: payload: null verify: null @@ -408,25 +395,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2023-27973 - - https://support.hp.com/us-en/document/ish_7920137-7920161-16/hpsbpi03841 + - https://nvd.nist.gov/vuln/detail/CVE-2020-27388 + - https://github.com/YOURLS/YOURLS/pull/2761 + - https://johnjhacking.com/blog/cve-2020-27388/ generated_from: - nvd - status: candidate executable: false - id: CVE-2023-35175-CANDIDATE - cve_id: CVE-2023-35175 - name: Candidate detection for CVE-2023-35175 - severity: critical - cvss: 9.8 + id: CVE-2020-22552-CANDIDATE + cve_id: CVE-2020-22552 + name: Candidate detection for CVE-2020-22552 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Certain HP LaserJet Pro print products are potentially vulnerable to - Potential Remote Code Execution and/or Elevation of Privilege via Server-Side - Request Forgery (SSRF) using the Web Service Eventing model. + description: The Snap7 server component in version 1.4.1, when an attacker sends + a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes + a var function, the Snap7 server will be crashed. detection: payload: null verify: null @@ -434,25 +422,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2023-35175 - - https://support.hp.com/us-en/document/ish_8651322-8651446-16/hpsbpi03851 + - https://nvd.nist.gov/vuln/detail/CVE-2020-22552 + - https://sourceforge.net/p/snap7/discussion/bugfix/thread/456d76fdde/ + - https://sourceforge.net/projects/snap7/ generated_from: - nvd - status: candidate executable: false - id: CVE-2023-35176-CANDIDATE - cve_id: CVE-2023-35176 - name: Candidate detection for CVE-2023-35176 - severity: high - cvss: 8.8 + id: CVE-2020-23136-CANDIDATE + cve_id: CVE-2020-23136 + name: Candidate detection for CVE-2020-23136 + severity: medium + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Certain HP LaserJet Pro print products are potentially vulnerable to - Buffer Overflow and/or Denial of Service when using the backup & restore feature - through the embedded web service on the device. + description: Microweber v1.1.18 is affected by no session expiry after log-out. detection: payload: null verify: null @@ -460,24 +447,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2023-35176 - - https://support.hp.com/us-en/document/ish_8651671-8651697-16/hpsbpi03852 + - https://nvd.nist.gov/vuln/detail/CVE-2020-23136 + - https://gist.github.com/virendratiwari03/0b0d161e1141fdd74122abbb02fefe17 generated_from: - nvd - status: candidate executable: false - id: CVE-2023-35177-CANDIDATE - cve_id: CVE-2023-35177 - name: Candidate detection for CVE-2023-35177 + id: CVE-2020-23968-CANDIDATE + cve_id: CVE-2020-23968 + name: Candidate detection for CVE-2020-23968 severity: high - cvss: 8.8 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Certain HP LaserJet Pro print products are potentially vulnerable to - a stack-based buffer overflow related to the compact font format parser. + description: Ilex International Sign&go Workstation Security Suite 7.1 allows elevation + of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log. detection: payload: null verify: null @@ -485,24 +472,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2023-35177 - - https://support.hp.com/us-en/document/ish_8651888-8651916-16/hpsbpi03853 + - https://nvd.nist.gov/vuln/detail/CVE-2020-23968 + - https://ricardojba.github.io/CVE-Pending-ILEX-SignGo-EoP/ generated_from: - nvd - status: candidate executable: false - id: CVE-2023-35178-CANDIDATE - cve_id: CVE-2023-35178 - name: Candidate detection for CVE-2023-35178 - severity: high - cvss: 8.8 + id: CVE-2020-24815-CANDIDATE + cve_id: CVE-2020-24815 + name: Candidate detection for CVE-2020-24815 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Certain HP LaserJet Pro print products are potentially vulnerable to - Buffer Overflow when performing a GET request to scan jobs. + description: 'A Server-Side Request Forgery (SSRF) affecting the PDF generation + in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated + users to access the content of internal network resources or leak files from the + local system via HTML containers embedded in a dossier/dashboard document. NOTE: + 10.4., no fix will be released as version will reach end-of-life on 31/12/2020.' detection: payload: null verify: null @@ -510,30 +500,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2023-35178 - - https://support.hp.com/us-en/document/ish_8651729-8651769-16/hpsbpi03854 + - https://nvd.nist.gov/vuln/detail/CVE-2020-24815 + - https://community.microstrategy.com/s/article/Securing-PDF-and-Excel-Export-with-Whitelists?language=en_US + - https://triskelelabs.com/extracting-your-aws-access-keys-through-a-pdf-file/ generated_from: - nvd - status: candidate executable: false - id: CVE-2023-3640-CANDIDATE - cve_id: CVE-2023-3640 - name: Candidate detection for CVE-2023-3640 - severity: high - cvss: 7.0 + id: CVE-2017-15680-CANDIDATE + cve_id: CVE-2017-15680 + name: Candidate detection for CVE-2017-15680 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A possible unauthorized memory access flaw was found in the Linux kernel's - cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location - of exception stacks or other important data. Based on the previous CVE-2023-0597, - the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, - which works through the init_cea_offsets() function when KASLR is enabled. However, - despite this feature, there is still a risk of per-cpu entry area leaks. This - issue could allow a local user to gain access to some important data with memory - in an expected location and potentially escalate their privileges on the system. + description: In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which + allows unauthenticated attackers to view and modify administrative data. detection: payload: null verify: null @@ -541,31 +526,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2023-3640 - - https://access.redhat.com/errata/RHSA-2023:6583 - - https://access.redhat.com/security/cve/CVE-2023-3640 - - https://bugzilla.redhat.com/show_bug.cgi?id=2217523 + - https://nvd.nist.gov/vuln/detail/CVE-2017-15680 + - https://docs.craftercms.org/en/3.0/security/advisory.html generated_from: - nvd - status: candidate executable: false - id: CVE-2023-40547-CANDIDATE - cve_id: CVE-2023-40547 - name: Candidate detection for CVE-2023-40547 - severity: high - cvss: 8.3 + id: CVE-2017-15681-CANDIDATE + cve_id: CVE-2017-15681 + name: Candidate detection for CVE-2017-15681 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A remote code execution vulnerability was found in Shim. The Shim boot - support trusts attacker-controlled values when parsing an HTTP response. This - flaw allows an attacker to craft a specific malicious HTTP request, leading to - a completely controlled out-of-bounds write primitive and complete system compromise. - This flaw is only exploitable during the early boot phase, an attacker needs to - perform a Man-in-the-Middle or compromise the boot server to be able to exploit - this vulnerability successfully. + description: In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability + exists which allows unauthenticated attackers to overwrite files from the operating + system which can lead to RCE. detection: payload: null verify: null @@ -573,30 +552,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2023-40547 - - https://access.redhat.com/errata/RHSA-2024:1834 - - https://access.redhat.com/errata/RHSA-2024:1835 - - https://access.redhat.com/errata/RHSA-2024:1873 - - https://access.redhat.com/errata/RHSA-2024:1876 + - https://nvd.nist.gov/vuln/detail/CVE-2017-15681 + - https://docs.craftercms.org/en/3.0/security/advisory.html generated_from: - nvd - status: candidate executable: false - id: CVE-2023-40548-CANDIDATE - cve_id: CVE-2023-40548 - name: Candidate detection for CVE-2023-40548 - severity: high - cvss: 7.4 + id: CVE-2017-15682-CANDIDATE + cve_id: CVE-2017-15682 + name: Candidate detection for CVE-2017-15682 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A buffer overflow was found in Shim in the 32-bit system. The overflow - happens due to an addition operation involving a user-controlled value parsed - from the PE binary being used by Shim. This value is further used for memory allocation - operations, leading to a heap-based buffer overflow. This flaw causes memory corruption - and can lead to a crash or data integrity issues during the boot phase. + description: In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is + able to inject malicious JavaScript code resulting in a stored/blind XSS in the + admin panel. detection: payload: null verify: null @@ -604,18 +578,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2023-40548 - - https://access.redhat.com/errata/RHSA-2024:1834 - - https://access.redhat.com/errata/RHSA-2024:1835 - - https://access.redhat.com/errata/RHSA-2024:1873 - - https://access.redhat.com/errata/RHSA-2024:1876 + - https://nvd.nist.gov/vuln/detail/CVE-2017-15682 + - https://docs.craftercms.org/en/3.0/security/advisory.html generated_from: - nvd - status: candidate executable: false - id: CVE-2024-21626-CANDIDATE - cve_id: CVE-2024-21626 - name: Candidate detection for CVE-2024-21626 + id: CVE-2017-15683-CANDIDATE + cve_id: CVE-2017-15683 + name: Candidate detection for CVE-2017-15683 severity: high cvss: 8.6 risk_level: unknown @@ -623,16 +594,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: runc is a CLI tool for spawning and running containers on Linux according - to the OCI specification. In runc 1.1.11 and earlier, due to an internal file - descriptor leak, an attacker could cause a newly-spawned container process (from - runc exec) to have a working directory in the host filesystem namespace, allowing - for a container escape by giving access to the host filesystem ("attack 2"). The - same attack could be used by a malicious image to allow a container process to - gain access to the host filesystem through runc run ("attack 1"). Variants of - attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, - allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 - includes patches for this issue. + description: In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is + able to create a site with specially crafted XML that allows the retrieval of + OS files out-of-band. detection: payload: null verify: null @@ -640,18 +604,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-21626 - - https://github.com/opencontainers/runc/commit/02120488a4c0fc487d1ed2867e901eeed7ce8ecf - - https://github.com/opencontainers/runc/releases/tag/v1.1.12 - - https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv - - https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html + - https://nvd.nist.gov/vuln/detail/CVE-2017-15683 + - https://docs.craftercms.org/en/3.0/security/advisory.html generated_from: - nvd - status: candidate executable: false - id: CVE-2024-21490-CANDIDATE - cve_id: CVE-2024-21490 - name: Candidate detection for CVE-2024-21490 + id: CVE-2017-15684-CANDIDATE + cve_id: CVE-2017-15684 + name: Candidate detection for CVE-2017-15684 severity: high cvss: 7.5 risk_level: unknown @@ -659,13 +620,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: "This affects versions of the package angular from 1.3.0; versions\ - \ of the package angularjs from 1.3.0. A regular expression used to split the\ - \ value of the ng-srcset directive is vulnerable to super-linear runtime due to\ - \ backtracking. With large carefully-crafted input, this can result in catastrophic\ - \ backtracking and cause a denial of service. \r\r\r**Note:**\r\rThis package\ - \ is EOL and will not receive any updates to address this issue. Users should\ - \ migrate to [@angular/core](https://www.npmjs.com/package/@angular/core)." + description: Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability + which allows unauthenticated attackers to view files from the operating system. detection: payload: null verify: null @@ -673,30 +629,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-21490 - - https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJS-10771616 - - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746 - - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747 - - https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113 + - https://nvd.nist.gov/vuln/detail/CVE-2017-15684 + - https://docs.craftercms.org/en/3.0/security/advisory.html generated_from: - nvd - status: candidate executable: false - id: CVE-2024-22257-CANDIDATE - cve_id: CVE-2024-22257 - name: Candidate detection for CVE-2024-22257 + id: CVE-2017-15685-CANDIDATE + cve_id: CVE-2017-15685 + name: Candidate detection for CVE-2017-15685 severity: high - cvss: 8.2 + cvss: 8.6 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to\ - \ \n5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, \nversions\ - \ 6.2.x prior to 6.2.3, an application is possible vulnerable to \nbroken access\ - \ control when it directly uses the AuthenticatedVoter#vote passing a null Authentication\ - \ parameter." + description: 'Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity + (XXE). An unauthenticated attacker is able to create a site with specially crafted + XML that allows the retrieval of OS files out-of-band.' detection: payload: null verify: null @@ -704,27 +655,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-22257 - - https://security.netapp.com/advisory/ntap-20240419-0005/ - - https://spring.io/security/cve-2024-22257 - - https://github.com/dependency-check/DependencyCheck/issues/8642 + - https://nvd.nist.gov/vuln/detail/CVE-2017-15685 + - https://docs.craftercms.org/en/3.0/security/advisory.html generated_from: - nvd - status: candidate executable: false - id: CVE-2023-6484-CANDIDATE - cve_id: CVE-2023-6484 - name: Candidate detection for CVE-2023-6484 - severity: medium - cvss: 5.3 + id: CVE-2020-23735-CANDIDATE + cve_id: CVE-2020-23735 + name: Candidate detection for CVE-2020-23735 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A log injection flaw was found in Keycloak. A text string may be injected - through the authentication form when using the WebAuthn authentication mode. This - issue may have a minor impact to the logs integrity. + description: In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escalation + vulnerability. Attackers can use the constructed program to increase user privileges detection: payload: null verify: null @@ -732,29 +680,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2023-6484 - - https://access.redhat.com/errata/RHSA-2024:0798 - - https://access.redhat.com/errata/RHSA-2024:0799 - - https://access.redhat.com/errata/RHSA-2024:0800 - - https://access.redhat.com/errata/RHSA-2024:0801 + - https://nvd.nist.gov/vuln/detail/CVE-2020-23735 + - https://github.com/y5s5k5/CVE-2020-23735 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-4029-CANDIDATE - cve_id: CVE-2024-4029 - name: Candidate detection for CVE-2024-4029 + id: CVE-2020-28727-CANDIDATE + cve_id: CVE-2020-28727 + name: Candidate detection for CVE-2020-28727 severity: medium - cvss: 4.1 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A vulnerability was found in Wildfly\u2019s management interface.\ - \ Due to the lack of limitation of sockets for the management interface, it may\ - \ be possible to cause a denial of service hitting the nofile limit as there is\ - \ no possibility to configure or set a maximum number of connections." + description: Cross-site scripting (XSS) exists in SeedDMS 6.0.13 via the folderid + parameter to views/bootstrap/class.DropFolderChooser.php. detection: payload: null verify: null @@ -762,29 +705,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-4029 - - https://access.redhat.com/errata/RHSA-2024:8075 - - https://access.redhat.com/errata/RHSA-2024:8076 - - https://access.redhat.com/errata/RHSA-2024:8077 - - https://access.redhat.com/errata/RHSA-2024:8080 + - https://nvd.nist.gov/vuln/detail/CVE-2020-28727 + - https://sourceforge.net/p/seeddms/code/ci/32b03b1e5880e2f38cecf4ac7743f8f62f33043f/ + - https://sourceforge.net/projects/seeddms/files/ generated_from: - nvd - status: candidate executable: false - id: CVE-2024-3727-CANDIDATE - cve_id: CVE-2024-3727 - name: Candidate detection for CVE-2024-3727 + id: CVE-2020-28856-CANDIDATE + cve_id: CVE-2020-28856 + name: Candidate detection for CVE-2020-28856 severity: high - cvss: 8.3 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the github.com/containers/image library. This flaw - allows attackers to trigger unexpected authenticated registry accesses on behalf - of a victim user, causing resource exhaustion, local path traversal, and other - attacks. + description: OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly + determine the HTTP request's originating IP address, allowing attackers to spoof + it using X-Forwarded-For in the header, by supplying localhost address such as + 127.0.0.1, effectively bypassing all IP address based access controls. detection: payload: null verify: null @@ -792,28 +733,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-3727 - - https://access.redhat.com/errata/RHSA-2024:0045 - - https://access.redhat.com/errata/RHSA-2024:3718 - - https://access.redhat.com/errata/RHSA-2024:4159 - - https://access.redhat.com/errata/RHSA-2024:4613 + - https://nvd.nist.gov/vuln/detail/CVE-2020-28856 + - https://www.themissinglink.com.au/security-advisories-cve-2020-28856 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-2199-CANDIDATE - cve_id: CVE-2024-2199 - name: Candidate detection for CVE-2024-2199 + id: CVE-2020-28857-CANDIDATE + cve_id: CVE-2020-28857 + name: Candidate detection for CVE-2020-28857 severity: medium - cvss: 5.7 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A denial of service vulnerability was found in 389-ds-base ldap server. - This issue may allow an authenticated user to cause a server crash while modifying - `userPassword` using malformed input. + description: OpenAsset Digital Asset Management (DAM) through 12.0.19, does not + correctly sanitize user supplied input in multiple parameters and endpoints, allowing + for stored cross-site scripting attacks. detection: payload: null verify: null @@ -821,29 +759,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-2199 - - https://access.redhat.com/errata/RHSA-2024:3591 - - https://access.redhat.com/errata/RHSA-2024:3837 - - https://access.redhat.com/errata/RHSA-2024:4092 - - https://access.redhat.com/errata/RHSA-2024:4209 + - https://nvd.nist.gov/vuln/detail/CVE-2020-28857 + - https://www.themissinglink.com.au/security-advisories-cve-2020-28857 generated_from: - nvd - status: candidate executable: false - id: CVE-2023-4727-CANDIDATE - cve_id: CVE-2023-4727 - name: Candidate detection for CVE-2023-4727 + id: CVE-2020-28858-CANDIDATE + cve_id: CVE-2020-28858 + name: Candidate detection for CVE-2020-28858 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in dogtag-pki and pki-core. The token authentication - scheme can be bypassed with a LDAP injection. By passing the query string parameter - sessionID=*, an attacker can authenticate with an existing session saved in the - LDAP directory server, which may lead to escalation of privilege. + description: OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly + verify whether a request made to the application was intentionally made by the + user, allowing for cross-site request forgery attacks on all user functions. detection: payload: null verify: null @@ -851,28 +785,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2023-4727 - - https://access.redhat.com/errata/RHSA-2024:4051 - - https://access.redhat.com/errata/RHSA-2024:4070 - - https://access.redhat.com/errata/RHSA-2024:4164 - - https://access.redhat.com/errata/RHSA-2024:4165 + - https://nvd.nist.gov/vuln/detail/CVE-2020-28858 + - https://www.themissinglink.com.au/security-advisories-cve-2020-28858 generated_from: - nvd - status: candidate executable: false - id: CVE-2023-39328-CANDIDATE - cve_id: CVE-2023-39328 - name: Candidate detection for CVE-2023-39328 + id: CVE-2020-28859-CANDIDATE + cve_id: CVE-2020-28859 + name: Candidate detection for CVE-2020-28859 severity: medium - cvss: 5.5 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This - flaw allows an attacker to bypass existing protections and cause an application - crash through a maliciously crafted file. + description: OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly + sanitize user supplied input in multiple parameters and endpoints, allowing for + reflected cross-site scripting attacks. detection: payload: null verify: null @@ -880,30 +811,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2023-39328 - - https://access.redhat.com/security/cve/CVE-2023-39328 - - https://bugzilla.redhat.com/show_bug.cgi?id=2219236 - - https://github.com/uclouvain/openjpeg/issues/1476 - - https://github.com/uclouvain/openjpeg/pull/1470 + - https://nvd.nist.gov/vuln/detail/CVE-2020-28859 + - https://www.themissinglink.com.au/security-advisories-cve-2020-28859 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-8105-CANDIDATE - cve_id: CVE-2024-8105 - name: Candidate detection for CVE-2024-8105 - severity: medium - cvss: 6.4 + id: CVE-2020-28860-CANDIDATE + cve_id: CVE-2020-28860 + name: Candidate detection for CVE-2020-28860 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability exists in UEFI implementations that use a hard-coded - software-based Platform Key (PK). An attacker in possession of the corresponding - PK private key can sign arbitrary UEFI executables or firmware components, causing - them to be trusted by affected systems and potentially bypassing UEFI Secure Boot - trust validation. + description: OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly + sanitize user supplied input, incorporating it into its SQL queries, allowing + for authenticated blind SQL injection. detection: payload: null verify: null @@ -911,28 +837,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-8105 - - https://github.com/binarly-io/Vulnerability-REsearch/blob/main/PKfail/BRLY-2024-005.md - - https://kb.cert.org/vuls/id/455367 - - https://security.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-FJ-ISS-2024-072412-Security-Notice.pdf - - https://uefi.org/specs/UEFI/2.9_A/32_Secure_Boot_and_Driver_Signing.html + - https://nvd.nist.gov/vuln/detail/CVE-2020-28860 + - https://www.themissinglink.com.au/security-advisories-cve-2020-28860 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-45615-CANDIDATE - cve_id: CVE-2024-45615 - name: Candidate detection for CVE-2024-45615 - severity: low - cvss: 3.9 + id: CVE-2020-28861-CANDIDATE + cve_id: CVE-2020-28861 + name: Candidate detection for CVE-2020-28861 + severity: medium + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module,\ - \ minidriver, and CTK. \nThe problem is missing initialization of variables expected\ - \ to be initialized (as arguments to other functions, etc.)." + description: OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed + to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated + attackers to gain access to potentially sensitive project information stored by + the application. detection: payload: null verify: null @@ -940,29 +864,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-45615 - - https://access.redhat.com/security/cve/CVE-2024-45615 - - https://bugzilla.redhat.com/show_bug.cgi?id=2309285 - - https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html + - https://nvd.nist.gov/vuln/detail/CVE-2020-28861 + - https://www.themissinglink.com.au/security-advisories-cve-2020-28861 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-45616-CANDIDATE - cve_id: CVE-2024-45616 - name: Candidate detection for CVE-2024-45616 - severity: low - cvss: 3.9 + id: CVE-2020-35273-CANDIDATE + cve_id: CVE-2020-35273 + name: Candidate detection for CVE-2020-35273 + severity: high + cvss: 8.0 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module,\ - \ minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card,\ - \ which would present the system with a specially crafted response to APDUs. \n\ - \nThe following problems were caused by insufficient control of the response APDU\ - \ buffer and its length when communicating with the card." + description: EgavilanMedia User Registration & Login System with Admin Panel 1.0 + is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in + the User Profile panel. An attacker can update any user's account. detection: payload: null verify: null @@ -970,29 +890,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-45616 - - https://access.redhat.com/security/cve/CVE-2024-45616 - - https://bugzilla.redhat.com/show_bug.cgi?id=2309290 - - https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html + - https://nvd.nist.gov/vuln/detail/CVE-2020-35273 + - https://www.exploit-db.com/exploits/49151 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-45617-CANDIDATE - cve_id: CVE-2024-45617 - name: Candidate detection for CVE-2024-45617 - severity: low - cvss: 3.9 + id: CVE-2020-35274-CANDIDATE + cve_id: CVE-2020-35274 + name: Candidate detection for CVE-2020-35274 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module,\ - \ minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card,\ - \ which would present the system with a specially crafted response to APDUs. \n\ - \nInsufficient or missing checking of return values of functions leads to unexpected\ - \ work with variables that have not been initialized." + description: DotCMS Add Template with admin panel 20.11 is affected by cross-site + Scripting (XSS) to gain remote privileges. An attacker could compromise the security + of a website or web application through a stored XSS attack and stealing cookies + using XSS. detection: payload: null verify: null @@ -1000,29 +917,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-45617 - - https://access.redhat.com/security/cve/CVE-2024-45617 - - https://bugzilla.redhat.com/show_bug.cgi?id=2309286 - - https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html + - https://nvd.nist.gov/vuln/detail/CVE-2020-35274 + - https://www.exploit-db.com/exploits/49168 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-45618-CANDIDATE - cve_id: CVE-2024-45618 - name: Candidate detection for CVE-2024-45618 - severity: low - cvss: 3.9 + id: CVE-2020-35275-CANDIDATE + cve_id: CVE-2020-35275 + name: Candidate detection for CVE-2020-35275 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A vulnerability was found in pkcs15-init in OpenSC. An attacker could\ - \ use a crafted USB Device or Smart Card, which would present the system with\ - \ a specially crafted response to APDUs. \n\nInsufficient or missing checking\ - \ of return values of functions leads to unexpected work with variables that have\ - \ not been initialized." + description: Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user + can steal a cookie and make the user redirect to any malicious website because + it is trigged on the main home page of the product/application. detection: payload: null verify: null @@ -1030,29 +943,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-45618 - - https://access.redhat.com/security/cve/CVE-2024-45618 - - https://bugzilla.redhat.com/show_bug.cgi?id=2309287 - - https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html + - https://nvd.nist.gov/vuln/detail/CVE-2020-35275 + - https://www.exploit-db.com/exploits/49181 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-45619-CANDIDATE - cve_id: CVE-2024-45619 - name: Candidate detection for CVE-2024-45619 - severity: medium - cvss: 4.3 + id: CVE-2020-35276-CANDIDATE + cve_id: CVE-2020-35276 + name: Candidate detection for CVE-2020-35276 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, - minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, - which would present the system with a specially crafted response to APDUs. When - buffers are partially filled with data, initialized parts of the buffer can be - incorrectly accessed. + description: EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An + attacker can bypass the Admin Login panel through SQLi and get Admin access and + add or remove any user. detection: payload: null verify: null @@ -1060,28 +969,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-45619 - - https://access.redhat.com/security/cve/CVE-2024-45619 - - https://bugzilla.redhat.com/show_bug.cgi?id=2309288 - - https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html + - https://nvd.nist.gov/vuln/detail/CVE-2020-35276 + - https://hardik-solanki.medium.com/authentication-admin-panel-bypass-which-leads-to-full-admin-access-control-c10ec4ab4255 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-45620-CANDIDATE - cve_id: CVE-2024-45620 - name: Candidate detection for CVE-2024-45620 - severity: low - cvss: 3.9 + id: CVE-2020-29189-CANDIDATE + cve_id: CVE-2020-29189 + name: Candidate detection for CVE-2020-29189 + severity: high + cvss: 8.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker - could use a crafted USB Device or Smart Card, which would present the system with - a specially crafted response to APDUs. When buffers are partially filled with - data, initialized parts of the buffer can be incorrectly accessed. + description: Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 + allows remote authenticated attackers to bypass read-only restriction and obtain + full access to any folder within the NAS detection: payload: null verify: null @@ -1089,30 +995,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-45620 - - https://access.redhat.com/security/cve/CVE-2024-45620 - - https://bugzilla.redhat.com/show_bug.cgi?id=2309289 - - https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html + - https://nvd.nist.gov/vuln/detail/CVE-2020-29189 + - https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/ generated_from: - nvd - status: candidate executable: false - id: CVE-2024-8418-CANDIDATE - cve_id: CVE-2024-8418 - name: Candidate detection for CVE-2024-8418 - severity: high - cvss: 7.5 + id: CVE-2020-29247-CANDIDATE + cve_id: CVE-2020-29247 + name: Candidate detection for CVE-2020-29247 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Aardvark-dns, which is vulnerable to a Denial of - Service attack due to the serial processing of TCP DNS queries. An attacker can - exploit this flaw by keeping a TCP connection open indefinitely, causing the server - to become unresponsive and resulting in other DNS queries timing out. This issue - prevents legitimate users from accessing DNS services, thereby disrupting normal - operations and causing service downtime. + description: WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin + Panel. An attacker can inject the XSS payload in Page keywords and each time any + user will visit the website, the XSS triggers, and the attacker can able to steal + the cookie according to the crafted payload. detection: payload: null verify: null @@ -1120,29 +1022,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-8418 - - https://access.redhat.com/errata/RHSA-2025:7094 - - https://access.redhat.com/security/cve/CVE-2024-8418 - - https://bugzilla.redhat.com/show_bug.cgi?id=2309683 - - https://github.com/containers/aardvark-dns/issues/500 + - https://nvd.nist.gov/vuln/detail/CVE-2020-29247 + - https://systemweakness.com/cve-2020-29247-wondercms-3-1-3-page-persistent-cross-site-scripting-3dd2bb210beb + - https://www.exploit-db.com/exploits/49102 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-8443-CANDIDATE - cve_id: CVE-2024-8443 - name: Candidate detection for CVE-2024-8443 - severity: low - cvss: 2.9 + id: CVE-2020-29477-CANDIDATE + cve_id: CVE-2020-29477 + name: Candidate detection for CVE-2020-29477 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: A heap-based buffer overflow vulnerability was found in the libopensc - OpenPGP driver. A crafted USB device or smart card with malicious responses to - the APDUs during the card enrollment process using the `pkcs15-init` tool may - lead to out-of-bound rights, possibly resulting in arbitrary code execution. + exploitdb_reference: true + description: Invision Community 4.5.4 is affected by cross-site scripting (XSS) + in the Field Name field. This vulnerability can allow an attacker to inject the + XSS payload in Field Name and each time any user will open that, the XSS triggers + and the attacker can able to steal the cookie according to the crafted payload. detection: payload: null verify: null @@ -1150,29 +1050,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-8443 - - https://access.redhat.com/security/cve/CVE-2024-8443 - - https://bugzilla.redhat.com/show_bug.cgi?id=2310494 - - https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html + - https://nvd.nist.gov/vuln/detail/CVE-2020-29477 + - https://www.exploit-db.com/exploits/49188 generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2024-9675-CANDIDATE - cve_id: CVE-2024-9675 - name: Candidate detection for CVE-2024-9675 + id: CVE-2020-29228-CANDIDATE + cve_id: CVE-2020-29228 + name: Candidate detection for CVE-2020-29228 severity: high - cvss: 7.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability was found in Buildah. Cache mounts do not properly - validate that user-specified paths for the cache are within our cache directory, - allowing a `RUN` instruction in a Container file to mount an arbitrary directory - from the host (read/write) into the container as long as those files can be accessed - by the user running Buildah. + description: EGavilanMedia User Registration and Login System With Admin Panel 1.0 + is affected by SQL injection in the User Login Page. detection: payload: null verify: null @@ -1180,36 +1076,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-9675 - - https://access.redhat.com/errata/RHSA-2024:8563 - - https://access.redhat.com/errata/RHSA-2024:8675 - - https://access.redhat.com/errata/RHSA-2024:8679 - - https://access.redhat.com/errata/RHSA-2024:8686 + - https://nvd.nist.gov/vuln/detail/CVE-2020-29228 + - https://github.com/hemantsolo/CVE-Reference/blob/main/CVE-2020-29228.md generated_from: - nvd - status: candidate executable: false - id: CVE-2024-9050-CANDIDATE - cve_id: CVE-2024-9050 - name: Candidate detection for CVE-2024-9050 - severity: high - cvss: 7.8 + id: CVE-2020-29230-CANDIDATE + cve_id: CVE-2020-29230 + name: Candidate detection for CVE-2020-29230 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the libreswan client plugin for NetworkManager - (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration - from the local unprivileged user. In this configuration, composed by a key-value - format, the plugin fails to escape special characters, leading the application - to interpret values as keys. One of the most critical parameters that could be - abused by a malicious user is the `leftupdown`key. This key takes an executable - command as a value and is used to specify what executes as a callback in NetworkManager-libreswan - to retrieve configuration settings back to NetworkManager. As NetworkManager uses - Polkit to allow an unprivileged user to control the system's network configuration, - a malicious actor could achieve local privilege escalation and potential code - execution as root in the targeted machine by creating a malicious configuration. + description: EGavilanMedia User Registration and Login System With Admin Panel 1.0 + is affected by cross-site scripting (XSS) in the Admin Panel - Manage User tab + using the Full Name of the user. This vulnerability can result in the attacker + injecting the XSS payload in the User Registration section and each time admin + visits the manage user section from the admin panel, the XSS triggers and the + attacker can steal the cookie according to the crafted payload. detection: payload: null verify: null @@ -1217,30 +1105,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-9050 - - https://access.redhat.com/errata/RHSA-2024:8312 - - https://access.redhat.com/errata/RHSA-2024:8338 - - https://access.redhat.com/errata/RHSA-2024:8352 - - https://access.redhat.com/errata/RHSA-2024:8353 + - https://nvd.nist.gov/vuln/detail/CVE-2020-29230 + - https://github.com/hemantsolo/CVE-Reference/blob/main/CVE-2020-29230.md generated_from: - nvd - status: candidate executable: false - id: CVE-2024-10041-CANDIDATE - cve_id: CVE-2024-10041 - name: Candidate detection for CVE-2024-10041 + id: CVE-2020-29231-CANDIDATE + cve_id: CVE-2020-29231 + name: Candidate detection for CVE-2020-29231 severity: medium - cvss: 4.7 + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability was found in PAM. The secret information is stored - in memory, where the attacker can trigger the victim program to execute by sending - characters to its standard input (stdin). As this occurs, the attacker can train - the branch predictor to execute an ROP chain speculatively. This flaw could result - in leaked passwords, such as those found in /etc/shadow while performing authentications. + description: EGavilanMedia User Registration and Login System With Admin Panel 1.0 + is affected by cross-site scripting (XSS) in the Admin Profile Page. This vulnerability + can result in the attacker injecting the XSS payload in Admin Full Name and each + time admin visits the Profile page from the admin panel, the XSS triggers. detection: payload: null verify: null @@ -1248,29 +1132,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-10041 - - https://access.redhat.com/errata/RHSA-2024:10379 - - https://access.redhat.com/errata/RHSA-2024:11250 - - https://access.redhat.com/errata/RHSA-2024:9941 - - https://access.redhat.com/security/cve/CVE-2024-10041 + - https://nvd.nist.gov/vuln/detail/CVE-2020-29231 + - https://github.com/hemantsolo/CVE-Reference/blob/main/CVE-2020-29231.md generated_from: - nvd - status: candidate executable: false - id: CVE-2024-11079-CANDIDATE - cve_id: CVE-2024-11079 - name: Candidate detection for CVE-2024-11079 + id: CVE-2020-25498-CANDIDATE + cve_id: CVE-2020-25498 + name: Candidate detection for CVE-2020-25498 severity: medium - cvss: 5.5 + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Ansible-Core. This vulnerability allows attackers - to bypass unsafe content protections using the hostvars object to reference and - execute templated content. This issue can lead to arbitrary code execution if - remote data or module outputs are improperly templated within playbooks. + description: Cross Site Scripting (XSS) vulnerability in Beetel router 777VR1 can + be exploited via the NTP server name in System Time and "Keyword" in URL Filter. detection: payload: null verify: null @@ -1278,29 +1157,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-11079 - - https://access.redhat.com/errata/RHSA-2024:10770 - - https://access.redhat.com/errata/RHSA-2024:11145 - - https://access.redhat.com/security/cve/CVE-2024-11079 - - https://bugzilla.redhat.com/show_bug.cgi?id=2325171 + - https://nvd.nist.gov/vuln/detail/CVE-2020-25498 + - https://github.com/the-girl-who-lived/CVE-2020-25498 + - https://youtu.be/qeVHvmS5wtI + - https://youtu.be/u_6yBIMF74A generated_from: - nvd - status: candidate executable: false - id: CVE-2024-49393-CANDIDATE - cve_id: CVE-2024-49393 - name: Candidate detection for CVE-2024-49393 + id: CVE-2020-35262-CANDIDATE + cve_id: CVE-2020-35262 + name: Candidate detection for CVE-2020-35262 severity: medium - cvss: 6.5 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: In neomutt and mutt, the To and Cc email headers are not validated - by cryptographic signing which allows an attacker that intercepts a message to - change their value and include himself as a one of the recipients to compromise - message confidentiality. + description: Cross Site Scripting (XSS) vulnerability in Digisol DG-HR3400 can be + exploited via the NTP server name in Time and date module and "Keyword" in URL + Filter. detection: payload: null verify: null @@ -1308,28 +1185,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-49393 - - https://access.redhat.com/security/cve/CVE-2024-49393 - - https://bugzilla.redhat.com/show_bug.cgi?id=2325317 - - https://github.com/neomutt/neomutt/issues/4223 - - https://github.com/neomutt/neomutt/pull/4221 + - https://nvd.nist.gov/vuln/detail/CVE-2020-35262 + - https://github.com/the-girl-who-lived/CVE-2020-35262 + - https://youtu.be/E5wEzf-gkOE generated_from: - nvd - status: candidate executable: false - id: CVE-2024-49394-CANDIDATE - cve_id: CVE-2024-49394 - name: Candidate detection for CVE-2024-49394 - severity: medium - cvss: 5.3 + id: CVE-2020-26664-CANDIDATE + cve_id: CVE-2020-26664 + name: Candidate detection for CVE-2020-26664 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: In mutt and neomutt the In-Reply-To email header field is not protected - by cryptographic signing which allows an attacker to reuse an unencrypted but - signed email message to impersonate the original sender. + description: A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player + 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted + .mkv file. detection: payload: null verify: null @@ -1337,28 +1212,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-49394 - - https://access.redhat.com/security/cve/CVE-2024-49394 - - https://bugzilla.redhat.com/show_bug.cgi?id=2325330 - - https://github.com/neomutt/neomutt/issues/4226 - - https://github.com/neomutt/neomutt/pull/4221 + - https://nvd.nist.gov/vuln/detail/CVE-2020-26664 + - https://gist.githubusercontent.com/henices/db11664dd45b9f322f8514d182aef5ea/raw/d56940c8bf211992bf4f3309a85bb2b69383e511/CVE-2020-26664.txt + - https://lists.debian.org/debian-lts-announce/2022/06/msg00012.html + - https://security.gentoo.org/glsa/202101-37 + - https://www.debian.org/security/2021/dsa-4834 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-49395-CANDIDATE - cve_id: CVE-2024-49395 - name: Candidate detection for CVE-2024-49395 - severity: medium - cvss: 5.3 + id: CVE-2020-23630-CANDIDATE + cve_id: CVE-2020-23630 + name: Candidate detection for CVE-2020-23630 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: In mutt and neomutt, PGP encryption does not use the --hidden-recipient - mode which may leak the Bcc email header field by inferring from the recipients - info. + description: A blind SQL injection vulnerability exists in zzcms ver201910 based + on time (cookie injection). detection: payload: null verify: null @@ -1366,29 +1240,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-49395 - - https://access.redhat.com/security/cve/CVE-2024-49395 - - https://bugzilla.redhat.com/show_bug.cgi?id=2325332 - - https://github.com/neomutt/neomutt/issues/4223#issuecomment-2040209956 - - https://github.com/neomutt/neomutt/pull/4221 + - https://nvd.nist.gov/vuln/detail/CVE-2020-23630 + - https://github.com/Pandora1m2/ + - https://github.com/Pandora1m2/zzcms201910/issues/1 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-51330-CANDIDATE - cve_id: CVE-2024-51330 - name: Candidate detection for CVE-2024-51330 - severity: medium - cvss: 5.1 + id: CVE-2018-8044-CANDIDATE + cve_id: CVE-2018-8044 + name: Candidate detection for CVE-2018-8044 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: An issue in UltiMaker Cura v.4.41 and 5.8.1 and before allows a local - attacker to execute arbitrary code via Inter-process communication (IPC) mechanism - between Cura application and CuraEngine processes, localhost network stack, printing - settings and G-code processing and transmission components, Ultimaker 3D Printers. + description: 'K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: + Incorrect Access Control. The impact is: Local Process Execution (local). The + component is: K7Sentry.sys.' detection: payload: null verify: null @@ -1396,25 +1267,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-51330 - - https://gist.github.com/HalaAli198/ff06d7a94c06cdfb821dec4d6303e01b + - https://nvd.nist.gov/vuln/detail/CVE-2018-8044 + - https://support.k7computing.com/index.php?/selfhelp/view-article/Advisory-issued-on-6th-January-2021 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-11217-CANDIDATE - cve_id: CVE-2024-11217 - name: Candidate detection for CVE-2024-11217 - severity: medium - cvss: 4.9 + id: CVE-2018-8724-CANDIDATE + cve_id: CVE-2018-8724 + name: Candidate detection for CVE-2018-8724 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability was found in the OAuth-server. OAuth-server logs the - OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google - IDPs login options. + description: 'K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: + Incorrect Access Control. The impact is: gain privileges (local). The component + is: K7TSMngr.exe.' detection: payload: null verify: null @@ -1422,26 +1293,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-11217 - - https://access.redhat.com/security/cve/CVE-2024-11217 - - https://bugzilla.redhat.com/show_bug.cgi?id=2326230 + - https://nvd.nist.gov/vuln/detail/CVE-2018-8724 + - https://support.k7computing.com/index.php?/selfhelp/view-article/Advisory-issued-on-6th-January-2021 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-52615-CANDIDATE - cve_id: CVE-2024-52615 - name: Candidate detection for CVE-2024-52615 - severity: medium - cvss: 5.3 + id: CVE-2018-8725-CANDIDATE + cve_id: CVE-2018-8725 + name: Candidate detection for CVE-2018-8725 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Avahi-daemon, which relies on fixed source ports - for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses - are injected. + description: 'K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: + Buffer Overflow. The impact is: execute arbitrary code (local). The component + is: K7TSMngr.exe.' detection: payload: null verify: null @@ -1449,29 +1319,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-52615 - - https://access.redhat.com/errata/RHSA-2025:11402 - - https://access.redhat.com/errata/RHSA-2025:16441 - - https://access.redhat.com/security/cve/CVE-2024-52615 - - https://bugzilla.redhat.com/show_bug.cgi?id=2326418 + - https://nvd.nist.gov/vuln/detail/CVE-2018-8725 + - https://support.k7computing.com/index.php?/selfhelp/view-article/Advisory-issued-on-6th-January-2021 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-52616-CANDIDATE - cve_id: CVE-2024-52616 - name: Candidate detection for CVE-2024-52616 - severity: medium - cvss: 5.3 + id: CVE-2018-8726-CANDIDATE + cve_id: CVE-2018-8726 + name: Candidate detection for CVE-2018-8726 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the Avahi-daemon, where it initializes DNS transaction - IDs randomly only once at startup, incrementing them sequentially after that. - This predictable behavior facilitates DNS spoofing attacks, allowing attackers - to guess transaction IDs. + description: 'K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: + Buffer Overflow. The impact is: execute arbitrary code (local). The component + is: K7TSMngr.exe.' detection: payload: null verify: null @@ -1479,18 +1345,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-52616 - - https://access.redhat.com/errata/RHSA-2025:7437 - - https://access.redhat.com/security/cve/CVE-2024-52616 - - https://bugzilla.redhat.com/show_bug.cgi?id=2326429 - - https://github.com/avahi/avahi/pull/577 + - https://nvd.nist.gov/vuln/detail/CVE-2018-8726 + - https://support.k7computing.com/index.php?/selfhelp/view-article/Advisory-issued-on-6th-January-2021 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-52336-CANDIDATE - cve_id: CVE-2024-52336 - name: Candidate detection for CVE-2024-52336 + id: CVE-2018-9332-CANDIDATE + cve_id: CVE-2018-9332 + name: Candidate detection for CVE-2018-9332 severity: high cvss: 7.8 risk_level: unknown @@ -1498,13 +1361,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: A script injection vulnerability was identified in the Tuned package. - The `instance_create()` D-Bus function can be called by locally logged-in users - without authentication. This flaw allows a local non-privileged user to execute - a D-Bus call with `script_pre` or `script_post` options that permit arbitrary - scripts with their absolute paths to be passed. These user or attacker-controlled - executable scripts or programs could then be executed by Tuned with root privileges - that could allow attackers to local privilege escalation. + description: 'K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: + Incorrect Access Control. The impact is: gain privileges (local).' detection: payload: null verify: null @@ -1512,34 +1370,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-52336 - - https://access.redhat.com/errata/RHSA-2024:10384 - - https://access.redhat.com/errata/RHSA-2025:0879 - - https://access.redhat.com/errata/RHSA-2025:0880 - - https://access.redhat.com/security/cve/CVE-2024-52336 + - https://nvd.nist.gov/vuln/detail/CVE-2018-9332 + - https://support.k7computing.com/index.php?/selfhelp/view-article/Advisory-issued-on-6th-January-2021 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-52337-CANDIDATE - cve_id: CVE-2024-52337 - name: Candidate detection for CVE-2024-52337 - severity: medium - cvss: 5.5 + id: CVE-2018-9333-CANDIDATE + cve_id: CVE-2018-9333 + name: Candidate detection for CVE-2018-9333 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A log spoofing flaw was found in the Tuned package due to improper - sanitization of some API arguments. This flaw allows an attacker to pass a controlled - sequence of characters; newlines can be inserted into the log. Instead of the - 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. - The quotes '' are usually used in TuneD logs citing raw user input, so there will - always be the ' character ending the spoofed input, and the administrator can - easily overlook this. This logged string is later used in logging and in the output - of utilities, for example, `tuned-adm get_instances` or other third-party programs - that use Tuned's D-Bus interface for such operations. + description: 'K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: + Buffer Overflow. The impact is: execute arbitrary code (local). The component + is: K7TSMngr.exe.' detection: payload: null verify: null @@ -1547,29 +1396,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-52337 - - https://access.redhat.com/errata/RHSA-2024:10381 - - https://access.redhat.com/errata/RHSA-2024:10384 - - https://access.redhat.com/errata/RHSA-2024:11161 - - https://access.redhat.com/errata/RHSA-2025:0195 + - https://nvd.nist.gov/vuln/detail/CVE-2018-9333 + - https://support.k7computing.com/index.php?/selfhelp/view-article/Advisory-issued-on-6th-January-2021 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-12401-CANDIDATE - cve_id: CVE-2024-12401 - name: Candidate detection for CVE-2024-12401 + id: CVE-2020-20950-CANDIDATE + cve_id: CVE-2020-20950 + name: Candidate detection for CVE-2020-20950 severity: medium - cvss: 4.4 + cvss: 5.9 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the cert-manager package. This flaw allows an attacker - who can modify PEM data that the cert-manager reads, for example, in a Secret - resource, to use large amounts of CPU in the cert-manager controller pod to effectively - create a denial-of-service (DoS) vector for the cert-manager in the cluster. + description: 'Bleichenbacher''s attack on PKCS #1 v1.5 padding for RSA in Microchip + Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability + can allow one to use Bleichenbacher''s oracle attack to decrypt an encrypted ciphertext + by making successive queries to the server using the vulnerable library, resulting + in remote information disclosure.' detection: payload: null verify: null @@ -1577,27 +1424,32 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-12401 - - https://access.redhat.com/security/cve/CVE-2024-12401 - - https://bugzilla.redhat.com/show_bug.cgi?id=2327929 - - https://github.com/cert-manager/cert-manager/pull/7400 - - https://github.com/cert-manager/cert-manager/pull/7401 + - https://nvd.nist.gov/vuln/detail/CVE-2020-20950 + - https://bi-zone.medium.com/silence-will-fall-or-how-it-can-take-2-years-to-get-your-vuln-registered-e6134846f5bb + - https://www.microchip.com/mplab/microchip-libraries-for-applications generated_from: - nvd - status: candidate executable: false - id: CVE-2024-56732-CANDIDATE - cve_id: CVE-2024-56732 - name: Candidate detection for CVE-2024-56732 - severity: high - cvss: 8.8 + id: CVE-2020-28707-CANDIDATE + cve_id: CVE-2020-28707 + name: Candidate detection for CVE-2020-28707 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, - there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function. + description: The Stockdio Historical Chart plugin before 2.8.1 for WordPress is + affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in + wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage() + event is not validated. The stockdio_eventer function listens for any postMessage + event. After a message event is sent to the application, this function sets the + "e" variable as the event and checks that the types of the data and data.method + are not undefined (empty) before proceeding to eval the data.method received from + the postMessage. However, on a different website. JavaScript code can call window.open + for the vulnerable WordPress instance and do a postMessage(msg,'*') for that object. detection: payload: null verify: null @@ -1605,32 +1457,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-56732 - - https://github.com/harfbuzz/harfbuzz/commit/1767f99e2e2196c3fcae27db6d8b60098d3f6d26 - - https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-qmp9-xqm5-jh6m + - https://nvd.nist.gov/vuln/detail/CVE-2020-28707 + - https://jondow.eu/cve-2020-28707-xss-in-stockdio-historical-chart-plugin-for-wordpress-before-version-281/ + - https://wordpress.org/plugins/stockdio-historical-chart/#developers generated_from: - nvd - status: candidate executable: false - id: CVE-2024-45497-CANDIDATE - cve_id: CVE-2024-45497 - name: Candidate detection for CVE-2024-45497 - severity: high - cvss: 7.6 + id: CVE-2020-20949-CANDIDATE + cve_id: CVE-2020-20949 + name: Candidate detection for CVE-2020-20949 + severity: medium + cvss: 5.9 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the OpenShift build process, where the docker-build - container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json - file into the build pod. This file contains sensitive credentials necessary for - pulling images from private repositories. The mount is not read-only, which allows - the attacker to overwrite it. By modifying the config.json file, the attacker - can cause a denial of service by preventing the node from pulling new images and - potentially exfiltrating sensitive secrets. This flaw impacts the availability - of services dependent on image pulls and exposes sensitive information to unauthorized - parties. + description: 'Bleichenbacher''s attack on PKCS #1 v1.5 padding for RSA in STM32 + cryptographic firmware library software expansion for STM32Cube (UM1924). The + vulnerability can allow one to use Bleichenbacher''s oracle attack to decrypt + an encrypted ciphertext by making successive queries to the server using the vulnerable + library, resulting in remote information disclosure.' detection: payload: null verify: null @@ -1638,29 +1486,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-45497 - - https://access.redhat.com/errata/RHSA-2025:10270 - - https://access.redhat.com/errata/RHSA-2025:10294 - - https://access.redhat.com/errata/RHSA-2025:10747 - - https://access.redhat.com/errata/RHSA-2025:9269 + - https://nvd.nist.gov/vuln/detail/CVE-2020-20949 + - https://bi-zone.medium.com/silence-will-fall-or-how-it-can-take-2-years-to-get-your-vuln-registered-e6134846f5bb + - https://www.st.com/en/embedded-software/x-cube-cryptolib.html generated_from: - nvd - status: candidate executable: false - id: CVE-2025-0306-CANDIDATE - cve_id: CVE-2025-0306 - name: Candidate detection for CVE-2025-0306 + id: CVE-2020-28874-CANDIDATE + cve_id: CVE-2020-28874 + name: Candidate detection for CVE-2020-28874 severity: high - cvss: 7.4 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability was found in Ruby. The Ruby interpreter is vulnerable - to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted - messages or forge signatures by exchanging a large number of messages with the - vulnerable service. + description: reset-password.php in ProjectSend before r1295 allows remote attackers + to reset a password because of incorrect business logic. Errors are not properly + considered (an invalid token parameter). detection: payload: null verify: null @@ -1668,28 +1513,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-0306 - - https://access.redhat.com/security/cve/CVE-2025-0306 - - https://bugzilla.redhat.com/show_bug.cgi?id=2336100 - - https://security.netapp.com/advisory/ntap-20250221-0009/ + - https://nvd.nist.gov/vuln/detail/CVE-2020-28874 + - https://github.com/projectsend/projectsend/commit/440204734e9a1687cb9887e1c887173d23c5a93e + - https://github.com/projectsend/projectsend/commits/master + - https://github.com/projectsend/projectsend/releases/tag/r1295 + - https://github.com/varandinawer/CVE-2020-28874 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-12085-CANDIDATE - cve_id: CVE-2024-12085 - name: Candidate detection for CVE-2024-12085 - severity: high - cvss: 7.5 + id: CVE-2020-35854-CANDIDATE + cve_id: CVE-2020-35854 + name: Candidate detection for CVE-2020-35854 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in rsync which could be triggered when rsync compares - file checksums. This flaw allows an attacker to manipulate the checksum length - (s2length) to cause a comparison between a checksum and uninitialized memory and - leak one byte of uninitialized stack data at a time. + description: Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the + Body parameter. detection: payload: null verify: null @@ -1697,32 +1541,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-12085 - - https://access.redhat.com/errata/RHBA-2025:6470 - - https://access.redhat.com/errata/RHSA-2025:0324 - - https://access.redhat.com/errata/RHSA-2025:0325 - - https://access.redhat.com/errata/RHSA-2025:0637 + - https://nvd.nist.gov/vuln/detail/CVE-2020-35854 + - https://riteshgohil-25.medium.com/textpattern-4-8-4-is-affected-by-cross-site-scripting-xss-in-the-body-parameter-b9a3d7da2a88 + - https://www.textpattern.co/demo generated_from: - nvd - status: candidate executable: false - id: CVE-2024-12086-CANDIDATE - cve_id: CVE-2024-12086 - name: Candidate detection for CVE-2024-12086 + id: CVE-2020-36011-CANDIDATE + cve_id: CVE-2020-36011 + name: Candidate detection for CVE-2020-36011 severity: medium - cvss: 6.1 + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in rsync. It could allow a server to enumerate the - contents of an arbitrary file from the client's machine. This issue occurs when - files are being copied from a client to a server. During this process, the rsync - server will send checksums of local data to the client to compare with in order - to determine what data needs to be sent to the server. By sending specially constructed - checksum values for arbitrary files, an attacker may be able to reconstruct the - data of those files byte-by-byte based on the responses from the client. + description: A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart + Hospital Management System 3.1 allows a remote attacker to inject arbitrary code + via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field. detection: payload: null verify: null @@ -1730,33 +1568,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-12086 - - https://access.redhat.com/errata/RHBA-2025:6470 - - https://access.redhat.com/errata/RHSA-2026:19368 - - https://access.redhat.com/errata/RHSA-2026:20603 - - https://access.redhat.com/errata/RHSA-2026:29197 + - https://nvd.nist.gov/vuln/detail/CVE-2020-36011 + - https://www.exploit-db.com/exploits/49290 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-12087-CANDIDATE - cve_id: CVE-2024-12087 - name: Candidate detection for CVE-2024-12087 + id: CVE-2020-36012-CANDIDATE + cve_id: CVE-2020-36012 + name: Candidate detection for CVE-2020-36012 severity: medium - cvss: 6.5 + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A path traversal vulnerability exists in rsync. It stems from behavior - enabled by the `--inc-recursive` option, a default-enabled option for many client - options and can be enabled by the server even if not explicitly enabled by the - client. When using the `--inc-recursive` option, a lack of proper symlink verification - coupled with deduplication checks occurring on a per-file-list basis could allow - a server to write files outside of the client's intended destination directory. - A malicious server could write malicious files to arbitrary locations named after - valid directories/paths on the client. + description: Stored XSS vulnerability in BDTASK Multi-Store Inventory Management + System 1.0 allows a local admin to inject arbitrary code via the Customer Name + Field. detection: payload: null verify: null @@ -1764,29 +1594,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-12087 - - https://access.redhat.com/errata/RHBA-2025:6470 - - https://access.redhat.com/errata/RHSA-2025:23154 - - https://access.redhat.com/errata/RHSA-2025:23235 - - https://access.redhat.com/errata/RHSA-2025:23407 + - https://nvd.nist.gov/vuln/detail/CVE-2020-36012 + - https://kislay00.medium.com/m-store-multi-store-inventory-management-system-add-customer-stored-xss-875a376770ec generated_from: - nvd - status: candidate executable: false - id: CVE-2024-12088-CANDIDATE - cve_id: CVE-2024-12088 - name: Candidate detection for CVE-2024-12088 + id: CVE-2021-3294-CANDIDATE + cve_id: CVE-2021-3294 + name: Candidate detection for CVE-2021-3294 severity: medium - cvss: 6.5 + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: A flaw was found in rsync. When using the `--safe-links` option, the - rsync client fails to properly verify if a symbolic link destination sent from - the server contains another symbolic link within it. This results in a path traversal - vulnerability, which may lead to arbitrary file write outside the desired directory. + exploitdb_reference: true + description: CASAP Automated Enrollment System 1.0 is affected by cross-site scripting + (XSS) in users.php. An attacker can steal a cookie to perform user redirection + to a malicious website. detection: payload: null verify: null @@ -1794,32 +1620,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-12088 - - https://access.redhat.com/errata/RHBA-2025:6470 - - https://access.redhat.com/errata/RHSA-2025:2600 - - https://access.redhat.com/errata/RHSA-2025:7050 - - https://access.redhat.com/errata/RHSA-2025:8385 + - https://nvd.nist.gov/vuln/detail/CVE-2021-3294 + - https://www.exploit-db.com/exploits/49469 + - https://www.sourcecodester.com/download-code?nid=12210&title=CASAP+Automated+Enrollment+System+using+PHP%2FMySQLi+with+Source+Code generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2024-12747-CANDIDATE - cve_id: CVE-2024-12747 - name: Candidate detection for CVE-2024-12747 - severity: medium - cvss: 5.6 + id: CVE-2020-25493-CANDIDATE + cve_id: CVE-2020-25493 + name: Candidate detection for CVE-2020-25493 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in rsync. This vulnerability arises from a race condition - during rsync's handling of symbolic links. Rsync's default behavior when encountering - symbolic links is to skip them. If an attacker replaced a regular file with a - symbolic link at the right time, it was possible to bypass the default behavior - and traverse symbolic links. Depending on the privileges of the rsync process, - an attacker could leak sensitive information, potentially leading to privilege - escalation. + description: Oclean Mobile Application 2.1.2 communicates with an external website + using HTTP so it is possible to eavesdrop the network traffic. The content of + HTTP payload is encrypted using XOR with a hardcoded key, which allows for the + possibility to decode the traffic. detection: payload: null verify: null @@ -1827,29 +1649,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-12747 - - https://access.redhat.com/errata/RHBA-2025:6470 - - https://access.redhat.com/errata/RHSA-2025:2600 - - https://access.redhat.com/errata/RHSA-2025:7050 - - https://access.redhat.com/errata/RHSA-2025:8385 + - https://nvd.nist.gov/vuln/detail/CVE-2020-25493 + - https://github.com/c3r34lk1ll3r/decrypt-oclean-traffic + - https://play.google.com/store/apps/details?id=com.yunding.noopsychebrushforeign generated_from: - nvd - status: candidate executable: false - id: CVE-2024-12084-CANDIDATE - cve_id: CVE-2024-12084 - name: Candidate detection for CVE-2024-12084 - severity: critical - cvss: 9.8 + id: CVE-2021-25296-CANDIDATE + cve_id: CVE-2021-25296 + name: Candidate detection for CVE-2021-25296 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: - cisa_kev: false + cisa_kev: true exploitdb_reference: false - description: A heap-based buffer overflow flaw was found in the rsync daemon. This - issue is due to improper handling of attacker-controlled checksum lengths (s2length) - in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker - can write out of bounds in the sum2 buffer. + description: Nagios XI version xi-5.7.5 is affected by OS command injection. The + vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php + due to improper sanitization of authenticated user-controlled input by a single + HTTP request, which can lead to OS command injection on the Nagios XI server. detection: payload: null verify: null @@ -1857,29 +1677,31 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-12084 - - https://access.redhat.com/errata/RHBA-2025:6470 - - https://access.redhat.com/security/cve/CVE-2024-12084 - - https://bugzilla.redhat.com/show_bug.cgi?id=2330527 - - https://kb.cert.org/vuls/id/952657 + - https://nvd.nist.gov/vuln/detail/CVE-2021-25296 + - https://assets.nagios.com/downloads/nagiosxi/versions.php + - https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md + - https://www.fastly.com/blog/anatomy-of-a-command-injection-cve-2021-25296-7-8-with-metasploit-module-and + - https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25296 + - https://www.cisa.gov/known-exploited-vulnerabilities-catalog generated_from: - nvd + - cisa_kev - status: candidate executable: false - id: CVE-2024-11218-CANDIDATE - cve_id: CVE-2024-11218 - name: Candidate detection for CVE-2024-11218 + id: CVE-2021-25297-CANDIDATE + cve_id: CVE-2021-25297 + name: Candidate detection for CVE-2021-25297 severity: high - cvss: 8.6 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: - cisa_kev: false + cisa_kev: true exploitdb_reference: false - description: A vulnerability was found in `podman build` and `buildah.` This issue - occurs in a container breakout by using --jobs=2 and a race condition when building - a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, - it still allows the enumeration of files and directories on the host. + description: Nagios XI version xi-5.7.5 is affected by OS command injection. The + vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php + due to improper sanitization of authenticated user-controlled input by a single + HTTP request, which can lead to OS command injection on the Nagios XI server. detection: payload: null verify: null @@ -1887,30 +1709,31 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-11218 - - https://access.redhat.com/errata/RHSA-2025:0830 - - https://access.redhat.com/errata/RHSA-2025:0878 - - https://access.redhat.com/errata/RHSA-2025:0922 - - https://access.redhat.com/errata/RHSA-2025:0923 + - https://nvd.nist.gov/vuln/detail/CVE-2021-25297 + - https://assets.nagios.com/downloads/nagiosxi/versions.php + - https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md + - https://www.fastly.com/blog/anatomy-of-a-command-injection-cve-2021-25296-7-8-with-metasploit-module-and + - https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25297 + - https://www.cisa.gov/known-exploited-vulnerabilities-catalog generated_from: - nvd + - cisa_kev - status: candidate executable: false - id: CVE-2024-13484-CANDIDATE - cve_id: CVE-2024-13484 - name: Candidate detection for CVE-2024-13484 + id: CVE-2021-25298-CANDIDATE + cve_id: CVE-2021-25298 + name: Candidate detection for CVE-2021-25298 severity: high - cvss: 8.2 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: - cisa_kev: false + cisa_kev: true exploitdb_reference: false - description: A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring - label is applied to all namespaces that deploy an ArgoCD CR instance, allowing - the namespace to create a rogue PrometheusRule. This issue can have adverse effects - on the platform monitoring stack, as the rule is rolled out cluster-wide when - the label is applied. + description: Nagios XI version xi-5.7.5 is affected by OS command injection. The + vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php + due to improper sanitization of authenticated user-controlled input by a single + HTTP request, which can lead to OS command injection on the Nagios XI server. detection: payload: null verify: null @@ -1918,32 +1741,33 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-13484 - - https://access.redhat.com/errata/RHSA-2025:7753 - - https://access.redhat.com/errata/RHSA-2025:8274 - - https://access.redhat.com/errata/RHSA-2025:9506 - - https://access.redhat.com/security/cve/CVE-2024-13484 + - https://nvd.nist.gov/vuln/detail/CVE-2021-25298 + - https://assets.nagios.com/downloads/nagiosxi/versions.php + - https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md + - https://www.fastly.com/blog/anatomy-of-a-command-injection-cve-2021-25296-7-8-with-metasploit-module-and + - https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25298 + - https://www.cisa.gov/known-exploited-vulnerabilities-catalog generated_from: - nvd + - cisa_kev - status: candidate executable: false - id: CVE-2024-11831-CANDIDATE - cve_id: CVE-2024-11831 - name: Candidate detection for CVE-2024-11831 + id: CVE-2021-25299-CANDIDATE + cve_id: CVE-2021-25299 + name: Candidate detection for CVE-2021-25299 severity: medium - cvss: 5.4 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in npm-serialize-javascript. The vulnerability occurs - because the serialize-javascript module does not properly sanitize certain inputs, - such as regex or other JavaScript object types, allowing an attacker to inject - malicious code. This code could be executed when deserialized by a web browser, - causing Cross-site scripting (XSS) attacks. This issue is critical in environments - where serialized data is sent to web clients, potentially compromising the security - of the website or web application using this package. + description: Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). + The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php + due to improper sanitization of user-controlled input. A maliciously crafted URL, + when clicked by an admin user, can be used to steal his/her session cookies or + it can be chained with the previous bugs to get one-click remote command execution + (RCE) on the Nagios XI server. detection: payload: null verify: null @@ -1951,30 +1775,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-11831 - - https://access.redhat.com/errata/RHBA-2025:0304 - - https://access.redhat.com/errata/RHSA-2025:0381 - - https://access.redhat.com/errata/RHSA-2025:10853 - - https://access.redhat.com/errata/RHSA-2025:1334 + - https://nvd.nist.gov/vuln/detail/CVE-2021-25299 + - https://assets.nagios.com/downloads/nagiosxi/versions.php + - https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2024-12133-CANDIDATE - cve_id: CVE-2024-12133 - name: Candidate detection for CVE-2024-12133 - severity: medium - cvss: 5.3 + id: CVE-2020-24841-CANDIDATE + cve_id: CVE-2020-24841 + name: Candidate detection for CVE-2020-24841 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw in libtasn1 causes inefficient handling of specific certificate - data. When processing a large number of elements in a certificate, libtasn1 takes - much longer than expected, which can slow down or even crash the system. This - flaw allows an attacker to send a specially crafted certificate, causing a denial - of service attack. + description: PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' + in /browse.jsp. Exploiting this issue could allow an attacker to compromise the + application, access or modify data, or exploit latent vulnerabilities in the underlying + database. detection: payload: null verify: null @@ -1982,29 +1803,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-12133 - - https://access.redhat.com/errata/RHSA-2025:17347 - - https://access.redhat.com/errata/RHSA-2025:4049 - - https://access.redhat.com/errata/RHSA-2025:7077 - - https://access.redhat.com/errata/RHSA-2025:8021 + - https://nvd.nist.gov/vuln/detail/CVE-2020-24841 + - https://www.exploit-db.com/exploits/48757 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-1244-CANDIDATE - cve_id: CVE-2025-1244 - name: Candidate detection for CVE-2025-1244 - severity: high - cvss: 8.8 + id: CVE-2021-27328-CANDIDATE + cve_id: CVE-2021-27328 + name: Candidate detection for CVE-2021-27328 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A command injection flaw was found in the text editor Emacs. It could - allow a remote, unauthenticated attacker to execute arbitrary shell commands on - a vulnerable system. Exploitation is possible by tricking users into visiting - a specially crafted website or an HTTP URL with a redirect. + description: Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. + An authenticated user can decrypt firmware and can read sensitive information, + such as a password or decryption key. detection: payload: null verify: null @@ -2012,28 +1829,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-1244 - - https://access.redhat.com/errata/RHSA-2025:1915 - - https://access.redhat.com/errata/RHSA-2025:1917 - - https://access.redhat.com/errata/RHSA-2025:1961 - - https://access.redhat.com/errata/RHSA-2025:1962 + - https://nvd.nist.gov/vuln/detail/CVE-2021-27328 + - https://github.com/SQSamir/CVE-2021-27328 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-57049-CANDIDATE - cve_id: CVE-2024-57049 - name: Candidate detection for CVE-2024-57049 - severity: unknown - cvss: 0.0 + id: CVE-2020-24175-CANDIDATE + cve_id: CVE-2020-24175 + name: Candidate detection for CVE-2020-24175 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: - This record was withdrawn by its CNA. Further investigation showed that it was - not a security issue. Notes: none.' + description: Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius + 6.3.2.3116, and Explzh (extension) 8.14, allows attackers to execute arbitrary + code via a crafted archive file, related to filename handling. detection: payload: null verify: null @@ -2041,25 +1855,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-57049 + - https://nvd.nist.gov/vuln/detail/CVE-2020-24175 + - https://gist.github.com/illikainen/315a420a9c28cbe882e16b8eba40b2e1 + - https://gist.github.com/illikainen/ced14e08e00747fef613ba619bb25bb4 + - https://illikainen.dev/advisories/014-yz1-izarc generated_from: - nvd - status: candidate executable: false - id: CVE-2024-45774-CANDIDATE - cve_id: CVE-2024-45774 - name: Candidate detection for CVE-2024-45774 - severity: medium - cvss: 6.7 + id: CVE-2021-27132-CANDIDATE + cve_id: CVE-2021-27132 + name: Candidate detection for CVE-2021-27132 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in grub2. A specially crafted JPEG file can cause - the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, - resulting in an out-of-bounds write. The possibility of overwriting sensitive - information to bypass secure boot protections is not discarded. + description: SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for + HTTP header injection) in the download function via the Content-Disposition header. detection: payload: null verify: null @@ -2067,30 +1882,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-45774 - - https://access.redhat.com/errata/RHSA-2025:6990 - - https://access.redhat.com/security/cve/CVE-2024-45774 - - https://bugzilla.redhat.com/show_bug.cgi?id=2337461 - - https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-27132 + - https://cybertuz.com/blog/post/crlf-injection-CVE-2021-27132 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-45776-CANDIDATE - cve_id: CVE-2024-45776 - name: Candidate detection for CVE-2024-45776 - severity: medium - cvss: 6.7 + id: CVE-2020-24036-CANDIDATE + cve_id: CVE-2020-24036 + name: Candidate detection for CVE-2020-24036 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: When reading the language .mo file in grub_mofile_open(), grub2 fails - to verify an integer overflow when allocating its internal buffer. A crafted .mo - file may lead the buffer size calculation to overflow, leading to out-of-bound - reads and writes. This flaw allows an attacker to leak sensitive data or overwrite - critical data, possibly circumventing secure boot protections. + description: PHP object injection in the Ajax endpoint of the backend in ForkCMS + below version 5.8.3 allows an authenticated remote user to execute malicious code. detection: payload: null verify: null @@ -2098,29 +1907,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-45776 - - https://access.redhat.com/errata/RHSA-2025:16154 - - https://access.redhat.com/errata/RHSA-2025:6990 - - https://access.redhat.com/security/cve/CVE-2024-45776 - - https://bugzilla.redhat.com/show_bug.cgi?id=2339182 + - https://nvd.nist.gov/vuln/detail/CVE-2020-24036 + - https://tech.feedyourhead.at/content/ForkCMS-PHP-Object-Injection-CVE-2020-24036 + - https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-04 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-45781-CANDIDATE - cve_id: CVE-2024-45781 - name: Candidate detection for CVE-2024-45781 + id: CVE-2020-24912-CANDIDATE + cve_id: CVE-2020-24912 + name: Candidate detection for CVE-2020-24912 severity: medium - cvss: 6.7 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in grub2. When reading a symbolic link's name from - a UFS filesystem, grub2 fails to validate the string length taken as an input. - The lack of validation may lead to a heap out-of-bounds write, causing data integrity - issues and eventually allowing an attacker to circumvent secure boot protections. + description: A reflected cross-site scripting (XSS) vulnerability in qcubed (all + versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated + attackers to steal sessions of authenticated users. detection: payload: null verify: null @@ -2128,28 +1934,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-45781 - - https://access.redhat.com/errata/RHSA-2025:16154 - - https://access.redhat.com/errata/RHSA-2025:6990 - - https://access.redhat.com/security/cve/CVE-2024-45781 - - https://bugzilla.redhat.com/show_bug.cgi?id=2345857 + - https://nvd.nist.gov/vuln/detail/CVE-2020-24912 + - https://tech.feedyourhead.at/content/QCubed-Cross-Site-Scripting-CVE-2020-24912 + - https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-45783-CANDIDATE - cve_id: CVE-2024-45783 - name: Candidate detection for CVE-2024-45783 - severity: medium - cvss: 4.4 + id: CVE-2020-24913-CANDIDATE + cve_id: CVE-2020-24913 + name: Candidate detection for CVE-2020-24913 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in grub2. When failing to mount an HFS+ grub, the - hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may - lead to a NULL pointer access. + description: A SQL injection vulnerability in qcubed (all versions including 3.1.1) + in profile.php via the strQuery parameter allows an unauthenticated attacker to + access the database by injecting SQL code via a crafted POST request. detection: payload: null verify: null @@ -2157,30 +1961,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-45783 - - https://access.redhat.com/errata/RHSA-2025:6990 - - https://access.redhat.com/security/cve/CVE-2024-45783 - - https://bugzilla.redhat.com/show_bug.cgi?id=2345863 + - https://nvd.nist.gov/vuln/detail/CVE-2020-24913 + - https://tech.feedyourhead.at/content/QCubed-SQL-Injection-CVE-2020-24913 + - https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-02 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-0622-CANDIDATE - cve_id: CVE-2025-0622 - name: Candidate detection for CVE-2025-0622 - severity: medium - cvss: 6.4 + id: CVE-2020-24914-CANDIDATE + cve_id: CVE-2020-24914 + name: Candidate detection for CVE-2020-24914 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in command/gpg. In some scenarios, hooks created by - loaded modules are not removed when the related module is unloaded. This flaw - allows an attacker to force grub2 to call the hooks once the module that registered - it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, - this vulnerability may result in arbitrary code execution, eventually allowing - the attacker to bypass secure boot protections. + description: A PHP object injection bug in profile.php in qcubed (all versions including + 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and + allows an unauthenticated attacker to execute code via a crafted POST request. detection: payload: null verify: null @@ -2188,30 +1988,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-0622 - - https://access.redhat.com/errata/RHSA-2025:16154 - - https://access.redhat.com/errata/RHSA-2025:6990 - - https://access.redhat.com/security/cve/CVE-2025-0622 - - https://bugzilla.redhat.com/show_bug.cgi?id=2345865 + - https://nvd.nist.gov/vuln/detail/CVE-2020-24914 + - https://tech.feedyourhead.at/content/QCubed-PHP-Object-Injection-CVE-2020-24914 + - https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-01 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-45777-CANDIDATE - cve_id: CVE-2024-45777 - name: Candidate detection for CVE-2024-45777 - severity: medium - cvss: 6.7 + id: CVE-2020-27574-CANDIDATE + cve_id: CVE-2020-27574 + name: Candidate detection for CVE-2020-27574 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in grub2. The calculation of the translation buffer - when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, - leading to a Out-of-bound write. This issue can be leveraged by an attacker to - overwrite grub2's sensitive heap data, eventually leading to the circumvention - of secure boot protections. + description: Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery + (CSRF). If an authenticated user visits a malicious page, unintended actions could + be performed in the web application as the authenticated user. detection: payload: null verify: null @@ -2219,28 +2015,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-45777 - - https://access.redhat.com/errata/RHSA-2025:20532 - - https://access.redhat.com/security/cve/CVE-2024-45777 - - https://bugzilla.redhat.com/show_bug.cgi?id=2346343 + - https://nvd.nist.gov/vuln/detail/CVE-2020-27574 + - https://tvrbk.github.io/cve/2021/03/07/rumpus.html generated_from: - nvd - status: candidate executable: false - id: CVE-2025-1118-CANDIDATE - cve_id: CVE-2025-1118 - name: Candidate detection for CVE-2025-1118 - severity: medium - cvss: 4.4 + id: CVE-2020-27575-CANDIDATE + cve_id: CVE-2020-27575 + name: Candidate detection for CVE-2020-27575 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in grub2. Grub's dump command is not blocked when - grub is in lockdown mode, which allows the user to read any memory information, - and an attacker may leverage this in order to extract signatures, salts, and other - sensitive information from the memory. + description: Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. + The web administration contains functionality in which administrators are able + to manage users. The edit users form contains a parameter vulnerable to command + injection due to insufficient validation. detection: payload: null verify: null @@ -2248,33 +2042,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-1118 - - https://access.redhat.com/errata/RHSA-2025:16154 - - https://access.redhat.com/security/cve/CVE-2025-1118 - - https://bugzilla.redhat.com/show_bug.cgi?id=2346137 - - https://git.savannah.gnu.org/cgit/grub.git/commit/?id=34824806ac6302f91e8cabaa41308eaced25725f + - https://nvd.nist.gov/vuln/detail/CVE-2020-27575 + - https://tvrbk.github.io/cve/2021/03/07/rumpus.html generated_from: - nvd - status: candidate executable: false - id: CVE-2025-0624-CANDIDATE - cve_id: CVE-2025-0624 - name: Candidate detection for CVE-2025-0624 - severity: high - cvss: 7.6 + id: CVE-2020-27576-CANDIDATE + cve_id: CVE-2020-27576 + name: Candidate detection for CVE-2020-27576 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in grub2. During the network boot process, when trying - to search for the configuration file, grub copies data from a user controlled - environment variable into an internal buffer using the grub_strcpy() function. - During this step, it fails to consider the environment variable length when allocating - the internal buffer, resulting in an out-of-bounds write. If correctly exploited, - this issue may result in remote code execution through the same network segment - grub is searching for the boot information, which can be used to by-pass secure - boot protections. + description: Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting + (XSS). Users are able to create folders in the web application. The folder name + is insufficiently validated resulting in a stored cross-site scripting vulnerability. detection: payload: null verify: null @@ -2282,34 +2068,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-0624 - - https://access.redhat.com/errata/RHSA-2025:2521 - - https://access.redhat.com/errata/RHSA-2025:2653 - - https://access.redhat.com/errata/RHSA-2025:2655 - - https://access.redhat.com/errata/RHSA-2025:2675 + - https://nvd.nist.gov/vuln/detail/CVE-2020-27576 + - https://tvrbk.github.io/cve/2021/03/07/rumpus.html generated_from: - nvd - status: candidate executable: false - id: CVE-2025-0677-CANDIDATE - cve_id: CVE-2025-0677 - name: Candidate detection for CVE-2025-0677 - severity: medium - cvss: 6.4 + id: CVE-2020-29238-CANDIDATE + cve_id: CVE-2020-29238 + name: Candidate detection for CVE-2020-29238 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: A flaw was found in grub2. When performing a symlink lookup, the grub's - UFS module checks the inode's data size to allocate the internal buffer to read - the file content, however, it fails to check if the symlink data size has overflown. - When this occurs, grub_malloc() may be called with a smaller value than needed. - When further reading the data from the disk into the buffer, the grub_ufs_lookup_symlink() - function will write past the end of the allocated size. An attack can leverage - this by crafting a malicious filesystem, and as a result, it will corrupt data - stored in the heap, allowing for arbitrary code execution used to by-pass secure - boot mechanisms. + exploitdb_reference: true + description: An integer buffer overflow in the Nginx webserver of ExpressVPN Router + version 1 allows remote attackers to obtain sensitive information when the server + running as reverse proxy via specially crafted request. detection: payload: null verify: null @@ -2317,32 +2094,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-0677 - - https://access.redhat.com/errata/RHSA-2025:16154 - - https://access.redhat.com/errata/RHSA-2025:6990 - - https://access.redhat.com/security/cve/CVE-2025-0677 - - https://bugzilla.redhat.com/show_bug.cgi?id=2346116 + - https://nvd.nist.gov/vuln/detail/CVE-2020-29238 + - https://bugcrowd.com/disclosures/4e8d5325-8e49-4ea3-962a-a088bbb73a3f/expressvpn-router-integer-buffer-overflow-server-info-disclosure-when-router-s-nginx-server-used-as-reverse-proxy-server generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2025-0690-CANDIDATE - cve_id: CVE-2025-0690 - name: Candidate detection for CVE-2025-0690 + id: CVE-2021-27695-CANDIDATE + cve_id: CVE-2021-27695 + name: Candidate detection for CVE-2021-27695 severity: medium cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: The read command is used to read the keyboard input from the user, - while reads it keeps the input length in a 32-bit integer value which is further - used to reallocate the line buffer to accept the next character. During this process, - with a line big enough it's possible to make this variable to overflow leading - to a out-of-bounds write in the heap based buffer. This flaw may be leveraged - to corrupt grub's internal critical data and secure boot bypass is not discarded - as consequence. + exploitdb_reference: true + description: Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT + 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any + "Add" sections, such as Add Card Building & Floor, or others in the Name and Code + Parameters. detection: payload: null verify: null @@ -2350,28 +2122,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-0690 - - https://access.redhat.com/errata/RHSA-2025:6990 - - https://access.redhat.com/security/cve/CVE-2025-0690 - - https://bugzilla.redhat.com/show_bug.cgi?id=2346123 - - https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-27695 + - https://www.exploit-db.com/exploits/49649 generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2025-26594-CANDIDATE - cve_id: CVE-2025-26594 - name: Candidate detection for CVE-2025-26594 + id: CVE-2020-28873-CANDIDATE + cve_id: CVE-2020-28873 + name: Candidate detection for CVE-2020-28873 severity: high - cvss: 7.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A use-after-free flaw was found in X.Org and Xwayland. The root cursor - is referenced in the X server as a global variable. If a client frees the root - cursor, the internal reference points to freed memory and causes a use-after-free. + description: Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability + by sending an extremely long password via the user login form. When a long password + is sent, the password hashing process will result in CPU and memory exhaustion + on the server. detection: payload: null verify: null @@ -2379,29 +2150,23 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-26594 - - https://access.redhat.com/errata/RHSA-2025:2500 - - https://access.redhat.com/errata/RHSA-2025:2502 - - https://access.redhat.com/errata/RHSA-2025:2861 - - https://access.redhat.com/errata/RHSA-2025:2862 + - https://nvd.nist.gov/vuln/detail/CVE-2020-28873 + - https://www.acunetix.com/vulnerabilities/web/long-password-denial-of-service/#:~:text=By%20sending%20a%20very%20long%2Ca%20vulnerable%20password%20hashing%20implementation generated_from: - nvd - status: candidate executable: false - id: CVE-2025-26595-CANDIDATE - cve_id: CVE-2025-26595 - name: Candidate detection for CVE-2025-26595 - severity: high - cvss: 7.8 + id: CVE-2021-26215-CANDIDATE + cve_id: CVE-2021-26215 + name: Candidate detection for CVE-2021-26215 + severity: medium + cvss: 4.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A buffer overflow flaw was found in X.Org and Xwayland. The code in - XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names - of the virtual modifiers to that buffer. The code fails to check the bounds of - the buffer and would copy the data regardless of the size. + description: SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php. detection: payload: null verify: null @@ -2409,28 +2174,23 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-26595 - - https://access.redhat.com/errata/RHSA-2025:2500 - - https://access.redhat.com/errata/RHSA-2025:2502 - - https://access.redhat.com/errata/RHSA-2025:2861 - - https://access.redhat.com/errata/RHSA-2025:2862 + - https://nvd.nist.gov/vuln/detail/CVE-2021-26215 + - https://tuhin1729.medium.com/cve-2021-26215-7ce6800be822 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-26596-CANDIDATE - cve_id: CVE-2025-26596 - name: Candidate detection for CVE-2025-26596 - severity: high - cvss: 7.8 + id: CVE-2021-26216-CANDIDATE + cve_id: CVE-2021-26216 + name: Candidate detection for CVE-2021-26216 + severity: medium + cvss: 4.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A heap overflow flaw was found in X.Org and Xwayland. The computation - of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), - which may lead to a heap-based buffer overflow. + description: SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php. detection: payload: null verify: null @@ -2438,30 +2198,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-26596 - - https://access.redhat.com/errata/RHSA-2025:2500 - - https://access.redhat.com/errata/RHSA-2025:2502 - - https://access.redhat.com/errata/RHSA-2025:2861 - - https://access.redhat.com/errata/RHSA-2025:2862 + - https://nvd.nist.gov/vuln/detail/CVE-2021-26216 + - https://tuhin1729.medium.com/cve-2021-26216-ffb33321dc91 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-26597-CANDIDATE - cve_id: CVE-2025-26597 - name: Candidate detection for CVE-2025-26597 + id: CVE-2021-28936-CANDIDATE + cve_id: CVE-2021-28936 + name: Candidate detection for CVE-2021-28936 severity: high - cvss: 7.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() - is called with a 0 group, it will resize the key symbols table to 0 but leave - the key actions unchanged. If the same function is later called with a non-zero - value of groups, this will cause a buffer overflow because the key actions are - of the wrong size. + description: The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management + administrator password can be changed by sending a specially crafted HTTP GET + request. The administrator username has to be known (default:admin) whereas no + previous authentication is required. detection: payload: null verify: null @@ -2469,30 +2225,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-26597 - - https://access.redhat.com/errata/RHSA-2025:2500 - - https://access.redhat.com/errata/RHSA-2025:2502 - - https://access.redhat.com/errata/RHSA-2025:2861 - - https://access.redhat.com/errata/RHSA-2025:2862 + - https://nvd.nist.gov/vuln/detail/CVE-2021-28936 + - https://blog-ssh3ll.medium.com/acexy-wireless-n-wifi-repeater-vulnerabilities-8bd5d14a2990 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-26598-CANDIDATE - cve_id: CVE-2025-26598 - name: Candidate detection for CVE-2025-26598 + id: CVE-2021-28937-CANDIDATE + cve_id: CVE-2021-28937 + name: Candidate detection for CVE-2021-28937 severity: high - cvss: 7.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: An out-of-bounds write flaw was found in X.Org and Xwayland. The function - GetBarrierDevice() searches for the pointer device based on its device ID and - returns the matching value, or supposedly NULL, if no match was found. However, - the code will return the last element of the list if no matching device ID is - found, which can lead to out-of-bounds memory access. + description: The /password.html page of the Web management interface of the Acexy + Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account + password in plaintext. The page can be intercepted on HTTP. detection: payload: null verify: null @@ -2500,30 +2251,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-26598 - - https://access.redhat.com/errata/RHSA-2025:2500 - - https://access.redhat.com/errata/RHSA-2025:2502 - - https://access.redhat.com/errata/RHSA-2025:2861 - - https://access.redhat.com/errata/RHSA-2025:2862 + - https://nvd.nist.gov/vuln/detail/CVE-2021-28937 + - https://blog-ssh3ll.medium.com/acexy-wireless-n-wifi-repeater-vulnerabilities-8bd5d14a2990 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-26599-CANDIDATE - cve_id: CVE-2025-26599 - name: Candidate detection for CVE-2025-26599 - severity: high - cvss: 7.8 + id: CVE-2021-30109-CANDIDATE + cve_id: CVE-2021-30109 + name: Candidate detection for CVE-2021-30109 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: An access to an uninitialized pointer flaw was found in X.Org and Xwayland. - The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. - In that case, compRedirectWindow() will return a BadAlloc error without validating - the window tree marked just before, which leaves the validated data partly initialized - and the use of an uninitialized pointer later. + description: Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under + certain conditions, a base64 crafted string leads to persistent Cross-site scripting + (XSS) vulnerability within the hyperlink creation module. detection: payload: null verify: null @@ -2531,18 +2277,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-26599 - - https://access.redhat.com/errata/RHSA-2025:2500 - - https://access.redhat.com/errata/RHSA-2025:2502 - - https://access.redhat.com/errata/RHSA-2025:2861 - - https://access.redhat.com/errata/RHSA-2025:2862 + - https://nvd.nist.gov/vuln/detail/CVE-2021-30109 + - https://github.com/Hackdwerg/CVE-2021-30109/blob/main/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2025-26600-CANDIDATE - cve_id: CVE-2025-26600 - name: Candidate detection for CVE-2025-26600 + id: CVE-2021-28927-CANDIDATE + cve_id: CVE-2021-28927 + name: Candidate detection for CVE-2021-28927 severity: high cvss: 7.8 risk_level: unknown @@ -2550,9 +2293,11 @@ priority: cisa_kev: false exploitdb_reference: false - description: A use-after-free flaw was found in X.Org and Xwayland. When a device - is removed while still frozen, the events queued for that device remain while - the device is freed. Replaying the events will cause a use-after-free. + description: The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes + unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows + function, which allows attackers who have write access on filesystems that are + used by RetroArch to execute code via command injection using specially a crafted + file and directory names. detection: payload: null verify: null @@ -2560,31 +2305,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-26600 - - https://access.redhat.com/errata/RHSA-2025:2500 - - https://access.redhat.com/errata/RHSA-2025:2502 - - https://access.redhat.com/errata/RHSA-2025:2861 - - https://access.redhat.com/errata/RHSA-2025:2862 + - https://nvd.nist.gov/vuln/detail/CVE-2021-28927 + - https://github.com/libretro/RetroArch/blob/d3dc3ee989ec6a4903c689907ffc47027f71f776/frontend/drivers/platform_win32.c + - https://labs.bishopfox.com/advisories/retroarch-for-windows-version-1.9.0 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-26601-CANDIDATE - cve_id: CVE-2025-26601 - name: Candidate detection for CVE-2025-26601 + id: CVE-2020-21883-CANDIDATE + cve_id: CVE-2020-21883 + name: Candidate detection for CVE-2020-21883 severity: high - cvss: 7.8 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A use-after-free flaw was found in X.Org and Xwayland. When changing - an alarm, the values of the change mask are evaluated one after the other, changing - the trigger values as requested, and eventually, SyncInitTrigger() is called. - If one of the changes triggers an error, the function will return early, not adding - the new sync object, possibly causing a use-after-free when the alarm eventually - triggers. + description: Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus + Series 2.4 contain a OS command injection vulnerability in /tools/ping, which + can leads to complete device takeover. detection: payload: null verify: null @@ -2592,31 +2332,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-26601 - - https://access.redhat.com/errata/RHSA-2025:2500 - - https://access.redhat.com/errata/RHSA-2025:2502 - - https://access.redhat.com/errata/RHSA-2025:2861 - - https://access.redhat.com/errata/RHSA-2025:2862 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21883 + - https://s3curityb3ast.github.io/KSA-Dev-009.txt + - https://www.mail-archive.com/fulldisclosure@seclists.org/msg07140.html + - https://www.mail-archive.com/fulldisclosure%40seclists.org/msg07140.html generated_from: - nvd - status: candidate executable: false - id: CVE-2025-26466-CANDIDATE - cve_id: CVE-2025-26466 - name: Candidate detection for CVE-2025-26466 - severity: medium - cvss: 5.9 + id: CVE-2020-21884-CANDIDATE + cve_id: CVE-2020-21884 + name: Candidate detection for CVE-2020-21884 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the OpenSSH package. For each ping packet the SSH - server receives, a pong packet is allocated in a memory buffer and stored in a - queue of packages. It is only freed when the server/client key exchange has finished. - A malicious client may keep sending such packages, leading to an uncontrolled - increase in memory consumption on the server side. Consequently, the server may - become unavailable, resulting in a denial of service attack. + description: Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series + 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, + /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a + specially crafted HTTP request may reconfigure the device. detection: payload: null verify: null @@ -2624,29 +2361,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-26466 - - https://access.redhat.com/security/cve/CVE-2025-26466 - - https://bugzilla.redhat.com/show_bug.cgi?id=2345043 - - https://seclists.org/oss-sec/2025/q1/144 - - https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt + - https://nvd.nist.gov/vuln/detail/CVE-2020-21884 + - https://s3curityb3ast.github.io/KSA-Dev-008.txt + - https://www.mail-archive.com/fulldisclosure@seclists.org/msg07139.html + - https://www.mail-archive.com/fulldisclosure%40seclists.org/msg07139.html generated_from: - nvd - status: candidate executable: false - id: CVE-2025-26984-CANDIDATE - cve_id: CVE-2025-26984 - name: Candidate detection for CVE-2025-26984 + id: CVE-2020-24285-CANDIDATE + cve_id: CVE-2020-24285 + name: Candidate detection for CVE-2020-24285 severity: high - cvss: 7.1 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Improper Neutralization of Input During Web Page Generation (''Cross-site - Scripting'') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert - allows Reflected XSS.This issue affects SMS Alert Order Notifications: from n/a - through <= 3.7.8.' + description: INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker + to obtain sensitive information through /cgi-bin/cgiServer.exx. detection: payload: null verify: null @@ -2654,26 +2388,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-26984 - - https://patchstack.com/database/Wordpress/Plugin/sms-alert/vulnerability/wordpress-sms-alert-order-notifications-woocommerce-plugin-3-7-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve + - https://nvd.nist.gov/vuln/detail/CVE-2020-24285 + - https://github.com/SecLoop/CVE/blob/main/telefone_ip_tip200.md generated_from: - nvd - status: candidate executable: false - id: CVE-2025-26988-CANDIDATE - cve_id: CVE-2025-26988 - name: Candidate detection for CVE-2025-26988 - severity: critical - cvss: 9.3 + id: CVE-2021-27990-CANDIDATE + cve_id: CVE-2021-27990 + name: Candidate detection for CVE-2021-27990 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Improper Neutralization of Special Elements used in an SQL Command - (''SQL Injection'') vulnerability in Cozy Vision SMS Alert Order Notifications - sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: - from n/a through <= 3.7.8.' + description: Appspace 6.2.4 is vulnerable to a broken authentication mechanism where + pages such as /medianet/mail.aspx can be called directly and the framework is + exposed with layouts, menus and functionalities. detection: payload: null verify: null @@ -2681,27 +2414,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-26988 - - https://patchstack.com/database/Wordpress/Plugin/sms-alert/vulnerability/wordpress-sms-alert-order-notifications-woocommerce-plugin-3-7-8-sql-injection-vulnerability?_s_id=cve + - https://nvd.nist.gov/vuln/detail/CVE-2021-27990 + - https://github.com/syedsohaibkarim/PoC-BrokenAuth-AppSpace6.2.4 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-45779-CANDIDATE - cve_id: CVE-2024-45779 - name: Candidate detection for CVE-2024-45779 + id: CVE-2021-25679-CANDIDATE + cve_id: CVE-2021-25679 + name: Candidate detection for CVE-2021-25679 severity: medium - cvss: 6.0 + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: An integer overflow flaw was found in the BFS file system driver in - grub2. When reading a file with an indirect extent map, grub2 fails to validate - the number of extent entries to be read. A crafted or corrupted BFS filesystem - may cause an integer overflow during the file reading, leading to a heap of bounds - read. As a consequence, sensitive data may be leaked, or grub2 will crash. + exploitdb_reference: true + description: 'The AdTran Personal Phone Manager software is vulnerable to an authenticated + stored cross-site scripting (XSS) issues. These issues impact at minimum versions + 10.8.1 and below but potentially impact later versions as well since they have + not previously been disclosed. Only version 10.8.1 was able to be confirmed during + primary research. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 + are considered End of Life and as such this issue will not be patched.' detection: payload: null verify: null @@ -2709,29 +2443,30 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-45779 - - https://access.redhat.com/security/cve/CVE-2024-45779 - - https://bugzilla.redhat.com/show_bug.cgi?id=2345854 - - https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-25679 + - https://depthsecurity.com/blog/vulnerability-disclosure + - https://github.com/3ndG4me/AdTran-Personal-Phone-Manager-Vulns/blob/main/CVE-2021-25679.md generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2024-45780-CANDIDATE - cve_id: CVE-2024-45780 - name: Candidate detection for CVE-2024-45780 + id: CVE-2021-25680-CANDIDATE + cve_id: CVE-2021-25680 + name: Candidate detection for CVE-2021-25680 severity: medium - cvss: 6.7 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: A flaw was found in grub2. When reading tar files, grub2 allocates - an internal buffer for the file name. However, it fails to properly verify the - allocation against possible integer overflows. It's possible to cause the allocation - length to overflow with a crafted tar file, leading to a heap out-of-bounds write. - This flaw eventually allows an attacker to circumvent secure boot protections. + exploitdb_reference: true + description: 'The AdTran Personal Phone Manager software is vulnerable to multiple + reflected cross-site scripting (XSS) issues. These issues impact at minimum versions + 10.8.1 and below but potentially impact later versions as well since they have + not previously been disclosed. Only version 10.8.1 was able to be confirmed during + primary research. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 + are considered End of Life and as such this issue will not be patched.' detection: payload: null verify: null @@ -2739,31 +2474,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-45780 - - https://access.redhat.com/security/cve/CVE-2024-45780 - - https://bugzilla.redhat.com/show_bug.cgi?id=2345856 - - https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-25680 + - https://github.com/3ndG4me/AdTran-Personal-Phone-Manager-Vulns/blob/main/CVE-2021-25680.md generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2025-0689-CANDIDATE - cve_id: CVE-2025-0689 - name: Candidate detection for CVE-2025-0689 + id: CVE-2021-25681-CANDIDATE + cve_id: CVE-2021-25681 + name: Candidate detection for CVE-2021-25681 severity: high - cvss: 7.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: When reading data from disk, the grub's UDF filesystem module utilizes - the user controlled data length metadata to allocate its internal buffers. In - certain scenarios, while iterating through disk sectors, it assumes the read size - from the disk is always smaller than the allocated buffer size which is not guaranteed. - A crafted filesystem image may lead to a heap-based buffer overflow resulting - in critical data to be corrupted, resulting in the risk of arbitrary code execution - by-passing secure boot protections. + exploitdb_reference: true + description: 'AdTran Personal Phone Manager 10.8.1 software is vulnerable to an + issue that allows for exfiltration of data over DNS. This could allow for exposed + AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel + arbitrary data over DNS. NOTE: The affected appliances NetVanta 7060 and NetVanta + 7100 are considered End of Life and as such this issue will not be patched.' detection: payload: null verify: null @@ -2771,33 +2503,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-0689 - - https://access.redhat.com/security/cve/CVE-2025-0689 - - https://bugzilla.redhat.com/show_bug.cgi?id=2346122 - - https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-25681 + - https://github.com/3ndG4me/AdTran-Personal-Phone-Manager-Vulns/blob/main/CVE-2021-25681.md generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2025-1125-CANDIDATE - cve_id: CVE-2025-1125 - name: Candidate detection for CVE-2025-1125 - severity: high - cvss: 7.8 + id: CVE-2021-28860-CANDIDATE + cve_id: CVE-2021-28860 + name: Candidate detection for CVE-2021-28860 + severity: critical + cvss: 9.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: When reading data from a hfs filesystem, grub's hfs filesystem module - uses user-controlled parameters from the filesystem metadata to calculate the - internal buffers size, however it misses to properly check for integer overflows. - A maliciouly crafted filesystem may lead some of those buffer size calculation - to overflow, causing it to perform a grub_malloc() operation with a smaller size - than expected. As a result the hfsplus_open_compressed_real() function will write - past of the internal buffer length. This flaw may be leveraged to corrupt grub's - internal critical data and may result in arbitrary code execution by-passing secure - boot protections. + description: In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties + of an object via '__proto__' through the mutate() and merge() functions. The polluted + attribute will be directly assigned to every object in the program. This will + put the availability of the program at risk causing a potential denial of service + (DoS). detection: payload: null verify: null @@ -2805,26 +2532,29 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-1125 - - https://access.redhat.com/security/cve/CVE-2025-1125 - - https://bugzilla.redhat.com/show_bug.cgi?id=2346138 - - https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-28860 + - https://github.com/adaltas/node-mixme/commit/cfd5fbfc32368bcf7e06d1c5985ea60e34cd4028 + - https://github.com/adaltas/node-mixme/issues/1 + - https://github.com/adaltas/node-mixme/security/advisories/GHSA-79jw-6wg7-r9g4 + - https://security.netapp.com/advisory/ntap-20210618-0005/ generated_from: - nvd - status: candidate executable: false - id: CVE-2024-45778-CANDIDATE - cve_id: CVE-2024-45778 - name: Candidate detection for CVE-2024-45778 - severity: medium - cvss: 4.1 + id: CVE-2020-27518-CANDIDATE + cve_id: CVE-2020-27518 + name: Candidate detection for CVE-2020-27518 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A stack overflow flaw was found when reading a BFS file system. A crafted - BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash. + description: All versions of Windscribe VPN for Mac and Windows <= v2.02.10 contain + a local privilege escalation vulnerability in the WindscribeService component. + A low privilege user could leverage several openvpn options to execute code as + root/SYSTEM. detection: payload: null verify: null @@ -2832,29 +2562,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-45778 - - https://access.redhat.com/security/cve/CVE-2024-45778 - - https://bugzilla.redhat.com/show_bug.cgi?id=2345640 - - https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html + - https://nvd.nist.gov/vuln/detail/CVE-2020-27518 + - https://jeffs.sh/CVEs/CVE-2020-27518.txt generated_from: - nvd - status: candidate executable: false - id: CVE-2024-45782-CANDIDATE - cve_id: CVE-2024-45782 - name: Candidate detection for CVE-2024-45782 - severity: high - cvss: 7.8 + id: CVE-2021-29039-CANDIDATE + cve_id: CVE-2021-29039 + name: Candidate detection for CVE-2021-29039 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the HFS filesystem. When reading an HFS volume's - name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the - user-provided volume name as input without properly validating the volume name's - length. This issue may read to a heap-based out-of-bounds writer, impacting grub's - sensitive data integrity and eventually leading to a secure boot protection bypass. + description: Cross-site scripting (XSS) vulnerability in the Asset module's categories + administration page in Liferay Portal 7.3.4 allows remote attackers to inject + arbitrary web script or HTML via the site name. detection: payload: null verify: null @@ -2862,32 +2588,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-45782 - - https://access.redhat.com/security/cve/CVE-2024-45782 - - https://bugzilla.redhat.com/show_bug.cgi?id=2345858 + - https://nvd.nist.gov/vuln/detail/CVE-2021-29039 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120777766 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-0678-CANDIDATE - cve_id: CVE-2025-0678 - name: Candidate detection for CVE-2025-0678 - severity: high - cvss: 7.8 + id: CVE-2021-29040-CANDIDATE + cve_id: CVE-2021-29040 + name: Candidate detection for CVE-2021-29040 + severity: medium + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in grub2. When reading data from a squash4 filesystem, - grub's squash4 fs module uses user-controlled parameters from the filesystem geometry - to determine the internal buffer size, however, it improperly checks for integer - overflows. A maliciously crafted filesystem may lead some of those buffer size - calculations to overflow, causing it to perform a grub_malloc() operation with - a smaller size than expected. As a result, the direct_read() will perform a heap - based out-of-bounds write during data reading. This flaw may be leveraged to corrupt - grub's internal critical data and may result in arbitrary code execution, by-passing - secure boot protections. + description: The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay + DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 + may provide overly verbose error messages, which allows remote attackers to use + the contents of error messages to help launch another, more focused attacks via + crafted inputs. detection: payload: null verify: null @@ -2895,34 +2616,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-0678 - - https://access.redhat.com/security/cve/CVE-2025-0678 - - https://bugzilla.redhat.com/show_bug.cgi?id=2346118 - - https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-29040 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743429 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-0684-CANDIDATE - cve_id: CVE-2025-0684 - name: Candidate detection for CVE-2025-0684 + id: CVE-2021-29041-CANDIDATE + cve_id: CVE-2021-29041 + name: Candidate detection for CVE-2021-29041 severity: medium - cvss: 6.4 + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in grub2. When performing a symlink lookup from a - reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters - from the filesystem geometry to determine the internal buffer size, however, it - improperly checks for integer overflows. A maliciouly crafted filesystem may lead - some of those buffer size calculations to overflow, causing it to perform a grub_malloc() - operation with a smaller size than expected. As a result, the grub_reiserfs_read_symlink() - will call grub_reiserfs_read_real() with a overflown length parameter, leading - to a heap based out-of-bounds write during data reading. This flaw may be leveraged - to corrupt grub's internal critical data and can result in arbitrary code execution, - by-passing secure boot protections. + description: Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication + module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers + to prevent any user from authenticating by (1) enabling Time-based One-time password + (TOTP) on behalf of the other user or (2) modifying the other user's TOTP shared + secret. detection: payload: null verify: null @@ -2930,33 +2644,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-0684 - - https://access.redhat.com/security/cve/CVE-2025-0684 - - https://bugzilla.redhat.com/show_bug.cgi?id=2346119 - - https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-29041 + - https://issues.liferay.com/browse/LPE-17131 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-0685-CANDIDATE - cve_id: CVE-2025-0685 - name: Candidate detection for CVE-2025-0685 - severity: medium - cvss: 6.4 + id: CVE-2021-29047-CANDIDATE + cve_id: CVE-2021-29047 + name: Candidate detection for CVE-2021-29047 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in grub2. When reading data from a jfs filesystem, - grub's jfs filesystem module uses user-controlled parameters from the filesystem - geometry to determine the internal buffer size, however, it improperly checks - for integer overflows. A maliciouly crafted filesystem may lead some of those - buffer size calculations to overflow, causing it to perform a grub_malloc() operation - with a smaller size than expected. As a result, the grub_jfs_lookup_symlink() - function will write past the internal buffer length during grub_jfs_read_file(). - This issue can be leveraged to corrupt grub's internal critical data and may result - in arbitrary code execution, by-passing secure boot protections. + description: The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and + Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it + is used, which allows remote attackers to repeatedly perform actions protected + by a CAPTCHA challenge by reusing the same CAPTCHA answer. detection: payload: null verify: null @@ -2964,33 +2671,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-0685 - - https://access.redhat.com/security/cve/CVE-2025-0685 - - https://bugzilla.redhat.com/show_bug.cgi?id=2346120 - - https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-29047 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743467 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-0686-CANDIDATE - cve_id: CVE-2025-0686 - name: Candidate detection for CVE-2025-0686 + id: CVE-2021-29043-CANDIDATE + cve_id: CVE-2021-29043 + name: Candidate detection for CVE-2021-29043 severity: medium - cvss: 6.4 + cvss: 5.9 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in grub2. When performing a symlink lookup from a - romfs filesystem, grub's romfs filesystem module uses user-controlled parameters - from the filesystem geometry to determine the internal buffer size, however, it - improperly checks for integer overflows. A maliciously crafted filesystem may - lead some of those buffer size calculations to overflow, causing it to perform - a grub_malloc() operation with a smaller size than expected. As a result, the - grub_romfs_read_symlink() may cause out-of-bounds writes when the calling grub_disk_read() - function. This issue may be leveraged to corrupt grub's internal critical data - and can result in arbitrary code execution by-passing secure boot protections. + description: The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and + Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack + 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, + which allows attackers to steal the proxy password via man-in-the-middle attacks + or shoulder surfing. detection: payload: null verify: null @@ -2998,28 +2699,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-0686 - - https://access.redhat.com/security/cve/CVE-2025-0686 - - https://bugzilla.redhat.com/show_bug.cgi?id=2346121 - - https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-29043 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743515 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-23368-CANDIDATE - cve_id: CVE-2025-23368 - name: Candidate detection for CVE-2025-23368 - severity: high - cvss: 8.1 + id: CVE-2021-29044-CANDIDATE + cve_id: CVE-2021-29044 + name: Candidate detection for CVE-2021-29044 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Wildfly Elytron integration. The component does - not implement sufficient measures to prevent multiple failed authentication attempts - within a short time frame, making it more susceptible to brute force attacks via - CLI. + description: Cross-site scripting (XSS) vulnerability in the Site module's membership + request administration pages in Liferay Portal 7.0.0 through 7.3.5, and Liferay + DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and + 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or + HTML via the _com_liferay_site_my_sites_web_portlet_MySitesPortlet_comments parameter. detection: payload: null verify: null @@ -3027,31 +2727,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-23368 - - https://access.redhat.com/errata/RHSA-2026:18054 - - https://access.redhat.com/errata/RHSA-2026:18055 - - https://access.redhat.com/errata/RHSA-2026:18059 - - https://access.redhat.com/errata/RHSA-2026:33371 + - https://nvd.nist.gov/vuln/detail/CVE-2021-29044 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743548 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-8176-CANDIDATE - cve_id: CVE-2024-8176 - name: Candidate detection for CVE-2024-8176 - severity: high - cvss: 7.5 + id: CVE-2021-29045-CANDIDATE + cve_id: CVE-2021-29045 + name: Candidate detection for CVE-2021-29045 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A stack overflow vulnerability exists in the libexpat library due to - the way it handles recursive entity expansion in XML documents. When parsing an - XML document with deeply nested entity references, libexpat can be forced to recurse - indefinitely, exhausting the stack space and causing a crash. This issue could - lead to denial of service (DoS) or, in some cases, exploitable memory corruption, - depending on the environment and library usage. + description: Cross-site scripting (XSS) vulnerability in the Redirect module's redirection + administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 + before fix pack 1 allows remote attackers to inject arbitrary web script or HTML + via the _com_liferay_redirect_web_internal_portlet_RedirectPortlet_destinationURL + parameter. detection: payload: null verify: null @@ -3059,31 +2755,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-8176 - - https://access.redhat.com/errata/RHSA-2025:13681 - - https://access.redhat.com/errata/RHSA-2025:22033 - - https://access.redhat.com/errata/RHSA-2025:22034 - - https://access.redhat.com/errata/RHSA-2025:22035 + - https://nvd.nist.gov/vuln/detail/CVE-2021-29045 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743484 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-1057-CANDIDATE - cve_id: CVE-2025-1057 - name: Candidate detection for CVE-2025-1057 + id: CVE-2021-29046-CANDIDATE + cve_id: CVE-2021-29046 + name: Candidate detection for CVE-2021-29046 severity: medium - cvss: 4.3 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Keylime, a remote attestation solution, where strict - type checking introduced in version 7.12.0 prevents the registrar from reading - database entries created by previous versions, for example, 7.11.0. Specifically, - older versions store agent registration data as bytes, whereas the updated registrar - expects str. This issue leads to an exception when processing agent registration - requests, causing the agent to fail. + description: Cross-site scripting (XSS) vulnerability in the Asset module's category + selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack + 1, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_asset_categories_admin_web_portlet_AssetCategoriesAdminPortlet_title + parameter. detection: payload: null verify: null @@ -3091,30 +2782,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-1057 - - https://access.redhat.com/security/cve/CVE-2025-1057 - - https://bugzilla.redhat.com/show_bug.cgi?id=2343894 - - https://github.com/ansasaki/keylime/tree/base64_bytes - - https://github.com/keylime/rust-keylime + - https://nvd.nist.gov/vuln/detail/CVE-2021-29046 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743501 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-2487-CANDIDATE - cve_id: CVE-2025-2487 - name: Candidate detection for CVE-2025-2487 - severity: medium - cvss: 4.9 + id: CVE-2021-29053-CANDIDATE + cve_id: CVE-2021-29053 + name: Candidate detection for CVE-2021-29053 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the 389-ds-base LDAP Server. This issue occurs - when issuing a Modify DN LDAP operation through the ldap protocol, when the function - return value is not tested and a NULL pointer is dereferenced. If a privileged - user performs a ldap MODDN operation after a failed operation, it could lead to - a Denial of Service (DoS) or system crash. + description: Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and + Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute + arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByC_C, + or (2) CommerceChannelRelFinder.findByC_C. detection: payload: null verify: null @@ -3122,27 +2809,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-2487 - - https://access.redhat.com/errata/RHSA-2025:3663 - - https://access.redhat.com/errata/RHSA-2025:3670 - - https://access.redhat.com/errata/RHSA-2025:4491 - - https://access.redhat.com/errata/RHSA-2025:7395 + - https://nvd.nist.gov/vuln/detail/CVE-2021-29053 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120778225 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-31176-CANDIDATE - cve_id: CVE-2025-31176 - name: Candidate detection for CVE-2025-31176 + id: CVE-2021-29048-CANDIDATE + cve_id: CVE-2021-29048 + name: Candidate detection for CVE-2021-29048 severity: medium - cvss: 6.2 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in gnuplot. The plot3d_points() function may lead - to a segmentation fault and cause a system crash. + description: Cross-site scripting (XSS) vulnerability in the Layout module's page + administration page in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.2 before + fix pack 11 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary + web script or HTML via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_name + parameter. detection: payload: null verify: null @@ -3150,26 +2837,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-31176 - - https://access.redhat.com/security/cve/CVE-2025-31176 - - https://bugzilla.redhat.com/show_bug.cgi?id=2355343 - - https://sourceforge.net/p/gnuplot/bugs/2776/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-29048 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-31178-CANDIDATE - cve_id: CVE-2025-31178 - name: Candidate detection for CVE-2025-31178 + id: CVE-2021-29051-CANDIDATE + cve_id: CVE-2021-29051 + name: Candidate detection for CVE-2021-29051 severity: medium - cvss: 6.2 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in gnuplot. The GetAnnotateString() function may lead - to a segmentation fault and cause a system crash. + description: Cross-site scripting (XSS) vulnerability in the Asset module's Asset + Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before + fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers + to inject arbitrary web script or HTML via the _com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_XXXXXXXXXXXX_assetEntryId + parameter. detection: payload: null verify: null @@ -3177,26 +2865,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-31178 - - https://access.redhat.com/security/cve/CVE-2025-31178 - - https://bugzilla.redhat.com/show_bug.cgi?id=2355341 - - https://sourceforge.net/p/gnuplot/bugs/2754/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-29051 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-31179-CANDIDATE - cve_id: CVE-2025-31179 - name: Candidate detection for CVE-2025-31179 + id: CVE-2021-29052-CANDIDATE + cve_id: CVE-2021-29052 + name: Candidate detection for CVE-2021-29052 severity: medium - cvss: 6.2 + cvss: 4.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in gnuplot. The xstrftime() function may lead to a - segmentation fault, causing a system crash. + description: The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay + DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, + which allows remote authenticated users to view DDMStructures via GET API calls. detection: payload: null verify: null @@ -3204,26 +2891,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-31179 - - https://access.redhat.com/security/cve/CVE-2025-31179 - - https://bugzilla.redhat.com/show_bug.cgi?id=2355340 - - https://sourceforge.net/p/gnuplot/bugs/2779/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-29052 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743159 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-31180-CANDIDATE - cve_id: CVE-2025-31180 - name: Candidate detection for CVE-2025-31180 - severity: medium - cvss: 6.2 + id: CVE-2020-21813-CANDIDATE + cve_id: CVE-2020-21813 + name: Candidate detection for CVE-2020-21813 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in gnuplot. The CANVAS_text() function may lead to - a segmentation fault and cause a system crash. + description: A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 + via output_TEXT ../../programs/dwg2SVG.c:114. detection: payload: null verify: null @@ -3231,26 +2916,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-31180 - - https://access.redhat.com/security/cve/CVE-2025-31180 - - https://bugzilla.redhat.com/show_bug.cgi?id=2355339 - - https://sourceforge.net/p/gnuplot/bugs/2755/ + - https://nvd.nist.gov/vuln/detail/CVE-2020-21813 + - https://github.com/LibreDWG/libredwg/issues/182#issuecomment-572890969 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-31181-CANDIDATE - cve_id: CVE-2025-31181 - name: Candidate detection for CVE-2025-31181 - severity: medium - cvss: 6.2 + id: CVE-2020-21814-CANDIDATE + cve_id: CVE-2020-21814 + name: Candidate detection for CVE-2020-21814 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in gnuplot. The X11_graphics() function may lead to - a segmentation fault and cause a system crash. + description: A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 + via htmlwescape ../../programs/escape.c:97. detection: payload: null verify: null @@ -3258,17 +2941,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-31181 - - https://access.redhat.com/security/cve/CVE-2025-31181 - - https://bugzilla.redhat.com/show_bug.cgi?id=2355338 - - https://sourceforge.net/p/gnuplot/bugs/2753/ + - https://nvd.nist.gov/vuln/detail/CVE-2020-21814 + - https://github.com/LibreDWG/libredwg/issues/182#issuecomment-572891083 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-6875-CANDIDATE - cve_id: CVE-2024-6875 - name: Candidate detection for CVE-2024-6875 + id: CVE-2020-21815-CANDIDATE + cve_id: CVE-2020-21815 + name: Candidate detection for CVE-2020-21815 severity: medium cvss: 6.5 risk_level: unknown @@ -3276,9 +2957,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability was found in the Infinispan component in Red Hat Data - Grid. The REST compare API may have a buffer leak and an out of memory error can - occur when sending continual requests with large POST data to the REST API. + description: A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via + output_TEXT ../../programs/dwg2SVG.c:114, which causes a denial of service (application + crash). detection: payload: null verify: null @@ -3286,32 +2967,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-6875 - - https://access.redhat.com/security/cve/CVE-2024-6875 - - https://bugzilla.redhat.com/show_bug.cgi?id=2298555 - - https://github.com/infinispan/infinispan/pull/12645 - - https://github.com/infinispan/infinispan/pull/12663 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21815 + - https://github.com/LibreDWG/libredwg/issues/182#issuecomment-572890932 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-2586-CANDIDATE - cve_id: CVE-2025-2586 - name: Candidate detection for CVE-2025-2586 + id: CVE-2020-21816-CANDIDATE + cve_id: CVE-2020-21816 + name: Candidate detection for CVE-2020-21816 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the OpenShift Lightspeed Service, which is vulnerable - to unauthenticated API request flooding. Repeated queries to non-existent endpoints - inflate metrics storage and processing, consuming excessive resources. This issue - can lead to monitoring system degradation, increased disk usage, and potential - service unavailability. Since the issue does not require authentication, an external - attacker can exhaust CPU, RAM, and disk space, impacting both application and - cluster stability. + description: A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 + via htmlescape ../../programs/escape.c:46. detection: payload: null verify: null @@ -3319,28 +2992,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-2586 - - https://access.redhat.com/security/cve/CVE-2025-2586 - - https://bugzilla.redhat.com/show_bug.cgi?id=2353998 - - https://github.com/openshift/lightspeed-service/pull/2369 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21816 + - https://github.com/LibreDWG/libredwg/issues/182#issuecomment-572890865 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-2784-CANDIDATE - cve_id: CVE-2025-2784 - name: Candidate detection for CVE-2025-2784 - severity: high - cvss: 7.0 + id: CVE-2020-21817-CANDIDATE + cve_id: CVE-2020-21817 + name: Candidate detection for CVE-2020-21817 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libsoup. The package is vulnerable to a heap buffer - over-read when sniffing content via the skip_insight_whitespace() function. Libsoup - clients may read one byte out-of-bounds in response to a crafted HTTP response - by an HTTP server. + description: A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via + htmlescape ../../programs/escape.c:29. which causes a denial of service (application + crash). detection: payload: null verify: null @@ -3348,28 +3018,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-2784 - - https://access.redhat.com/errata/RHSA-2025:21657 - - https://access.redhat.com/errata/RHSA-2025:7505 - - https://access.redhat.com/errata/RHSA-2025:8126 - - https://access.redhat.com/errata/RHSA-2025:8132 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21817 + - https://github.com/LibreDWG/libredwg/issues/182#issue-547887727 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-32049-CANDIDATE - cve_id: CVE-2025-32049 - name: Candidate detection for CVE-2025-32049 + id: CVE-2020-21818-CANDIDATE + cve_id: CVE-2020-21818 + name: Candidate detection for CVE-2020-21818 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libsoup. The SoupWebsocketConnection may accept - a large WebSocket message, which may cause libsoup to allocate memory and lead - to a denial of service (DoS). + description: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 + via htmlescape ../../programs/escape.c:48. detection: payload: null verify: null @@ -3377,27 +3043,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-32049 - - https://access.redhat.com/errata/RHSA-2025:21657 - - https://access.redhat.com/errata/RHSA-2025:8126 - - https://access.redhat.com/errata/RHSA-2025:8128 - - https://access.redhat.com/errata/RHSA-2025:8132 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21818 + - https://github.com/LibreDWG/libredwg/issues/182#issuecomment-572891053 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-32050-CANDIDATE - cve_id: CVE-2025-32050 - name: Candidate detection for CVE-2025-32050 - severity: medium - cvss: 5.9 + id: CVE-2020-21819-CANDIDATE + cve_id: CVE-2020-21819 + name: Candidate detection for CVE-2020-21819 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libsoup. The libsoup append_param_quoted() function - may contain an overflow bug resulting in a buffer under-read. + description: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via + htmlescape ../../programs/escape.c:51. detection: payload: null verify: null @@ -3405,28 +3068,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-32050 - - https://access.redhat.com/errata/RHSA-2025:4440 - - https://access.redhat.com/errata/RHSA-2025:4508 - - https://access.redhat.com/errata/RHSA-2025:4560 - - https://access.redhat.com/errata/RHSA-2025:4568 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21819 + - https://github.com/LibreDWG/libredwg/issues/182#issuecomment-572890901 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-32051-CANDIDATE - cve_id: CVE-2025-32051 - name: Candidate detection for CVE-2025-32051 - severity: medium - cvss: 5.9 + id: CVE-2020-21827-CANDIDATE + cve_id: CVE-2020-21827 + name: Candidate detection for CVE-2020-21827 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() - function may crash when processing malformed data URI. This flaw allows an attacker - to cause a denial of service (DoS). + description: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 + via read_2004_compressed_section ../../src/decode.c:2379. detection: payload: null verify: null @@ -3434,26 +3093,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-32051 - - https://access.redhat.com/security/cve/CVE-2025-32051 - - https://bugzilla.redhat.com/show_bug.cgi?id=2357068 - - https://gitlab.gnome.org/GNOME/libsoup/-/issues/401 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21827 + - https://cwe.mitre.org/data/definitions/122.html + - https://github.com/LibreDWG/libredwg/issues/183 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-32052-CANDIDATE - cve_id: CVE-2025-32052 - name: Candidate detection for CVE-2025-32052 - severity: medium - cvss: 6.5 + id: CVE-2020-21830-CANDIDATE + cve_id: CVE-2020-21830 + name: Candidate detection for CVE-2020-21830 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libsoup. A vulnerability in the sniff_unknown() - function may lead to heap buffer over-read. + description: A heap based buffer overflow vulneraibility exists in GNU LibreDWG + 0.10 via bit_calc_CRC ../../src/bits.c:2213. detection: payload: null verify: null @@ -3461,27 +3119,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-32052 - - https://access.redhat.com/errata/RHSA-2025:4440 - - https://access.redhat.com/errata/RHSA-2025:4508 - - https://access.redhat.com/errata/RHSA-2025:4560 - - https://access.redhat.com/errata/RHSA-2025:4568 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21830 + - https://github.com/LibreDWG/libredwg/issues/188#issuecomment-574493134 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-32053-CANDIDATE - cve_id: CVE-2025-32053 - name: Candidate detection for CVE-2025-32053 - severity: medium - cvss: 6.5 + id: CVE-2020-21832-CANDIDATE + cve_id: CVE-2020-21832 + name: Candidate detection for CVE-2020-21832 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() - and skip_insignificant_space() functions may lead to a heap buffer over-read. + description: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 + via read_2004_compressed_section ../../src/decode.c:2417. detection: payload: null verify: null @@ -3489,29 +3144,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-32053 - - https://access.redhat.com/errata/RHSA-2025:4440 - - https://access.redhat.com/errata/RHSA-2025:4508 - - https://access.redhat.com/errata/RHSA-2025:4560 - - https://access.redhat.com/errata/RHSA-2025:4568 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21832 + - https://github.com/LibreDWG/libredwg/issues/188#issuecomment-574492612 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-3155-CANDIDATE - cve_id: CVE-2025-3155 - name: Candidate detection for CVE-2025-3155 + id: CVE-2020-21833-CANDIDATE + cve_id: CVE-2020-21833 + name: Candidate detection for CVE-2020-21833 severity: high - cvss: 7.4 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Yelp. The Gnome user help application allows the - help document to execute arbitrary scripts. This vulnerability allows malicious - users to input help documents, which may exfiltrate user files to an external - environment. + description: 'A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 + via: read_2004_section_classes ../../src/decode.c:2440.' detection: payload: null verify: null @@ -3519,28 +3169,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-3155 - - https://access.redhat.com/errata/RHSA-2025:4450 - - https://access.redhat.com/errata/RHSA-2025:4451 - - https://access.redhat.com/errata/RHSA-2025:4455 - - https://access.redhat.com/errata/RHSA-2025:4456 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21833 + - https://github.com/LibreDWG/libredwg/issues/188#issuecomment-574493364 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-3360-CANDIDATE - cve_id: CVE-2025-3360 - name: Candidate detection for CVE-2025-3360 - severity: low - cvss: 3.7 + id: CVE-2020-21834-CANDIDATE + cve_id: CVE-2020-21834 + name: Candidate detection for CVE-2020-21834 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in GLib. An integer overflow and buffer under-read - occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() - function. + description: A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp + ../../programs/dwgbmp.c:164. detection: payload: null verify: null @@ -3548,30 +3194,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-3360 - - https://access.redhat.com/security/cve/CVE-2025-3360 - - https://bugzilla.redhat.com/show_bug.cgi?id=2357754 - - https://gitlab.gnome.org/GNOME/glib/-/issues/3647 - - https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html + - https://nvd.nist.gov/vuln/detail/CVE-2020-21834 + - https://github.com/LibreDWG/libredwg/issues/188#issuecomment-574492468 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-2251-CANDIDATE - cve_id: CVE-2025-2251 - name: Candidate detection for CVE-2025-2251 + id: CVE-2020-21835-CANDIDATE + cve_id: CVE-2020-21835 + name: Candidate detection for CVE-2020-21835 severity: medium - cvss: 6.2 + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A security flaw exists in WildFly and JBoss Enterprise Application - Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. - This vulnerability stems from untrusted data deserialization handled by JBoss - Marshalling. This flaw allows an attacker to send a specially crafted serialized - object, leading to remote code execution without requiring authentication. + description: A null pointer deference issue exists in GNU LibreDWG 0.10 via read_2004_compressed_section + ../../src/decode.c:2337. detection: payload: null verify: null @@ -3579,29 +3219,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-2251 - - https://access.redhat.com/errata/RHSA-2025:10452 - - https://access.redhat.com/errata/RHSA-2025:10453 - - https://access.redhat.com/errata/RHSA-2025:10459 - - https://access.redhat.com/errata/RHSA-2025:10924 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21835 + - https://github.com/LibreDWG/libredwg/issues/188#issuecomment-574493046 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-3416-CANDIDATE - cve_id: CVE-2025-3416 - name: Candidate detection for CVE-2025-3416 - severity: low - cvss: 3.7 + id: CVE-2020-21836-CANDIDATE + cve_id: CVE-2020-21836 + name: Candidate detection for CVE-2020-21836 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in OpenSSL's handling of the properties argument in - certain functions. This vulnerability can allow use-after-free exploitation, which - may result in undefined behavior or incorrect property parsing, leading to OpenSSL - treating the input as an empty string. + description: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 + via read_2004_section_preview ../../src/decode.c:3175. detection: payload: null verify: null @@ -3609,28 +3244,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-3416 - - https://access.redhat.com/security/cve/CVE-2025-3416 - - https://bugzilla.redhat.com/show_bug.cgi?id=2357560 - - https://github.com/sfackler/rust-openssl - - https://github.com/sfackler/rust-openssl/commit/87085bd67896b7f92e6de35d081f607a334beae4 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21836 + - https://github.com/LibreDWG/libredwg/issues/188#issuecomment-574493437 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-32906-CANDIDATE - cve_id: CVE-2025-32906 - name: Candidate detection for CVE-2025-32906 + id: CVE-2020-21838-CANDIDATE + cve_id: CVE-2020-21838 + name: Candidate detection for CVE-2020-21838 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libsoup, where the soup_headers_parse_request() - function may be vulnerable to an out-of-bound read. This flaw allows a malicious - user to use a specially crafted HTTP request to crash the HTTP server. + description: 'A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 + via: read_2004_section_appinfo ../../src/decode.c:2842.' detection: payload: null verify: null @@ -3638,29 +3269,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-32906 - - https://access.redhat.com/errata/RHSA-2025:21657 - - https://access.redhat.com/errata/RHSA-2025:4439 - - https://access.redhat.com/errata/RHSA-2025:4440 - - https://access.redhat.com/errata/RHSA-2025:4508 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21838 + - https://github.com/LibreDWG/libredwg/issues/188#issuecomment-574492816 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-32907-CANDIDATE - cve_id: CVE-2025-32907 - name: Candidate detection for CVE-2025-32907 + id: CVE-2020-21839-CANDIDATE + cve_id: CVE-2020-21839 + name: Candidate detection for CVE-2020-21839 severity: medium - cvss: 5.3 + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libsoup. The implementation of HTTP range requests - is vulnerable to a resource consumption attack. This flaw allows a malicious client - to request the same range many times in a single HTTP request, causing the server - to use large amounts of memory. This does not allow for a full denial of service. + description: An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead + to an memory leak in dwg_decode_eed ../../src/decode.c:3638. detection: payload: null verify: null @@ -3668,28 +3294,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-32907 - - https://access.redhat.com/errata/RHSA-2025:4439 - - https://access.redhat.com/errata/RHSA-2025:4440 - - https://access.redhat.com/errata/RHSA-2025:4508 - - https://access.redhat.com/errata/RHSA-2025:7436 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21839 + - https://cwe.mitre.org/data/definitions/401.html + - https://github.com/LibreDWG/libredwg/issues/188#issuecomment-574492707 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-32908-CANDIDATE - cve_id: CVE-2025-32908 - name: Candidate detection for CVE-2025-32908 + id: CVE-2020-21840-CANDIDATE + cve_id: CVE-2020-21840 + name: Candidate detection for CVE-2020-21840 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully - validate the values of pseudo-headers :scheme, :authority, and :path, which may - allow a user to cause a denial of service (DoS). + description: A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 + via bit_search_sentinel ../../src/bits.c:1985. detection: payload: null verify: null @@ -3697,28 +3320,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-32908 - - https://access.redhat.com/errata/RHSA-2025:7505 - - https://access.redhat.com/security/cve/CVE-2025-32908 - - https://bugzilla.redhat.com/show_bug.cgi?id=2359343 - - https://gitlab.gnome.org/GNOME/libsoup/-/issues/429 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21840 + - https://github.com/LibreDWG/libredwg/issues/188#issuecomment-574493513 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-32913-CANDIDATE - cve_id: CVE-2025-32913 - name: Candidate detection for CVE-2025-32913 + id: CVE-2020-21841-CANDIDATE + cve_id: CVE-2020-21841 + name: Candidate detection for CVE-2020-21841 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() - function is vulnerable to a NULL pointer dereference. This flaw allows a malicious - HTTP peer to crash a libsoup client or server that uses this function. + description: A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 + via bit_read_B ../../src/bits.c:135. detection: payload: null verify: null @@ -3726,28 +3345,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-32913 - - https://access.redhat.com/errata/RHSA-2025:21657 - - https://access.redhat.com/errata/RHSA-2025:4439 - - https://access.redhat.com/errata/RHSA-2025:4440 - - https://access.redhat.com/errata/RHSA-2025:4508 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21841 + - https://github.com/LibreDWG/libredwg/issues/188#issuecomment-574493775 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-32909-CANDIDATE - cve_id: CVE-2025-32909 - name: Candidate detection for CVE-2025-32909 - severity: medium - cvss: 5.3 + id: CVE-2020-21831-CANDIDATE + cve_id: CVE-2020-21831 + name: Candidate detection for CVE-2020-21831 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libsoup. SoupContentSniffer may be vulnerable to - a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause - the libsoup client to crash. + description: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 + via read_2004_section_handles ../../src/decode.c:2637. detection: payload: null verify: null @@ -3755,28 +3370,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-32909 - - https://access.redhat.com/errata/RHSA-2025:8292 - - https://access.redhat.com/security/cve/CVE-2025-32909 - - https://bugzilla.redhat.com/show_bug.cgi?id=2359353 - - https://gitlab.gnome.org/GNOME/libsoup/-/issues/431 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21831 + - https://github.com/LibreDWG/libredwg/issues/188#issuecomment-574493267 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-32910-CANDIDATE - cve_id: CVE-2025-32910 - name: Candidate detection for CVE-2025-32910 - severity: medium - cvss: 6.5 + id: CVE-2020-21842-CANDIDATE + cve_id: CVE-2020-21842 + name: Candidate detection for CVE-2020-21842 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libsoup, where soup_auth_digest_authenticate() - is vulnerable to a NULL pointer dereference. This issue may cause the libsoup - client to crash. + description: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 + via read_2004_section_revhistory ../../src/decode.c:3051. detection: payload: null verify: null @@ -3784,27 +3395,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-32910 - - https://access.redhat.com/errata/RHSA-2025:8292 - - https://access.redhat.com/security/cve/CVE-2025-32910 - - https://bugzilla.redhat.com/show_bug.cgi?id=2359354 - - https://gitlab.gnome.org/GNOME/libsoup/-/issues/432 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21842 + - https://github.com/LibreDWG/libredwg/issues/188#issuecomment-574493684 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-32912-CANDIDATE - cve_id: CVE-2025-32912 - name: Candidate detection for CVE-2025-32912 - severity: medium - cvss: 6.5 + id: CVE-2020-21843-CANDIDATE + cve_id: CVE-2020-21843 + name: Candidate detection for CVE-2020-21843 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libsoup, where SoupAuthDigest is vulnerable to - a NULL pointer dereference. The HTTP server may cause the libsoup client to crash. + description: A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 + via bit_read_RC ../../src/bits.c:318. detection: payload: null verify: null @@ -3812,28 +3420,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-32912 - - https://access.redhat.com/errata/RHSA-2025:7505 - - https://access.redhat.com/security/cve/CVE-2025-32912 - - https://bugzilla.redhat.com/show_bug.cgi?id=2359356 - - https://gitlab.gnome.org/GNOME/libsoup/-/issues/434 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21843 + - https://github.com/LibreDWG/libredwg/issues/188#issuecomment-574493857 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-32914-CANDIDATE - cve_id: CVE-2025-32914 - name: Candidate detection for CVE-2025-32914 + id: CVE-2020-21844-CANDIDATE + cve_id: CVE-2020-21844 + name: Candidate detection for CVE-2020-21844 severity: high - cvss: 7.4 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libsoup, where the soup_multipart_new_from_message() - function is vulnerable to an out-of-bounds read. This flaw allows a malicious - HTTP client to induce the libsoup server to read out of bounds. + description: 'GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact + is: execute arbitrary code (remote). The component is: read_2004_section_header + ../../src/decode.c:2580.' detection: payload: null verify: null @@ -3841,30 +3446,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-32914 - - https://access.redhat.com/errata/RHSA-2025:21657 - - https://access.redhat.com/errata/RHSA-2025:7505 - - https://access.redhat.com/errata/RHSA-2025:8126 - - https://access.redhat.com/errata/RHSA-2025:8132 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21844 + - https://github.com/LibreDWG/libredwg/issues/188#issuecomment-574493607 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-3576-CANDIDATE - cve_id: CVE-2025-3576 - name: Candidate detection for CVE-2025-3576 - severity: medium - cvss: 5.9 + id: CVE-2017-17674-CANDIDATE + cve_id: CVE-2017-17674 + name: Candidate detection for CVE-2017-17674 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected - messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum - design. If RC4 is preferred over stronger encryption types, an attacker could - exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized - message tampering. + description: BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. + Due to the lack of restrictions on what can be targeted, the system can be vulnerable + to attacks such as system fingerprinting, internal port scanning, Server Side + Request Forgery (SSRF), or remote code execution (RCE). detection: payload: null verify: null @@ -3872,28 +3473,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-3576 - - https://access.redhat.com/errata/RHSA-2025:11487 - - https://access.redhat.com/errata/RHSA-2025:13664 - - https://access.redhat.com/errata/RHSA-2025:13777 - - https://access.redhat.com/errata/RHSA-2025:15000 + - https://nvd.nist.gov/vuln/detail/CVE-2017-17674 + - https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html + - https://seclists.org/fulldisclosure/2017/Oct/52 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-32911-CANDIDATE - cve_id: CVE-2025-32911 - name: Candidate detection for CVE-2025-32911 - severity: critical - cvss: 9.0 + id: CVE-2017-17675-CANDIDATE + cve_id: CVE-2017-17675 + name: Candidate detection for CVE-2017-17675 + severity: medium + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() - function. This flaw allows a malicious HTTP client to cause memory corruption - in the libsoup server. + description: BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging + can be accessed by unauthenticated users, allowing for an attacker to hijack the + system logs. This data can include user names and HTTP data. detection: payload: null verify: null @@ -3901,28 +3500,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-32911 - - https://access.redhat.com/errata/RHSA-2025:21657 - - https://access.redhat.com/errata/RHSA-2025:4439 - - https://access.redhat.com/errata/RHSA-2025:4440 - - https://access.redhat.com/errata/RHSA-2025:4508 + - https://nvd.nist.gov/vuln/detail/CVE-2017-17675 + - https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html + - https://seclists.org/fulldisclosure/2017/Oct/52 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-29446-CANDIDATE - cve_id: CVE-2025-29446 - name: Candidate detection for CVE-2025-29446 - severity: unknown - cvss: 0.0 + id: CVE-2017-17677-CANDIDATE + cve_id: CVE-2017-17677 + name: Candidate detection for CVE-2017-17677 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: - This record was withdrawn by its CNA. Further investigation showed that it was - not a security issue. Notes: none.' + description: BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated + users that have the right to create reports can use BIRT templates to run code. detection: payload: null verify: null @@ -3930,27 +3526,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-29446 + - https://nvd.nist.gov/vuln/detail/CVE-2017-17677 + - https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html + - https://seclists.org/fulldisclosure/2017/Oct/52 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-10306-CANDIDATE - cve_id: CVE-2024-10306 - name: Candidate detection for CVE-2024-10306 + id: CVE-2017-17678-CANDIDATE + cve_id: CVE-2017-17678 + name: Candidate detection for CVE-2017-17678 severity: medium - cvss: 5.4 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability was found in mod_proxy_cluster. The issue is that the - directive should be replaced by the directive as the former - does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This - means that anyone with access to the host might send MCMP requests that may result - in adding/removing/updating nodes for the balancing. However, this host should - not be accessible to the public network as it does not serve the general traffic. + description: BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS). + A DOM-based cross-site scripting vulnerability was discovered in a legacy utility. detection: payload: null verify: null @@ -3958,27 +3552,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-10306 - - https://access.redhat.com/errata/RHBA-2025:2973 - - https://access.redhat.com/errata/RHBA-2025:5309 - - https://access.redhat.com/errata/RHSA-2025:9434 - - https://access.redhat.com/errata/RHSA-2025:9466 + - https://nvd.nist.gov/vuln/detail/CVE-2017-17678 + - https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html + - https://seclists.org/fulldisclosure/2017/Oct/52 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-46397-CANDIDATE - cve_id: CVE-2025-46397 - name: Candidate detection for CVE-2025-46397 - severity: high - cvss: 7.8 + id: CVE-2021-27821-CANDIDATE + cve_id: CVE-2021-27821 + name: Candidate detection for CVE-2021-27821 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in xfig. This vulnerability allows possible code execution - via local input manipulation via bezier_spline function. + description: The Web Interface for OpenWRT LuCI version 19.07 and lower has been + discovered to have a cross-site scripting vulnerability. detection: payload: null verify: null @@ -3986,27 +3578,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-46397 - - https://access.redhat.com/errata/RHSA-2026:0700 - - https://access.redhat.com/errata/RHSA-2026:0704 - - https://access.redhat.com/errata/RHSA-2026:0705 - - https://access.redhat.com/errata/RHSA-2026:0756 + - https://nvd.nist.gov/vuln/detail/CVE-2021-27821 + - https://openwrt.org/advisory/start + - https://openwrt.org/releases/19.07/start generated_from: - nvd - status: candidate executable: false - id: CVE-2025-46398-CANDIDATE - cve_id: CVE-2025-46398 - name: Candidate detection for CVE-2025-46398 + id: CVE-2021-33425-CANDIDATE + cve_id: CVE-2021-33425 + name: Candidate detection for CVE-2021-33425 severity: medium - cvss: 5.5 + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: In xfig diagramming tool, a stack-overflow while running fig2dev allows - memory corruption via local input manipulation via read_objects function. + description: A stored cross-site scripting (XSS) vulnerability was discovered in + the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject + arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation. detection: payload: null verify: null @@ -4014,27 +3605,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-46398 - - https://access.redhat.com/security/cve/CVE-2025-46398 - - https://bugzilla.redhat.com/show_bug.cgi?id=2362055 - - https://sourceforge.net/p/mcj/tickets/191/ - - https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-33425 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-46399-CANDIDATE - cve_id: CVE-2025-46399 - name: Candidate detection for CVE-2025-46399 + id: CVE-2021-27676-CANDIDATE + cve_id: CVE-2021-27676 + name: Candidate detection for CVE-2021-27676 severity: medium - cvss: 5.5 + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in fig2dev. This vulnerability allows availability - via local input manipulation via genge_itp_spline function. + description: Centreon version 20.10.2 is affected by a cross-site scripting (XSS) + vulnerability. The dep_description (Dependency Description) and dep_name (Dependency + Name) parameters are vulnerable to stored XSS. A user has to log in and go to + the Configuration > Notifications > Hosts page. detection: payload: null verify: null @@ -4042,28 +3631,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-46399 - - https://access.redhat.com/security/cve/CVE-2025-46399 - - https://bugzilla.redhat.com/show_bug.cgi?id=2362053 - - https://sourceforge.net/p/mcj/tickets/190/ - - https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-27676 + - https://github.com/centreon/centreon/pull/9587 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-46400-CANDIDATE - cve_id: CVE-2025-46400 - name: Candidate detection for CVE-2025-46400 - severity: medium - cvss: 5.5 + id: CVE-2020-26677-CANDIDATE + cve_id: CVE-2020-26677 + name: Candidate detection for CVE-2020-26677 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: In xfig diagramming tool, a segmentation fault while running fig2dev - allows an attacker to availability via local input manipulation via read_arcobject - function. + description: Any user logged in to a vFairs 3.3 virtual conference or event can + perform SQL injection with a malicious query to the API. detection: payload: null verify: null @@ -4071,28 +3656,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-46400 - - https://access.redhat.com/security/cve/CVE-2025-46400 - - https://bugzilla.redhat.com/show_bug.cgi?id=2362054 - - https://sourceforge.net/p/mcj/tickets/187/ - - https://lists.debian.org/debian-lts-announce/2025/04/msg00043.html + - https://nvd.nist.gov/vuln/detail/CVE-2020-26677 + - https://api.vfairs.com/v1/users/ + - https://www.huntress.com/blog/zero-day-vulnerabilities-in-popular-event-management-platforms-could-leave-msps-open-to-attack generated_from: - nvd - status: candidate executable: false - id: CVE-2025-46420-CANDIDATE - cve_id: CVE-2025-46420 - name: Candidate detection for CVE-2025-46420 - severity: medium - cvss: 6.5 + id: CVE-2020-26678-CANDIDATE + cve_id: CVE-2020-26678 + name: Candidate detection for CVE-2020-26678 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libsoup. It is vulnerable to memory leaks in the - soup_header_parse_quality_list() function when parsing a quality list that contains - elements with all zeroes. + description: vFairs 3.3 is affected by Remote Code Execution. Any user logged in + to a vFairs virtual conference or event can abuse the functionality to upload + a profile picture in order to place a malicious PHP file on the server and gain + code execution. detection: payload: null verify: null @@ -4100,29 +3684,31 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-46420 - - https://access.redhat.com/errata/RHSA-2025:4439 - - https://access.redhat.com/errata/RHSA-2025:4440 - - https://access.redhat.com/errata/RHSA-2025:4508 - - https://access.redhat.com/errata/RHSA-2025:4538 + - https://nvd.nist.gov/vuln/detail/CVE-2020-26678 + - https://api.vfairs.com/v1/profiles + - https://www.huntress.com/blog/zero-day-vulnerabilities-in-popular-event-management-platforms-could-leave-msps-open-to-attack generated_from: - nvd - status: candidate executable: false - id: CVE-2025-46421-CANDIDATE - cve_id: CVE-2025-46421 - name: Candidate detection for CVE-2025-46421 + id: CVE-2020-26679-CANDIDATE + cve_id: CVE-2020-26679 + name: Candidate detection for CVE-2020-26679 severity: medium - cvss: 6.8 + cvss: 4.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libsoup. When libsoup clients encounter an HTTP - redirect, they mistakenly send the HTTP Authorization header to the new host that - the redirection points to. This allows the new host to impersonate the user to - the original host that issued the redirect. + description: vFairs 3.3 is affected by Insecure Permissions. Any user logged in + to a vFairs virtual conference or event can modify any other users profile information + or profile picture. After receiving any user's unique identification number and + their own, an HTTP POST request can be made update their profile description or + supply a new profile image. This can lead to potential cross-site scripting attacks + on any user, or upload malicious PHP webshells as "profile pictures." The user + IDs can be easily determined by other responses from the API for an event or chat + room. detection: payload: null verify: null @@ -4130,29 +3716,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-46421 - - https://access.redhat.com/errata/RHSA-2025:4439 - - https://access.redhat.com/errata/RHSA-2025:4440 - - https://access.redhat.com/errata/RHSA-2025:4508 - - https://access.redhat.com/errata/RHSA-2025:4538 + - https://nvd.nist.gov/vuln/detail/CVE-2020-26679 + - https://api.vfairs.com/v1/profiles + - https://api.vfairs.com/v1/profiles?access_key= + - https://www.huntress.com/blog/zero-day-vulnerabilities-in-popular-event-management-platforms-could-leave-msps-open-to-attack generated_from: - nvd - status: candidate executable: false - id: CVE-2025-3891-CANDIDATE - cve_id: CVE-2025-3891 - name: Candidate detection for CVE-2025-3891 - severity: high - cvss: 7.5 + id: CVE-2020-26680-CANDIDATE + cve_id: CVE-2020-26680 + name: Candidate detection for CVE-2020-26680 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the mod_auth_openidc module for Apache httpd. This - flaw allows a remote, unauthenticated attacker to trigger a denial of service - by sending an empty POST request when the OIDCPreservePost directive is enabled. - The server crashes consistently, affecting availability. + description: In vFairs 3.3, any user logged in to a vFairs virtual conference or + event can modify any other users profile information to include a cross-site scripting + payload. The user data stored by the database includes HTML tags that are intentionally + rendered out onto the page, and this can be abused to perform XSS attacks. detection: payload: null verify: null @@ -4160,30 +3745,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-3891 - - https://access.redhat.com/errata/RHSA-2025:10002 - - https://access.redhat.com/errata/RHSA-2025:10003 - - https://access.redhat.com/errata/RHSA-2025:10004 - - https://access.redhat.com/errata/RHSA-2025:10006 + - https://nvd.nist.gov/vuln/detail/CVE-2020-26680 + - https://www.huntress.com/blog/zero-day-vulnerabilities-in-popular-event-management-platforms-could-leave-msps-open-to-attack generated_from: - nvd - status: candidate executable: false - id: CVE-2025-4035-CANDIDATE - cve_id: CVE-2025-4035 - name: Candidate detection for CVE-2025-4035 + id: CVE-2021-29049-CANDIDATE + cve_id: CVE-2021-29049 + name: Candidate detection for CVE-2021-29049 severity: medium - cvss: 4.3 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libsoup. When handling cookies, libsoup clients - mistakenly allow cookies to be set for public suffix domains if the domain contains - at least two components and includes an uppercase character. This bypasses public - suffix protections and could allow a malicious website to set cookies for domains - it does not own, potentially leading to integrity issues such as session fixation. + description: Cross-site scripting (XSS) vulnerability in the Portal Workflow module's + edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, + 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject + arbitrary web script or HTML via the currentURL parameter. detection: payload: null verify: null @@ -4191,28 +3772,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-4035 - - https://access.redhat.com/errata/RHSA-2025:8128 - - https://access.redhat.com/security/cve/CVE-2025-4035 - - https://bugzilla.redhat.com/show_bug.cgi?id=2362651 - - https://gitlab.gnome.org/GNOME/libsoup/-/issues/443 + - https://nvd.nist.gov/vuln/detail/CVE-2021-29049 + - https://issues.liferay.com/browse/LPE-17211 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-4373-CANDIDATE - cve_id: CVE-2025-4373 - name: Candidate detection for CVE-2025-4373 - severity: medium - cvss: 4.8 + id: CVE-2021-31658-CANDIDATE + cve_id: CVE-2021-31658 + name: Candidate detection for CVE-2021-31658 + severity: high + cvss: 8.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in GLib, which is vulnerable to an integer overflow - in the g_string_insert_unichar() function. When the position at which to insert - the character is large, the position will overflow, leading to a buffer underwrite. + description: TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is + affected by an Array index error. The interface that provides the "device description" + function only judges the length of the received data, and does not filter special + characters. This vulnerability will cause the application to crash, and all device + configuration information will be erased. detection: payload: null verify: null @@ -4220,26 +3800,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-4373 - - https://access.redhat.com/errata/RHSA-2025:10855 - - https://access.redhat.com/errata/RHSA-2025:11140 - - https://access.redhat.com/errata/RHSA-2025:11327 - - https://access.redhat.com/errata/RHSA-2025:11373 + - https://nvd.nist.gov/vuln/detail/CVE-2021-31658 + - https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31658 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-31177-CANDIDATE - cve_id: CVE-2025-31177 - name: Candidate detection for CVE-2025-31177 - severity: medium - cvss: 5.5 + id: CVE-2021-31659-CANDIDATE + cve_id: CVE-2021-31659 + name: Candidate detection for CVE-2021-31659 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: gnuplot is affected by a heap buffer overflow at function utf8_copy_one. + description: TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is + vulnerable to Cross Site Request Forgery (CSRF). All configuration information + is placed in the URL, without any additional token authentication information. + A malicious link opened by the switch administrator may cause the password of + the switch to be modified and the configuration file to be tampered with. detection: payload: null verify: null @@ -4247,34 +3828,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-31177 - - https://access.redhat.com/security/cve/CVE-2025-31177 - - https://bugzilla.redhat.com/show_bug.cgi?id=2355342 - - https://sourceforge.net/p/gnuplot/bugs/2756/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-31659 + - https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31659 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-4382-CANDIDATE - cve_id: CVE-2025-4382 - name: Candidate detection for CVE-2025-4382 + id: CVE-2021-22769-CANDIDATE + cve_id: CVE-2021-22769 + name: Candidate detection for CVE-2021-22769 severity: medium - cvss: 5.9 + cvss: 4.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in systems utilizing LUKS-encrypted disks with GRUB - configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt - disks using keys stored in the TPM, it reads the decryption key into system memory. - If an attacker with physical access can corrupt the underlying filesystem superblock, - GRUB will fail to locate a valid filesystem and enter rescue mode. At this point, - the disk is already decrypted, and the decryption key remains loaded in system - memory. This scenario may allow an attacker with physical access to access the - unencrypted data without any further authentication, thereby compromising data - confidentiality. Furthermore, the ability to force this state through filesystem - corruption also presents a data integrity concern. + description: 'A CWE-552: Files or Directories Accessible to External Parties vulnerability + exists in Easergy T300 with firmware V2.7.1 and older that could expose files + or directory content when access from an attacker is not restricted or incorrectly + restricted.' detection: payload: null verify: null @@ -4282,28 +3855,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-4382 - - https://access.redhat.com/security/cve/CVE-2025-4382 - - https://bugzilla.redhat.com/show_bug.cgi?id=2364416 - - https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=blobdiff;f=grub-core/kern/rescue_reader.c;h=a71ada8fb7da2eae6ee7135fe234fb1755ca78b0;hp=4259857ba9eea45446bc40ea13c3de4ab1b88ffd;hb=c448f511e74cb7c776b314fcb7943f98d3f22b6d;hpb=4abac0ad5a7914dd3cdfff08aaac06588bf98d80 + - https://nvd.nist.gov/vuln/detail/CVE-2021-22769 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-4432-CANDIDATE - cve_id: CVE-2025-4432 - name: Candidate detection for CVE-2025-4432 + id: CVE-2021-28979-CANDIDATE + cve_id: CVE-2021-28979 + name: Candidate detection for CVE-2021-28979 severity: medium - cvss: 5.3 + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Rust's Ring package. A panic may be triggered when - overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker - to induce this panic by sending a specially crafted packet. It will likely occur - unintentionally in 1 out of every 2**32 packets sent or received. + description: SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response + splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted + URL to cause the server to return a split response, once the URL is clicked. detection: payload: null verify: null @@ -4311,29 +3880,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-4432 - - https://access.redhat.com/security/cve/CVE-2025-4432 - - https://bugzilla.redhat.com/show_bug.cgi?id=2350655 - - https://github.com/advisories/GHSA-4p46-pwfr-66x6 - - https://github.com/briansmith/ring + - https://nvd.nist.gov/vuln/detail/CVE-2021-28979 + - https://www.gruppotim.it/redteam + - https://www.thalesgroup.com/en generated_from: - nvd - status: candidate executable: false - id: CVE-2025-31223-CANDIDATE - cve_id: CVE-2025-31223 - name: Candidate detection for CVE-2025-31223 + id: CVE-2021-34202-CANDIDATE + cve_id: CVE-2021-34202 + name: Candidate detection for CVE-2021-34202 severity: high - cvss: 8.0 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved checks. This issue is fixed in - Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS - 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory - corruption. + description: There are multiple out-of-bounds vulnerabilities in some processes + of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator + permissions, resulting in local arbitrary code execution. An attacker can combine + other vulnerabilities to further achieve the purpose of remote code execution. detection: payload: null verify: null @@ -4341,28 +3908,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-31223 - - https://support.apple.com/en-us/122404 - - https://support.apple.com/en-us/122716 - - https://support.apple.com/en-us/122719 - - https://support.apple.com/en-us/122720 + - https://nvd.nist.gov/vuln/detail/CVE-2021-34202 + - https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34202 + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-4574-CANDIDATE - cve_id: CVE-2025-4574 - name: Candidate detection for CVE-2025-4574 - severity: medium - cvss: 6.5 + id: CVE-2021-34201-CANDIDATE + cve_id: CVE-2021-34201 + name: Candidate detection for CVE-2021-34201 + severity: high + cvss: 7.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: In crossbeam-channel rust crate, the internal `Channel` type's `Drop` - method has a race condition which could, in some circumstances, lead to a double-free - that could result in memory corruption. + description: D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There + are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). + Local ordinary users can overwrite the global variables in the .bss section, causing + the process crashes or changes. detection: payload: null verify: null @@ -4370,30 +3936,30 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-4574 - - https://access.redhat.com/security/cve/CVE-2025-4574 - - https://bugzilla.redhat.com/show_bug.cgi?id=2358890 - - https://github.com/advisories/GHSA-pg9f-39pc-qf8g - - https://github.com/crossbeam-rs/crossbeam/pull/1187 + - https://nvd.nist.gov/vuln/detail/CVE-2021-34201 + - https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34201 + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-4478-CANDIDATE - cve_id: CVE-2025-4478 - name: Candidate detection for CVE-2025-4478 - severity: medium - cvss: 6.5 + id: CVE-2021-34203-CANDIDATE + cve_id: CVE-2021-34203 + name: Candidate detection for CVE-2021-34203 + severity: high + cvss: 8.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the FreeRDP used by Anaconda's remote install feature, - where a crafted RDP packet could trigger a segmentation fault. This issue causes - the service to crash and remain defunct, resulting in a denial of service. It - occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is - required to recover the system. + description: D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. + Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in + the way of whole network monitoring, and this function uses the original default + password and port. An attacker can easily use telnet to log in, modify routing + information, monitor the traffic of all devices under the router, hijack DNS and + phishing attacks. In addition, this interface is likely to be questioned by customers + as a backdoor, because the interface should not be exposed. detection: payload: null verify: null @@ -4401,34 +3967,29 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-4478 - - https://access.redhat.com/errata/RHSA-2025:9307 - - https://access.redhat.com/security/cve/CVE-2025-4478 - - https://bugzilla.redhat.com/show_bug.cgi?id=2365232 - - https://github.com/FreeRDP/FreeRDP/pull/11573 + - https://nvd.nist.gov/vuln/detail/CVE-2021-34203 + - https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34203 + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-4476-CANDIDATE - cve_id: CVE-2025-4476 - name: Candidate detection for CVE-2025-4476 + id: CVE-2021-34204-CANDIDATE + cve_id: CVE-2021-34204 + name: Candidate detection for CVE-2021-34204 severity: medium - cvss: 4.3 + cvss: 6.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A denial-of-service vulnerability has been identified in the libsoup - HTTP client library. This flaw can be triggered when a libsoup client receives - a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter - within the WWW-Authenticate header. Processing this malformed header can lead - to a crash of the client application using libsoup. An attacker could exploit - this by setting up a malicious HTTP server. If a user's application using the - vulnerable libsoup library connects to this malicious server, it could result - in a denial-of-service. Successful exploitation requires tricking a user's client - application into connecting to the attacker's malicious server. + description: D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected + Credentials. D-Link AC2600(DIR-2640) stores the device system account password + in plain text. It does not use linux user management. In addition, the passwords + of all devices are the same, and they cannot be modified by normal users. An attacker + can easily log in to the target router through the serial port and obtain root + privileges. detection: payload: null verify: null @@ -4436,32 +3997,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-4476 - - https://access.redhat.com/security/cve/CVE-2025-4476 - - https://bugzilla.redhat.com/show_bug.cgi?id=2366513 - - https://gitlab.gnome.org/GNOME/libsoup/-/issues/440 - - https://gitlab.gnome.org/GNOME/libsoup/-/work_items/440 + - https://nvd.nist.gov/vuln/detail/CVE-2021-34204 + - https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34204 + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-4948-CANDIDATE - cve_id: CVE-2025-4948 - name: Candidate detection for CVE-2025-4948 - severity: high - cvss: 7.5 + id: CVE-2020-21517-CANDIDATE + cve_id: CVE-2020-21517 + name: Candidate detection for CVE-2020-21517 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the soup_multipart_new_from_message() function - of the libsoup HTTP library, which is commonly used by GNOME and other applications - to handle web communications. The issue occurs when the library processes specially - crafted multipart messages. Due to improper validation, an internal calculation - can go wrong, leading to an integer underflow. This can cause the program to access - invalid memory and crash. As a result, any application or server using libsoup - could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk. + description: Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl + parameter in login.php. detection: payload: null verify: null @@ -4469,32 +4023,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-4948 - - https://access.redhat.com/errata/RHSA-2025:21657 - - https://access.redhat.com/errata/RHSA-2025:8126 - - https://access.redhat.com/errata/RHSA-2025:8128 - - https://access.redhat.com/errata/RHSA-2025:8132 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21517 + - https://github.com/lvyyevd/cms/blob/master/metinfo/metinfo7.0.0.md + - https://u.mituo.cn/api/metinfo/download/7.0.0 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-4945-CANDIDATE - cve_id: CVE-2025-4945 - name: Candidate detection for CVE-2025-4945 - severity: low - cvss: 3.7 + id: CVE-2020-19511-CANDIDATE + cve_id: CVE-2020-19511 + name: Candidate detection for CVE-2020-19511 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the cookie parsing logic of the libsoup HTTP library, - used in GNOME applications and other software. The vulnerability arises when processing - the expiration date of cookies, where a specially crafted value can trigger an - integer overflow. This may result in undefined behavior, allowing an attacker - to bypass cookie expiration logic, causing persistent or unintended cookie behavior. - The issue stems from improper validation of large integer inputs during date arithmetic - operations within the cookie parsing routines. + description: Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className + and !2) Description fields in index.php/Admin/Classes, detection: payload: null verify: null @@ -4502,30 +4049,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-4945 - - https://access.redhat.com/errata/RHSA-2025:19713 - - https://access.redhat.com/errata/RHSA-2025:19714 - - https://access.redhat.com/errata/RHSA-2025:19720 - - https://access.redhat.com/errata/RHSA-2025:20959 + - https://nvd.nist.gov/vuln/detail/CVE-2020-19511 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-4969-CANDIDATE - cve_id: CVE-2025-4969 - name: Candidate detection for CVE-2025-4969 - severity: medium - cvss: 6.5 + id: CVE-2020-22168-CANDIDATE + cve_id: CVE-2020-22168 + name: Candidate detection for CVE-2020-22168 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability was found in the libsoup package. This flaw stems from - its failure to correctly verify the termination of multipart HTTP messages. This - can allow a remote attacker to send a specially crafted multipart HTTP body, causing - the libsoup-consuming server to read beyond its allocated memory boundaries (out-of-bounds - read). + description: PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection + vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit + the vulnerability to obtain database sensitive information. detection: payload: null verify: null @@ -4533,29 +4074,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-4969 - - https://access.redhat.com/security/cve/CVE-2025-4969 - - https://bugzilla.redhat.com/show_bug.cgi?id=2367552 - - https://gitlab.gnome.org/GNOME/libsoup/-/issues/447 + - https://nvd.nist.gov/vuln/detail/CVE-2020-22168 + - https://github.com/itodaro/PHPGurukul_Hospital_Management_System4.0_cve generated_from: - nvd - status: candidate executable: false - id: CVE-2025-5024-CANDIDATE - cve_id: CVE-2025-5024 - name: Candidate detection for CVE-2025-5024 - severity: high - cvss: 7.4 + id: CVE-2020-26801-CANDIDATE + cve_id: CVE-2020-26801 + name: Candidate detection for CVE-2020-26801 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop - listens for RDP connections, an unauthenticated attacker can exhaust system resources - and repeatedly crash the process. There may be a resource leak after many attacks, - which will also result in gnome-remote-desktop no longer being able to open files - even after it is restarted via systemd. + description: A stored cross-site scripting (XSS) vulnerability was discovered in + /Forms/device_vars_1 on TrippLite SU2200RTXL2Ua with firmware version 12.04.0055. + This vulnerability allows authenticated attackers to obtain other users' information + via a crafted POST request. detection: payload: null verify: null @@ -4563,29 +4101,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-5024 - - https://access.redhat.com/errata/RHSA-2025:10631 - - https://access.redhat.com/errata/RHSA-2025:10635 - - https://access.redhat.com/errata/RHSA-2025:10742 - - https://access.redhat.com/errata/RHSA-2025:11403 + - https://nvd.nist.gov/vuln/detail/CVE-2020-26801 + - https://www.blacklanternsecurity.com/2021-06-21-Tripplite-CVE/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-48796-CANDIDATE - cve_id: CVE-2025-48796 - name: Candidate detection for CVE-2025-48796 - severity: high - cvss: 7.3 + id: CVE-2021-31721-CANDIDATE + cve_id: CVE-2021-31721 + name: Candidate detection for CVE-2021-31721 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in GIMP. The GIMP ani_load_image() function is vulnerable - to a stack-based overflow. If a user opens.ANI files, GIMP may be used to store - more information than the capacity allows. This flaw allows a malicious ANI file - to trigger arbitrary code execution. + description: Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image + title at the image upload stage. detection: payload: null verify: null @@ -4593,28 +4126,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-48796 - - https://access.redhat.com/security/cve/CVE-2025-48796 - - https://bugzilla.redhat.com/show_bug.cgi?id=2368559 - - https://gitlab.gnome.org/GNOME/gimp/-/issues/9257 + - https://nvd.nist.gov/vuln/detail/CVE-2021-31721 + - https://www.exploit-db.com/exploits/49859 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-48797-CANDIDATE - cve_id: CVE-2025-48797 - name: Candidate detection for CVE-2025-48797 + id: CVE-2021-28993-CANDIDATE + cve_id: CVE-2021-28993 + name: Candidate detection for CVE-2021-28993 severity: high - cvss: 7.3 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in GIMP when processing certain TGA image files. If - a user opens one of these image files that has been specially crafted by an attacker, - GIMP can be tricked into making serious memory errors, potentially leading to - crashes and causing a heap buffer overflow. + description: 'Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact + is: obtain sensitive information (remote).' detection: payload: null verify: null @@ -4622,29 +4151,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-48797 - - https://access.redhat.com/errata/RHSA-2025:9162 - - https://access.redhat.com/errata/RHSA-2025:9165 - - https://access.redhat.com/errata/RHSA-2025:9308 - - https://access.redhat.com/errata/RHSA-2025:9309 + - https://nvd.nist.gov/vuln/detail/CVE-2021-28993 + - https://docs.plixer.com/projects/scrutinizer/en/19.1.0/system/changelog.html generated_from: - nvd - status: candidate executable: false - id: CVE-2025-48798-CANDIDATE - cve_id: CVE-2025-48798 - name: Candidate detection for CVE-2025-48798 - severity: high - cvss: 7.3 + id: CVE-2021-35451-CANDIDATE + cve_id: CVE-2021-35451 + name: Candidate detection for CVE-2021-35451 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in GIMP when processing XCF image files. If a user - opens one of these image files that has been specially crafted by an attacker, - GIMP can be tricked into making serious memory errors, potentially leading to - crashes and causing use-after-free issues. + description: In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated + user can inject arbitrary text into user browser via the Web application. detection: payload: null verify: null @@ -4652,29 +4176,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-48798 - - https://access.redhat.com/errata/RHSA-2025:9162 - - https://access.redhat.com/errata/RHSA-2025:9165 - - https://access.redhat.com/errata/RHSA-2025:9308 - - https://access.redhat.com/errata/RHSA-2025:9309 + - https://nvd.nist.gov/vuln/detail/CVE-2021-35451 + - https://gist.github.com/rvismit/578f9f98d79f22d81a5e45dbbc0b4fa4 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-5222-CANDIDATE - cve_id: CVE-2025-5222 - name: Candidate detection for CVE-2025-5222 + id: CVE-2021-34110-CANDIDATE + cve_id: CVE-2021-34110 + name: Candidate detection for CVE-2021-34110 severity: high - cvss: 7.0 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: A stack buffer overflow was found in Internationl components for unicode - (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the - SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary - code execution. + exploitdb_reference: true + description: WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing + a local unprivileged user to replace the executable with a malicious file that + will be executed with "LocalSystem" privileges. detection: payload: null verify: null @@ -4682,29 +4202,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-5222 - - https://access.redhat.com/errata/RHSA-2025:11888 - - https://access.redhat.com/errata/RHSA-2025:12083 - - https://access.redhat.com/errata/RHSA-2025:12331 - - https://access.redhat.com/errata/RHSA-2025:12332 + - https://nvd.nist.gov/vuln/detail/CVE-2021-34110 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/204780 + - https://packetstormsecurity.com/files/163335/WinWaste.NET-1.0.6183.16475-Local-Privilege-Escalation.html + - https://www.exploit-db.com/exploits/50083 generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2025-5278-CANDIDATE - cve_id: CVE-2025-5278 - name: Candidate detection for CVE-2025-5278 + id: CVE-2020-20584-CANDIDATE + cve_id: CVE-2020-20584 + name: Candidate detection for CVE-2020-20584 severity: medium - cvss: 4.4 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in GNU Coreutils. The sort utility's begfield() function - is vulnerable to a heap buffer under-read. The program may access memory outside - the allocated buffer if a user runs a crafted command using the traditional key - format. A malicious input could lead to a crash or leak sensitive data. + description: A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows + attackers to execute arbitrary web scripts or HTML via the form parameter post + to /public/console/profile/info-submit/. detection: payload: null verify: null @@ -4712,40 +4231,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-5278 - - https://access.redhat.com/errata/RHSA-2026:28911 - - https://access.redhat.com/errata/RHSA-2026:33124 - - https://access.redhat.com/errata/RHSA-2026:33313 - - https://access.redhat.com/errata/RHSA-2026:33612 + - https://nvd.nist.gov/vuln/detail/CVE-2020-20584 + - https://github.com/baigoStudio/baigoSSO + - https://github.com/baigoStudio/baigoSSO/ + - https://github.com/baigoStudio/baigoSSO/issues/13 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-4598-CANDIDATE - cve_id: CVE-2025-4598 - name: Candidate detection for CVE-2025-4598 - severity: medium - cvss: 4.7 + id: CVE-2020-20585-CANDIDATE + cve_id: CVE-2020-20585 + name: Candidate detection for CVE-2020-20585 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'A vulnerability was found in systemd-coredump. This flaw allows an - attacker to force a SUID process to crash and replace it with a non-SUID binary - to access the original''s privileged process coredump, allowing the attacker to - read sensitive data, such as /etc/shadow content, loaded by the original process. - - - A SUID binary or process has a special type of permission, which allows the process - to run with the file owner''s permissions, regardless of the user executing the - binary. This allows the process to access more restricted data than unprivileged - users or processes would be able to. An attacker can leverage this flaw by forcing - a SUID process to crash and force the Linux kernel to recycle the process PID - before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins - the race condition, they gain access to the original''s SUID process coredump - file. They can read sensitive content loaded into memory by the original binary, - affecting data confidentiality.' + description: A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 + beta allows attackers to access sensitive database information. detection: payload: null verify: null @@ -4753,28 +4258,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-4598 - - https://access.redhat.com/errata/RHSA-2025:22660 - - https://access.redhat.com/errata/RHSA-2025:22868 - - https://access.redhat.com/errata/RHSA-2025:23227 - - https://access.redhat.com/errata/RHSA-2025:23234 + - https://nvd.nist.gov/vuln/detail/CVE-2020-20585 + - https://github.com/0xyu/PHP_Learning/issues/3 + - https://www.metinfo.cn/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-0620-CANDIDATE - cve_id: CVE-2025-0620 - name: Candidate detection for CVE-2025-0620 + id: CVE-2020-20586-CANDIDATE + cve_id: CVE-2020-20586 + name: Candidate detection for CVE-2020-20586 severity: medium - cvss: 4.9 + cvss: 4.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Samba. The smbd service daemon does not pick up - group membership changes when re-authenticating an expired SMB session. This issue - can expose file shares until clients disconnect and then connect again. + description: A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser + URI of XYHCMS V3.6 allows attackers to edit any information of the administrator + such as the name, e-mail, and password. detection: payload: null verify: null @@ -4782,29 +4285,23 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-0620 - - https://access.redhat.com/security/cve/CVE-2025-0620 - - https://bugzilla.redhat.com/show_bug.cgi?id=2370453 - - https://www.samba.org/samba/security/CVE-2025-0620.html + - https://nvd.nist.gov/vuln/detail/CVE-2020-20586 + - https://github.com/0xyu/PHP_Learning/issues/4 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-47711-CANDIDATE - cve_id: CVE-2025-47711 - name: Candidate detection for CVE-2025-47711 + id: CVE-2020-20363-CANDIDATE + cve_id: CVE-2020-20363 + name: Candidate detection for CVE-2020-20363 severity: medium - cvss: 6.5 + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: There's a flaw in the nbdkit server when handling responses from its - plugins regarding the status of data blocks. If a client makes a specific request - for a very large data range, and a plugin responds with an even larger single - block, the nbdkit server can encounter a critical internal error, leading to a - denial-of-service. + description: Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.php. detection: payload: null verify: null @@ -4812,28 +4309,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-47711 - - https://access.redhat.com/security/cve/CVE-2025-47711 - - https://bugzilla.redhat.com/show_bug.cgi?id=2365687 - - https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/67E7AASHHADIY7VAD3FFW2I67LTWVWYF/ + - https://nvd.nist.gov/vuln/detail/CVE-2020-20363 + - https://github.com/hnaoyun/PbootCMS + - https://github.com/wind226/CVE/issues/1 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-47712-CANDIDATE - cve_id: CVE-2025-47712 - name: Candidate detection for CVE-2025-47712 + id: CVE-2021-27332-CANDIDATE + cve_id: CVE-2021-27332 + name: Candidate detection for CVE-2021-27332 severity: medium - cvss: 6.5 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw exists in the nbdkit "blocksize" filter that can be triggered - by a specific type of client request. When a client requests block status information - for a very large data range, exceeding a certain limit, it causes an internal - error in the nbdkit, leading to a denial of service. + description: Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated + Enrollment System v 1.0 allows remote attackers to inject arbitrary web script + or HTML via the class_name parameter to update_class.php. detection: payload: null verify: null @@ -4841,29 +4336,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-47712 - - https://access.redhat.com/security/cve/CVE-2025-47712 - - https://bugzilla.redhat.com/show_bug.cgi?id=2365724 - - https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/67E7AASHHADIY7VAD3FFW2I67LTWVWYF/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-27332 + - https://github.com/BigTiger2020/CASAP-Automated-Enrollment-System/blob/main/CASAP-Automated-Enrollment-System-6.md generated_from: - nvd - status: candidate executable: false - id: CVE-2025-5914-CANDIDATE - cve_id: CVE-2025-5914 - name: Candidate detection for CVE-2025-5914 + id: CVE-2021-34432-CANDIDATE + cve_id: CVE-2021-34432 + name: Candidate detection for CVE-2021-34432 severity: high - cvss: 7.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability has been identified in the libarchive library, specifically - within the archive_read_format_rar_seek_data() function. This flaw involves an - integer overflow that can ultimately lead to a double-free condition. Exploiting - a double-free vulnerability can result in memory corruption, enabling an attacker - to execute arbitrary code or cause a denial-of-service condition. + description: In Eclipse Mosquitto versions 2.0.7 and earlier, the server will crash + if the client tries to send a PUBLISH packet with topic length = 0. detection: payload: null verify: null @@ -4871,31 +4361,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-5914 - - https://access.redhat.com/errata/RHSA-2025:14130 - - https://access.redhat.com/errata/RHSA-2025:14135 - - https://access.redhat.com/errata/RHSA-2025:14137 - - https://access.redhat.com/errata/RHSA-2025:14141 + - https://nvd.nist.gov/vuln/detail/CVE-2021-34432 + - https://bugs.eclipse.org/bugs/show_bug.cgi?id=574141 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-5915-CANDIDATE - cve_id: CVE-2025-5915 - name: Candidate detection for CVE-2025-5915 + id: CVE-2021-31655-CANDIDATE + cve_id: CVE-2021-31655 + name: Candidate detection for CVE-2021-31655 severity: medium - cvss: 6.6 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability has been identified in the libarchive library. This - flaw can lead to a heap buffer over-read due to the size of a filter block potentially - exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library - may attempt to read beyond the allocated memory buffer, which can result in unpredictable - program behavior, crashes (denial of service), or the disclosure of sensitive - information from adjacent memory regions. + description: Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2.64 + V1.2.2.65 V1.2.2.68 via the profile parameter. in a GET request in view.cgi. detection: payload: null verify: null @@ -4903,32 +4386,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-5915 - - https://access.redhat.com/security/cve/CVE-2025-5915 - - https://bugzilla.redhat.com/show_bug.cgi?id=2370865 - - https://github.com/libarchive/libarchive/pull/2599 - - https://github.com/libarchive/libarchive/releases/tag/v3.8.0 + - https://nvd.nist.gov/vuln/detail/CVE-2021-31655 + - https://github.com/yinfeidi/Vuls/blob/main/TRENDnet%20TV-IP110WN/CVE-2021-31655.md generated_from: - nvd - status: candidate executable: false - id: CVE-2025-5916-CANDIDATE - cve_id: CVE-2025-5916 - name: Candidate detection for CVE-2025-5916 + id: CVE-2021-38365-CANDIDATE + cve_id: CVE-2021-38365 + name: Candidate detection for CVE-2021-38365 severity: low - cvss: 3.9 + cvss: 3.7 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability has been identified in the libarchive library. This - flaw involves an integer overflow that can be triggered when processing a Web - Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. - An attacker could craft a malicious WARC archive to induce this overflow, potentially - leading to unpredictable program behavior, memory corruption, or a denial-of-service - condition within applications that process such archives using libarchive. This - bug affects libarchive versions prior to 3.8.0. + description: Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remote + attackers to recover speech signals from the power-indicator LED via a telescope + and an electro-optical sensor, aka a "Glowworm" attack. detection: payload: null verify: null @@ -4936,32 +4412,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-5916 - - https://access.redhat.com/security/cve/CVE-2025-5916 - - https://bugzilla.redhat.com/show_bug.cgi?id=2370872 - - https://github.com/libarchive/libarchive/pull/2568 - - https://github.com/libarchive/libarchive/releases/tag/v3.8.0 + - https://nvd.nist.gov/vuln/detail/CVE-2021-38365 + - https://www.nassiben.com/glowworm-attack generated_from: - nvd - status: candidate executable: false - id: CVE-2025-5917-CANDIDATE - cve_id: CVE-2025-5917 - name: Candidate detection for CVE-2025-5917 - severity: low - cvss: 2.8 + id: CVE-2021-37345-CANDIDATE + cve_id: CVE-2021-37345 + name: Candidate detection for CVE-2021-37345 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability has been identified in the libarchive library. This - flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes - for file names. This can lead to a 1-byte write overflow. While seemingly small, - such an overflow can corrupt adjacent memory, leading to unpredictable program - behavior, crashes, or in specific circumstances, could be leveraged as a building - block for more sophisticated exploitation. This bug affects libarchive versions - prior to 3.8.0. + description: Nagios XI before version 5.8.5 is vulnerable to local privilege escalation + because xi-sys.cfg is being imported from the var directory for some scripts with + elevated permissions. detection: payload: null verify: null @@ -4969,30 +4438,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-5917 - - https://access.redhat.com/security/cve/CVE-2025-5917 - - https://bugzilla.redhat.com/show_bug.cgi?id=2370874 - - https://github.com/libarchive/libarchive/pull/2588 - - https://github.com/libarchive/libarchive/releases/tag/v3.8.0 + - https://nvd.nist.gov/vuln/detail/CVE-2021-37345 + - https://www.nagios.com/downloads/nagios-xi/change-log/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-5918-CANDIDATE - cve_id: CVE-2025-5918 - name: Candidate detection for CVE-2025-5918 - severity: low - cvss: 3.9 + id: CVE-2020-20345-CANDIDATE + cve_id: CVE-2020-20345 + name: Candidate detection for CVE-2020-20345 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability has been identified in the libarchive library. This - flaw can be triggered when file streams are piped into bsdtar, potentially allowing - for reading past the end of the file. This out-of-bounds read can lead to unintended - consequences, including unpredictable program behavior, memory corruption, or - a denial-of-service condition. + description: WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability + in the page management background which allows attackers to obtain cookies via + a crafted payload entered into the search box. detection: payload: null verify: null @@ -5000,29 +4464,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-5918 - - https://access.redhat.com/security/cve/CVE-2025-5918 - - https://bugzilla.redhat.com/show_bug.cgi?id=2370877 - - https://github.com/libarchive/libarchive/pull/2584 - - https://github.com/libarchive/libarchive/releases/tag/v3.8.0 + - https://nvd.nist.gov/vuln/detail/CVE-2020-20345 + - https://github.com/taosir/wtcms + - https://github.com/taosir/wtcms/issues/10 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-6021-CANDIDATE - cve_id: CVE-2025-6021 - name: Candidate detection for CVE-2025-6021 + id: CVE-2021-33289-CANDIDATE + cve_id: CVE-2021-33289 + name: Candidate detection for CVE-2021-33289 severity: high - cvss: 7.5 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libxml2's xmlBuildQName function, where integer - overflows in buffer size calculations can lead to a stack-based buffer overflow. - This issue can result in memory corruption or a denial of service when processing - crafted input. + description: In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section + is supplied in an NTFS image a heap buffer overflow can occur and allow for code + execution. detection: payload: null verify: null @@ -5030,31 +4491,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-6021 - - https://access.redhat.com/errata/RHSA-2025:10630 - - https://access.redhat.com/errata/RHSA-2025:10698 - - https://access.redhat.com/errata/RHSA-2025:10699 - - https://access.redhat.com/errata/RHSA-2025:11580 + - https://nvd.nist.gov/vuln/detail/CVE-2021-33289 + - https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp + - https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/ + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-6035-CANDIDATE - cve_id: CVE-2025-6035 - name: Candidate detection for CVE-2025-6035 - severity: medium - cvss: 6.1 + id: CVE-2021-35268-CANDIDATE + cve_id: CVE-2021-35268 + name: Candidate detection for CVE-2021-35268 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in GIMP. An integer overflow vulnerability exists - in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication - of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which - can result in allocating insufficient memory and subsequently performing out-of-bounds - writes. This issue could lead to heap corruption, a potential denial of service - (DoS), or arbitrary code execution in certain scenarios. + description: In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode + is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur + allowing for code execution and escalation of privileges. detection: payload: null verify: null @@ -5062,30 +4520,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-6035 - - https://access.redhat.com/security/cve/CVE-2025-6035 - - https://bugzilla.redhat.com/show_bug.cgi?id=2372515 - - https://gitlab.gnome.org/GNOME/gimp/-/issues/13518 - - https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-35268 + - https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp + - https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/ + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-49794-CANDIDATE - cve_id: CVE-2025-49794 - name: Candidate detection for CVE-2025-49794 - severity: critical - cvss: 9.1 + id: CVE-2021-35269-CANDIDATE + cve_id: CVE-2021-35269 + name: Candidate detection for CVE-2021-35269 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A use-after-free vulnerability was found in libxml2. This issue occurs - when parsing XPath elements under certain circumstances when the XML schematron - has the schema elements. This flaw allows a malicious actor - to craft a malicious XML document used as input for libxml, resulting in the program's - crash using libxml or other possible undefined behaviors. + description: NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute + from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow + can occur allowing for code execution and escalation of privileges. detection: payload: null verify: null @@ -5093,28 +4549,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-49794 - - https://access.redhat.com/errata/RHSA-2025:10630 - - https://access.redhat.com/errata/RHSA-2025:10698 - - https://access.redhat.com/errata/RHSA-2025:10699 - - https://access.redhat.com/errata/RHSA-2025:11580 + - https://nvd.nist.gov/vuln/detail/CVE-2021-35269 + - https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/ + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/ + - https://security.gentoo.org/glsa/202301-01 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-49795-CANDIDATE - cve_id: CVE-2025-49795 - name: Candidate detection for CVE-2025-49795 + id: CVE-2021-33286-CANDIDATE + cve_id: CVE-2021-33286 + name: Candidate detection for CVE-2021-33286 severity: high - cvss: 7.5 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A NULL pointer dereference vulnerability was found in libxml2 when - processing XPath XML expressions. This flaw allows an attacker to craft a malicious - XML input to libxml2, leading to a denial of service. + description: In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string + is supplied in an NTFS image a heap buffer overflow can occur and allow for code + execution. detection: payload: null verify: null @@ -5122,30 +4578,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-49795 - - https://access.redhat.com/errata/RHSA-2025:10630 - - https://access.redhat.com/errata/RHSA-2025:19020 - - https://access.redhat.com/errata/RHSA-2026:7519 - - https://access.redhat.com/security/cve/CVE-2025-49795 + - https://nvd.nist.gov/vuln/detail/CVE-2021-33286 + - https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp + - https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html + - https://security.gentoo.org/glsa/202301-01 + - https://www.debian.org/security/2021/dsa-4971 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-49796-CANDIDATE - cve_id: CVE-2025-49796 - name: Candidate detection for CVE-2025-49796 - severity: critical - cvss: 9.1 + id: CVE-2021-33287-CANDIDATE + cve_id: CVE-2021-33287 + name: Candidate detection for CVE-2021-33287 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability was found in libxml2. Processing certain sch:name elements - from the input XML file can trigger a memory corruption issue. This flaw allows - an attacker to craft a malicious XML input file that can lead libxml to crash, - resulting in a denial of service or other possible undefined behavior due to sensitive - data being corrupted in memory. + description: In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes + are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and + allow for writing to arbitrary memory or denial of service of the application. detection: payload: null verify: null @@ -5153,30 +4607,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-49796 - - https://access.redhat.com/errata/RHSA-2025:10630 - - https://access.redhat.com/errata/RHSA-2025:10698 - - https://access.redhat.com/errata/RHSA-2025:10699 - - https://access.redhat.com/errata/RHSA-2025:11580 + - https://nvd.nist.gov/vuln/detail/CVE-2021-33287 + - https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp + - https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/ + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-6170-CANDIDATE - cve_id: CVE-2025-6170 - name: Candidate detection for CVE-2025-6170 - severity: low - cvss: 2.5 + id: CVE-2021-35266-CANDIDATE + cve_id: CVE-2021-35266 + name: Candidate detection for CVE-2021-35266 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the interactive shell of the xmllint command-line - tool, used for parsing XML files. When a user inputs an overly long command, the - program does not check the input size properly, which can cause it to crash. This - issue might allow attackers to run harmful code in rare configurations without - modern protections. + description: In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode + pathname is supplied in an NTFS image a heap buffer overflow can occur resulting + in memory disclosure, denial of service and even code execution. detection: payload: null verify: null @@ -5184,18 +4636,18 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-6170 - - https://access.redhat.com/errata/RHSA-2026:7519 - - https://access.redhat.com/security/cve/CVE-2025-6170 - - https://bugzilla.redhat.com/show_bug.cgi?id=2372952 - - https://gitlab.gnome.org/GNOME/libxml2/-/issues/941 + - https://nvd.nist.gov/vuln/detail/CVE-2021-35266 + - https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp + - https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/ + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-6020-CANDIDATE - cve_id: CVE-2025-6020 - name: Candidate detection for CVE-2025-6020 + id: CVE-2021-35267-CANDIDATE + cve_id: CVE-2021-35267 + name: Candidate detection for CVE-2021-35267 severity: high cvss: 7.8 risk_level: unknown @@ -5203,9 +4655,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in linux-pam. The module pam_namespace may use access - user-controlled paths without proper protection, allowing local users to elevate - their privileges to root via multiple symlink attacks and race conditions. + description: NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when + correcting differences in the MFT and MFTMirror allowing for code execution or + escalation of privileges when setuid-root. detection: payload: null verify: null @@ -5213,33 +4665,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-6020 - - https://access.redhat.com/errata/RHSA-2025:10024 - - https://access.redhat.com/errata/RHSA-2025:10027 - - https://access.redhat.com/errata/RHSA-2025:10180 - - https://access.redhat.com/errata/RHSA-2025:10354 + - https://nvd.nist.gov/vuln/detail/CVE-2021-35267 + - https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp + - https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/ + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-4404-CANDIDATE - cve_id: CVE-2025-4404 - name: Candidate detection for CVE-2025-4404 + id: CVE-2021-36581-CANDIDATE + cve_id: CVE-2021-36581 + name: Candidate detection for CVE-2021-36581 severity: critical - cvss: 9.1 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A privilege escalation from host to domain vulnerability was found - in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of - the `krbCanonicalName` for the admin account by default, allowing users to create - services with the same canonical name as the REALM admin. When a successful attack - happens, the user can retrieve a Kerberos ticket in the name of this service, - containing the admin@REALM credential. This flaw allows an attacker to perform - administrative tasks over the REALM, leading to access to sensitive data and sensitive - data exfiltration. + description: Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible + to upload any file extension to the server. The server does not verify the extension + of the file and the tester was able to upload an aspx to the server. detection: payload: null verify: null @@ -5247,28 +4694,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-4404 - - https://access.redhat.com/errata/RHSA-2025:9184 - - https://access.redhat.com/errata/RHSA-2025:9185 - - https://access.redhat.com/errata/RHSA-2025:9186 - - https://access.redhat.com/errata/RHSA-2025:9187 + - https://nvd.nist.gov/vuln/detail/CVE-2021-36581 + - https://github.com/l00neyhacker/CVE-2021-36581/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-49175-CANDIDATE - cve_id: CVE-2025-49175 - name: Candidate detection for CVE-2025-49175 - severity: medium - cvss: 6.1 + id: CVE-2021-36582-CANDIDATE + cve_id: CVE-2021-36582 + name: Candidate detection for CVE-2021-36582 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the X Rendering extension's handling of animated - cursors. If a client provides no cursors, the server assumes at least one is present, - leading to an out-of-bounds read and potential crash. + description: In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., + aspx) to the server and then call upon it to receive a reverse shell from the + victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx + and can be simply triggered by browsing that URL. detection: payload: null verify: null @@ -5276,28 +4721,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-49175 - - https://access.redhat.com/errata/RHSA-2025:10258 - - https://access.redhat.com/errata/RHSA-2025:10342 - - https://access.redhat.com/errata/RHSA-2025:10343 - - https://access.redhat.com/errata/RHSA-2025:10344 + - https://nvd.nist.gov/vuln/detail/CVE-2021-36582 + - https://github.com/l00neyhacker/CVE-2021-36582 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-49176-CANDIDATE - cve_id: CVE-2025-49176 - name: Candidate detection for CVE-2025-49176 + id: CVE-2021-40639-CANDIDATE + cve_id: CVE-2021-40639 + name: Candidate detection for CVE-2021-40639 severity: high - cvss: 7.3 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the Big Requests extension. The request length - is multiplied by 4 before checking against the maximum allowed size, potentially - causing an integer overflow and bypassing the size check. + description: Improper access control in Jfinal CMS 5.1.0 allows attackers to access + sensitive information via /classes/conf/db.properties&config=filemanager.config.js. detection: payload: null verify: null @@ -5305,28 +4746,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-49176 - - https://access.redhat.com/errata/RHSA-2025:10258 - - https://access.redhat.com/errata/RHSA-2025:10342 - - https://access.redhat.com/errata/RHSA-2025:10343 - - https://access.redhat.com/errata/RHSA-2025:10344 + - https://nvd.nist.gov/vuln/detail/CVE-2021-40639 + - https://github.com/jflyfox/jfinal_cms + - https://github.com/jflyfox/jfinal_cms/issues/27 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-49177-CANDIDATE - cve_id: CVE-2025-49177 - name: Candidate detection for CVE-2025-49177 - severity: medium - cvss: 6.1 + id: CVE-2020-21468-CANDIDATE + cve_id: CVE-2020-21468 + name: Candidate detection for CVE-2020-21468 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode - handler does not validate the request length, allowing a client to read unintended - memory from previous requests. + description: 'A segmentation fault in the redis-server component of Redis 5.0.7 + leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue + in a released version, such as 5.0.7.' detection: payload: null verify: null @@ -5334,28 +4773,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-49177 - - https://access.redhat.com/errata/RHSA-2025:10258 - - https://access.redhat.com/errata/RHSA-2025:9303 - - https://access.redhat.com/errata/RHSA-2025:9304 - - https://access.redhat.com/security/cve/CVE-2025-49177 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21468 + - https://github.com/antirez/redis/issues/6633 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-49178-CANDIDATE - cve_id: CVE-2025-49178 - name: Candidate detection for CVE-2025-49178 + id: CVE-2020-21228-CANDIDATE + cve_id: CVE-2020-21228 + name: Candidate detection for CVE-2020-21228 severity: medium - cvss: 5.5 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the X server's request handling. Non-zero 'bytes - to ignore' in a client's request can cause the server to skip processing another - client's request, potentially leading to a denial of service. + description: JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability + in the component /user/release.html, which allows attackers to arbitrarily add + an administrator cookie. detection: payload: null verify: null @@ -5363,28 +4799,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-49178 - - https://access.redhat.com/errata/RHSA-2025:10258 - - https://access.redhat.com/errata/RHSA-2025:10342 - - https://access.redhat.com/errata/RHSA-2025:10343 - - https://access.redhat.com/errata/RHSA-2025:10344 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21228 + - https://github.com/Cherry-toto/jizhicms + - https://github.com/Cherry-toto/jizhicms/issues/16 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-49179-CANDIDATE - cve_id: CVE-2025-49179 - name: Candidate detection for CVE-2025-49179 - severity: high - cvss: 7.3 + id: CVE-2021-35503-CANDIDATE + cve_id: CVE-2021-35503 + name: Candidate detection for CVE-2021-35503 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients - function does not check for an integer overflow when computing request length, - which allows a client to bypass length checks. + description: Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For + header that is mishandled when rendering Activity Logs. detection: payload: null verify: null @@ -5392,28 +4825,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-49179 - - https://access.redhat.com/errata/RHSA-2025:10258 - - https://access.redhat.com/errata/RHSA-2025:10342 - - https://access.redhat.com/errata/RHSA-2025:10343 - - https://access.redhat.com/errata/RHSA-2025:10344 + - https://nvd.nist.gov/vuln/detail/CVE-2021-35503 + - https://syntegris-sec.github.io/filerun-advisory generated_from: - nvd - status: candidate executable: false - id: CVE-2025-49180-CANDIDATE - cve_id: CVE-2025-49180 - name: Candidate detection for CVE-2025-49180 + id: CVE-2021-35504-CANDIDATE + cve_id: CVE-2021-35504 + name: Candidate detection for CVE-2021-35504 severity: high - cvss: 7.8 + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the RandR extension, where the RRChangeProviderProperty - function does not properly validate input. This issue leads to an integer overflow - when computing the total size to allocate. + description: Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) + via the Check Path value for the ffmpeg binary. detection: payload: null verify: null @@ -5421,31 +4850,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-49180 - - https://access.redhat.com/errata/RHSA-2025:10258 - - https://access.redhat.com/errata/RHSA-2025:10342 - - https://access.redhat.com/errata/RHSA-2025:10343 - - https://access.redhat.com/errata/RHSA-2025:10344 + - https://nvd.nist.gov/vuln/detail/CVE-2021-35504 + - https://syntegris-sec.github.io/filerun-advisory generated_from: - nvd - status: candidate executable: false - id: CVE-2025-6199-CANDIDATE - cve_id: CVE-2025-6199 - name: Candidate detection for CVE-2025-6199 - severity: low - cvss: 3.3 + id: CVE-2021-35505-CANDIDATE + cve_id: CVE-2021-35505 + name: Candidate detection for CVE-2021-35505 + severity: high + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A flaw was found in the GIF parser of GdkPixbuf\u2019s LZW decoder.\ - \ When an invalid symbol is encountered during decompression, the decoder sets\ - \ the reported output size to the full buffer length rather than the actual number\ - \ of written bytes. This logic error results in uninitialized sections of the\ - \ buffer being included in the output, potentially leaking arbitrary memory contents\ - \ in the processed image." + description: Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) + via the Check Path value for the magick binary. detection: payload: null verify: null @@ -5453,35 +4875,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-6199 - - https://access.redhat.com/security/cve/CVE-2025-6199 - - https://bugzilla.redhat.com/show_bug.cgi?id=2373147 - - https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/257 - - https://lists.debian.org/debian-lts-announce/2025/06/msg00023.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-35505 + - https://syntegris-sec.github.io/filerun-advisory generated_from: - nvd - status: candidate executable: false - id: CVE-2025-6019-CANDIDATE - cve_id: CVE-2025-6019 - name: Candidate detection for CVE-2025-6019 - severity: high - cvss: 7.0 + id: CVE-2021-37223-CANDIDATE + cve_id: CVE-2021-37223 + name: Candidate detection for CVE-2021-37223 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. - Generally, the "allow_active" setting in Polkit permits a physically present user - to take certain actions based on the session type. Due to the way libblockdev - interacts with the udisks daemon, an "allow_active" user on a system may be able - escalate to full root privileges on the target host. Normally, udisks mounts user-provided - filesystem images with security flags like nosuid and nodev to prevent privilege - escalation. However, a local attacker can create a specially crafted XFS image - containing a SUID-root shell, then trick udisks into resizing it. This mounts - their malicious filesystem with root privileges, allowing them to execute their - SUID-root shell and gain complete control of the system. + description: Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request + Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can + create scheduled reports containing PDF screenshots of any view in the NagiosXI + application. Due to lack of input sanitisation, the target page can be replaced + with an SSRF payload to access internal resources or disclose local system files. detection: payload: null verify: null @@ -5489,31 +4903,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-6019 - - https://access.redhat.com/errata/RHSA-2025:10796 - - https://access.redhat.com/errata/RHSA-2025:9320 - - https://access.redhat.com/errata/RHSA-2025:9321 - - https://access.redhat.com/errata/RHSA-2025:9322 + - https://nvd.nist.gov/vuln/detail/CVE-2021-37223 + - https://www.nagios.com/downloads/nagios-xi/change-log/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-5318-CANDIDATE - cve_id: CVE-2025-5318 - name: Candidate detection for CVE-2025-5318 - severity: high - cvss: 8.1 + id: CVE-2021-35506-CANDIDATE + cve_id: CVE-2021-35506 + name: Candidate detection for CVE-2021-35506 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the libssh library in versions less than 0.11.2. - An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect - comparison check that permits the function to access memory beyond the valid handle - list and to return an invalid pointer, which is used in further processing. This - vulnerability allows an authenticated remote attacker to potentially read unintended - memory regions, exposing sensitive information or affect service behavior. + description: Afian FileRun 2021.03.26 allows XSS when an administrator encounters + a crafted document during use of the HTML Editor for a preview or edit action. detection: payload: null verify: null @@ -5521,28 +4928,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-5318 - - https://access.redhat.com/errata/RHSA-2025:18231 - - https://access.redhat.com/errata/RHSA-2025:18275 - - https://access.redhat.com/errata/RHSA-2025:18286 - - https://access.redhat.com/errata/RHSA-2025:19012 + - https://nvd.nist.gov/vuln/detail/CVE-2021-35506 + - https://syntegris-sec.github.io/filerun-advisory generated_from: - nvd - status: candidate executable: false - id: CVE-2025-6032-CANDIDATE - cve_id: CVE-2025-6032 - name: Candidate detection for CVE-2025-6032 + id: CVE-2021-29004-CANDIDATE + cve_id: CVE-2021-29004 + name: Candidate detection for CVE-2021-29004 severity: high - cvss: 8.3 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Podman. The podman machine init command fails to - verify the TLS certificate when downloading the VM images from an OCI registry. - This issue results in a Man In The Middle attack. + description: rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated + to exploit the vulnerability. If --secure-file-priv in MySQL server is not set + and the Mysql server is the same as rConfig, an attacker may successfully upload + a webshell to the server and access it remotely. detection: payload: null verify: null @@ -5550,32 +4955,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-6032 - - https://access.redhat.com/errata/RHSA-2025:10295 - - https://access.redhat.com/errata/RHSA-2025:10549 - - https://access.redhat.com/errata/RHSA-2025:10550 - - https://access.redhat.com/errata/RHSA-2025:10551 + - https://nvd.nist.gov/vuln/detail/CVE-2021-29004 + - https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29004-POC-req.txt + - https://github.com/mrojz/rconfig-exploit/blob/main/README.md + - https://rconfig.com generated_from: - nvd - status: candidate executable: false - id: CVE-2025-5351-CANDIDATE - cve_id: CVE-2025-5351 - name: Candidate detection for CVE-2025-5351 - severity: medium - cvss: 6.5 + id: CVE-2021-29005-CANDIDATE + cve_id: CVE-2021-29005 + name: Candidate detection for CVE-2021-29005 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the key export functionality of libssh. The issue - occurs in the internal function responsible for converting cryptographic keys - into serialized formats. During error handling, a memory structure is freed but - not cleared, leading to a potential double free issue if an additional failure - occurs later in the function. This condition may result in heap corruption or - application instability in low-memory scenarios, posing a risk to system reliability - where key export operations are performed. + description: Insecure permission of chmod command on rConfig server 3.9.6 exists. + After installing rConfig apache user may execute chmod as root without password + which may let an attacker with low privilege to gain root access on server. detection: payload: null verify: null @@ -5583,31 +4983,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-5351 - - https://access.redhat.com/errata/RHSA-2026:18683 - - https://access.redhat.com/security/cve/CVE-2025-5351 - - https://bugzilla.redhat.com/show_bug.cgi?id=2369367 + - https://nvd.nist.gov/vuln/detail/CVE-2021-29005 + - https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29005-POC.sh generated_from: - nvd - status: candidate executable: false - id: CVE-2025-5987-CANDIDATE - cve_id: CVE-2025-5987 - name: Candidate detection for CVE-2025-5987 - severity: high - cvss: 8.1 + id: CVE-2021-29006-CANDIDATE + cve_id: CVE-2021-29006 + name: Candidate detection for CVE-2021-29006 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libssh when using the ChaCha20 cipher with the - OpenSSL library. If an attacker manages to exhaust the heap space, this error - is not detected and may lead to libssh using a partially initialized cipher context. - This occurs because the OpenSSL error code returned aliases with the SSH_OK code, - resulting in libssh not properly detecting the error returned by the OpenSSL library. - This issue can lead to undefined behavior, including compromised data confidentiality - and integrity or crashes. + description: rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. + An authenticated user may successfully download any file on the server. detection: payload: null verify: null @@ -5615,18 +5008,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-5987 - - https://access.redhat.com/errata/RHSA-2025:23483 - - https://access.redhat.com/errata/RHSA-2025:23484 - - https://access.redhat.com/errata/RHSA-2026:0427 - - https://access.redhat.com/errata/RHSA-2026:0428 + - https://nvd.nist.gov/vuln/detail/CVE-2021-29006 + - https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29006-POC.py generated_from: - nvd - status: candidate executable: false - id: CVE-2025-7345-CANDIDATE - cve_id: CVE-2025-7345 - name: Candidate detection for CVE-2025-7345 + id: CVE-2020-19961-CANDIDATE + cve_id: CVE-2020-19961 + name: Candidate detection for CVE-2020-19961 severity: high cvss: 7.5 risk_level: unknown @@ -5634,11 +5024,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: "A flaw exists in gdk\u2011pixbuf within the gdk_pixbuf__jpeg_image_load_increment\ - \ function (io-jpeg.c) and in glib\u2019s g_base64_encode_step (glib/gbase64.c).\ - \ When processing maliciously crafted JPEG images, a heap buffer overflow can\ - \ occur during Base64 encoding, allowing out-of-bounds reads from heap memory,\ - \ potentially causing application crashes or arbitrary code execution." + description: A SQL injection vulnerability has been discovered in zz cms version + 2019 which allows attackers to retrieve sensitive data via the component subzs.php. detection: payload: null verify: null @@ -5646,18 +5033,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-7345 - - https://access.redhat.com/errata/RHSA-2025:12841 - - https://access.redhat.com/errata/RHSA-2025:12862 - - https://access.redhat.com/errata/RHSA-2025:13315 - - https://access.redhat.com/errata/RHSA-2025:14574 + - https://nvd.nist.gov/vuln/detail/CVE-2020-19961 + - https://github.com/forget-code/zzcms + - https://github.com/zhuxianjin/vuln_repo/blob/master/zzcms2019%20SQL%20injection%20vulnerability%20in%20subzs.php.md generated_from: - nvd - status: candidate executable: false - id: CVE-2025-32988-CANDIDATE - cve_id: CVE-2025-32988 - name: Candidate detection for CVE-2025-32988 + id: CVE-2020-19964-CANDIDATE + cve_id: CVE-2020-19964 + name: Candidate detection for CVE-2020-19964 severity: medium cvss: 6.5 risk_level: unknown @@ -5665,16 +5050,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'A flaw was found in GnuTLS. A double-free vulnerability exists in - GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative - Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, - GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading - to a double-free condition when the parent function or caller later attempts to - free the same structure. - - - This vulnerability can be triggered using only public GnuTLS APIs and may result - in denial of service or memory corruption, depending on allocator behavior.' + description: A Cross Site Request Forgery (CSRF) vulnerability was discovered in + PHPMyWind 5.6 which allows attackers to create a new administrator account without + authentication. detection: payload: null verify: null @@ -5682,32 +5060,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-32988 - - https://access.redhat.com/errata/RHSA-2025:16115 - - https://access.redhat.com/errata/RHSA-2025:16116 - - https://access.redhat.com/errata/RHSA-2025:17181 - - https://access.redhat.com/errata/RHSA-2025:17348 + - https://nvd.nist.gov/vuln/detail/CVE-2020-19964 + - https://github.com/gaozhifeng/PHPMyWind + - https://github.com/gaozhifeng/PHPMyWind/issues/9 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-32989-CANDIDATE - cve_id: CVE-2025-32989 - name: Candidate detection for CVE-2025-32989 - severity: medium - cvss: 5.3 + id: CVE-2021-36512-CANDIDATE + cve_id: CVE-2021-36512 + name: Candidate detection for CVE-2021-36512 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A heap-buffer-overread vulnerability was found in GnuTLS in how it - handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension - during X.509 certificate parsing. This flaw allows a malicious user to create - a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) - that contains sensitive data. This issue leads to the exposure of confidential - information when GnuTLS verifies certificates from certain websites when the certificate - (SCT) is not checked correctly. + description: An issue was discovered in function scanallsubs in src/sbbs3/scansubs.cpp + in Synchronet BBS, which may allow attackers to view sensitive information due + to an uninitialized value. detection: payload: null verify: null @@ -5715,30 +5087,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-32989 - - https://access.redhat.com/errata/RHSA-2025:16115 - - https://access.redhat.com/errata/RHSA-2025:16116 - - https://access.redhat.com/errata/RHSA-2025:17181 - - https://access.redhat.com/errata/RHSA-2025:17348 + - https://nvd.nist.gov/vuln/detail/CVE-2021-36512 + - https://gitlab.synchro.net/main/sbbs/-/issues/276 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-32990-CANDIDATE - cve_id: CVE-2025-32990 - name: Candidate detection for CVE-2025-32990 - severity: medium - cvss: 6.5 + id: CVE-2020-23546-CANDIDATE + cve_id: CVE-2020-23546 + name: Candidate detection for CVE-2020-23546 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software - in the template parsing logic within the certtool utility. When it reads certain - settings from a template file, it allows an attacker to cause an out-of-bounds - (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service - (DoS) that could potentially crash the system. + description: IrfanView 4.54 allows attackers to cause a denial of service or possibly + other unspecified impacts via a crafted XBM file, related to a "Data from Faulting + Address is used as one or more arguments in a subsequent Function Call starting + at FORMATS!ReadMosaic+0x0000000000000981. detection: payload: null verify: null @@ -5746,30 +5114,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-32990 - - https://access.redhat.com/errata/RHSA-2025:16115 - - https://access.redhat.com/errata/RHSA-2025:16116 - - https://access.redhat.com/errata/RHSA-2025:17181 - - https://access.redhat.com/errata/RHSA-2025:17348 + - https://nvd.nist.gov/vuln/detail/CVE-2020-23546 + - https://github.com/nhiephon/Research/blob/master/README.md + - https://www.irfanview.com/plugins.htm generated_from: - nvd - status: candidate executable: false - id: CVE-2025-7424-CANDIDATE - cve_id: CVE-2025-7424 - name: Candidate detection for CVE-2025-7424 + id: CVE-2021-31624-CANDIDATE + cve_id: CVE-2021-31624 + name: Candidate detection for CVE-2021-31624 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the libxslt library. The same memory field, psvi, - is used for both stylesheet and input data, which can lead to type confusion during - XML transformations. This vulnerability allows an attacker to crash the application - or corrupt memory. In some cases, it may lead to denial of service or unexpected - behavior. + description: Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), + and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via + the urls parameter. detection: payload: null verify: null @@ -5777,30 +5141,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-7424 - - https://access.redhat.com/errata/RHBA-2025:12345 - - https://access.redhat.com/errata/RHSA-2026:11015 - - https://access.redhat.com/security/cve/CVE-2025-7424 - - https://bugzilla.redhat.com/show_bug.cgi?id=2379228 + - https://nvd.nist.gov/vuln/detail/CVE-2021-31624 + - https://github.com/Lyc-heng/routers/blob/main/routers/stack2.md generated_from: - nvd - status: candidate executable: false - id: CVE-2025-7425-CANDIDATE - cve_id: CVE-2025-7425 - name: Candidate detection for CVE-2025-7425 + id: CVE-2021-31627-CANDIDATE + cve_id: CVE-2021-31627 + name: Candidate detection for CVE-2021-31627 severity: high - cvss: 7.8 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libxslt where the attribute type, atype, flags - are modified in a way that corrupts internal memory management. When XSLT functions, - such as the key() process, result in tree fragments, this corruption prevents - the proper cleanup of ID attributes. As a result, the system may access freed - memory, causing crashes or enabling attackers to trigger heap corruption. + description: Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), + and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via + the index parameter. detection: payload: null verify: null @@ -5808,27 +5167,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-7425 - - https://access.redhat.com/errata/RHBA-2025:12345 - - https://access.redhat.com/errata/RHSA-2025:12447 - - https://access.redhat.com/errata/RHSA-2025:12450 - - https://access.redhat.com/errata/RHSA-2025:13267 + - https://nvd.nist.gov/vuln/detail/CVE-2021-31627 + - https://github.com/Lyc-heng/routers/blob/main/routers/stack3.md generated_from: - nvd - status: candidate executable: false - id: CVE-2025-6395-CANDIDATE - cve_id: CVE-2025-6395 - name: Candidate detection for CVE-2025-6395 - severity: medium - cvss: 6.5 + id: CVE-2020-25912-CANDIDATE + cve_id: CVE-2020-25912 + name: Candidate detection for CVE-2020-25912 + severity: critical + cvss: 9.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A NULL pointer dereference flaw was found in the GnuTLS software in - _gnutls_figure_common_ciphersuite(). + description: A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php + in Symphony 2.7.10 which can lead to an information disclosure or denial of service + (DOS). detection: payload: null verify: null @@ -5836,30 +5193,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-6395 - - https://access.redhat.com/errata/RHSA-2025:16115 - - https://access.redhat.com/errata/RHSA-2025:16116 - - https://access.redhat.com/errata/RHSA-2025:17181 - - https://access.redhat.com/errata/RHSA-2025:17348 + - https://nvd.nist.gov/vuln/detail/CVE-2020-25912 + - https://github.com/symphonycms/symphonycms/issues/2924 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-7519-CANDIDATE - cve_id: CVE-2025-7519 - name: Candidate detection for CVE-2025-7519 + id: CVE-2021-33259-CANDIDATE + cve_id: CVE-2021-33259 + name: Candidate detection for CVE-2021-33259 severity: medium - cvss: 6.7 + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in polkit. When processing an XML policy with 32 or - more nested elements in depth, an out-of-bounds write can be triggered. This issue - can lead to a crash or other unexpected behavior, and arbitrary code execution - is not discarded. To exploit this flaw, a high-privilege account is needed as - it's required to place the malicious policy file properly. + description: Several web interfaces in D-Link DIR-868LW 1.12b have no authentication + requirements for access, allowing for attackers to obtain users' DNS query history. detection: payload: null verify: null @@ -5867,29 +5218,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-7519 - - https://access.redhat.com/security/cve/CVE-2025-7519 - - https://bugzilla.redhat.com/show_bug.cgi?id=2379675 - - https://github.com/polkit-org/polkit/commit/107d3801361b9f9084f78710178e683391f1d245 - - https://github.com/polkit-org/polkit/pull/570 + - https://nvd.nist.gov/vuln/detail/CVE-2021-33259 + - https://github.com/jayus0821/uai-poc/blob/main/D-Link/DIR-868L/webaccess_UAI.md + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-6965-CANDIDATE - cve_id: CVE-2025-6965 - name: Candidate detection for CVE-2025-6965 + id: CVE-2021-25874-CANDIDATE + cve_id: CVE-2021-25874 + name: Candidate detection for CVE-2021-25874 severity: high - cvss: 7.7 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: true - description: There exists a vulnerability in SQLite versions before 3.50.2 where - the number of aggregate terms could exceed the number of columns available. This - could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 - or above. + exploitdb_reference: false + description: AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a + SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated + attacker to retrieve databases information such as application passwords hashes. detection: payload: null verify: null @@ -5897,32 +5245,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-6965 - - https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 - - https://cert-portal.siemens.com/productcert/html/ssa-225816.html - - https://cert-portal.siemens.com/productcert/html/ssa-485750.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-25874 + - https://synacktiv.com + - https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf generated_from: - nvd - - exploit_db - status: candidate executable: false - id: CVE-2025-20272-CANDIDATE - cve_id: CVE-2025-20272 - name: Candidate detection for CVE-2025-20272 + id: CVE-2021-25875-CANDIDATE + cve_id: CVE-2021-25875 + name: Candidate detection for CVE-2021-25875 severity: medium - cvss: 4.3 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure\ - \ and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated,\ - \ low-privileged, remote attacker to conduct a blind SQL injection attack.\r\n\ - \r\nThis vulnerability is due to insufficient validation of user-supplied input.\ - \ An attacker could exploit this vulnerability by sending a crafted request to\ - \ an affected API. A successful exploit could allow the attacker to view data\ - \ in some database tables on an affected device." + description: AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected + Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows + a remote attacker to steal administrators' session cookies or perform actions + as an administrator. detection: payload: null verify: null @@ -5930,26 +5273,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-20272 - - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-piepnm-bsi-25JJqsbb + - https://nvd.nist.gov/vuln/detail/CVE-2021-25875 + - https://synacktiv.com + - https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2025-4878-CANDIDATE - cve_id: CVE-2025-4878 - name: Candidate detection for CVE-2025-4878 - severity: low - cvss: 3.6 + id: CVE-2021-25876-CANDIDATE + cve_id: CVE-2021-25876 + name: Candidate detection for CVE-2021-25876 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability was found in libssh, where an uninitialized variable - exists under certain conditions in the privatekey_from_file() function. This flaw - can be triggered if the file specified by the filename doesn't exist and may lead - to possible signing failures or heap corruption. + description: AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script + Scripting vulnerabilities via the u parameter which allows a remote attacker to + steal administrators' session cookies or perform actions as an administrator. detection: payload: null verify: null @@ -5957,33 +5300,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-4878 - - https://access.redhat.com/errata/RHSA-2026:18683 - - https://access.redhat.com/security/cve/CVE-2025-4878 - - https://bugzilla.redhat.com/show_bug.cgi?id=2376184 - - https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 + - https://nvd.nist.gov/vuln/detail/CVE-2021-25876 + - https://synacktiv.com + - https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2025-6018-CANDIDATE - cve_id: CVE-2025-6018 - name: Candidate detection for CVE-2025-6018 + id: CVE-2021-25877-CANDIDATE + cve_id: CVE-2021-25877 + name: Candidate detection for CVE-2021-25877 severity: high - cvss: 7.8 + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: true - description: A Local Privilege Escalation (LPE) vulnerability has been discovered - in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows - an unprivileged local attacker (for example, a user logged in via SSH) to obtain - the elevated privileges normally reserved for a physically present, "allow_active" - user. The highest risk is that the attacker can then perform all allow_active - yes Polkit actions, which are typically restricted to console users, potentially - gaining unauthorized control over system configurations, services, or other sensitive - operations. + exploitdb_reference: false + description: AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. + An administrator privileged user is able to write files on filesystem using flag + and code variables in file save.php. detection: payload: null verify: null @@ -5991,30 +5327,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-6018 - - https://access.redhat.com/security/cve/CVE-2025-6018 - - https://bugzilla.redhat.com/show_bug.cgi?id=2372693 - - https://bugzilla.suse.com/show_bug.cgi?id=1243226 - - https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt + - https://nvd.nist.gov/vuln/detail/CVE-2021-25877 + - https://synacktiv.com + - https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf generated_from: - nvd - - exploit_db - status: candidate executable: false - id: CVE-2025-8114-CANDIDATE - cve_id: CVE-2025-8114 - name: Candidate detection for CVE-2025-8114 + id: CVE-2021-25878-CANDIDATE + cve_id: CVE-2021-25878 + name: Candidate detection for CVE-2021-25878 severity: medium - cvss: 4.7 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libssh, a library that implements the SSH protocol. - When calculating the session ID during the key exchange (KEX) process, an allocation - failure in cryptographic functions may lead to a NULL pointer dereference. This - issue can cause the client or server to crash. + description: AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected + Cross Script Scripting vulnerabilities via the videoName parameter which allows + a remote attacker to steal administrators' session cookies or perform actions + as an administrator. detection: payload: null verify: null @@ -6022,30 +5355,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-8114 - - https://access.redhat.com/errata/RHSA-2026:18683 - - https://access.redhat.com/security/cve/CVE-2025-8114 - - https://bugzilla.redhat.com/show_bug.cgi?id=2383220 - - https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d + - https://nvd.nist.gov/vuln/detail/CVE-2021-25878 + - https://synacktiv.com + - https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2025-5449-CANDIDATE - cve_id: CVE-2025-5449 - name: Candidate detection for CVE-2025-5449 + id: CVE-2020-27406-CANDIDATE + cve_id: CVE-2020-27406 + name: Candidate detection for CVE-2020-27406 severity: medium - cvss: 6.5 + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the SFTP server message decoding logic of libssh. - The issue occurs due to an incorrect packet length check that allows an integer - overflow when handling large payload sizes on 32-bit systems. This issue leads - to failed memory allocation and causes the server process to crash, resulting - in a denial of service. + description: Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated + attackers to execute arbitrary code via the groupname. detection: payload: null verify: null @@ -6053,27 +5381,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-5449 - - https://access.redhat.com/security/cve/CVE-2025-5449 - - https://bugzilla.redhat.com/show_bug.cgi?id=2369705 - - https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=261612179f740bc62ba363d98b3bd5e5573a811f - - https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=3443aec90188d6aab9282afc80a81df5ab72c4da + - https://nvd.nist.gov/vuln/detail/CVE-2020-27406 + - https://www.exploit-db.com/exploits/48865 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-4056-CANDIDATE - cve_id: CVE-2025-4056 - name: Candidate detection for CVE-2025-4056 - severity: high - cvss: 7.5 + id: CVE-2021-27722-CANDIDATE + cve_id: CVE-2021-27722 + name: Candidate detection for CVE-2021-27722 + severity: medium + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in GLib. A denial of service on Windows platforms - may occur if an application attempts to spawn a program using long command lines. + description: An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program + can be crashed by entering 300 bytes char data into the "Key" or "Name" field + while registering. detection: payload: null verify: null @@ -6081,33 +5407,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-4056 - - https://access.redhat.com/security/cve/CVE-2025-4056 - - https://bugzilla.redhat.com/show_bug.cgi?id=2362826 - - https://gitlab.gnome.org/GNOME/glib/-/issues/3668 + - https://nvd.nist.gov/vuln/detail/CVE-2021-27722 + - https://www.exploit-db.com/exploits/49590 + - https://www.exploit-db.com/exploits/49638 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-8283-CANDIDATE - cve_id: CVE-2025-8283 - name: Candidate detection for CVE-2025-8283 - severity: low - cvss: 3.7 + id: CVE-2021-36697-CANDIDATE + cve_id: CVE-2021-36697 + name: Candidate detection for CVE-2021-36697 + severity: medium + cvss: 6.7 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability was found in the netavark package, a network stack - for containers used with Podman. Due to dns.podman search domain being removed, - netavark may return external servers if a valid A/AAAA record is sent as a response. - When creating a container with a given name, this name will be used as the hostname - for the container itself, as the podman's search domain is not added anymore the - container is using the host's resolv.conf, and the DNS resolver will try to look - into the search domains contained on it. If one of the domains contain a name - with the same hostname as the running container, the connection will forward to - unexpected external servers. + description: With an admin account, the .htaccess file in Artica Pandora FMS <=755 + can be overwritten with the File Manager component. The new .htaccess file contains + a Rewrite Rule with a type definition. A normal PHP file can be uploaded with + this new "file type" and the code can be executed with an HTTP request. detection: payload: null verify: null @@ -6115,29 +5435,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-8283 - - https://access.redhat.com/security/cve/CVE-2025-8283 - - https://bugzilla.redhat.com/show_bug.cgi?id=2383941 - - https://github.com/advisories/GHSA-rpcf-rmh6-42xr - - https://github.com/containers/netavark/releases/tag/v1.15.1 + - https://nvd.nist.gov/vuln/detail/CVE-2021-36697 + - https://k4m1ll0.com/chained_exploit_htaccess.html generated_from: - nvd - status: candidate executable: false - id: CVE-2025-31277-CANDIDATE - cve_id: CVE-2025-31277 - name: Candidate detection for CVE-2025-31277 - severity: high - cvss: 8.8 + id: CVE-2021-36698-CANDIDATE + cve_id: CVE-2021-36698 + name: Candidate detection for CVE-2021-36698 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: - cisa_kev: true + cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, - visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead - to memory corruption. + description: Pandora FMS through 755 allows XSS via a new Event Filter with a crafted + name. detection: payload: null verify: null @@ -6145,31 +5460,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-31277 - - https://support.apple.com/en-us/124147 - - https://support.apple.com/en-us/124149 - - https://support.apple.com/en-us/124152 - - https://support.apple.com/en-us/124153 - - https://www.cisa.gov/known-exploited-vulnerabilities-catalog + - https://nvd.nist.gov/vuln/detail/CVE-2021-36698 + - https://k4m1ll0.com/chained_exploit_htaccess.html generated_from: - nvd - - cisa_kev - status: candidate executable: false - id: CVE-2025-43213-CANDIDATE - cve_id: CVE-2025-43213 - name: Candidate detection for CVE-2025-43213 - severity: medium - cvss: 6.5 + id: CVE-2020-25367-CANDIDATE + cve_id: CVE-2020-25367 + name: Candidate detection for CVE-2020-25367 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, - visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead - to an unexpected Safari crash. + description: A command injection vulnerability was discovered in the HNAP1 protocol + in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute + arbitrary web scripts via shell metacharacters in the Captcha field to Login. detection: payload: null verify: null @@ -6177,29 +5486,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-43213 - - https://support.apple.com/en-us/124147 - - https://support.apple.com/en-us/124149 - - https://support.apple.com/en-us/124152 - - https://support.apple.com/en-us/124153 + - https://nvd.nist.gov/vuln/detail/CVE-2020-25367 + - https://github.com/sek1th/iot/blob/master/dir823g_3.md + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-43214-CANDIDATE - cve_id: CVE-2025-43214 - name: Candidate detection for CVE-2025-43214 - severity: medium - cvss: 6.5 + id: CVE-2020-25366-CANDIDATE + cve_id: CVE-2020-25366 + name: Candidate detection for CVE-2020-25366 + severity: critical + cvss: 9.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, - visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead - to an unexpected Safari crash. + description: An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G + REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified + vectors. detection: payload: null verify: null @@ -6207,29 +5513,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-43214 - - https://support.apple.com/en-us/124147 - - https://support.apple.com/en-us/124149 - - https://support.apple.com/en-us/124152 - - https://support.apple.com/en-us/124153 + - https://nvd.nist.gov/vuln/detail/CVE-2020-25366 + - https://github.com/sek1th/iot/blob/master/dir823g_upfw_dos.md + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2023-2593-CANDIDATE - cve_id: CVE-2023-2593 - name: Candidate detection for CVE-2023-2593 - severity: medium - cvss: 5.9 + id: CVE-2020-25368-CANDIDATE + cve_id: CVE-2020-25368 + name: Candidate detection for CVE-2020-25368 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw exists within the Linux kernel's handling of new TCP connections. - The issue results from the lack of memory release after its effective lifetime. - This vulnerability allows an unauthenticated attacker to create a denial of service - condition on the system. + description: A command injection vulnerability was discovered in the HNAP1 protocol + in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute + arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login. detection: payload: null verify: null @@ -6237,30 +5540,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2023-2593 - - https://access.redhat.com/security/cve/CVE-2023-2593 - - https://bugzilla.redhat.com/show_bug.cgi?id=2384787 - - https://lore.kernel.org/lkml/CAH2r5msyEy20e=FBx6wPWWc3kXzNR4b+zHshSqidRdFKVf_7Jg@mail.gmail.com/ + - https://nvd.nist.gov/vuln/detail/CVE-2020-25368 + - https://github.com/sek1th/iot/blob/master/dir-823g_2.md + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2023-32251-CANDIDATE - cve_id: CVE-2023-32251 - name: Candidate detection for CVE-2023-32251 - severity: low - cvss: 3.7 + id: CVE-2021-42237-CANDIDATE + cve_id: CVE-2021-42237 + name: Candidate detection for CVE-2021-42237 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: - cisa_kev: false + cisa_kev: true exploitdb_reference: false - description: A vulnerability has been identified in the Linux kernel's ksmbd component - (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, - which introduces a 5-second delay during session setup, can be bypassed through - the use of asynchronous requests. This bypass negates the intended anti-brute-force - protection, potentially allowing attackers to conduct dictionary attacks more - efficiently against user credentials or other authentication mechanisms. + description: Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable + to an insecure deserialization attack where it is possible to achieve remote command + execution on the machine. No authentication or special configuration is required + to exploit this vulnerability. detection: payload: null verify: null @@ -6268,28 +5568,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2023-32251 - - https://access.redhat.com/security/cve/CVE-2023-32251 - - https://bugzilla.redhat.com/show_bug.cgi?id=2385852 - - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b096d97f47326b1e2dbdef1c91fab69ffda54d17 - - https://www.zerodayinitiative.com/advisories/ZDI-23-699/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-42237 + - https://blog.assetnote.io/2021/11/02/sitecore-rce/ + - https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776 + - https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42237 + - https://www.cisa.gov/known-exploited-vulnerabilities-catalog generated_from: - nvd + - cisa_kev - status: candidate executable: false - id: CVE-2023-32256-CANDIDATE - cve_id: CVE-2023-32256 - name: Candidate detection for CVE-2023-32256 - severity: high - cvss: 7.5 + id: CVE-2021-3380-CANDIDATE + cve_id: CVE-2021-3380 + name: Candidate detection for CVE-2021-3380 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the Linux kernel's ksmbd component. A race condition - between smb2 close operation and logoff in multichannel connections could result - in a use-after-free issue. + description: Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS + allows attackers to disclose sensitive information via the Print Invoice Functionality. detection: payload: null verify: null @@ -6297,28 +5597,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2023-32256 - - https://access.redhat.com/security/cve/CVE-2023-32256 - - https://bugzilla.redhat.com/show_bug.cgi?id=2385885 - - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=abcc506a9a71976a8b4c9bf3ee6efd13229c1e19 - - https://www.zerodayinitiative.com/advisories/ZDI-23-704/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-3380 + - https://www.exploit-db.com/exploits/49508 generated_from: - nvd - status: candidate executable: false - id: CVE-2023-32253-CANDIDATE - cve_id: CVE-2023-32253 - name: Candidate detection for CVE-2023-32253 - severity: medium - cvss: 5.9 + id: CVE-2021-41653-CANDIDATE + cve_id: CVE-2021-41653 + name: Candidate detection for CVE-2021-41653 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the Linux kernel's ksmbd component. A deadlock - is triggered by sending multiple concurrent session setup requests, possibly leading - to a denial of service. + description: The PING function on the TP-Link TL-WR840N EU v5 router with firmware + through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted + payload in an IP address input field. detection: payload: null verify: null @@ -6326,26 +5623,30 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2023-32253 - - https://access.redhat.com/security/cve/CVE-2023-32253 - - https://bugzilla.redhat.com/show_bug.cgi?id=2385886 + - https://nvd.nist.gov/vuln/detail/CVE-2021-41653 + - https://k4m1ll0.com/cve-2021-41653.html + - https://www.tp-link.com/us/press/security-advisory/ generated_from: - nvd - status: candidate executable: false - id: CVE-2023-32255-CANDIDATE - cve_id: CVE-2023-32255 - name: Candidate detection for CVE-2023-32255 - severity: medium - cvss: 5.3 + id: CVE-2021-41435-CANDIDATE + cve_id: CVE-2021-41435 + name: Candidate detection for CVE-2021-41435 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the Linux kernel's ksmbd component. A memory leak - can occur if a client sends a session setup request with an unknown NTLMSSP message - type, potentially leading to resource exhaustion. + description: A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture + GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U + GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, + RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, + ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, + allows a remote attacker to attempt any number of login attempts via sending a + specific HTTP request. detection: payload: null verify: null @@ -6353,37 +5654,32 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2023-32255 - - https://access.redhat.com/security/cve/CVE-2023-32255 - - https://bugzilla.redhat.com/show_bug.cgi?id=2385884 - - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d7cb549c2ca20e1f07593f15e936fd54b763028 - - https://www.zerodayinitiative.com/advisories/ZDI-23-703/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-41435 + - https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios + - https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/ + - https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/ + - https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-7195-CANDIDATE - cve_id: CVE-2025-7195 - name: Candidate detection for CVE-2025-7195 - severity: medium - cvss: 6.4 + id: CVE-2021-41436-CANDIDATE + cve_id: CVE-2021-41436 + name: Candidate detection for CVE-2021-41436 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Early versions of Operator-SDK provided an insecure method to allow\ - \ operator containers to run in environments that used a random UID. Operator-SDK\ - \ before 0.15.2 provided a script, user_setup, which modifies the permissions\ - \ of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK\ - \ before 0.15.2 to scaffold their operator may still be impacted by this if the\ - \ insecure user_setup script is still being used to build new container images.\ - \ \n\nIn affected images, the /etc/passwd file is created during build time with\ - \ group-writable permissions and a group ownership of root (gid=0). An attacker\ - \ who can execute commands within an affected container, even as a non-root user,\ - \ may be able to leverage their membership in the root group to modify the /etc/passwd\ - \ file. This could allow the attacker to add a new user with any arbitrary UID,\ - \ including UID 0, leading to full root privileges within the container." + description: An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, + RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM + EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, + RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, + ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, + allows a remote unauthenticated attacker to DoS via sending a specially crafted + HTTP packet. detection: payload: null verify: null @@ -6391,33 +5687,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-7195 - - https://access.redhat.com/errata/RHEA-2025:23406 - - https://access.redhat.com/errata/RHEA-2025:23478 - - https://access.redhat.com/errata/RHEA-2026:0129 - - https://access.redhat.com/errata/RHSA-2025:19332 + - https://nvd.nist.gov/vuln/detail/CVE-2021-41436 + - https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios + - https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/ + - https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/ + - https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-8732-CANDIDATE - cve_id: CVE-2025-8732 - name: Candidate detection for CVE-2025-8732 - severity: low - cvss: 3.3 + id: CVE-2021-43687-CANDIDATE + cve_id: CVE-2021-43687 + name: Candidate detection for CVE-2021-43687 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability was found in libxml2 up to 2.14.5. It has been declared - as problematic. This vulnerability affects the function xmlParseSGMLCatalog of - the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking - locally is a requirement. The exploit has been disclosed to the public and may - be used. The real existence of this vulnerability is still doubted at the moment. - The code maintainer explains, that "[t]he issue can only be triggered with untrusted - SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also - doubt that anyone is still using SGML catalogs at all." + description: chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability + in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the + cookie. detection: payload: null verify: null @@ -6425,32 +5716,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-8732 - - https://drive.google.com/file/d/1woIeYVcSQB_NwfEhaVnX6MedpWJ_nqWl/view?usp=drive_link - - https://gitlab.gnome.org/GNOME/libxml2/-/issues/958 - - https://gitlab.gnome.org/GNOME/libxml2/-/issues/958#note_2505853 - - https://vuldb.com/?ctiid.319228 + - https://nvd.nist.gov/vuln/detail/CVE-2021-43687 + - https://github.com/chamilo/chamilo-lms/blob/v1.11.14/plugin/jcapture/applet.php + - https://github.com/chamilo/chamilo-lms/tree/v1.11.14 + - https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-92-2021-11-12-Low-impact-Low-risk-XSS-Vulnerability-in-jCapture-plugin-CVE-2021-43687 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-4877-CANDIDATE - cve_id: CVE-2025-4877 - name: Candidate detection for CVE-2025-4877 + id: CVE-2020-27413-CANDIDATE + cve_id: CVE-2020-27413 + name: Candidate detection for CVE-2020-27413 severity: medium - cvss: 4.5 + cvss: 4.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'There''s a vulnerability in the libssh package where when a libssh - consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() - function. In such cases the bin_to_base64() function can experience an integer - overflow leading to a memory under allocation, when that happens it''s possible - that the program perform out of bounds write leading to a heap corruption. - - This issue affects only 32-bits builds of libssh.' + description: An issue was discovered in Mahavitaran android application 7.50 and + below, allows local attackers to read cleartext username and password while the + user is logged into the application. detection: payload: null verify: null @@ -6458,35 +5744,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-4877 - - https://access.redhat.com/errata/RHSA-2026:18683 - - https://access.redhat.com/security/cve/CVE-2025-4877 - - https://bugzilla.redhat.com/show_bug.cgi?id=2376193 - - https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d + - https://nvd.nist.gov/vuln/detail/CVE-2020-27413 + - https://cvewalkthrough.com/cve-2020-27413-mahavitaran-android-application-clear-text-password-storage/ + - https://play.google.com/store/apps/details?id=com.msedcl.app&utm_source=APKdownloadMirror.com generated_from: - nvd - status: candidate executable: false - id: CVE-2025-8067-CANDIDATE - cve_id: CVE-2025-8067 - name: Candidate detection for CVE-2025-8067 - severity: high - cvss: 8.5 + id: CVE-2020-19611-CANDIDATE + cve_id: CVE-2020-19611 + name: Candidate detection for CVE-2020-19611 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the Udisks daemon, where it allows unprivileged - users to create loop devices using the D-BUS system. This is achieved via the - loop device handler, which handles requests sent through the D-BUS interface. - As two of the parameters of this handle, it receives the file descriptor list - and index specifying the file where the loop device should be backed. The function - itself validates the index value to ensure it isn't bigger than the maximum value - allowed. However, it fails to validate the lower bound, allowing the index parameter - to be a negative value. Under these circumstances, an attacker can cause the UDisks - daemon to crash or perform a local privilege escalation by gaining access to files - owned by privileged users. + description: Cross Site Scripting (XSS) in redirect module of Racktables version + 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter. detection: payload: null verify: null @@ -6494,31 +5770,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-8067 - - https://access.redhat.com/errata/RHSA-2025:15017 - - https://access.redhat.com/errata/RHSA-2025:15018 - - https://access.redhat.com/errata/RHSA-2025:15020 - - https://access.redhat.com/errata/RHSA-2025:15956 + - https://nvd.nist.gov/vuln/detail/CVE-2020-19611 + - https://github.com/RackTables/racktables/commit/2ce35adeaa47f60dc51875b2339725db3b23e827 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-9784-CANDIDATE - cve_id: CVE-2025-9784 - name: Candidate detection for CVE-2025-9784 - severity: high - cvss: 7.5 + id: CVE-2021-41716-CANDIDATE + cve_id: CVE-2021-41716 + name: Candidate detection for CVE-2021-41716 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Undertow where malformed client requests can trigger - server-side stream resets without triggering abuse counters. This issue, referred - to as the "MadeYouReset" attack, allows malicious clients to induce excessive - server workload by repeatedly causing server-side stream aborts. While not a protocol - bug, this highlights a common implementation weakness that can be exploited to - cause a denial of service (DoS). + description: Maharashtra State Electricity Board Mahavitara Android Application + 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability + in password rest function detection: payload: null verify: null @@ -6526,32 +5796,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-9784 - - https://access.redhat.com/errata/RHSA-2025:23143 - - https://access.redhat.com/errata/RHSA-2026:0383 - - https://access.redhat.com/errata/RHSA-2026:0384 - - https://access.redhat.com/errata/RHSA-2026:0386 + - https://nvd.nist.gov/vuln/detail/CVE-2021-41716 + - https://cvewalkthrough.com/cve-2021-41716-mahavitaran-android-application-account-take-over-via-otp-fixation/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-9901-CANDIDATE - cve_id: CVE-2025-9901 - name: Candidate detection for CVE-2025-9901 - severity: medium - cvss: 5.9 + id: CVE-2021-41450-CANDIDATE + cve_id: CVE-2021-41450 + name: Candidate detection for CVE-2021-41450 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A flaw was found in libsoup\u2019s caching mechanism, SoupCache, where\ - \ the HTTP Vary header is ignored when evaluating cached responses. This header\ - \ ensures that responses vary appropriately based on request headers such as language\ - \ or authentication. Without this check, cached content can be incorrectly reused\ - \ across different requests, potentially exposing sensitive user information.\ - \ While the issue is unlikely to affect everyday desktop use, it could result\ - \ in confidentiality breaches in proxy or multi-user environments." + description: An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 + allows a remote unauthenticated attacker to DoS the web application via sending + a specific HTTP packet. detection: payload: null verify: null @@ -6559,36 +5822,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-9901 - - https://access.redhat.com/security/cve/CVE-2025-9901 - - https://bugzilla.redhat.com/show_bug.cgi?id=2392790 - - https://gitlab.gnome.org/GNOME/libsoup/-/issues/453 + - https://nvd.nist.gov/vuln/detail/CVE-2021-41450 + - https://www.tp-link.com/us/support/download/archer-ax10/v1/#Firmware generated_from: - nvd - status: candidate executable: false - id: CVE-2025-9566-CANDIDATE - cve_id: CVE-2025-9566 - name: Candidate detection for CVE-2025-9566 + id: CVE-2021-41449-CANDIDATE + cve_id: CVE-2021-41449 + name: Candidate detection for CVE-2021-41449 severity: high - cvss: 8.1 + cvss: 7.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'There''s a vulnerability in podman where an attacker may use the kube - play command to overwrite host files when the kube file container a Secrete or - a ConfigMap volume mount and such volume contains a symbolic link to a host file - path. In a successful attack, the attacker can only control the target file to - be overwritten but not the content to be written into the file. - - - Binary-Affected: podman - - Upstream-version-introduced: v4.0.0 - - Upstream-version-fixed: v5.6.1' + description: A path traversal attack in web interfaces of Netgear RAX35, RAX38, + and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker + to gain access to sensitive restricted information, such as forbidden files of + the web application, via sending a specially crafted HTTP packet. detection: payload: null verify: null @@ -6596,30 +5849,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-9566 - - https://access.redhat.com/errata/RHBA-2025:15692 - - https://access.redhat.com/errata/RHBA-2025:15712 - - https://access.redhat.com/errata/RHBA-2025:16158 - - https://access.redhat.com/errata/RHBA-2025:16163 + - https://nvd.nist.gov/vuln/detail/CVE-2021-41449 + - https://kb.netgear.com/000064405/Security-Advisory-for-Path-Traversal-on-Some-Routers-PSV-2021-0268 + - https://www.netgear.com/about/security/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-8277-CANDIDATE - cve_id: CVE-2025-8277 - name: Candidate detection for CVE-2025-8277 - severity: low - cvss: 3.1 + id: CVE-2018-10228-CANDIDATE + cve_id: CVE-2018-10228 + name: Candidate detection for CVE-2018-10228 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libssh's handling of key exchange (KEX) processes - when a client repeatedly sends incorrect KEX guesses. The library fails to free - memory during these rekey operations, which can gradually exhaust system memory. - This issue can lead to crashes on the client side, particularly when using libgcrypt, - which impacts application stability and availability. + description: Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php + in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script + or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges + URI. detection: payload: null verify: null @@ -6627,29 +5877,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-8277 - - https://access.redhat.com/errata/RHSA-2026:18683 - - https://access.redhat.com/security/cve/CVE-2025-8277 - - https://bugzilla.redhat.com/show_bug.cgi?id=2383888 - - https://www.libssh.org/security/advisories/CVE-2025-8277.txt + - https://nvd.nist.gov/vuln/detail/CVE-2018-10228 + - https://github.com/LimeSurvey/LimeSurvey/blob/d0e0c94042fdb5119c9247dc2d57685334492e71/application/controllers/admin/themes.php#L644-L654 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-4953-CANDIDATE - cve_id: CVE-2025-4953 - name: Candidate detection for CVE-2025-4953 - severity: high - cvss: 7.4 + id: CVE-2021-26787-CANDIDATE + cve_id: CVE-2021-26787 + name: Candidate detection for CVE-2021-26787 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Podman. In a Containerfile or Podman, data written - to RUN --mount=type=bind mounts during the podman build is not discarded. This - issue can lead to files created within the container appearing in the temporary - build context directory on the host, leaving the created files accessible. + description: A cross site scripting (XSS) vulnerability in Genesys Workforce Management + 8.5.214.20 can occur (during record deletion) via the Time-off parameter. detection: payload: null verify: null @@ -6657,32 +5902,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-4953 - - https://access.redhat.com/errata/RHSA-2024:8690 - - https://access.redhat.com/errata/RHSA-2025:15904 - - https://access.redhat.com/errata/RHSA-2025:16724 - - https://access.redhat.com/errata/RHSA-2025:16729 + - https://nvd.nist.gov/vuln/detail/CVE-2021-26787 + - https://medium.com/@reliable_lait_mouse_975/cross-site-scripting-vulnerability-within-genesys-workforce-management-version-8-5-214-20-a68500cf5e18 + - https://medium.com/%40reliable_lait_mouse_975/cross-site-scripting-vulnerability-within-genesys-workforce-management-version-8-5-214-20-a68500cf5e18 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-5962-CANDIDATE - cve_id: CVE-2025-5962 - name: Candidate detection for CVE-2025-5962 - severity: high - cvss: 7.7 + id: CVE-2021-36450-CANDIDATE + cve_id: CVE-2021-36450 + name: Candidate detection for CVE-2021-36450 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the Lightspeed history service. Insufficient access - controls allow a local, unprivileged user to access and manipulate the chat history - of another user on the same system. By abusing inter-process communication calls - to the history service, an attacker can view, delete, or inject arbitrary history - entries, including misleading or malicious commands. This can be used to deceive - another user into executing harmful actions, posing a risk of privilege misuse - or unauthorized command execution through social engineering. + description: Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the + control/my_notifications NEWUINAV parameter. detection: payload: null verify: null @@ -6690,35 +5928,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-5962 - - https://access.redhat.com/errata/RHSA-2025:16345 - - https://access.redhat.com/errata/RHSA-2025:16346 - - https://access.redhat.com/security/cve/CVE-2025-5962 - - https://bugzilla.redhat.com/show_bug.cgi?id=2371363 + - https://nvd.nist.gov/vuln/detail/CVE-2021-36450 + - https://medium.com/@1nf0sk/cve-2021-36450-cross-site-scripting-xss-6f5d8d7db740 + - https://sushantvkamble.blogspot.com/2021/11/cross-site-scripting-xss.html + - https://medium.com/%401nf0sk/cve-2021-36450-cross-site-scripting-xss-6f5d8d7db740 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-9900-CANDIDATE - cve_id: CVE-2025-9900 - name: Candidate detection for CVE-2025-9900 - severity: high - cvss: 8.8 + id: CVE-2021-42216-CANDIDATE + cve_id: CVE-2021-42216 + name: Candidate detection for CVE-2021-42216 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'A flaw was found in Libtiff. This vulnerability is a "write-what-where" - condition, triggered when the library processes a specially crafted TIFF image - file. - - - By providing an abnormally large image height value in the file''s metadata, an - attacker can trick the library into writing attacker-controlled color data to - an arbitrary memory location. This memory corruption can be exploited to cause - a denial of service (application crash) or to achieve arbitrary code execution - with the permissions of the user.' + description: A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 + via VerificationController.php. detection: payload: null verify: null @@ -6726,27 +5955,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-9900 - - https://access.redhat.com/errata/RHSA-2025:17651 - - https://access.redhat.com/errata/RHSA-2025:17675 - - https://access.redhat.com/errata/RHSA-2025:17710 - - https://access.redhat.com/errata/RHSA-2025:17738 + - https://nvd.nist.gov/vuln/detail/CVE-2021-42216 + - https://github.com/anonaddy/anonaddy/blob/0478d9e8d364787f203113544123048a41f022c0/app/Http/Controllers/Auth/VerificationController.php#L67 + - https://huntr.dev/bounties/419f4e8a-ee15-4f80-bcbf-5c83513515dd generated_from: - nvd - status: candidate executable: false - id: CVE-2025-10911-CANDIDATE - cve_id: CVE-2025-10911 - name: Candidate detection for CVE-2025-10911 - severity: medium - cvss: 5.5 + id: CVE-2021-42912-CANDIDATE + cve_id: CVE-2021-42912 + name: Candidate detection for CVE-2021-42912 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A use-after-free vulnerability was found in libxslt while parsing xsl - nodes that may lead to the dereference of expired pointers and application crash. + description: FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command + injection vulnerability. This vulnerability allows the attacker, once logged in, + to send commands to the operating system as the root user via the ping diagnostic + tool, bypassing the IP address field, and concatenating OS commands with a semicolon. detection: payload: null verify: null @@ -6754,27 +5983,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-10911 - - https://access.redhat.com/errata/RHSA-2026:11015 - - https://access.redhat.com/errata/RHSA-2026:26355 - - https://access.redhat.com/errata/RHSA-2026:28243 - - https://access.redhat.com/errata/RHSA-2026:28584 + - https://nvd.nist.gov/vuln/detail/CVE-2021-42912 + - https://medium.com/@windsormoreira/fiberhome-an5506-os-command-injection-cve-2021-42912-10b64fd10ce2 + - https://medium.com/%40windsormoreira/fiberhome-an5506-os-command-injection-cve-2021-42912-10b64fd10ce2 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-60018-CANDIDATE - cve_id: CVE-2025-60018 - name: Candidate detection for CVE-2025-60018 - severity: medium - cvss: 4.8 + id: CVE-2021-41451-CANDIDATE + cve_id: CVE-2021-41451 + name: Candidate detection for CVE-2021-41451 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: glib-networking's OpenSSL backend fails to properly check the return - value of a call to BIO_write(), resulting in an out of bounds read. + description: A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in + TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send + a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, + potentially leading into a cache poisoning attack. detection: payload: null verify: null @@ -6782,27 +6011,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-60018 - - https://access.redhat.com/security/cve/CVE-2025-60018 - - https://bugzilla.redhat.com/show_bug.cgi?id=2398135 - - https://gitlab.gnome.org/GNOME/glib-networking/-/issues/226 + - https://nvd.nist.gov/vuln/detail/CVE-2021-41451 + - https://www.tp-link.com/us/support/download/archer-ax10/v1/#Firmware generated_from: - nvd - status: candidate executable: false - id: CVE-2025-60019-CANDIDATE - cve_id: CVE-2025-60019 - name: Candidate detection for CVE-2025-60019 - severity: low - cvss: 3.7 + id: CVE-2021-45418-CANDIDATE + cve_id: CVE-2021-45418 + name: Candidate detection for CVE-2021-45418 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: glib-networking's OpenSSL backend fails to properly check the return - value of memory allocation routines. An out of memory condition could potentially - result in writing to an invalid memory location. + description: 'Certain Starcharge products are vulnerable to Directory Traversal + via main.cgi. The affected products include: Nova 360 Cabinet <=1.3.0.0.6 - Fixed: + 1.3.0.0.9 and Titan 180 Premium <=1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0.' detection: payload: null verify: null @@ -6810,30 +6037,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-60019 - - https://access.redhat.com/security/cve/CVE-2025-60019 - - https://bugzilla.redhat.com/show_bug.cgi?id=2398140 - - https://gitlab.gnome.org/GNOME/glib-networking/-/issues/227 + - https://nvd.nist.gov/vuln/detail/CVE-2021-45418 + - https://github.com/shortmore/trsh/blob/main/starcharge/CVE-2021-45418.md + - https://vincss.net generated_from: - nvd - status: candidate executable: false - id: CVE-2025-11021-CANDIDATE - cve_id: CVE-2025-11021 - name: Candidate detection for CVE-2025-11021 + id: CVE-2021-45419-CANDIDATE + cve_id: CVE-2021-45419 + name: Candidate detection for CVE-2021-45419 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the cookie date handling logic of the libsoup HTTP - library, widely used by GNOME and other applications for web communication. When - processing cookies with specially crafted expiration dates, the library may perform - an out-of-bounds memory read. This flaw could result in unintended disclosure - of memory contents, potentially exposing sensitive information from the process - using libsoup. + description: 'Certain Starcharge products are affected by Improper Input Validation. + The affected products include: Nova 360 Cabinet <= 1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0 + and Titan 180 Premium <= 1.3.0.0.6 - Fixed: 1.3.0.0.9.' detection: payload: null verify: null @@ -6841,34 +6064,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-11021 - - https://access.redhat.com/errata/RHSA-2025:18183 - - https://access.redhat.com/errata/RHSA-2025:19713 - - https://access.redhat.com/errata/RHSA-2025:19714 - - https://access.redhat.com/errata/RHSA-2025:20959 + - https://nvd.nist.gov/vuln/detail/CVE-2021-45419 + - https://github.com/shortmore/trsh/blob/main/starcharge/CVE-2021-45419.md + - https://vincss.net generated_from: - nvd - status: candidate executable: false - id: CVE-2025-11226-CANDIDATE - cve_id: CVE-2025-11226 - name: Candidate detection for CVE-2025-11226 - severity: unknown - cvss: 0.0 + id: CVE-2020-20425-CANDIDATE + cve_id: CVE-2020-20425 + name: Candidate detection for CVE-2020-20425 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "ACE vulnerability in conditional configuration file processing by\ - \ QOS.CH logback-core up to and including version 1.5.18 in Java applications,\ - \ allows an attacker to execute arbitrary code by compromising an existing logback\ - \ configuration file or by injecting an environment variable before program execution.\n\ - \n\n\nA successful attack requires the presence of Janino library and Spring Framework\ - \ to be present on the user's class path. In addition, the attacker must\_ have\ - \ write access to a \nconfiguration file. Alternatively, the attacker could inject\ - \ a malicious \nenvironment variable pointing to a malicious configuration file.\ - \ In both \ncases, the attack requires existing privilege." + description: S-CMS Government Station Building System v5.0 contains a cross-site + scripting (XSS) vulnerability in the search function. detection: payload: null verify: null @@ -6876,29 +6090,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-11226 - - https://logback.qos.ch/news.html#1.3.16 - - https://logback.qos.ch/news.html#1.5.19 + - https://nvd.nist.gov/vuln/detail/CVE-2020-20425 + - https://github.com/Sea0o/vulnerability/issues/1 + - https://www.s-cms.cn/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-11731-CANDIDATE - cve_id: CVE-2025-11731 - name: Candidate detection for CVE-2025-11731 - severity: low - cvss: 3.1 + id: CVE-2020-20426-CANDIDATE + cve_id: CVE-2020-20426 + name: Candidate detection for CVE-2020-20426 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the exsltFuncResultComp() function of libxslt, - which handles EXSLT elements during stylesheet parsing. Due to improper - type handling, the function may treat an XML document node as a regular XML element - node, resulting in a type confusion. This can cause unexpected memory reads and - potential crashes. While difficult to exploit, the flaw could lead to application - instability or denial of service. + description: S-CMS Government Station Building System v5.0 contains a cross-site + scripting (XSS) vulnerability in /function/booksave.php. detection: payload: null verify: null @@ -6906,29 +6116,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-11731 - - https://access.redhat.com/errata/RHSA-2026:11015 - - https://access.redhat.com/security/cve/CVE-2025-11731 - - https://bugzilla.redhat.com/show_bug.cgi?id=2403688 - - https://gitlab.gnome.org/GNOME/libxslt/-/issues/151 + - https://nvd.nist.gov/vuln/detail/CVE-2020-20426 + - https://github.com/Sea0o/vulnerability/issues/2 + - https://www.s-cms.cn/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-9640-CANDIDATE - cve_id: CVE-2025-9640 - name: Candidate detection for CVE-2025-9640 + id: CVE-2021-44674-CANDIDATE + cve_id: CVE-2021-44674 + name: Candidate detection for CVE-2021-44674 severity: medium - cvss: 4.3 + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized - heap memory could be written into alternate data streams. This allows an authenticated - user to read residual memory content that may include sensitive data, resulting - in an information disclosure vulnerability. + description: An information exposure issue has been discovered in Opmantek Open-AudIT + 4.2.0. The vulnerability allows an authenticated attacker to read file outside + of the restricted directory. detection: payload: null verify: null @@ -6936,32 +6143,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-9640 - - https://access.redhat.com/security/cve/CVE-2025-9640 - - https://bugzilla.redhat.com/show_bug.cgi?id=2391698 - - https://www.samba.org/samba/history/security.html - - https://lists.debian.org/debian-lts-announce/2025/11/msg00027.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-44674 + - https://community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v4.3.0 + - https://github.com/Opmantek/open-audit/commit/d27b649283aa6a01a15e5a3df1520d7aa69a5e18 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-11568-CANDIDATE - cve_id: CVE-2025-11568 - name: Candidate detection for CVE-2025-11568 + id: CVE-2021-43677-CANDIDATE + cve_id: CVE-2021-43677 + name: Candidate detection for CVE-2021-43677 severity: medium - cvss: 4.4 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A data corruption vulnerability has been identified in the luksmeta - utility when used with the LUKS1 disk encryption format. An attacker with the - necessary permissions can exploit this flaw by writing a large amount of metadata - to an encrypted device. The utility fails to correctly validate the available - space, causing the metadata to overwrite and corrupt the user's encrypted data. - This action leads to a permanent loss of the stored information. Devices using - the LUKS formats other than LUKS1 are not affected by this issue. + description: Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerability. detection: payload: null verify: null @@ -6969,32 +6168,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-11568 - - https://access.redhat.com/errata/RHSA-2025:23086 - - https://access.redhat.com/errata/RHSA-2026:18421 - - https://access.redhat.com/errata/RHSA-2026:18824 - - https://access.redhat.com/security/cve/CVE-2025-11568 + - https://nvd.nist.gov/vuln/detail/CVE-2021-43677 + - https://github.com/fluxbb/fluxbb generated_from: - nvd - status: candidate executable: false - id: CVE-2025-12105-CANDIDATE - cve_id: CVE-2025-12105 - name: Candidate detection for CVE-2025-12105 + id: CVE-2021-45806-CANDIDATE + cve_id: CVE-2021-45806 + name: Candidate detection for CVE-2021-45806 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the asynchronous message queue handling of the - libsoup library, widely used by GNOME and WebKit-based applications to manage - HTTP/2 communications. When network operations are aborted at specific timing - intervals, an internal message queue item may be freed twice due to missing state - synchronization. This leads to a use-after-free memory access, potentially crashing - the affected application. Attackers could exploit this behavior remotely by triggering - specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition. + description: jpress v4.2.0 admin panel provides a function through which attackers + can modify the template and inject some malicious code. detection: payload: null verify: null @@ -7002,30 +6193,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-12105 - - https://access.redhat.com/errata/RHSA-2025:23139 - - https://access.redhat.com/errata/RHSA-2025:23437 - - https://access.redhat.com/security/cve/CVE-2025-12105 - - https://bugzilla.redhat.com/show_bug.cgi?id=2405992 + - https://nvd.nist.gov/vuln/detail/CVE-2021-45806 + - https://github.com/JPressProjects/jpress + - https://github.com/JPressProjects/jpress/issues/166 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-62231-CANDIDATE - cve_id: CVE-2025-62231 - name: Candidate detection for CVE-2025-62231 - severity: high - cvss: 7.3 + id: CVE-2021-45422-CANDIDATE + cve_id: CVE-2021-45422 + name: Candidate detection for CVE-2021-45422 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A flaw was identified in the X.Org X server\u2019s X Keyboard (Xkb)\ - \ extension where improper bounds checking in the XkbSetCompatMap() function can\ - \ cause an unsigned short overflow. If an attacker sends specially crafted input\ - \ data, the value calculation may overflow, leading to memory corruption or a\ - \ crash." + description: Reprise License Manager 14.2 is affected by a reflected cross-site + scripting vulnerability in the /goform/activate_process "count" parameter via + GET. No authentication is required. detection: payload: null verify: null @@ -7033,30 +6220,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-62231 - - https://access.redhat.com/errata/RHSA-2025:19432 - - https://access.redhat.com/errata/RHSA-2025:19433 - - https://access.redhat.com/errata/RHSA-2025:19434 - - https://access.redhat.com/errata/RHSA-2025:19435 + - https://nvd.nist.gov/vuln/detail/CVE-2021-45422 + - https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2021-45422/RLM%2014.2%20Cross%20Site%20Scripting.txt + - https://seclists.org/fulldisclosure/2022/Jan/31 + - https://www.getinfosec.news/13202933/reprise-license-manager-142-reflected-cross-site-scripting#/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-62230-CANDIDATE - cve_id: CVE-2025-62230 - name: Candidate detection for CVE-2025-62230 - severity: high - cvss: 7.3 + id: CVE-2021-45807-CANDIDATE + cve_id: CVE-2021-45807 + name: Candidate detection for CVE-2021-45807 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A flaw was discovered in the X.Org X server\u2019s X Keyboard (Xkb)\ - \ extension when handling client resource cleanup. The software frees certain\ - \ data structures without properly detaching related resources, leading to a use-after-free\ - \ condition. This can cause memory corruption or a crash when affected clients\ - \ disconnect." + description: jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall. detection: payload: null verify: null @@ -7064,32 +6246,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-62230 - - https://access.redhat.com/errata/RHSA-2025:19432 - - https://access.redhat.com/errata/RHSA-2025:19433 - - https://access.redhat.com/errata/RHSA-2025:19434 - - https://access.redhat.com/errata/RHSA-2025:19435 + - https://nvd.nist.gov/vuln/detail/CVE-2021-45807 + - https://github.com/JPressProjects/jpress + - https://github.com/JPressProjects/jpress/issues/167 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-12464-CANDIDATE - cve_id: CVE-2025-12464 - name: Candidate detection for CVE-2025-12464 - severity: medium - cvss: 6.2 + id: CVE-2021-45808-CANDIDATE + cve_id: CVE-2021-45808 + name: Candidate detection for CVE-2021-45808 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A stack-based buffer overflow was found in the QEMU e1000 network device. - The code for padding short frames was dropped from individual network devices - and moved to the net core code. The issue stems from the device's receive code - still being able to process a short frame in loopback mode. This could lead to - a buffer overrun in the e1000_receive_iov() function via the loopback code path. - A malicious guest user could use this vulnerability to crash the QEMU process - on the host, resulting in a denial of service. + description: jpress v4.2.0 allows users to register an account by default. With + the account, user can upload arbitrary files to the server. detection: payload: null verify: null @@ -7097,28 +6272,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-12464 - - https://access.redhat.com/security/cve/CVE-2025-12464 - - https://bugzilla.redhat.com/show_bug.cgi?id=2408845 - - https://gitlab.com/qemu-project/qemu/-/issues/3043 + - https://nvd.nist.gov/vuln/detail/CVE-2021-45808 + - https://github.com/JPressProjects/jpress + - https://github.com/JPressProjects/jpress/issues/173 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-43433-CANDIDATE - cve_id: CVE-2025-43433 - name: Candidate detection for CVE-2025-43433 + id: CVE-2021-46117-CANDIDATE + cve_id: CVE-2021-46117 + name: Candidate detection for CVE-2021-46117 severity: high - cvss: 8.8 + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, - macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously - crafted web content may lead to memory corruption. + description: jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. + The admin panel provides a function through which attackers can edit the email + templates and inject some malicious code. detection: payload: null verify: null @@ -7126,29 +6299,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-43433 - - https://support.apple.com/en-us/125632 - - https://support.apple.com/en-us/125633 - - https://support.apple.com/en-us/125634 - - https://support.apple.com/en-us/125637 + - https://nvd.nist.gov/vuln/detail/CVE-2021-46117 + - https://github.com/JPressProjects/jpress + - https://github.com/JPressProjects/jpress/issues/171 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-43438-CANDIDATE - cve_id: CVE-2025-43438 - name: Candidate detection for CVE-2025-43438 - severity: medium - cvss: 4.3 + id: CVE-2021-46115-CANDIDATE + cve_id: CVE-2021-46115 + name: Candidate detection for CVE-2021-46115 + severity: high + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A use-after-free issue was addressed with improved memory management. - This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and - iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously - crafted web content may lead to an unexpected Safari crash. + description: jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. + The admin panel provides a function through which attackers can upload templates + and inject some malicious code. detection: payload: null verify: null @@ -7156,29 +6326,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-43438 - - https://support.apple.com/en-us/125632 - - https://support.apple.com/en-us/125633 - - https://support.apple.com/en-us/125634 - - https://support.apple.com/en-us/125638 + - https://nvd.nist.gov/vuln/detail/CVE-2021-46115 + - https://github.com/JPressProjects/jpress + - https://github.com/JPressProjects/jpress/issues/169 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-43441-CANDIDATE - cve_id: CVE-2025-43441 - name: Candidate detection for CVE-2025-43441 - severity: medium - cvss: 4.3 + id: CVE-2021-46116-CANDIDATE + cve_id: CVE-2021-46116 + name: Candidate detection for CVE-2021-46116 + severity: high + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, - macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web - content may lead to an unexpected process crash. + description: jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. + The admin panel provides a function through which attackers can install templates + and inject some malicious code. detection: payload: null verify: null @@ -7186,29 +6353,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-43441 - - https://support.apple.com/en-us/125632 - - https://support.apple.com/en-us/125633 - - https://support.apple.com/en-us/125634 - - https://support.apple.com/en-us/125637 + - https://nvd.nist.gov/vuln/detail/CVE-2021-46116 + - https://github.com/JPressProjects/jpress + - https://github.com/JPressProjects/jpress/issues/168 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-43457-CANDIDATE - cve_id: CVE-2025-43457 - name: Candidate detection for CVE-2025-43457 - severity: medium - cvss: 6.5 + id: CVE-2021-46118-CANDIDATE + cve_id: CVE-2021-46118 + name: Candidate detection for CVE-2021-46118 + severity: high + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A use-after-free issue was addressed with improved memory management. - This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, - visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead - to an unexpected Safari crash. + description: jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. + The admin panel provides a function through which attackers can edit the email + templates and inject some malicious code. detection: payload: null verify: null @@ -7216,31 +6380,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-43457 - - https://support.apple.com/en-us/125632 - - https://support.apple.com/en-us/125634 - - https://support.apple.com/en-us/125638 - - https://support.apple.com/en-us/125639 + - https://nvd.nist.gov/vuln/detail/CVE-2021-46118 + - https://github.com/JPressProjects/jpress + - https://github.com/JPressProjects/jpress/issues/170 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-10230-CANDIDATE - cve_id: CVE-2025-10230 - name: Candidate detection for CVE-2025-10230 - severity: critical - cvss: 10.0 + id: CVE-2021-46114-CANDIDATE + cve_id: CVE-2021-46114 + name: Candidate detection for CVE-2021-46114 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS\ - \ names from registration packets are passed to a shell without proper validation\ - \ or escaping. Unsanitized NetBIOS name data from WINS registration packets are\ - \ inserted into a shell command and executed by the Samba Active Directory Domain\ - \ Controller\u2019s wins hook, allowing an unauthenticated network attacker to\ - \ achieve remote command execution as the Samba process." + description: jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. + The admin panel provides a function through which attackers can edit the email + templates and inject some malicious code. detection: payload: null verify: null @@ -7248,27 +6407,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-10230 - - https://access.redhat.com/security/cve/CVE-2025-10230 - - https://bugzilla.redhat.com/show_bug.cgi?id=2394377 - - https://www.samba.org/samba/history/security.html - - https://www.vicarius.io/vsociety/posts/cve-2025-10230-detect-samba-vulnerability + - https://nvd.nist.gov/vuln/detail/CVE-2021-46114 + - https://github.com/JPressProjects/jpress + - https://github.com/JPressProjects/jpress/issues/172 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-30398-CANDIDATE - cve_id: CVE-2025-30398 - name: Candidate detection for CVE-2025-30398 - severity: high - cvss: 8.1 + id: CVE-2021-44971-CANDIDATE + cve_id: CVE-2021-44971 + name: Candidate detection for CVE-2021-44971 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Missing authorization in Nuance PowerScribe allows an unauthorized - attacker to disclose information over a network. + description: Multiple Tenda devices are affected by authentication bypass, such + as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and + so on. an attacker can obtain sensitive information, and even combine it with + authenticated command injection to implement RCE. detection: payload: null verify: null @@ -7276,28 +6435,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-30398 - - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30398 + - https://nvd.nist.gov/vuln/detail/CVE-2021-44971 + - https://github.com/21Gun5/my_cve/blob/main/tenda/bypass_auth.md generated_from: - nvd - status: candidate executable: false - id: CVE-2025-12748-CANDIDATE - cve_id: CVE-2025-12748 - name: Candidate detection for CVE-2025-12748 - severity: medium - cvss: 5.5 + id: CVE-2021-42631-CANDIDATE + cve_id: CVE-2021-42631 + name: Candidate detection for CVE-2021-42631 + severity: high + cvss: 8.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was discovered in libvirt in the XML file processing. More specifically, - the parsing of user provided XML files was performed before the ACL checks. A - malicious user with limited permissions could exploit this flaw by submitting - a specially crafted XML file, causing libvirt to allocate too much memory on the - host. The excessive memory consumption could lead to a libvirt process crash on - the host, resulting in a denial-of-service condition. + description: PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes + attacker controlled leading to pre-auth remote code execution. detection: payload: null verify: null @@ -7305,35 +6460,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-12748 - - https://access.redhat.com/errata/RHSA-2026:18326 - - https://access.redhat.com/errata/RHSA-2026:18748 - - https://access.redhat.com/security/cve/CVE-2025-12748 - - https://bugzilla.redhat.com/show_bug.cgi?id=2413801 + - https://nvd.nist.gov/vuln/detail/CVE-2021-42631 + - https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints + - https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html + - https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite + - https://www.printerlogic.com/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-59088-CANDIDATE - cve_id: CVE-2025-59088 - name: Candidate detection for CVE-2025-59088 + id: CVE-2021-42635-CANDIDATE + cve_id: CVE-2021-42635 + name: Candidate detection for CVE-2021-42635 severity: high - cvss: 8.6 + cvss: 8.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'If kdcproxy receives a request for a realm which does not have server - addresses defined in its configuration, by default, it will query SRV records - in the DNS zone matching the requested realm name. This creates a server-side - request forgery vulnerability, since an attacker could send a request for a realm - matching a DNS zone where they created SRV records pointing to arbitrary ports - and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability - can be exploited to probe internal network topology and firewall rules, perform - port scanning, and exfiltrate data. Deployments where - - the "use_dns" setting is explicitly set to false are not affected.' + description: PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded + APP_KEY value, leading to pre-auth remote code execution. detection: payload: null verify: null @@ -7341,41 +6488,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-59088 - - https://access.redhat.com/errata/RHSA-2025:21138 - - https://access.redhat.com/errata/RHSA-2025:21139 - - https://access.redhat.com/errata/RHSA-2025:21140 - - https://access.redhat.com/errata/RHSA-2025:21141 + - https://nvd.nist.gov/vuln/detail/CVE-2021-42635 + - https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints + - https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html + - https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite + - https://www.printerlogic.com/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-59089-CANDIDATE - cve_id: CVE-2025-59089 - name: Candidate detection for CVE-2025-59089 + id: CVE-2021-45416-CANDIDATE + cve_id: CVE-2021-45416 + name: Candidate detection for CVE-2021-45416 severity: medium - cvss: 5.9 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'If an attacker causes kdcproxy to connect to an attacker-controlled - KDC server (e.g. through server-side request forgery), they can exploit the fact - that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service - attack. While receiving the KDC''s response, kdcproxy copies the entire buffered - stream into a new - - buffer on each recv() call, even when the transfer is incomplete, causing excessive - memory allocation and CPU usage. Additionally, kdcproxy accepts incoming response - chunks as long as the received data length is not exactly equal to the length - indicated in the response - - header, even when individual chunks or the total buffer exceed the maximum length - of a Kerberos message. This allows an attacker to send unbounded data until the - connection timeout is reached (approximately 12 seconds), exhausting server memory - or CPU resources. Multiple concurrent requests can cause accept queue overflow, - denying service to legitimate clients.' + description: Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 + allows attackers to inject arbitrary HTML via the search_term parameter in the + modules/Scheduling/Courses.php script. detection: payload: null verify: null @@ -7383,29 +6517,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-59089 - - https://access.redhat.com/errata/RHSA-2025:21138 - - https://access.redhat.com/errata/RHSA-2025:21139 - - https://access.redhat.com/errata/RHSA-2025:21140 - - https://access.redhat.com/errata/RHSA-2025:21141 + - https://nvd.nist.gov/vuln/detail/CVE-2021-45416 + - https://github.com/86x/CVE-2021-45416 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-64307-CANDIDATE - cve_id: CVE-2025-64307 - name: Candidate detection for CVE-2025-64307 - severity: medium - cvss: 6.5 + id: CVE-2021-42638-CANDIDATE + cve_id: CVE-2021-42638 + name: Candidate detection for CVE-2021-42638 + severity: high + cvss: 8.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The Brightpick Internal Logic Control web interface is accessible without - requiring user authentication. An unauthorized user could exploit this interface - to manipulate robot control functions, including initiating or halting runners, - assigning jobs, clearing stations, and deploying storage totes. + description: PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize + user input resulting in pre-auth remote code execution. detection: payload: null verify: null @@ -7413,26 +6542,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-64307 - - https://brightpick.ai/contact-us/ - - https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json - - https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04 + - https://nvd.nist.gov/vuln/detail/CVE-2021-42638 + - https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints + - https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html + - https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite + - https://www.printerlogic.com/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-64308-CANDIDATE - cve_id: CVE-2025-64308 - name: Candidate detection for CVE-2025-64308 + id: CVE-2021-42633-CANDIDATE + cve_id: CVE-2021-42633 + name: Candidate detection for CVE-2021-42633 severity: medium - cvss: 6.5 + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The Brightpick Mission Control web application exposes hardcoded credentials - in its client-side JavaScript bundle to Brightpick AI's documentation portal. + description: PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable + to SQL Injection, which may allow an attacker to access additional audit records. detection: payload: null verify: null @@ -7440,28 +6570,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-64308 - - https://brightpick.ai/contact-us/ - - https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json - - https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04 + - https://nvd.nist.gov/vuln/detail/CVE-2021-42633 + - https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints + - https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html + - https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite + - https://www.printerlogic.com/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-64309-CANDIDATE - cve_id: CVE-2025-64309 - name: Candidate detection for CVE-2025-64309 - severity: high - cvss: 7.4 + id: CVE-2021-42637-CANDIDATE + cve_id: CVE-2021-42637 + name: Candidate detection for CVE-2021-42637 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The affected product discloses device telemetry, configuration, and - sensitive information via WebSocket traffic to unauthenticated users when they - connect to a specific URL. The unauthenticated URL can be discovered through basic - network scanning techniques. + description: PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled + input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability. detection: payload: null verify: null @@ -7469,28 +6598,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-64309 - - https://brightpick.ai/contact-us/ - - https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json - - https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04 + - https://nvd.nist.gov/vuln/detail/CVE-2021-42637 + - https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints + - https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html + - https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite + - https://www.printerlogic.com/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-13193-CANDIDATE - cve_id: CVE-2025-13193 - name: Candidate detection for CVE-2025-13193 + id: CVE-2021-42639-CANDIDATE + cve_id: CVE-2021-42639 + name: Candidate detection for CVE-2021-42639 severity: medium - cvss: 5.5 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libvirt. External inactive snapshots for shut-down - VMs are incorrectly created as world-readable, making it possible for unprivileged - users to inspect the guest OS contents. This results in an information disclosure - vulnerability. + description: PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable + to multiple reflected cross site scripting vulnerabilities. Attacker controlled + input is reflected back in the page without sanitization. detection: payload: null verify: null @@ -7498,30 +6627,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-13193 - - https://access.redhat.com/security/cve/CVE-2025-13193 - - https://bugzilla.redhat.com/show_bug.cgi?id=2415409 + - https://nvd.nist.gov/vuln/detail/CVE-2021-42639 + - https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints + - https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html + - https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite + - https://www.printerlogic.com/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-54770-CANDIDATE - cve_id: CVE-2025-54770 - name: Candidate detection for CVE-2025-54770 - severity: medium - cvss: 4.9 + id: CVE-2021-42640-CANDIDATE + cve_id: CVE-2021-42640 + name: Candidate detection for CVE-2021-42640 + severity: critical + cvss: 9.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability has been identified in the GRUB2 bootloader's network - module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free - issue, caused because the net_set_vlan command is not properly unregistered when - the network module is unloaded from memory. An attacker who can execute this command - can force the system to access memory locations that are no longer valid. Successful - exploitation leads directly to system instability, which can result in a complete - crash and halt system availability + description: PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable + to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated + attacker to reassign drivers for any printer. detection: payload: null verify: null @@ -7529,30 +6656,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-54770 - - https://access.redhat.com/security/cve/CVE-2025-54770 - - https://bugzilla.redhat.com/show_bug.cgi?id=2413813 - - https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-42640 + - https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints + - https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html + - https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite + - https://www.printerlogic.com/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-54771-CANDIDATE - cve_id: CVE-2025-54771 - name: Candidate detection for CVE-2025-54771 - severity: medium - cvss: 4.9 + id: CVE-2021-42641-CANDIDATE + cve_id: CVE-2021-42641 + name: Candidate detection for CVE-2021-42641 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A use-after-free vulnerability has been identified in the GNU GRUB - (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly - retains a memory pointer, leaving an invalid reference to a file system structure. - An attacker could exploit this vulnerability to cause grub to crash, leading to - a Denial of Service. Possible data integrity or confidentiality compromise is - not discarded. + description: PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable + to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated + attacker to disclose the username and email address of all users. detection: payload: null verify: null @@ -7560,32 +6685,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-54771 - - https://access.redhat.com/security/cve/CVE-2025-54771 - - https://bugzilla.redhat.com/show_bug.cgi?id=2413823 - - https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-42641 + - https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints + - https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html + - https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite + - https://www.printerlogic.com/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-61661-CANDIDATE - cve_id: CVE-2025-61661 - name: Candidate detection for CVE-2025-61661 - severity: medium - cvss: 4.8 + id: CVE-2021-42642-CANDIDATE + cve_id: CVE-2021-42642 + name: Candidate detection for CVE-2021-42642 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability has been identified in the GRUB (Grand Unified Bootloader) - component. This flaw occurs because the bootloader mishandles string conversion - when reading information from a USB device, allowing an attacker to exploit inconsistent - length values. A local attacker can connect a maliciously configured USB device - during the boot sequence to trigger this issue. A successful exploitation may - lead GRUB to crash, leading to a Denial of Service. Data corruption may be also - possible, although given the complexity of the exploit the impact is most likely - limited. + description: PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable + to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated + attacker to disclose the plaintext console username and password for a printer. detection: payload: null verify: null @@ -7593,30 +6714,29 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-61661 - - https://access.redhat.com/security/cve/CVE-2025-61661 - - https://bugzilla.redhat.com/show_bug.cgi?id=2413827 + - https://nvd.nist.gov/vuln/detail/CVE-2021-42642 + - https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints + - https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html + - https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite + - https://www.printerlogic.com/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-61662-CANDIDATE - cve_id: CVE-2025-61662 - name: Candidate detection for CVE-2025-61662 + id: CVE-2022-23320-CANDIDATE + cve_id: CVE-2022-23320 + name: Candidate detection for CVE-2022-23320 severity: high - cvss: 7.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A Use-After-Free vulnerability has been discovered in GRUB's gettext - module. This flaw stems from a programming error where the gettext command remains - registered in memory after its module is unloaded. An attacker can exploit this - condition by invoking the orphaned command, causing the application to access - a memory location that is no longer valid. An attacker could exploit this vulnerability - to cause grub to crash, leading to a Denial of Service. Possible data integrity - or confidentiality compromise is not discarded. + description: XMPie uStore 12.3.7244.0 allows for administrators to generate reports + based on raw SQL queries. Since the application ships with default administrative + credentials, an attacker may authenticate into the application and exfiltrate + sensitive information from the database. detection: payload: null verify: null @@ -7624,33 +6744,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-61662 - - https://access.redhat.com/errata/RHSA-2026:10097 - - https://access.redhat.com/errata/RHSA-2026:14773 - - https://access.redhat.com/errata/RHSA-2026:15087 - - https://access.redhat.com/errata/RHSA-2026:17596 + - https://nvd.nist.gov/vuln/detail/CVE-2022-23320 + - https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29 + - https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/ + - https://www.xmpie.com/ustore-release-notes/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-61663-CANDIDATE - cve_id: CVE-2025-61663 - name: Candidate detection for CVE-2025-61663 - severity: medium - cvss: 4.9 + id: CVE-2021-46354-CANDIDATE + cve_id: CVE-2021-46354 + name: Candidate detection for CVE-2021-46354 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: A vulnerability has been identified in the GRUB2 bootloader's normal - command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free - issue, caused because the normal command is not properly unregistered when the - module is unloaded. An attacker who can execute this command can force the system - to access memory locations that are no longer valid. Successful exploitation leads - directly to system instability, which can result in a complete crash and halt - system availability. Impact on the data integrity and confidentiality is also - not discarded. + exploitdb_reference: true + description: Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version + 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" + in cmd site. The ability to send requests to other systems can allow the vulnerable + server to filtrate the real IP of the web server or increase the attack surface. detection: payload: null verify: null @@ -7658,29 +6773,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-61663 - - https://access.redhat.com/security/cve/CVE-2025-61663 - - https://bugzilla.redhat.com/show_bug.cgi?id=2414684 + - https://nvd.nist.gov/vuln/detail/CVE-2021-46354 + - https://github.com/cybelesoft/virtualui/issues/3 generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2025-61664-CANDIDATE - cve_id: CVE-2025-61664 - name: Candidate detection for CVE-2025-61664 - severity: medium - cvss: 4.9 + id: CVE-2021-41441-CANDIDATE + cve_id: CVE-2021-41441 + name: Candidate detection for CVE-2021-41441 + severity: high + cvss: 7.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability in the GRUB2 bootloader has been identified in the - normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit - command is not properly unregistered when its related module is unloaded. An attacker - can exploit this condition by invoking the command after the module has been removed, - causing the system to improperly access a previously freed memory location. This - leads to a system crash or possible impacts in data confidentiality and integrity. + description: A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta + allows a remote unauthenticated attacker to reboot the router via sending a specially + crafted URL to an authenticated victim. The authenticated victim need to visit + this URL, for the router to reboot. detection: payload: null verify: null @@ -7688,29 +6801,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-61664 - - https://access.redhat.com/security/cve/CVE-2025-61664 - - https://bugzilla.redhat.com/show_bug.cgi?id=2414685 - - https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-41441 + - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10283 + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-13609-CANDIDATE - cve_id: CVE-2025-13609 - name: Candidate detection for CVE-2025-13609 + id: CVE-2021-41442-CANDIDATE + cve_id: CVE-2021-41442 + name: Candidate detection for CVE-2021-41442 severity: high - cvss: 8.2 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability has been identified in keylime where an attacker can - exploit this flaw by registering a new agent using a different Trusted Platform - Module (TPM) device but claiming an existing agent's unique identifier (UUID). - This action overwrites the legitimate agent's identity, enabling the attacker - to impersonate the compromised agent and potentially bypass security controls. + description: An HTTP smuggling attack in the web application of D-Link DIR-X1860 + before v1.10WWB09_Beta allows a remote unauthenticated attacker to DoS the web + application via sending a specific HTTP packet. detection: payload: null verify: null @@ -7718,28 +6828,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-13609 - - https://access.redhat.com/errata/RHSA-2025:23201 - - https://access.redhat.com/errata/RHSA-2025:23210 - - https://access.redhat.com/errata/RHSA-2025:23628 - - https://access.redhat.com/errata/RHSA-2025:23735 + - https://nvd.nist.gov/vuln/detail/CVE-2021-41442 + - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10283 + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-13502-CANDIDATE - cve_id: CVE-2025-13502 - name: Candidate detection for CVE-2025-13502 - severity: high - cvss: 7.5 + id: CVE-2021-41445-CANDIDATE + cve_id: CVE-2021-41445 + name: Candidate detection for CVE-2021-41445 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows - an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) - via a crafted payload to the GLib remote inspector server. + description: A reflected cross-site-scripting attack in web application of D-Link + DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to execute + code in the device of the victim via sending a specific URL to the unauthenticated + victim. detection: payload: null verify: null @@ -7747,30 +6856,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-13502 - - https://access.redhat.com/errata/RHSA-2025:22789 - - https://access.redhat.com/errata/RHSA-2025:22790 - - https://access.redhat.com/errata/RHSA-2025:23110 - - https://access.redhat.com/errata/RHSA-2025:23433 + - https://nvd.nist.gov/vuln/detail/CVE-2021-41445 + - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10283 + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-13601-CANDIDATE - cve_id: CVE-2025-13601 - name: Candidate detection for CVE-2025-13601 - severity: high - cvss: 7.7 + id: CVE-2022-23321-CANDIDATE + cve_id: CVE-2022-23321 + name: Candidate detection for CVE-2022-23321 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A heap-based buffer overflow problem was found in glib through an incorrect - calculation of buffer size in the g_escape_uri_string() function. If the string - to escape contains a very large number of unacceptable characters (which would - need escaping), the calculation of the length of the escaped string could overflow, - leading to a potential write off the end of the newly allocated string. + description: A persistent cross-site scripting (XSS) vulnerability exists on two + input fields within the administrative panel when editing users in the XMPie UStore + application on version 12.3.7244.0. detection: payload: null verify: null @@ -7778,29 +6883,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-13601 - - https://access.redhat.com/errata/RHSA-2026:0936 - - https://access.redhat.com/errata/RHSA-2026:0975 - - https://access.redhat.com/errata/RHSA-2026:0991 - - https://access.redhat.com/errata/RHSA-2026:1323 + - https://nvd.nist.gov/vuln/detail/CVE-2022-23321 + - https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/ + - https://www.xmpie.com/ustore-release-notes/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-13947-CANDIDATE - cve_id: CVE-2025-13947 - name: Candidate detection for CVE-2025-13947 - severity: high - cvss: 7.4 + id: CVE-2021-46355-CANDIDATE + cve_id: CVE-2021-46355 + name: Candidate detection for CVE-2021-46355 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted - information disclosure that can reveal any file the user is permitted to read - via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that - drag operations originate from outside the browser. + description: OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit + the vulnerability, the attacker needs to manipulate the name of some device on + your computer, such as a printer, replacing the device name with some malicious + code that allows the execution of Stored Cross-site Scripting (XSS). detection: payload: null verify: null @@ -7808,27 +6911,29 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-13947 - - https://access.redhat.com/errata/RHSA-2025:22789 - - https://access.redhat.com/errata/RHSA-2025:22790 - - https://access.redhat.com/errata/RHSA-2025:23110 - - https://access.redhat.com/errata/RHSA-2025:23433 + - https://nvd.nist.gov/vuln/detail/CVE-2021-46355 + - https://medium.com/@windsormoreira/ocs-inventory-2-9-1-cross-site-scripting-xss-cve-2021-46355-a88d72606b7e + - https://medium.com/%40windsormoreira/ocs-inventory-2-9-1-cross-site-scripting-xss-cve-2021-46355-a88d72606b7e generated_from: - nvd - status: candidate executable: false - id: CVE-2025-66287-CANDIDATE - cve_id: CVE-2025-66287 - name: Candidate detection for CVE-2025-66287 - severity: high - cvss: 8.8 + id: CVE-2021-45420-CANDIDATE + cve_id: CVE-2021-45420 + name: Candidate detection for CVE-2021-45420 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in WebKitGTK. Processing malicious web content can - cause an unexpected process crash due to improper memory handling. + description: 'Emerson Dixell XWEB-500 products are affected by arbitrary file write + vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. + An attacker will be able to write any file on the target system without any kind + of authentication mechanism, and this can lead to denial of service and potentially + remote code execution. Note: the product has not been supported since 2018 and + should be removed or replaced.' detection: payload: null verify: null @@ -7836,29 +6941,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-66287 - - https://access.redhat.com/errata/RHSA-2025:22789 - - https://access.redhat.com/errata/RHSA-2025:22790 - - https://access.redhat.com/errata/RHSA-2025:23110 - - https://access.redhat.com/errata/RHSA-2025:23433 + - https://nvd.nist.gov/vuln/detail/CVE-2021-45420 + - https://www.swascan.com/emerson generated_from: - nvd - status: candidate executable: false - id: CVE-2025-14104-CANDIDATE - cve_id: CVE-2025-14104 - name: Candidate detection for CVE-2025-14104 - severity: medium - cvss: 6.1 + id: CVE-2021-45421-CANDIDATE + cve_id: CVE-2021-45421 + name: Candidate detection for CVE-2021-45421 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in util-linux. This vulnerability allows a heap buffer - overread when processing 256-byte usernames, specifically within the `setpwnam()` - function, affecting SUID (Set User ID) login-utils utilities writing to the password - database. + description: 'Emerson Dixell XWEB-500 products are affected by information disclosure + via directory listing. A potential attacker can use this misconfiguration to access + all the files in the remote directories. Note: the product has not been supported + since 2018 and should be removed or replaced.' detection: payload: null verify: null @@ -7866,31 +6968,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-14104 - - https://access.redhat.com/errata/RHSA-2026:1696 - - https://access.redhat.com/errata/RHSA-2026:1852 - - https://access.redhat.com/errata/RHSA-2026:1913 - - https://access.redhat.com/errata/RHSA-2026:2485 + - https://nvd.nist.gov/vuln/detail/CVE-2021-45421 + - https://www.swascan.com/emerson generated_from: - nvd - status: candidate executable: false - id: CVE-2025-61821-CANDIDATE - cve_id: CVE-2025-61821 - name: Candidate detection for CVE-2025-61821 + id: CVE-2022-22901-CANDIDATE + cve_id: CVE-2022-22901 + name: Candidate detection for CVE-2022-22901 severity: medium - cvss: 6.8 + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected - by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability - that could lead to arbitrary file system read. An attacker could exploit this - vulnerability to access sensitive files and data on the server. Exploit depends - on conditions beyond the attacker's control. Exploitation of this issue does not - require user interaction and scope is changed. + description: There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' + failed at parser_parse_function_arguments in /js/js-parser.c of JerryScript commit + a6ab5e9. detection: payload: null verify: null @@ -7898,27 +6994,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-61821 - - https://helpx.adobe.com/security/products/coldfusion/apsb25-105.html + - https://nvd.nist.gov/vuln/detail/CVE-2022-22901 + - https://github.com/jerryscript-project/jerryscript + - https://github.com/jerryscript-project/jerryscript/issues/4916 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-64898-CANDIDATE - cve_id: CVE-2025-64898 - name: Candidate detection for CVE-2025-64898 + id: CVE-2022-22899-CANDIDATE + cve_id: CVE-2022-22899 + name: Candidate detection for CVE-2022-22899 severity: medium - cvss: 5.3 + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected - by an Insufficiently Protected Credentials vulnerability that could result in - limited unauthorized write access. An attacker could leverage this vulnerability - to gain unauthorized access by exploiting improperly stored or transmitted credentials. - Exploitation of this issue does not require user interaction. + description: Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated + attackers to cause a Denial of Service (DoS) via a crafted packet through the + SSH service. detection: payload: null verify: null @@ -7926,26 +7021,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-64898 - - https://helpx.adobe.com/security/products/coldfusion/apsb25-105.html + - https://nvd.nist.gov/vuln/detail/CVE-2022-22899 + - https://yoursecuritybores.me/coreftp-vulnerabilities/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-14087-CANDIDATE - cve_id: CVE-2025-14087 - name: Candidate detection for CVE-2025-14087 - severity: medium - cvss: 5.6 + id: CVE-2022-22914-CANDIDATE + cve_id: CVE-2022-22914 + name: Candidate detection for CVE-2022-22914 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote - attacker to cause heap corruption, leading to a denial of service or potential - code execution via a buffer-underflow in the GVariant parser when processing maliciously - crafted input strings. + description: An incorrect access control issue in the component FileManager of Ovidentia + CMS 6.0 allows authenticated attackers to to view and download content in the + upload directory via path traversal. detection: payload: null verify: null @@ -7953,29 +7047,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-14087 - - https://access.redhat.com/errata/RHSA-2026:15953 - - https://access.redhat.com/errata/RHSA-2026:15969 - - https://access.redhat.com/errata/RHSA-2026:15971 - - https://access.redhat.com/errata/RHSA-2026:19148 + - https://nvd.nist.gov/vuln/detail/CVE-2022-22914 + - https://gitlab.com/albadotpy/ovidentia-information-disclosure-on-upload-directory-content generated_from: - nvd - status: candidate executable: false - id: CVE-2025-14512-CANDIDATE - cve_id: CVE-2025-14512 - name: Candidate detection for CVE-2025-14512 - severity: medium - cvss: 6.5 + id: CVE-2022-22916-CANDIDATE + cve_id: CVE-2022-22916 + name: Candidate detection for CVE-2022-22916 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in glib. This vulnerability allows a heap buffer overflow - and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) - escape_byte_string() function when processing malicious file or remote filesystem - attribute values. + description: O2OA v6.4.7 was discovered to contain a remote code execution (RCE) + vulnerability via /x_program_center/jaxrs/invoke. detection: payload: null verify: null @@ -7983,32 +7072,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-14512 - - https://access.redhat.com/errata/RHSA-2026:15953 - - https://access.redhat.com/errata/RHSA-2026:15969 - - https://access.redhat.com/errata/RHSA-2026:15971 - - https://access.redhat.com/errata/RHSA-2026:19148 + - https://nvd.nist.gov/vuln/detail/CVE-2022-22916 + - https://github.com/wendell1224/O2OA-POC/blob/main/POC.md generated_from: - nvd - status: candidate executable: false - id: CVE-2025-14523-CANDIDATE - cve_id: CVE-2025-14523 - name: Candidate detection for CVE-2025-14523 - severity: high - cvss: 8.2 + id: CVE-2021-37504-CANDIDATE + cve_id: CVE-2021-37504 + name: Candidate detection for CVE-2021-37504 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A flaw in libsoup\u2019s HTTP header handling allows multiple Host:\ - \ headers in a request and returns the last occurrence for server-side processing.\ - \ Common front proxies often honor the first Host: header, so this mismatch can\ - \ cause vhost confusion where a proxy routes a request to one backend but the\ - \ backend interprets it as destined for another host. This discrepancy enables\ - \ request-smuggling style attacks, cache poisoning, or bypassing host-based access\ - \ controls when an attacker supplies duplicate Host headers." + description: A cross-site scripting (XSS) vulnerability in the fileNameStr parameter + of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts + or HTML via a crafted file with a Javascript payload in the file name. detection: payload: null verify: null @@ -8016,29 +7098,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-14523 - - https://access.redhat.com/errata/RHSA-2026:0421 - - https://access.redhat.com/errata/RHSA-2026:0422 - - https://access.redhat.com/errata/RHSA-2026:0423 - - https://access.redhat.com/errata/RHSA-2026:0836 + - https://nvd.nist.gov/vuln/detail/CVE-2021-37504 + - https://github.com/hayageek/jquery-upload-file/blob/master/js/jquery.uploadfile.js#L469 + - https://raw.githubusercontent.com/hayageek/jquery-upload-file/master/js/jquery.uploadfile.js generated_from: - nvd - status: candidate executable: false - id: CVE-2025-43511-CANDIDATE - cve_id: CVE-2025-43511 - name: Candidate detection for CVE-2025-43511 - severity: medium - cvss: 6.5 + id: CVE-2021-42952-CANDIDATE + cve_id: CVE-2021-42952 + name: Candidate detection for CVE-2021-42952 + severity: critical + cvss: 9.9 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A use-after-free issue was addressed with improved memory management. - This issue is fixed in Safari 26.2, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.2 and - iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously - crafted web content may lead to an unexpected process crash. + description: Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. + Upon launching Remote Code Execution from the Notebook, users can then use that + to subsequently escape the running context sandbox and proceed to access internal + Zepl assets including cloud metadata services. detection: payload: null verify: null @@ -8046,35 +7126,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-43511 - - https://support.apple.com/en-us/125633 - - https://support.apple.com/en-us/125884 - - https://support.apple.com/en-us/125886 - - https://support.apple.com/en-us/125890 + - https://nvd.nist.gov/vuln/detail/CVE-2021-42952 + - https://seclists.org/fulldisclosure/2022/Feb/32 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-11393-CANDIDATE - cve_id: CVE-2025-11393 - name: Candidate detection for CVE-2025-11393 - severity: high - cvss: 8.7 + id: CVE-2022-25060-CANDIDATE + cve_id: CVE-2022-25060 + name: Candidate detection for CVE-2022-25060 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'A flaw was found in runtimes-inventory-rhel8-operator. An internal - proxy component is incorrectly configured. Because of this flaw, the proxy attaches - the cluster''s main administrative credentials to any command it receives, instead - of only the specific reports it is supposed to handle. - - - This allows a standard user within the cluster to send unauthorized commands to - the management platform, effectively acting with the full permissions of the cluster - administrator. This could lead to unauthorized changes to the cluster''s configuration - or status on the Red Hat platform.' + description: TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command + injection vulnerability via the component oal_startPing. detection: payload: null verify: null @@ -8082,27 +7151,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-11393 - - https://access.redhat.com/errata/RHSA-2025:23236 - - https://access.redhat.com/security/cve/CVE-2025-11393 - - https://bugzilla.redhat.com/show_bug.cgi?id=2402032 + - https://nvd.nist.gov/vuln/detail/CVE-2022-25060 + - https://east-trowel-102.notion.site/CVE-2021-XXXX-Injection-of-commands-through-object-oal_startPing-EN-939c748c5f244504899477114b1ca1cf generated_from: - nvd - status: candidate executable: false - id: CVE-2025-63391-CANDIDATE - cve_id: CVE-2025-63391 - name: Candidate detection for CVE-2025-63391 - severity: unknown - cvss: 0.0 + id: CVE-2022-25061-CANDIDATE + cve_id: CVE-2022-25061 + name: Candidate detection for CVE-2022-25061 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: - This record was withdrawn by its CNA. Further investigation showed that it was - not a security issue. Notes: none.' + description: TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command + injection vulnerability via the component oal_setIp6DefaultRoute. detection: payload: null verify: null @@ -8110,26 +7176,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-63391 + - https://nvd.nist.gov/vuln/detail/CVE-2022-25061 + - https://east-trowel-102.notion.site/CVE-2021-XXXX-Injection-of-commands-through-object-oal_setIp6DefaultRoute-EN-ddf9c1db199d49829269147ada6cb312 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-2515-CANDIDATE - cve_id: CVE-2025-2515 - name: Candidate detection for CVE-2025-2515 + id: CVE-2022-25062-CANDIDATE + cve_id: CVE-2022-25062 + name: Candidate detection for CVE-2022-25062 severity: high - cvss: 7.2 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability was found in BlueChi, a multi-node systemd service - controller used in RHIVOS. This flaw allows a user with root privileges on a managed - node (qm) to create or override systemd service unit files that affect the host - node. This issue can lead to privilege escalation, unauthorized service execution, - and potential system compromise. + description: TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer + overflow via the function dm_checkString. This vulnerability allows attackers + to cause a Denial of Service (DoS) via a crafted HTTP request. detection: payload: null verify: null @@ -8137,34 +7202,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-2515 - - https://access.redhat.com/security/cve/CVE-2025-2515 - - https://bugzilla.redhat.com/show_bug.cgi?id=2353313 - - https://github.com/eclipse-bluechi/bluechi/commit/fe0d28301ce2bd45f0b1d8a98a94efef799fbc73#diff-64140c83db42a8888f346a40de293b80f79ebf7d75ce4137b22567e360bce607 - - https://github.com/eclipse-bluechi/bluechi/issues/1069 + - https://nvd.nist.gov/vuln/detail/CVE-2022-25062 + - https://east-trowel-102.notion.site/CVE-2021-XXXX-RCE-Integer-Overflow-via-crafted-payload-in-an-DNS-input-field-userDomain-EN-2bc0fafd23224a5a8f86f5f0f9377d3d generated_from: - nvd - status: candidate executable: false - id: CVE-2025-11157-CANDIDATE - cve_id: CVE-2025-11157 - name: Candidate detection for CVE-2025-11157 - severity: high - cvss: 7.8 + id: CVE-2022-25064-CANDIDATE + cve_id: CVE-2022-25064 + name: Candidate detection for CVE-2022-25064 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A high-severity remote code execution vulnerability exists in feast-dev/feast - version 0.53.0, specifically in the Kubernetes materializer job located at `feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py`. - The vulnerability arises from the use of `yaml.load(..., Loader=yaml.Loader)` - to deserialize `/var/feast/feature_store.yaml` and `/var/feast/materialization_config.yaml`. - This method allows for the instantiation of arbitrary Python objects, enabling - an attacker with the ability to modify these YAML files to execute OS commands - on the worker pod. This vulnerability can be exploited before the configuration - is validated, potentially leading to cluster takeover, data poisoning, and supply-chain - sabotage. + description: TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote + code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. detection: payload: null verify: null @@ -8172,32 +7227,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-11157 - - https://github.com/feast-dev/feast/commit/b2e37ff37953b68ae833f6874ab5bc510a4ca5fb - - https://huntr.com/bounties/46d4d585-b968-4a76-80ce-872bc5525564 - - https://access.redhat.com/errata/RHSA-2026:10184 - - https://access.redhat.com/security/cve/CVE-2025-11157 + - https://nvd.nist.gov/vuln/detail/CVE-2022-25064 + - https://east-trowel-102.notion.site/CVE-2021-XXXX-rce-via-crafted-payload-in-an-ipv6-address-input-field-hidden-EN-98e24b6f841043fba17ec4627c34f5d1 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-67268-CANDIDATE - cve_id: CVE-2025-67268 - name: Candidate detection for CVE-2025-67268 - severity: critical - cvss: 9.8 + id: CVE-2021-42951-CANDIDATE + cve_id: CVE-2021-42951 + name: Candidate detection for CVE-2021-42951 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: gpsd before commit dc966aa contains a heap-based out-of-bounds write - vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, - which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to - validate the user-supplied satellite count against the size of the skyview array - (184 elements). This allows an attacker to write beyond the bounds of the array - by providing a satellite count up to 255, leading to memory corruption, Denial - of Service (DoS), and potentially arbitrary code execution. + description: A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL + all versions before October 10 2021 of SaaS. Users can register for an account + and are allocated a set number of credits to try the product. Once users authenticate, + they can proceed to create a new, specially crafted Algorithm and subsequently + launch remote code execution with their desired result. detection: payload: null verify: null @@ -8205,32 +7255,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-67268 - - https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67268/README.md - - https://github.com/ntpsec/gpsd/blob/master/drivers/driver_nmea2000.c - - https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4 - - https://access.redhat.com/errata/RHSA-2026:0770 + - https://nvd.nist.gov/vuln/detail/CVE-2021-42951 + - https://seclists.org/fulldisclosure/2022/Feb/33 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-67269-CANDIDATE - cve_id: CVE-2025-67269 - name: Candidate detection for CVE-2025-67269 - severity: high - cvss: 7.5 + id: CVE-2021-44961-CANDIDATE + cve_id: CVE-2021-44961 + name: Candidate detection for CVE-2021-44961 + severity: medium + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: An integer underflow vulnerability exists in the `nextstate()` function - in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. - When parsing a NAVCOM packet, the payload length is calculated using `lexer->length - = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results - in an unsigned integer underflow, setting `lexer->length` to a very large value - (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive - number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition. + description: A memory leakage flaw exists in the class PerimeterGenerator of Slic3r + libslic3r 1.3.0 and Master Commit b1a5500. Specially crafted stl files can exhaust + available memory. An attacker can provide malicious files to trigger this vulnerability. detection: payload: null verify: null @@ -8238,39 +7281,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-67269 - - https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67269/README.md - - https://gitlab.com/gpsd/gpsd - - https://gitlab.com/gpsd/gpsd/-/commit/ffa1d6f40bca0b035fc7f5e563160ebb67199da7 - - https://access.redhat.com/errata/RHSA-2026:0770 + - https://nvd.nist.gov/vuln/detail/CVE-2021-44961 + - https://hackmd.io/nDT_UKLyRQendxDwil9A4w generated_from: - nvd - status: candidate executable: false - id: CVE-2025-68428-CANDIDATE - cve_id: CVE-2025-68428 - name: Candidate detection for CVE-2025-68428 + id: CVE-2022-25018-CANDIDATE + cve_id: CVE-2022-25018 + name: Candidate detection for CVE-2022-25018 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: jsPDF is a library to generate PDFs in JavaScript. Prior to version - 4.0.0, user control of the first argument of the loadFile method in the node.js - build allows local file inclusion/path traversal. If given the possibility to - pass unsanitized paths to the loadFile method, a user can retrieve file contents - of arbitrary files in the local file system the node process is running in. The - file contents are included verbatim in the generated PDFs. Other affected methods - are `addImage`, `html`, and `addFont`. Only the node.js builds of the library - are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. - The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system - access per default. This semver-major update does not introduce other breaking - changes. Some workarounds areavailable. With recent node versions, jsPDF recommends - using the `--permission` flag in production. The feature was introduced experimentally - in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, - sanitize user-provided paths before passing them to jsPDF. + description: Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary + code via crafted PHP code inserted into static pages. detection: payload: null verify: null @@ -8278,30 +7306,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-68428 - - https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d - - https://github.com/parallax/jsPDF/releases/tag/v4.0.0 - - https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2 - - https://access.redhat.com/errata/RHSA-2026:1517 + - https://nvd.nist.gov/vuln/detail/CVE-2022-25018 + - https://github.com/MoritzHuppert/CVE-2022-25018/blob/main/CVE-2022-25018.pdf + - https://github.com/pluxml/PluXml + - https://youtu.be/Gbe2UNCB0tY generated_from: - nvd - status: candidate executable: false - id: CVE-2025-69223-CANDIDATE - cve_id: CVE-2025-69223 - name: Candidate detection for CVE-2025-69223 - severity: high - cvss: 7.5 + id: CVE-2022-25020-CANDIDATE + cve_id: CVE-2022-25020 + name: Candidate detection for CVE-2022-25020 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: AIOHTTP is an asynchronous HTTP client/server framework for asyncio - and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a - DoS against the AIOHTTP server. An attacker may be able to send a compressed request - that when decompressed by AIOHTTP could exhaust the host's memory. This issue - is fixed in version 3.13.3. + description: A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows + attackers to execute arbitrary web scripts or HTML via a crafted payload in the + thumbnail path of a blog post. detection: payload: null verify: null @@ -8309,31 +7334,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-69223 - - https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a - - https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg - - https://access.redhat.com/errata/RHSA-2026:10184 - - https://access.redhat.com/errata/RHSA-2026:1249 + - https://nvd.nist.gov/vuln/detail/CVE-2022-25020 + - https://github.com/MoritzHuppert/CVE-2022-25020/blob/main/CVE-2022-25020.pdf + - https://www.cvedetails.com/cve/CVE-2021-38602/ + - https://youtu.be/TsGp-QB5XWI generated_from: - nvd - status: candidate executable: false - id: CVE-2025-12543-CANDIDATE - cve_id: CVE-2025-12543 - name: Candidate detection for CVE-2025-12543 - severity: critical - cvss: 9.6 + id: CVE-2022-25022-CANDIDATE + cve_id: CVE-2022-25022 + name: Candidate detection for CVE-2022-25022 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the Undertow HTTP server core, which is used in - WildFly, JBoss EAP, and other Java applications. The Undertow library fails to - properly validate the Host header in incoming HTTP requests.As a result, requests - containing malformed or malicious Host headers are processed without rejection, - enabling attackers to poison caches, perform internal network scans, or hijack - user sessions. + description: A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers + to excute arbitrary web scripts HTML via a crafted payload in the content field + of a blog post. detection: payload: null verify: null @@ -8341,31 +7362,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-12543 - - https://access.redhat.com/errata/RHSA-2026:0383 - - https://access.redhat.com/errata/RHSA-2026:0384 - - https://access.redhat.com/errata/RHSA-2026:0386 - - https://access.redhat.com/errata/RHSA-2026:33371 + - https://nvd.nist.gov/vuln/detail/CVE-2022-25022 + - https://github.com/MoritzHuppert/CVE-2022-25022/blob/main/CVE-2022-25022.pdf + - https://www.cvedetails.com/cve/CVE-2021-36703/ + - https://youtu.be/acookTqf3Nc generated_from: - nvd - status: candidate executable: false - id: CVE-2026-22184-CANDIDATE - cve_id: CVE-2026-22184 - name: Candidate detection for CVE-2026-22184 + id: CVE-2022-24251-CANDIDATE + cve_id: CVE-2022-24251 + name: Candidate detection for CVE-2022-24251 severity: high - cvss: 7.8 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: zlib versions up to and including 1.3.1.2 include a global buffer overflow - in the untgz utility located under contrib/untgz. The vulnerability is limited - to the standalone demonstration utility and does not affect the core zlib compression - library. The flaw occurs when a user executes the untgz command with an excessively - long archive name supplied via the command line, leading to an out-of-bounds write - in a fixed-size global buffer. + description: Extensis Portfolio v4.0 was discovered to contain an authenticated + unrestricted file upload vulnerability via the Catalog Asset Upload function. detection: payload: null verify: null @@ -8373,33 +7389,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-22184 - - https://github.com/madler/zlib - - https://seclists.org/fulldisclosure/2026/Jan/3 - - https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname - - https://zlib.net/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-24251 + - https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-69263-CANDIDATE - cve_id: CVE-2025-69263 - name: Candidate detection for CVE-2025-69263 + id: CVE-2022-24252-CANDIDATE + cve_id: CVE-2022-24252 + name: Candidate detection for CVE-2022-24252 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball - dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. - This allows the remote server to serve different content on each install, even - when a lockfile is committed. An attacker who publishes a package with an HTTP - tarball dependency can serve different code to different users or CI/CD environments. - The attack requires the victim to install a package that has an HTTP/git tarball - in its dependency tree. The victim's lockfile provides no protection. This issue - is fixed in version 10.26.0. + description: An unrestricted file upload vulnerability in the FileTransferServlet + component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary + code via a crafted file. detection: payload: null verify: null @@ -8407,18 +7415,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-69263 - - https://github.com/pnpm/pnpm/commit/0958027f88a99ccefe7e9676cdebba393dfbdc85 - - https://github.com/pnpm/pnpm/security/advisories/GHSA-7vhp-vf5g-r2fw - - https://access.redhat.com/security/cve/CVE-2025-69263 - - https://bugzilla.redhat.com/show_bug.cgi?id=2427703 + - https://nvd.nist.gov/vuln/detail/CVE-2022-24252 + - https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-69264-CANDIDATE - cve_id: CVE-2025-69264 - name: Candidate detection for CVE-2025-69264 + id: CVE-2022-24253-CANDIDATE + cve_id: CVE-2022-24253 + name: Candidate detection for CVE-2022-24253 severity: high cvss: 8.8 risk_level: unknown @@ -8426,13 +7431,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted - dependencies to execute arbitrary code during pnpm install, circumventing the - v10 security feature "Dependency lifecycle scripts execution disabled by default". - While pnpm v10 blocks postinstall scripts via the onlyBuiltDependencies mechanism, - git dependencies can still execute prepare, prepublish, and prepack scripts during - the fetch phase, enabling remote code execution without user consent or approval. - This issue is fixed in version 10.26.0. + description: Extensis Portfolio v4.0 was discovered to contain an authenticated + unrestricted file upload vulnerability via the component AdminFileTransferServlet. detection: payload: null verify: null @@ -8440,43 +7440,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-69264 - - https://github.com/pnpm/pnpm/commit/73cc63504d9bc360c43e4b2feb9080677f03c5b5 - - https://github.com/pnpm/pnpm/security/advisories/GHSA-379q-355j-w6rj - - https://access.redhat.com/security/cve/CVE-2025-69264 - - https://bugzilla.redhat.com/show_bug.cgi?id=2427709 + - https://nvd.nist.gov/vuln/detail/CVE-2022-24253 + - https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-21441-CANDIDATE - cve_id: CVE-2026-21441 - name: Candidate detection for CVE-2026-21441 + id: CVE-2022-24254-CANDIDATE + cve_id: CVE-2022-24254 + name: Candidate detection for CVE-2022-24254 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: urllib3 is an HTTP client library for Python. urllib3's streaming API - is designed for the efficient handling of large HTTP responses by reading the - content in chunks, rather than loading the entire response body into memory at - once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` - header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, - the library decompresses only the necessary bytes, enabling partial content consumption. - Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, - the library would read the entire response body to drain the connection and decompress - the content unnecessarily. This decompression occurred even before any read methods - were called, and configured read limits did not restrict the amount of decompressed - data. As a result, there was no safeguard against decompression bombs. A malicious - server could exploit this to trigger excessive resource consumption on the client. - Applications and libraries are affected when they stream content from untrusted - sources by setting `preload_content=False` when they do not disable redirects. - Users should upgrade to at least urllib3 v2.6.3, in which the library does not - decode content of redirect responses when `preload_content=False`. If upgrading - is not immediately possible, disable redirects by setting `redirect=False` for - requests to untrusted source. + description: An unrestricted file upload vulnerability in the Backup/Restore Archive + component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary + code via a crafted ZIP file. detection: payload: null verify: null @@ -8484,31 +7466,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-21441 - - https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b - - https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99 - - https://lists.debian.org/debian-lts-announce/2026/01/msg00017.html - - https://access.redhat.com/errata/RHSA-2026:0981 + - https://nvd.nist.gov/vuln/detail/CVE-2022-24254 + - https://snyk.io/research/zip-slip-vulnerability + - https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-0719-CANDIDATE - cve_id: CVE-2026-0719 - name: Candidate detection for CVE-2026-0719 + id: CVE-2022-24255-CANDIDATE + cve_id: CVE-2022-24255 + name: Candidate detection for CVE-2022-24255 severity: high - cvss: 8.6 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was identified in the NTLM authentication handling of the libsoup - HTTP library, used by GNOME and other applications for network communication. - When processing extremely long passwords, an internal size calculation can overflow - due to improper use of signed integers. This results in incorrect memory allocation - on the stack, followed by unsafe memory copying. As a result, applications using - libsoup may crash unexpectedly, creating a denial-of-service risk. + description: Extensis Portfolio v4.0 was discovered to contain hardcoded credentials + which allows attackers to gain administrator privileges. detection: payload: null verify: null @@ -8516,27 +7492,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-0719 - - https://access.redhat.com/errata/RHSA-2026:1948 - - https://access.redhat.com/errata/RHSA-2026:2005 - - https://access.redhat.com/errata/RHSA-2026:2006 - - https://access.redhat.com/errata/RHSA-2026:2007 + - https://nvd.nist.gov/vuln/detail/CVE-2022-24255 + - https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-50334-CANDIDATE - cve_id: CVE-2025-50334 - name: Candidate detection for CVE-2025-50334 - severity: high - cvss: 7.5 + id: CVE-2021-38268-CANDIDATE + cve_id: CVE-2021-38268 + name: Candidate detection for CVE-2021-38268 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: An issue in Technitium DNS Server v.13.5 allows a remote attacker to - cause a denial of service via the rate-limiting component + description: The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, + and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix + pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site + members, which allows remote authenticated users with the site member role to + add and duplicate forms, via the UI or the API. detection: payload: null verify: null @@ -8544,18 +7520,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-50334 - - https://github.com/FPokerFace/Security-Advisory/tree/main/CVE-2025-50334 - - https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md - - https://github.com/TechnitiumSoftware/DnsServer/blob/v13.3/DnsServerCore/Dns/DnsServer.cs - - https://github.com/TechnitiumSoftware/DnsServer/commit/7229b217238213cc6275eea68a7e17d73df1603e + - https://nvd.nist.gov/vuln/detail/CVE-2021-38268 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2021-38268-site-member-can-add-new-forms-by-default + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2021-38268-site-member-can-add-new-forms-by-default?_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_HbL5mxmVrnXW_assetEntryId=120882524&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_HbL5mxmVrnXW_redirect=https%3A%2F%2Fportal.liferay.dev%3A443%2Flearn%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetP generated_from: - nvd - status: candidate executable: false - id: CVE-2025-65518-CANDIDATE - cve_id: CVE-2025-65518 - name: Candidate detection for CVE-2025-65518 + id: CVE-2021-38266-CANDIDATE + cve_id: CVE-2021-38266 + name: Candidate detection for CVE-2021-38266 severity: high cvss: 7.5 risk_level: unknown @@ -8563,12 +7537,11 @@ priority: cisa_kev: false exploitdb_reference: false - description: Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial - of Service (DoS) condition. The vulnerability exists in the get_password.php endpoint, - where a crafted request containing a malicious payload can cause the affected - web interface to continuously reload, rendering the service unavailable to legitimate - users. An attacker can exploit this issue remotely without authentication, resulting - in a persistent availability impact on the affected Plesk Obsidian instance. + description: The Portal Security module in Liferay Portal 7.2.1 and earlier, and + Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and 7.2 before fix + pack 5 does not correctly import users from LDAP, which allows remote attackers + to prevent a legitimate user from authenticating by attempting to sign in as a + user that exist in LDAP. detection: payload: null verify: null @@ -8576,32 +7549,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-65518 - - https://docs.plesk.com/release-notes/obsidian/change-log/ - - https://github.com/Jainil-89/CVE-2025-65518/blob/main/cve.md - - https://access.redhat.com/security/cve/CVE-2025-65518 - - https://bugzilla.redhat.com/show_bug.cgi?id=2428098 + - https://nvd.nist.gov/vuln/detail/CVE-2021-38266 + - https://issues.liferay.com/browse/LPE-17191 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2021-38266 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-70974-CANDIDATE - cve_id: CVE-2025-70974 - name: Candidate detection for CVE-2025-70974 - severity: critical - cvss: 10.0 + id: CVE-2021-38263-CANDIDATE + cve_id: CVE-2021-38263 + name: Candidate detection for CVE-2021-38263 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Fastjson before 1.2.48 mishandles autoType because, when an @type - key is in a JSON document, and the value of that key is the name of a Java class, - there may be calls to certain public methods of that class. Depending on the behavior - of those methods, there may be JNDI injection with an attacker-supplied payload - located elsewhere in that JSON document. This was exploited in the wild in 2023 - through 2025. NOTE: this issue exists because of an incomplete fix for CVE-2017-18349. - Also, a later bypass is covered by CVE-2022-25845.' + description: Cross-site scripting (XSS) vulnerability in the Server module's script + console in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack + 101, 7.1 before fix pack 20 and 7.2 before fix pack 10 allows remote attackers + to inject arbitrary web script or HTML via the output of a script. detection: payload: null verify: null @@ -8609,29 +7577,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-70974 - - https://cert.360.cn/warning/detail?id=7240aeab581c6dc2c9c5350756079955 - - https://github.com/alibaba/fastjson/compare/1.2.47...1.2.48 - - https://github.com/vulhub/vulhub/tree/master/fastjson/1.2.47-rce - - https://www.cloudsek.com/blog/androxgh0st-continues-exploitation-operators-compromise-a-us-university-for-hosting-c2-logger + - https://nvd.nist.gov/vuln/detail/CVE-2021-38263 + - https://issues.liferay.com/browse/LPE-17061 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2021-38263-reflected-xss-with-script-page generated_from: - nvd - status: candidate executable: false - id: CVE-2025-13761-CANDIDATE - cve_id: CVE-2025-13761 - name: Candidate detection for CVE-2025-13761 - severity: high - cvss: 8.0 + id: CVE-2021-38264-CANDIDATE + cve_id: CVE-2021-38264 + name: Candidate detection for CVE-2021-38264 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: GitLab has remediated an issue in GitLab CE/EE affecting all versions - from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated - user to execute arbitrary code in the context of an authenticated user's browser - by convincing the legitimate user to visit a specially crafted webpage. + description: Cross-site scripting (XSS) vulnerability in the Frontend Taglib module + in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary + web script or HTML into the management toolbar search via the `keywords` parameter. + This issue is caused by an incomplete fix in CVE-2021-35463. detection: payload: null verify: null @@ -8639,29 +7605,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-13761 - - https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/ - - https://gitlab.com/gitlab-org/gitlab/-/issues/582237 - - https://hackerone.com/reports/3441368 - - https://access.redhat.com/security/cve/CVE-2025-13761 + - https://nvd.nist.gov/vuln/detail/CVE-2021-38264 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2021-38264-reflected-xss-with-keywords-in-search generated_from: - nvd - status: candidate executable: false - id: CVE-2025-13772-CANDIDATE - cve_id: CVE-2025-13772 - name: Candidate detection for CVE-2025-13772 - severity: high - cvss: 7.1 + id: CVE-2021-38265-CANDIDATE + cve_id: CVE-2021-38265 + name: Candidate detection for CVE-2021-38265 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: GitLab has remediated an issue in GitLab EE affecting all versions - from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could - have allowed an authenticated user to access and utilize AI model settings from - unauthorized namespaces by manipulating namespace identifiers in API requests. + description: Cross-site scripting (XSS) vulnerability in the Asset module in Liferay + Portal 7.3.4 through 7.3.6 allow remote attackers to inject arbitrary web script + or HTML when creating a collection page via the _com_liferay_asset_list_web_portlet_AssetListPortlet_title + parameter. detection: payload: null verify: null @@ -8669,29 +7632,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-13772 - - https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/ - - https://gitlab.com/gitlab-org/gitlab/-/issues/581268 - - https://access.redhat.com/security/cve/CVE-2025-13772 - - https://bugzilla.redhat.com/show_bug.cgi?id=2428224 + - https://nvd.nist.gov/vuln/detail/CVE-2021-38265 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2021-38265-stored-xss-with-collection-name generated_from: - nvd - status: candidate executable: false - id: CVE-2025-9222-CANDIDATE - cve_id: CVE-2025-9222 - name: Candidate detection for CVE-2025-9222 - severity: high - cvss: 8.7 + id: CVE-2021-38267-CANDIDATE + cve_id: CVE-2021-38267 + name: Candidate detection for CVE-2021-38267 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: GitLab has remediated an issue in GitLab CE/EE affecting all versions - from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could - have allowed an authenticated user to achieve stored cross-site scripting by exploiting - GitLab Flavored Markdown. + description: Cross-site scripting (XSS) vulnerability in the Blogs module's edit + blog entry page in Liferay Portal 7.3.2 through 7.3.6, and Liferay DXP 7.3 before + fix pack 2 allows remote attackers to inject arbitrary web script or HTML via + the _com_liferay_blogs_web_portlet_BlogsAdminPortlet_title and _com_liferay_blogs_web_portlet_BlogsAdminPortlet_subtitle + parameter. detection: payload: null verify: null @@ -8699,33 +7660,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-9222 - - https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/ - - https://gitlab.com/gitlab-org/gitlab/-/issues/562561 - - https://hackerone.com/reports/3297483 - - https://access.redhat.com/security/cve/CVE-2025-9222 + - https://nvd.nist.gov/vuln/detail/CVE-2021-38267 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2021-38267-stored-xss-with-title-and-subtitle-of-blog-entry generated_from: - nvd - status: candidate executable: false - id: CVE-2025-59057-CANDIDATE - cve_id: CVE-2025-59057 - name: Candidate detection for CVE-2025-59057 - severity: high - cvss: 7.6 + id: CVE-2021-38269-CANDIDATE + cve_id: CVE-2021-38269 + name: Candidate detection for CVE-2021-38269 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: React Router is a router for React. In @remix-run/react versions 1.15.0 - through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability - exists in in React Router's meta()/ APIs in Framework Mode when generating - script:ld+json tags which could allow arbitrary JavaScript execution during SSR - if untrusted content is used to generate the tag. There is no impact if the application - is being used in Declarative Mode () or Data Mode (createBrowserRouter/). - This issue has been patched in @remix-run/react version 2.17.1 and react-router - version 7.9.0. + description: Cross-site scripting (XSS) vulnerability in the Gogo Shell module in + Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack + 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote attackers + to inject arbitrary web script or HTML via the output of a Gogo Shell command. detection: payload: null verify: null @@ -8733,38 +7687,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-59057 - - https://github.com/remix-run/react-router/security/advisories/GHSA-3cgp-3xvw-98x8 - - https://access.redhat.com/errata/RHSA-2026:19712 - - https://access.redhat.com/errata/RHSA-2026:3782 - - https://access.redhat.com/errata/RHSA-2026:3958 + - https://nvd.nist.gov/vuln/detail/CVE-2021-38269 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2021-38269-stored-xss-with-gogo-shell-output generated_from: - nvd - status: candidate executable: false - id: CVE-2025-61686-CANDIDATE - cve_id: CVE-2025-61686 - name: Candidate detection for CVE-2025-61686 + id: CVE-2022-25089-CANDIDATE + cve_id: CVE-2022-25089 + name: Candidate detection for CVE-2022-25089 severity: critical - cvss: 9.1 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: React Router is a router for React. In @react-router/node versions - 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node - prior to version 2.17.2, if createFileSessionStorage() is being used from @react-router/node - (or @remix-run/node/@remix-run/deno in Remix v2) with an unsigned cookie, it is - possible for an attacker to cause the session to try to read/write from a location - outside the specified session file directory. The success of the attack would - depend on the permissions of the web server process to access those files. Read - files cannot be returned directly to the attacker. Session file reads would only - succeed if the file matched the expected session file format. If the file matched - the session file format, the data would be populated into the server side session - but not directly returned to the attacker unless the application logic returned - specific session information. This issue has been patched in @react-router/node - version 7.9.4, @remix-run/deno version 2.17.2, and @remix-run/node version 2.17.2. + exploitdb_reference: true + description: Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly + uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData. detection: payload: null verify: null @@ -8772,34 +7712,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-61686 - - https://github.com/remix-run/react-router/security/advisories/GHSA-9583-h5hc-x8cw - - https://access.redhat.com/security/cve/CVE-2025-61686 - - https://bugzilla.redhat.com/show_bug.cgi?id=2428423 - - https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61686.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-25089 + - https://github.com/ComparedArray/printix-CVE-2022-25089 + - https://www.exploit-db.com/exploits/50798 generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2026-21884-CANDIDATE - cve_id: CVE-2026-21884 - name: Candidate detection for CVE-2026-21884 - severity: high - cvss: 8.2 + id: CVE-2022-25146-CANDIDATE + cve_id: CVE-2022-25146 + name: Candidate detection for CVE-2022-25146 + severity: medium + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: React Router is a router for React. In @remix-run/react version prior - to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in - in React Router's API in Framework Mode when using the getKey/storageKey - props during Server-Side Rendering which could allow arbitrary JavaScript execution - during SSR if untrusted content is used to generate the keys. There is no impact - if server-side rendering in Framework Mode is disabled, or if Declarative Mode - () or Data Mode (createBrowserRouter/) is being - used. This issue has been patched in @remix-run/react version 2.17.3 and react-router - version 7.12.0. + description: The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through + v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event + messages it receives matches the origin of the Remote App, allowing attackers + to exfiltrate the CSRF token via a crafted event message. detection: payload: null verify: null @@ -8807,33 +7741,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-21884 - - https://github.com/remix-run/react-router/security/advisories/GHSA-8v8x-cx79-35w7 - - https://access.redhat.com/errata/RHSA-2026:19712 - - https://access.redhat.com/errata/RHSA-2026:3782 - - https://access.redhat.com/errata/RHSA-2026:3958 + - https://nvd.nist.gov/vuln/detail/CVE-2022-25146 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps + - https://www.securitum.pl generated_from: - nvd - status: candidate executable: false - id: CVE-2026-22029-CANDIDATE - cve_id: CVE-2026-22029 - name: Candidate detection for CVE-2026-22029 - severity: high - cvss: 8.0 + id: CVE-2022-24573-CANDIDATE + cve_id: CVE-2022-24573 + name: Candidate detection for CVE-2022-24573 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: React Router is a router for React. In @remix-run/router version prior - to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) - SPA open navigation redirects originating from loaders or actions in Framework - Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended - javascript execution on the client. This is only an issue if you are creating - redirect paths from untrusted content or via an open redirect. There is no impact - if Declarative Mode () is being used. This issue has been patched - in @remix-run/router version 1.23.2 and react-router version 7.12.0. + description: A stored cross-site scripting (XSS) vulnerability in the admin interface + in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access + by injecting a malicious script in the User-Agent field. detection: payload: null verify: null @@ -8841,33 +7768,30 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-22029 - - https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx - - https://access.redhat.com/errata/RHSA-2026:13542 - - https://access.redhat.com/errata/RHSA-2026:13548 - - https://access.redhat.com/errata/RHSA-2026:1517 + - https://nvd.nist.gov/vuln/detail/CVE-2022-24573 + - https://www.element-it.com/news.aspx generated_from: - nvd - status: candidate executable: false - id: CVE-2025-68493-CANDIDATE - cve_id: CVE-2025-68493 - name: Candidate detection for CVE-2025-68493 + id: CVE-2021-42950-CANDIDATE + cve_id: CVE-2021-42950 + name: Candidate detection for CVE-2021-42950 severity: high - cvss: 8.1 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Missing XML Validation vulnerability in Apache Struts, Apache Struts. - - - This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from - 2.2.1 through 6.1.0. - - - Users are recommended to upgrade to version 6.1.1, which fixes the issue.' + description: Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks + all previous versions before October 25 2021. Users can register for an account + and are allocated a set number of credits to try the product. Once users authenticate, + they can proceed to create a new organization by which additional users can be + added for various collaboration abilities, which allows malicious user to create + new Zepl Notebooks with various languages, contexts, and deployment scenarios. + Upon creating a new notebook with specially crafted malicious code, a user can + then launch remote code execution. detection: payload: null verify: null @@ -8875,32 +7799,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-68493 - - https://cwiki.apache.org/confluence/display/WW/S2-069 - - https://access.redhat.com/security/cve/CVE-2025-68493 - - https://bugzilla.redhat.com/show_bug.cgi?id=2428559 - - https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68493.json + - https://nvd.nist.gov/vuln/detail/CVE-2021-42950 + - https://seclists.org/fulldisclosure/2022/Feb/31 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-22771-CANDIDATE - cve_id: CVE-2026-22771 - name: Candidate detection for CVE-2026-22771 + id: CVE-2022-23327-CANDIDATE + cve_id: CVE-2022-23327 + name: Candidate detection for CVE-2022-23327 severity: high - cvss: 8.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Envoy Gateway is an open source project for managing Envoy Proxy as - a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, - EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the - proxy's credentials. These credentials can then be used to communicate with the - control plane and gain access to all secrets that are used by Envoy proxy, e.g. - TLS private keys and credentials used for downstream and upstream communication. - This vulnerability is fixed in 1.5.7 and 1.6.2. + description: A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker + node to send 5120 future transactions with a high gas price in one message, which + can purge all of pending transactions in a victim node's memory pool, causing + a denial of service (DoS). detection: payload: null verify: null @@ -8908,18 +7826,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-22771 - - https://github.com/envoyproxy/gateway/security/advisories/GHSA-xrwg-mqj6-6m22 - - https://access.redhat.com/security/cve/CVE-2026-22771 - - https://bugzilla.redhat.com/show_bug.cgi?id=2428735 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22771.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-23327 + - https://dl.acm.org/doi/pdf/10.1145/3460120.3485369 + - https://tristartom.github.io/docs/ccs21.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2025-15514-CANDIDATE - cve_id: CVE-2025-15514 - name: Candidate detection for CVE-2025-15514 + id: CVE-2022-23328-CANDIDATE + cve_id: CVE-2022-23328 + name: Candidate detection for CVE-2022-23328 severity: high cvss: 7.5 risk_level: unknown @@ -8927,17 +7843,12 @@ priority: cisa_kev: false exploitdb_reference: false - description: Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer - dereference vulnerability in the multi-modal model image processing functionality. - When processing base64-encoded image data via the /api/chat endpoint, the application - fails to validate that the decoded data represents valid media before passing - it to the mtmd_helper_bitmap_init_from_buf function. This function can return - NULL for malformed input, but the code does not check this return value before - dereferencing the pointer in subsequent operations. A remote attacker can exploit - this by sending specially crafted base64 image data that decodes to invalid media, - causing a segmentation fault and crashing the runner process. This results in - a denial of service condition where the model becomes unavailable to all users - until the service is restarted. + description: A design flaw in all versions of Go-Ethereum allows an attacker node + to send 5120 pending transactions of a high gas price from one account that all + fully spend the full balance of the account to a victim Geth node, which can purge + all of pending transactions in a victim node's memory pool and then occupy the + memory pool to prevent new transactions from entering the pool, resulting in a + denial of service (DoS). detection: payload: null verify: null @@ -8945,28 +7856,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-15514 - - https://https://github.com/ollama/ollama - - https://huntr.com/bounties/172df98b-07cd-41ea-a628-366f8cd525c0 - - https://ollama.com/ - - https://www.vulncheck.com/advisories/ollama-multi-modal-image-processing-null-pointer-dereference + - https://nvd.nist.gov/vuln/detail/CVE-2022-23328 + - https://dl.acm.org/doi/pdf/10.1145/3460120.3485369 + - https://tristartom.github.io/docs/ccs21.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2026-0877-CANDIDATE - cve_id: CVE-2026-0877 - name: Candidate detection for CVE-2026-0877 - severity: high - cvss: 8.1 + id: CVE-2020-18324-CANDIDATE + cve_id: CVE-2020-18324 + name: Candidate detection for CVE-2020-18324 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Mitigation bypass in the DOM: Security component. This vulnerability - was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, - and Thunderbird 140.7.' + description: Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 + via the q parameter in the Kickstart template. detection: payload: null verify: null @@ -8974,28 +7882,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-0877 - - https://bugzilla.mozilla.org/show_bug.cgi?id=1999257 - - https://www.mozilla.org/security/advisories/mfsa2026-01/ - - https://www.mozilla.org/security/advisories/mfsa2026-02/ - - https://www.mozilla.org/security/advisories/mfsa2026-03/ + - https://nvd.nist.gov/vuln/detail/CVE-2020-18324 + - https://github.com/hamm0nz/CVE-2020-18324 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-0878-CANDIDATE - cve_id: CVE-2026-0878 - name: Candidate detection for CVE-2026-0878 - severity: high - cvss: 8.0 + id: CVE-2020-18325-CANDIDATE + cve_id: CVE-2020-18325 + name: Candidate detection for CVE-2020-18325 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Sandbox escape due to incorrect boundary conditions in the Graphics: - CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR - 140.7, Thunderbird 147, and Thunderbird 140.7.' + description: Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants + Subrion CMS v4.2.1 in the Configuration panel. detection: payload: null verify: null @@ -9003,28 +7907,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-0878 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2003989 - - https://www.mozilla.org/security/advisories/mfsa2026-01/ - - https://www.mozilla.org/security/advisories/mfsa2026-03/ - - https://www.mozilla.org/security/advisories/mfsa2026-04/ + - https://nvd.nist.gov/vuln/detail/CVE-2020-18325 + - https://github.com/hamm0nz/CVE-2020-18325 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-0879-CANDIDATE - cve_id: CVE-2026-0879 - name: Candidate detection for CVE-2026-0879 - severity: critical - cvss: 9.8 + id: CVE-2020-18326-CANDIDATE + cve_id: CVE-2020-18326 + name: Candidate detection for CVE-2020-18326 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Sandbox escape due to incorrect boundary conditions in the Graphics - component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox - ESR 140.7, Thunderbird 147, and Thunderbird 140.7. + description: Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants + Subrion CMS v4.2.1 via the Members administrator function, which could let a remote + unauthenticated malicious user send an authorised request to victim and successfully + create an arbitrary administrator user. detection: payload: null verify: null @@ -9032,28 +7934,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-0879 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2004602 - - https://www.mozilla.org/security/advisories/mfsa2026-01/ - - https://www.mozilla.org/security/advisories/mfsa2026-02/ - - https://www.mozilla.org/security/advisories/mfsa2026-03/ + - https://nvd.nist.gov/vuln/detail/CVE-2020-18326 + - https://github.com/hamm0nz/CVE-2020-18326 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-0880-CANDIDATE - cve_id: CVE-2026-0880 - name: Candidate detection for CVE-2026-0880 - severity: high - cvss: 8.8 + id: CVE-2021-41657-CANDIDATE + cve_id: CVE-2021-41657 + name: Candidate detection for CVE-2021-41657 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Sandbox escape due to integer overflow in the Graphics component. This - vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, - Thunderbird 147, and Thunderbird 140.7. + description: SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability + in the web UI which would allow an attacker to conduct a clickjacking attack. detection: payload: null verify: null @@ -9061,27 +7959,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-0880 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2005014 - - https://www.mozilla.org/security/advisories/mfsa2026-01/ - - https://www.mozilla.org/security/advisories/mfsa2026-02/ - - https://www.mozilla.org/security/advisories/mfsa2026-03/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-41657 + - https://gist.github.com/rvismit/2b1a10a48104e01f575cc948da69df19 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-0881-CANDIDATE - cve_id: CVE-2026-0881 - name: Candidate detection for CVE-2026-0881 + id: CVE-2022-23383-CANDIDATE + cve_id: CVE-2022-23383 + name: Candidate detection for CVE-2022-23383 severity: critical - cvss: 10.0 + cvss: 9.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Sandbox escape in the Messaging System component. This vulnerability - was fixed in Firefox 147 and Thunderbird 147. + description: YzmCMS v6.3 is affected by broken access control. Without login, unauthorized + access to the user's personal home page can be realized. It is necessary to judge + the user's login status before accessing the personal home page, but the vulnerability + can access other users' home pages through the non login status because real authentication + is not carried out. detection: payload: null verify: null @@ -9089,28 +7987,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-0881 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2005845 - - https://www.mozilla.org/security/advisories/mfsa2026-01/ - - https://www.mozilla.org/security/advisories/mfsa2026-04/ - - https://access.redhat.com/security/cve/CVE-2026-0881 + - https://nvd.nist.gov/vuln/detail/CVE-2022-23383 + - https://down.chinaz.com/soft/37810.htm + - https://www.cnvd.org.cn/user/myreport/6499961 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-0882-CANDIDATE - cve_id: CVE-2026-0882 - name: Candidate detection for CVE-2026-0882 + id: CVE-2022-24618-CANDIDATE + cve_id: CVE-2022-24618 + name: Candidate detection for CVE-2022-24618 severity: high - cvss: 8.8 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Use-after-free in the IPC component. This vulnerability was fixed in - Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird - 140.7. + description: Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and + earlier has insecure permissions, which allows unprivileged local users to elevate + privileges to SYSTEM via the "Browse For Folder" window accessible by triggering + a "Repair" on the MSI package located in C:\Windows\Installer. detection: payload: null verify: null @@ -9118,30 +8015,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-0882 - - https://bugzilla.mozilla.org/show_bug.cgi?id=1924125 - - https://www.mozilla.org/security/advisories/mfsa2026-01/ - - https://www.mozilla.org/security/advisories/mfsa2026-02/ - - https://www.mozilla.org/security/advisories/mfsa2026-03/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-24618 + - https://support.heimdalsecurity.com/hc/en-us/articles/4425942979473-2-5-398-PROD-and-2-5-401-RC generated_from: - nvd - status: candidate executable: false - id: CVE-2026-0891-CANDIDATE - cve_id: CVE-2026-0891 - name: Candidate detection for CVE-2026-0891 + id: CVE-2022-24644-CANDIDATE + cve_id: CVE-2022-24644 + name: Candidate detection for CVE-2022-24644 severity: high - cvss: 8.1 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, - Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory - corruption and we presume that with enough effort some of these could have been - exploited to run arbitrary code. This vulnerability was fixed in Firefox 147, - Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. + description: ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code + execution vulnerability during an unauthenticated update. To exploit this vulnerability, + a user must trigger an update of an affected installation of KeyMouse. detection: payload: null verify: null @@ -9149,32 +8041,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-0891 - - https://bugzilla.mozilla.org/buglist.cgi?bug_id=1964722%2C2000981%2C2003100%2C2003278 - - https://www.mozilla.org/security/advisories/mfsa2026-01/ - - https://www.mozilla.org/security/advisories/mfsa2026-03/ - - https://www.mozilla.org/security/advisories/mfsa2026-04/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-24644 + - https://github.com/gerr-re/cve-2022-24644/blob/main/cve-2022-24644_public-advisory.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2026-0532-CANDIDATE - cve_id: CVE-2026-0532 - name: Candidate detection for CVE-2026-0532 + id: CVE-2022-25090-CANDIDATE + cve_id: CVE-2022-25090 + name: Candidate detection for CVE-2022-25090 severity: high - cvss: 8.6 + cvss: 8.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: 'External Control of File Name or Path (CWE-73) combined with Server-Side - Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure - through a specially crafted credentials JSON payload in the Google Gemini connector - configuration. This requires an attacker to have authenticated access with privileges - sufficient to create or modify connectors (Alerts & Connectors: All). The server - processes a configuration without proper validation, allowing for arbitrary network - requests and for arbitrary file reads.' + exploitdb_reference: true + description: Printix Secure Cloud Print Management through 1.3.1106.0 creates a + temporary temp.ini file in a directory with insecure permissions, leading to privilege + escalation because of a race condition. detection: payload: null verify: null @@ -9182,29 +8067,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-0532 - - https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-05/384524 - - https://access.redhat.com/security/cve/CVE-2026-0532 - - https://bugzilla.redhat.com/show_bug.cgi?id=2429540 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0532.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-25090 + - https://github.com/ComparedArray/printix-CVE-2022-25090 + - https://www.exploit-db.com/exploits/50812 generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2025-14242-CANDIDATE - cve_id: CVE-2025-14242 - name: Candidate detection for CVE-2025-14242 - severity: medium - cvss: 6.5 + id: CVE-2021-44620-CANDIDATE + cve_id: CVE-2021-44620 + name: Candidate detection for CVE-2021-44620 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in vsftpd. This vulnerability allows a denial of service - (DoS) via an integer overflow in the ls command parameter parsing, triggered by - a remote, authenticated attacker sending a crafted STAT command with a specific - byte sequence. + description: A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 + in adm/ntm.asp via the hosTime parameters. detection: payload: null verify: null @@ -9212,18 +8094,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-14242 - - https://access.redhat.com/errata/RHSA-2026:0605 - - https://access.redhat.com/errata/RHSA-2026:0606 - - https://access.redhat.com/errata/RHSA-2026:0608 - - https://access.redhat.com/errata/RHSA-2026:4470 + - https://nvd.nist.gov/vuln/detail/CVE-2021-44620 + - https://drive.google.com/file/d/1_9ru2GRZ13T1KQKXPq2E14-opgf9ih45/view?usp=sharing + - https://www.totolink.net/home/menu/newstpl/menu_newstpl/products/id/170.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-22853-CANDIDATE - cve_id: CVE-2026-22853 - name: Candidate detection for CVE-2026-22853 + id: CVE-2021-44087-CANDIDATE + cve_id: CVE-2021-44087 + name: Candidate detection for CVE-2021-44087 severity: critical cvss: 9.8 risk_level: unknown @@ -9231,11 +8111,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior\ - \ to 3.20.1, RDPEAR\u2019s NDR array reader does not perform bounds checking on\ - \ the on\u2011wire element count and can write past the heap buffer allocated\ - \ from hints, causing a heap buffer overflow in ndr_read_uint8Array. This vulnerability\ - \ is fixed in 3.20.1." + description: A Remote Code Execution (RCE) vulnerability exists in Sourcecodester + Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker + to upload a maliciously crafted PHP via photo upload. detection: payload: null verify: null @@ -9243,29 +8121,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-22853 - - https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1 - - https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-47v9-p4gp-w5ch - - https://access.redhat.com/errata/RHSA-2026:19033 - - https://access.redhat.com/errata/RHSA-2026:3068 + - https://nvd.nist.gov/vuln/detail/CVE-2021-44087 + - https://www.exploit-db.com/exploits/50801 + - https://www.sourcecodester.com/sites/default/files/download/oretnom23/apsystem.zip generated_from: - nvd - status: candidate executable: false - id: CVE-2026-22855-CANDIDATE - cve_id: CVE-2026-22855 - name: Candidate detection for CVE-2026-22855 + id: CVE-2021-44088-CANDIDATE + cve_id: CVE-2021-44088 + name: Candidate detection for CVE-2021-44088 severity: critical - cvss: 9.1 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior - to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when - cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed - in 3.20.1. + description: An SQL Injection vulnerability exists in Sourcecodester Attendance + and Payroll System v1.0 which allows a remote attacker to bypass authentication + via unsanitized login parameters. detection: payload: null verify: null @@ -9273,32 +8148,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-22855 - - https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1 - - https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rwp3-g84r-6mx9 - - https://access.redhat.com/errata/RHSA-2026:19033 - - https://access.redhat.com/errata/RHSA-2026:3067 + - https://nvd.nist.gov/vuln/detail/CVE-2021-44088 + - https://www.exploit-db.com/exploits/50802 + - https://www.sourcecodester.com/sites/default/files/download/oretnom23/apsystem.zip generated_from: - nvd - status: candidate executable: false - id: CVE-2026-22858-CANDIDATE - cve_id: CVE-2026-22858 - name: Candidate detection for CVE-2026-22858 + id: CVE-2021-45834-CANDIDATE + cve_id: CVE-2021-45834 + name: Candidate detection for CVE-2021-45834 severity: critical - cvss: 9.1 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'FreeRDP is a free implementation of the Remote Desktop Protocol. Prior - to 3.20.1, global-buffer-overflow was observed in FreeRDP''s Base64 decoding path. - The root cause appears to be implementation-defined char signedness: on Arm/AArch64 - builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized - into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may - bypass the intended range restriction and be used as an index into a global lookup - table, causing out-of-bounds access. This vulnerability is fixed in 3.20.1.' + description: An attacker can upload or transfer files of dangerous types to the + OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically + processed within the product's environment or lead to arbitrary code execution. detection: payload: null verify: null @@ -9306,29 +8175,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-22858 - - https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1 - - https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qmqf-m84q-x896 - - https://access.redhat.com/errata/RHSA-2026:19033 - - https://access.redhat.com/errata/RHSA-2026:3067 + - https://nvd.nist.gov/vuln/detail/CVE-2021-45834 + - https://github.com/opendocman/opendocman + - https://github.com/opendocman/opendocman/issues/326 + - https://github.com/opendocman/opendocman/issues/330 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-22859-CANDIDATE - cve_id: CVE-2026-22859 - name: Candidate detection for CVE-2026-22859 + id: CVE-2022-25578-CANDIDATE + cve_id: CVE-2022-25578 + name: Candidate detection for CVE-2022-25578 severity: critical - cvss: 9.1 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior\ - \ to 3.20.1, the URBDRC client does not perform bounds checking on server\u2011\ - supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup,\ - \ causing an out\u2011of\u2011bounds read. This vulnerability is fixed in 3.20.1." + description: taocms v3.0.2 allows attackers to execute code injection via arbitrarily + editing the .htaccess file. detection: payload: null verify: null @@ -9336,18 +8202,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-22859 - - https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1 - - https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-56f5-76qv-2r36 - - https://access.redhat.com/errata/RHSA-2026:19033 - - https://access.redhat.com/errata/RHSA-2026:3067 + - https://nvd.nist.gov/vuln/detail/CVE-2022-25578 + - https://github.com/taogogo/taocms/issues/28 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-0897-CANDIDATE - cve_id: CVE-2026-0897 - name: Candidate detection for CVE-2026-0897 + id: CVE-2022-23345-CANDIDATE + cve_id: CVE-2022-23345 + name: Candidate detection for CVE-2022-23345 severity: high cvss: 7.5 risk_level: unknown @@ -9355,11 +8218,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: "Allocation of Resources Without Limits or Throttling in the HDF5 weight\ - \ loading component\_in Google\_Keras\_3.0.0 through 3.13.0\_on all platforms\_\ - allows a remote attacker\_to cause a Denial of Service (DoS) through memory exhaustion\ - \ and a crash of the Python interpreter\_via a crafted .keras archive containing\ - \ a valid model.weights.h5 file whose dataset declares an extremely large shape." + description: BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect + access control. detection: payload: null verify: null @@ -9367,31 +8227,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-0897 - - https://github.com/keras-team/keras/pull/21880 - - https://access.redhat.com/errata/RHSA-2026:3713 - - https://access.redhat.com/errata/RHSA-2026:3782 - - https://access.redhat.com/errata/RHSA-2026:4271 + - https://nvd.nist.gov/vuln/detail/CVE-2022-23345 + - https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23345 + - https://www.bigantsoft.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-0989-CANDIDATE - cve_id: CVE-2026-0989 - name: Candidate detection for CVE-2026-0989 - severity: low - cvss: 3.7 + id: CVE-2022-23346-CANDIDATE + cve_id: CVE-2022-23346 + name: Candidate detection for CVE-2022-23346 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was identified in the RelaxNG parser of libxml2 related to how - external schema inclusions are handled. The parser does not enforce a limit on - inclusion depth when resolving nested directives. Specially crafted - or overly complex schemas can cause excessive recursion during parsing. This may - lead to stack exhaustion and application crashes, creating a denial-of-service - risk. + description: BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect + access control issues. detection: payload: null verify: null @@ -9399,32 +8253,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-0989 - - https://access.redhat.com/errata/RHSA-2026:7519 - - https://access.redhat.com/security/cve/CVE-2026-0989 - - https://bugzilla.redhat.com/show_bug.cgi?id=2429933 - - https://gitlab.gnome.org/GNOME/libxml2/-/issues/998 + - https://nvd.nist.gov/vuln/detail/CVE-2022-23346 + - https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23346 + - https://www.bigantsoft.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-0990-CANDIDATE - cve_id: CVE-2026-0990 - name: Candidate detection for CVE-2026-0990 - severity: medium - cvss: 5.9 + id: CVE-2022-23347-CANDIDATE + cve_id: CVE-2022-23347 + name: Candidate detection for CVE-2022-23347 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libxml2, an XML parsing library. This uncontrolled - recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an - XML catalog contains a delegate URI entry that references itself. A remote attacker - could exploit this configuration-dependent issue by providing a specially crafted - XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately - results in a segmentation fault, causing a Denial of Service (DoS) by crashing - affected applications. + description: BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable + to directory traversal attacks. detection: payload: null verify: null @@ -9432,31 +8279,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-0990 - - https://access.redhat.com/errata/RHSA-2026:7519 - - https://access.redhat.com/security/cve/CVE-2026-0990 - - https://bugzilla.redhat.com/show_bug.cgi?id=2429959 - - https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 + - https://nvd.nist.gov/vuln/detail/CVE-2022-23347 + - https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23347 + - https://www.bigantsoft.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-0992-CANDIDATE - cve_id: CVE-2026-0992 - name: Candidate detection for CVE-2026-0992 - severity: low - cvss: 2.9 + id: CVE-2022-23348-CANDIDATE + cve_id: CVE-2022-23348 + name: Candidate detection for CVE-2022-23348 + severity: medium + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the libxml2 library. This uncontrolled resource - consumption vulnerability occurs when processing XML catalogs that contain repeated - elements pointing to the same downstream catalog. A remote attacker - can exploit this by supplying crafted catalogs, causing the parser to redundantly - traverse catalog chains. This leads to excessive CPU consumption and degrades - application availability, resulting in a denial-of-service condition. + description: BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak + password hashes. detection: payload: null verify: null @@ -9464,33 +8305,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-0992 - - https://access.redhat.com/errata/RHSA-2026:7519 - - https://access.redhat.com/security/cve/CVE-2026-0992 - - https://bugzilla.redhat.com/show_bug.cgi?id=2429975 - - https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 + - https://nvd.nist.gov/vuln/detail/CVE-2022-23348 + - https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23348 + - https://www.bigantsoft.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-22774-CANDIDATE - cve_id: CVE-2026-22774 - name: Candidate detection for CVE-2026-22774 + id: CVE-2022-23349-CANDIDATE + cve_id: CVE-2022-23349 + name: Candidate detection for CVE-2022-23349 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Svelte devalue is a JavaScript library that serializes values into - strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, - certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, - potentially leading to denial of service in systems that parse input from untrusted - sources. This affects applications using devalue.parse on externally-supplied - data. The root cause is the typed array hydration expecting an ArrayBuffer as - input, but not checking the assumption before creating the typed array. This vulnerability - is fixed in 5.6.2. + description: BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site + Request Forgery (CSRF). detection: payload: null verify: null @@ -9498,33 +8331,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-22774 - - https://github.com/sveltejs/devalue/commit/e46afa64dd2b25aa35fb905ba5d20cea63aabbf7 - - https://github.com/sveltejs/devalue/releases/tag/v5.6.2 - - https://github.com/sveltejs/devalue/security/advisories/GHSA-vw5p-8cq8-m7mv - - https://access.redhat.com/errata/RHSA-2026:2144 + - https://nvd.nist.gov/vuln/detail/CVE-2022-23349 + - https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23349 + - https://www.bigantsoft.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-22775-CANDIDATE - cve_id: CVE-2026-22775 - name: Candidate detection for CVE-2026-22775 - severity: high - cvss: 7.5 + id: CVE-2022-23350-CANDIDATE + cve_id: CVE-2022-23350 + name: Candidate detection for CVE-2022-23350 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Svelte devalue is a JavaScript library that serializes values into - strings when JSON.stringify isn't sufficient for the job. From 5.1.0 to 5.6.1, - certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, - potentially leading to denial of service in systems that parse input from untrusted - sources. This affects applications using devalue.parse on externally-supplied - data. The root cause is the ArrayBuffer hydration expecting base64 encoded strings - as input, but not checking the assumption before decoding the input. This vulnerability - is fixed in 5.6.2. + description: BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site + scripting (XSS) vulnerability. detection: payload: null verify: null @@ -9532,18 +8357,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-22775 - - https://github.com/sveltejs/devalue/commit/11755849fa0634ae294a15ec0aef2f43efcad7c4 - - https://github.com/sveltejs/devalue/releases/tag/v5.6.2 - - https://github.com/sveltejs/devalue/security/advisories/GHSA-g2pg-6438-jwpf - - https://access.redhat.com/errata/RHSA-2026:2144 + - https://nvd.nist.gov/vuln/detail/CVE-2022-23350 + - https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23350 + - https://www.bigantsoft.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2021-47814-CANDIDATE - cve_id: CVE-2021-47814 - name: Candidate detection for CVE-2021-47814 + id: CVE-2022-23352-CANDIDATE + cve_id: CVE-2022-23352 + name: Candidate detection for CVE-2022-23352 severity: high cvss: 7.5 risk_level: unknown @@ -9551,10 +8374,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: NBMonitor 1.6.8 contains a denial of service vulnerability that allows - attackers to crash the application by overflowing the registration code input - field. Attackers can paste a 256-character buffer into the registration key field - to trigger an application crash and potential system instability. + description: An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial + of Service (DoS). detection: payload: null verify: null @@ -9562,27 +8383,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2021-47814 - - https://www.exploit-db.com/exploits/49964 - - https://www.vulncheck.com/advisories/nbmonitor-denial-of-service-poc + - https://nvd.nist.gov/vuln/detail/CVE-2022-23352 + - https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23352 + - https://www.bigantsoft.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2021-47839-CANDIDATE - cve_id: CVE-2021-47839 - name: Candidate detection for CVE-2021-47839 - severity: high - cvss: 7.2 + id: CVE-2021-45756-CANDIDATE + cve_id: CVE-2021-45756 + name: Candidate detection for CVE-2021-45756 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Marky 0.0.1 contains a persistent cross-site scripting vulnerability - that allows attackers to inject malicious scripts into markdown files. Attackers - can upload crafted markdown files with embedded JavaScript payloads that execute - when the file is opened, potentially enabling remote code execution. + description: Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are + affected by a buffer overflow in blocking_request.cgi. detection: payload: null verify: null @@ -9590,18 +8409,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2021-47839 - - https://github.com/vesparny/marky - - https://imgur.com/a/qclfrUx - - https://www.exploit-db.com/exploits/49831 - - https://www.vulncheck.com/advisories/marky-persistent-cross-site-scripting + - https://nvd.nist.gov/vuln/detail/CVE-2021-45756 + - https://github.com/IBUILI/Asus generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23490-CANDIDATE - cve_id: CVE-2026-23490 - name: Candidate detection for CVE-2026-23490 + id: CVE-2021-45757-CANDIDATE + cve_id: CVE-2021-45757 + name: Candidate detection for CVE-2021-45757 severity: high cvss: 7.5 risk_level: unknown @@ -9609,9 +8425,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service - issue has been found that leads to memory exhaustion from malformed RELATIVE-OID - with excessive continuation octets. This vulnerability is fixed in 0.6.2. + description: ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in + blocking.cgi, which may cause a denial of service (DoS). detection: payload: null verify: null @@ -9619,31 +8434,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23490 - - https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970 - - https://github.com/pyasn1/pyasn1/releases/tag/v0.6.2 - - https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq - - https://lists.debian.org/debian-lts-announce/2026/02/msg00002.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-45757 + - https://github.com/IBUILI/Asus generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23745-CANDIDATE - cve_id: CVE-2026-23745 - name: Candidate detection for CVE-2026-23745 - severity: medium - cvss: 6.1 + id: CVE-2021-46064-CANDIDATE + cve_id: CVE-2021-46064 + name: Candidate detection for CVE-2021-46064 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails - to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths - is false (the default secure behavior). This allows malicious archives to bypass - the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks - and Symlink Poisoning via absolute symlink targets. This vulnerability is fixed - in 7.5.3. + description: IrfanView 4.59 is vulnerable to buffer overflow via the function at + address 0x413c70 (in 32bit version of the binary). The vulnerability triggers + when the user opens malicious .tiff image. detection: payload: null verify: null @@ -9651,33 +8460,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23745 - - https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e - - https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97 - - https://access.redhat.com/errata/RHSA-2026:18480 - - https://access.redhat.com/errata/RHSA-2026:18868 + - https://nvd.nist.gov/vuln/detail/CVE-2021-46064 + - https://www.irfanview.info/main_history.htm generated_from: - nvd - status: candidate executable: false - id: CVE-2025-68616-CANDIDATE - cve_id: CVE-2025-68616 - name: Candidate detection for CVE-2025-68616 - severity: high - cvss: 7.5 + id: CVE-2022-25574-CANDIDATE + cve_id: CVE-2022-25574 + name: Candidate detection for CVE-2022-25574 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: WeasyPrint helps web developers to create PDF documents. Prior to version - 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's - `default_url_fetcher`. The vulnerability allows attackers to access internal network - resources (such as `localhost` services or cloud metadata endpoints) even when - a developer has implemented a custom `url_fetcher` to block such access. This - occurs because the underlying `urllib` library follows HTTP redirects automatically - without re-validating the new destination against the developer's security policy. - Version 68.0 contains a patch for the issue. + description: A stored cross-site scripting (XSS) vulnerability in the upload function + of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via + a crafted image file. detection: payload: null verify: null @@ -9685,32 +8486,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-68616 - - https://github.com/Kozea/WeasyPrint/commit/b6a14f0f3f4ce9c0c75c1a2d73cb1c5d43f0e565 - - https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-983w-rhvv-gwmv - - https://access.redhat.com/security/cve/CVE-2025-68616 - - https://bugzilla.redhat.com/show_bug.cgi?id=2430858 + - https://nvd.nist.gov/vuln/detail/CVE-2022-25574 + - https://github.com/aqianhei/aqian/issues/1#issue-1142472278 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23530-CANDIDATE - cve_id: CVE-2026-23530 - name: Candidate detection for CVE-2026-23530 - severity: critical - cvss: 9.8 + id: CVE-2022-26263-CANDIDATE + cve_id: CVE-2022-26263 + name: Candidate detection for CVE-2022-26263 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior\ - \ to version 3.21.0,`freerdp_bitmap_decompress_planar` does not validate `nSrcWidth`/`nSrcHeight`\ - \ against `planar->maxWidth`/`maxHeight` before RLE decode. A malicious server\ - \ can trigger a client\u2011side heap buffer overflow, causing a crash (DoS) and\ - \ potential heap corruption with code\u2011execution risk depending on allocator\ - \ behavior and surrounding heap layout. Version 3.21.0 contains a patch for the\ - \ issue." + description: Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting + (XSS) vulnerability via the component /u8sl/WebHelp. detection: payload: null verify: null @@ -9718,33 +8511,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23530 - - https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/planar.c#L1689-L1696 - - https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/planar.c#L1713-L1716 - - https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/planar.c#L951-L953 - - https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0 + - https://nvd.nist.gov/vuln/detail/CVE-2022-26263 + - https://github.com/k0xx11/Vulscve/blob/master/yonyouu8-xss.md + - https://www.yonyou.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23531-CANDIDATE - cve_id: CVE-2026-23531 - name: Candidate detection for CVE-2026-23531 - severity: critical - cvss: 9.8 + id: CVE-2022-25590-CANDIDATE + cve_id: CVE-2022-25590 + name: Candidate detection for CVE-2022-25590 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior\ - \ to version 3.21.0, in ClearCodec, when `glyphData` is present, `clear_decompress`\ - \ calls `freerdp_image_copy_no_overlap` without validating the destination rectangle,\ - \ allowing an out-of-bounds read/write via crafted RDPGFX surface updates. A malicious\ - \ server can trigger a client\u2011side heap buffer overflow, causing a crash\ - \ (DoS) and potential heap corruption with code\u2011execution risk depending\ - \ on allocator behavior and surrounding heap layout. Version 3.21.0 contains a\ - \ patch for the issue." + description: SurveyKing v0.2.0 was discovered to retain users' session cookies after + logout, allowing attackers to login to the system and access data using the browser + cache when the user exits the application. detection: payload: null verify: null @@ -9752,32 +8538,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23531 - - https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/clear.c#L1139-L1145 - - https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0 - - https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xj5h-9cr5-23c5 - - https://access.redhat.com/errata/RHSA-2026:2048 + - https://nvd.nist.gov/vuln/detail/CVE-2022-25590 + - https://github.com/javahuang/SurveyKing + - https://github.com/javahuang/SurveyKing/issues/7 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23532-CANDIDATE - cve_id: CVE-2026-23532 - name: Candidate detection for CVE-2026-23532 - severity: critical - cvss: 9.8 + id: CVE-2022-25523-CANDIDATE + cve_id: CVE-2022-25523 + name: Candidate detection for CVE-2022-25523 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior\ - \ to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP\ - \ client\u2019s `gdi_SurfaceToSurface` path due to a mismatch between destination\ - \ rectangle clamping and the actual copy size. A malicious server can trigger\ - \ a client\u2011side heap buffer overflow, causing a crash (DoS) and potential\ - \ heap corruption with code\u2011execution risk depending on allocator behavior\ - \ and surrounding heap layout. Version 3.21.0 contains a patch for the issue." + description: TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery + (CSRF) which is exploited via a crafted POST request. detection: payload: null verify: null @@ -9785,32 +8564,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23532 - - https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/gdi/gfx.c#L1368-L1382 - - https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0 - - https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fq8c-87hj-7gvr - - https://access.redhat.com/errata/RHSA-2026:2048 + - https://nvd.nist.gov/vuln/detail/CVE-2022-25523 + - https://github.com/Typesetter/Typesetter/issues/697 + - https://www.typesettercms.com/User generated_from: - nvd - status: candidate executable: false - id: CVE-2026-22797-CANDIDATE - cve_id: CVE-2026-22797 - name: Candidate detection for CVE-2026-22797 - severity: critical - cvss: 9.9 + id: CVE-2022-26197-CANDIDATE + cve_id: CVE-2022-26197 + name: Candidate detection for CVE-2022-26197 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: An issue was discovered in OpenStack keystonemiddleware 10.5 through - 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before - 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication - headers before processing OAuth 2.0 tokens. By sending forged identity headers - such as X-Is-Admin-Project, X-Roles, or X-User-Id, an authenticated attacker may - escalate privileges or impersonate other users. All deployments using the external_oauth2_token - middleware are affected. + description: Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability + via the Datalist table. detection: payload: null verify: null @@ -9818,32 +8590,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-22797 - - https://launchpad.net/bugs/2129018 - - https://www.openwall.com/lists/oss-security/2026/01/16/9 - - https://access.redhat.com/errata/RHSA-2026:3402 - - https://access.redhat.com/errata/RHSA-2026:3855 + - https://nvd.nist.gov/vuln/detail/CVE-2022-26197 + - https://gist.github.com/CrimsonHamster/1aeec6db0d740de6ed4690f6a975f377 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23533-CANDIDATE - cve_id: CVE-2026-23533 - name: Candidate detection for CVE-2026-23533 - severity: critical - cvss: 9.8 + id: CVE-2021-40904-CANDIDATE + cve_id: CVE-2021-40904 + name: Candidate detection for CVE-2021-40904 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior\ - \ to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec\ - \ decode path when maliciously crafted residual data causes out-of-bounds writes\ - \ during color output. A malicious server can trigger a client\u2011side heap\ - \ buffer overflow, causing a crash (DoS) and potential heap corruption with code\u2011\ - execution risk depending on allocator behavior and surrounding heap layout. Version\ - \ 3.21.0 contains a patch for the issue." + description: The web management console of CheckMK Raw Edition (versions 1.5.0 to + 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), + which allows embedded php code. As a result, remote code execution is achieved. + Successful exploitation requires access to the web management interface, either + with valid credentials or with a hijacked session by a user with the role of administrator. detection: payload: null verify: null @@ -9851,32 +8618,29 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23533 - - https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/clear.c#L268-L281 - - https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/clear.c#L336 - - https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0 - - https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-32q9-m5qr-9j2v + - https://nvd.nist.gov/vuln/detail/CVE-2021-40904 + - https://github.com/Edgarloyola/CVE-2021-40904 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23534-CANDIDATE - cve_id: CVE-2026-23534 - name: Candidate detection for CVE-2026-23534 - severity: critical - cvss: 9.8 + id: CVE-2021-40905-CANDIDATE + cve_id: CVE-2021-40905 + name: Candidate detection for CVE-2021-40905 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior\ - \ to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec\ - \ bands decode path when crafted band coordinates allow writes past the end of\ - \ the destination surface buffer. A malicious server can trigger a client\u2011\ - side heap buffer overflow, causing a crash (DoS) and potential heap corruption\ - \ with code\u2011execution risk depending on allocator behavior and surrounding\ - \ heap layout. Version 3.21.0 contains a patch for the issue." + description: 'The web management console of CheckMK Enterprise Edition (versions + 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which + are Extension Packages, making remote code execution possible. Successful exploitation + requires access to the web management interface, either with valid credentials + or with a hijacked session of a user with administrator role. NOTE: the vendor + states that this is the intended behavior: admins are supposed to be able to execute + code in this manner.' detection: payload: null verify: null @@ -9884,32 +8648,30 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23534 - - https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/clear.c#L878-L879 - - https://github.com/FreeRDP/FreeRDP/blob/38514dfa5813aa945a86cfbcec279033f8394468/libfreerdp/codec/clear.c#L883-L884 - - https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0 - - https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3frr-mp8w-4599 + - https://nvd.nist.gov/vuln/detail/CVE-2021-40905 + - https://docs.checkmk.com/latest/en/mkps.html + - https://github.com/Edgarloyola/CVE-2021-40905 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23883-CANDIDATE - cve_id: CVE-2026-23883 - name: Candidate detection for CVE-2026-23883 - severity: critical - cvss: 9.8 + id: CVE-2021-40906-CANDIDATE + cve_id: CVE-2021-40906 + name: Candidate detection for CVE-2021-40906 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior\ - \ to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure, then `pointer_free`\ - \ calls `xf_Pointer_Free` and frees it again, triggering ASan UAF. A malicious\ - \ server can trigger a client\u2011side use after free, causing a crash (DoS)\ - \ and potential heap corruption with code\u2011execution risk depending on allocator\ - \ behavior and surrounding heap layout. Version 3.21.0 contains a patch for the\ - \ issue." + description: CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise + the input of a web service parameter that is in an unauthenticated zone. This + Reflected XSS allows an attacker to open a backdoor on the device with HTML content + and interpreted by the browser (such as JavaScript or other client-side scripts) + or to steal the session cookies of a user who has previously authenticated via + a man in the middle. Successful exploitation requires access to the web service + resource without authentication. detection: payload: null verify: null @@ -9917,32 +8679,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23883 - - https://github.com/FreeRDP/FreeRDP/blob/3370e30e92a021eb680892dda14d642bc8b8727c/client/X11/xf_graphics.c#L312-L319 - - https://github.com/FreeRDP/FreeRDP/blob/3370e30e92a021eb680892dda14d642bc8b8727c/client/X11/xf_graphics.c#L340 - - https://github.com/FreeRDP/FreeRDP/blob/3370e30e92a021eb680892dda14d642bc8b8727c/libfreerdp/cache/pointer.c#L164-L174 - - https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0 + - https://nvd.nist.gov/vuln/detail/CVE-2021-40906 + - https://github.com/Edgarloyola/CVE-2021-40906 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23884-CANDIDATE - cve_id: CVE-2026-23884 - name: Candidate detection for CVE-2026-23884 + id: CVE-2022-26258-CANDIDATE + cve_id: CVE-2022-26258 + name: Candidate detection for CVE-2022-26258 severity: critical cvss: 9.8 risk_level: unknown requires_confirmation: true priority: - cisa_kev: false + cisa_kev: true exploitdb_reference: false - description: "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior\ - \ to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing` pointing\ - \ to freed memory, causing UAF when related update packets arrive. A malicious\ - \ server can trigger a client\u2011side use after free, causing a crash (DoS)\ - \ and potential heap corruption with code\u2011execution risk depending on allocator\ - \ behavior and surrounding heap layout. Version 3.21.0 contains a patch for the\ - \ issue." + description: D-Link DIR-820L 1.05B03 was discovered to contain remote command execution + (RCE) vulnerability via HTTP POST to get set ccp. detection: payload: null verify: null @@ -9950,32 +8704,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23884 - - https://github.com/FreeRDP/FreeRDP/blob/3370e30e92a021eb680892dda14d642bc8b8727c/libfreerdp/cache/offscreen.c#L114-L122 - - https://github.com/FreeRDP/FreeRDP/blob/3370e30e92a021eb680892dda14d642bc8b8727c/libfreerdp/cache/offscreen.c#L87-L91 - - https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0 - - https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cfgj-vc84-f3pp + - https://nvd.nist.gov/vuln/detail/CVE-2022-26258 + - https://github.com/skyedai910/Vuln/tree/master/DIR-820L/command_execution_0 + - https://github.com/zhizhuoshuma/cve_info_data/blob/ccaed4b94ba762eb8a8e003bfa762a7754b8182e/Vuln/Vuln/DIR-820L/command_execution_0/README.md + - https://www.dlink.com/en/security-bulletin/ + - https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26258 + - https://www.cisa.gov/known-exploited-vulnerabilities-catalog generated_from: - nvd + - cisa_kev - status: candidate executable: false - id: CVE-2026-23876-CANDIDATE - cve_id: CVE-2026-23876 - name: Candidate detection for CVE-2026-23876 - severity: high - cvss: 8.1 + id: CVE-2022-25521-CANDIDATE + cve_id: CVE-2022-25521 + name: Candidate detection for CVE-2022-25521 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: ImageMagick is free and open-source software used for editing and manipulating - digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow - vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write - controlled data past the allocated heap buffer when processing a maliciously crafted - image file. Any operation that reads or identifies an image can trigger the overflow, - making it exploitable via common image upload and processing pipelines. Versions - 7.1.2-13 and 6.9.13-38 fix the issue. + description: NUUO v03.11.00 was discovered to contain access control issue. detection: payload: null verify: null @@ -9983,48 +8733,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23876 - - https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8 - - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8 - - https://access.redhat.com/errata/RHSA-2026:3058 - - https://access.redhat.com/security/cve/CVE-2026-23876 + - https://nvd.nist.gov/vuln/detail/CVE-2022-25521 + - https://medium.com/@dnyaneshgawande111/use-of-default-credentials-to-unauthorised-remote-access-of-internal-panel-of-network-video-5490d107fa0 + - https://medium.com/%40dnyaneshgawande111/use-of-default-credentials-to-unauthorised-remote-access-of-internal-panel-of-network-video-5490d107fa0 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23950-CANDIDATE - cve_id: CVE-2026-23950 - name: Candidate detection for CVE-2026-23950 - severity: high - cvss: 8.8 + id: CVE-2022-26244-CANDIDATE + cve_id: CVE-2022-26244 + name: Candidate detection for CVE-2022-26244 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "node-tar,a Tar for Node.js, has a race condition vulnerability in\ - \ versions up to and including 7.5.3. This is due to an incomplete handling of\ - \ Unicode path collisions in the `path-reservations` system. On case-insensitive\ - \ or normalization-insensitive filesystems (such as macOS APFS, In which it has\ - \ been tested), the library fails to lock colliding paths (e.g., `\xDF` and `ss`),\ - \ allowing them to be processed in parallel. This bypasses the library's internal\ - \ concurrency safeguards and permits Symlink Poisoning attacks via race conditions.\ - \ The library uses a `PathReservations` system to ensure that metadata checks\ - \ and file operations for the same path are serialized. This prevents race conditions\ - \ where one entry might clobber another concurrently. This is a Race Condition\ - \ which enables Arbitrary File Overwrite. This vulnerability affects users and\ - \ systems using node-tar on macOS (APFS/HFS+). Because of using `NFD` Unicode\ - \ normalization (in which `\xDF` and `ss` are different), conflicting paths do\ - \ not have their order properly preserved under filesystems that ignore Unicode\ - \ normalization (e.g., APFS (in which `\xDF` causes an inode collision with `ss`)).\ - \ This enables an attacker to circumvent internal parallelization locks (`PathReservations`)\ - \ using conflicting filenames within a malicious tar archive. The patch in version\ - \ 7.5.4 updates `path-reservations.js` to use a normalization form that matches\ - \ the target filesystem's behavior (e.g., `NFKD`), followed by first `toLocaleLowerCase('en')`\ - \ and then `toLocaleUpperCase('en')`. As a workaround, users who cannot upgrade\ - \ promptly, and who are programmatically using `node-tar` to extract arbitrary\ - \ tarball data should filter out all `SymbolicLink` entries (as npm does) to defend\ - \ against arbitrary file writes via this file system entry name collision issue." + description: A stored cross-site scripting (XSS) vulnerability in Hospital Patient + Record Management System v1.0 allows attackers to execute arbitrary web scripts + or HTML via a crafted payload injected into the "special" field. detection: payload: null verify: null @@ -10032,35 +8760,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23950 - - https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6 - - https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w - - https://access.redhat.com/errata/RHSA-2026:18480 - - https://access.redhat.com/errata/RHSA-2026:18868 + - https://nvd.nist.gov/vuln/detail/CVE-2022-26244 + - https://github.com/kishan0725/Hospital-Management-System/issues/23 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-56005-CANDIDATE - cve_id: CVE-2025-56005 - name: Candidate detection for CVE-2025-56005 - severity: critical - cvss: 9.8 + id: CVE-2021-46006-CANDIDATE + cve_id: CVE-2021-46006 + name: Candidate detection for CVE-2021-46006 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library - 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the - `yacc()` function. This parameter accepts a `.pkl` file that is deserialized with - `pickle.load()` without validation. Because `pickle` allows execution of embedded - code via `__reduce__()`, an attacker can achieve code execution by passing a malicious - pickle file. The parameter is not mentioned in official documentation or the GitHub - repository, yet it is active in the PyPI version. This introduces a stealthy backdoor - and persistence risk. NOTE: A third-party states that this vulnerability should - be rejected because the proof of concept does not demonstrate arbitrary code execution - and fails to complete successfully.' + description: In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, + which is not authenticated. Using this function, an attacker can configure multiple + settings without authentication. detection: payload: null verify: null @@ -10068,32 +8786,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-56005 - - https://github.com/bohmiiidd/Undocumented-RCE-in-PLY - - https://github.com/bohmiiidd/Undocumument_RCE_PLY-yacc-CVE-2025-56005 - - https://github.com/tom025/ply_exploit_rejection - - https://github.com/tom025/ply_exploit_rejection/issues/1 + - https://nvd.nist.gov/vuln/detail/CVE-2021-46006 + - https://hackmd.io/vS-OfUEzSqqKh8e1PKce5A generated_from: - nvd - status: candidate executable: false - id: CVE-2025-55130-CANDIDATE - cve_id: CVE-2025-55130 - name: Candidate detection for CVE-2025-55130 + id: CVE-2021-46007-CANDIDATE + cve_id: CVE-2021-46007 + name: Candidate detection for CVE-2021-46007 severity: critical - cvss: 9.1 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A flaw in Node.js\u2019s Permissions model allows attackers to bypass\ - \ `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative\ - \ symlink paths. By chaining directories and symlinks, a script granted access\ - \ only to the current directory can escape the allowed path and read sensitive\ - \ files. This breaks the expected isolation guarantees and enables arbitrary file\ - \ read/write, leading to potential system compromise.\nThis vulnerability affects\ - \ users of the permission model on Node.js v20, v22, v24, and v25." + description: totolink a3100r V5.9c.4577 is vulnerable to os command injection. The + backend of a page is executing the "ping" command, and the input field does not + adequately filter special symbols. This can lead to command injection attacks. detection: payload: null verify: null @@ -10101,34 +8812,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-55130 - - https://nodejs.org/en/blog/vulnerability/december-2025-security-releases - - https://access.redhat.com/errata/RHSA-2026:1842 - - https://access.redhat.com/errata/RHSA-2026:1843 - - https://access.redhat.com/errata/RHSA-2026:2420 + - https://nvd.nist.gov/vuln/detail/CVE-2021-46007 + - https://hackmd.io/t_nRWxS2Q2O7GV2E5BhQMg generated_from: - nvd - status: candidate executable: false - id: CVE-2025-55131-CANDIDATE - cve_id: CVE-2025-55131 - name: Candidate detection for CVE-2025-55131 + id: CVE-2021-46008-CANDIDATE + cve_id: CVE-2021-46008 + name: Candidate detection for CVE-2021-46008 severity: high - cvss: 7.1 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw in Node.js's buffer allocation logic can expose uninitialized - memory when allocations are interrupted, when using the `vm` module with the timeout - option. Under specific timing conditions, buffers allocated with `Buffer.alloc` - and other `TypedArray` instances like `Uint8Array` may contain leftover data from - previous operations, allowing in-process secrets like tokens or passwords to leak - or causing data corruption. While exploitation typically requires precise timing - or in-process code execution, it can become remotely exploitable when untrusted - input influences workload and timeouts, leading to potential confidentiality and - integrity impact. + description: In totolink a3100r V5.9c.4577, the hard-coded telnet password can be + discovered from official released firmware. An attacker, who has connected to + the Wi-Fi, can easily telnet into the target with root shell if the telnet is + function turned on. detection: payload: null verify: null @@ -10136,32 +8839,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-55131 - - https://nodejs.org/en/blog/vulnerability/december-2025-security-releases - - https://access.redhat.com/errata/RHSA-2026:1842 - - https://access.redhat.com/errata/RHSA-2026:1843 - - https://access.redhat.com/errata/RHSA-2026:2420 + - https://nvd.nist.gov/vuln/detail/CVE-2021-46008 + - https://hackmd.io/ZkeEB-VvRiWBS53rFKG8DQ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-59465-CANDIDATE - cve_id: CVE-2025-59465 - name: Candidate detection for CVE-2025-59465 - severity: high - cvss: 7.5 + id: CVE-2021-46009-CANDIDATE + cve_id: CVE-2021-46009 + name: Candidate detection for CVE-2021-46009 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK`\ - \ data can cause Node.js to crash by triggering an unhandled `TLSSocket` error\ - \ `ECONNRESET`. Instead of safely closing the connection, the process crashes,\ - \ enabling a remote denial of service. This primarily affects applications that\ - \ do not attach explicit error handlers to secure sockets, for example:\n```\n\ - server.on('secureConnection', socket => {\n socket.on('error', err => {\n \ - \ console.log(err)\n })\n})\n```" + description: In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or + Burp Suite without authentication. Additionally, admin configurations can be set + without cookies. detection: payload: null verify: null @@ -10169,44 +8865,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-59465 - - https://nodejs.org/en/blog/vulnerability/december-2025-security-releases - - https://access.redhat.com/errata/RHSA-2026:1842 - - https://access.redhat.com/errata/RHSA-2026:1843 - - https://access.redhat.com/errata/RHSA-2026:2420 + - https://nvd.nist.gov/vuln/detail/CVE-2021-46009 + - https://hackmd.io/-riYp6Q-ReCx-dKKWFBTLg generated_from: - nvd - status: candidate executable: false - id: CVE-2026-21932-CANDIDATE - cve_id: CVE-2026-21932 - name: Candidate detection for CVE-2026-21932 + id: CVE-2021-46010-CANDIDATE + cve_id: CVE-2021-46010 + name: Candidate detection for CVE-2021-46010 severity: high - cvss: 7.4 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle - GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX). Supported - versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, - 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM - Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated - attacker with network access via multiple protocols to compromise Oracle Java - SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks - require human interaction from a person other than the attacker and while the - vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise - Edition, attacks may significantly impact additional products (scope change). - Successful attacks of this vulnerability can result in unauthorized creation, - deletion or modification access to critical data or all Oracle Java SE, Oracle - GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This - vulnerability applies to Java deployments, typically in clients running sandboxed - Java Web Start applications or sandboxed Java applets, that load and run untrusted - code (e.g., code that comes from the internet) and rely on the Java sandbox for - security. This vulnerability does not apply to Java deployments, typically in - servers, that load and run only trusted code (e.g., code installed by an administrator). - CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).' + description: Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random + Values via the web configuration. The SESSION_ID is predictable. An attacker can + hijack a valid session and conduct further malicious operations. detection: payload: null verify: null @@ -10214,41 +8891,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-21932 - - https://www.oracle.com/security-alerts/cpujan2026.html - - https://access.redhat.com/errata/RHSA-2026:0849 - - https://access.redhat.com/errata/RHSA-2026:0896 - - https://access.redhat.com/errata/RHSA-2026:0898 + - https://nvd.nist.gov/vuln/detail/CVE-2021-46010 + - https://hackmd.io/Ynwm8NnQSiK0xm7QKuNteg generated_from: - nvd - status: candidate executable: false - id: CVE-2026-21945-CANDIDATE - cve_id: CVE-2026-21945 - name: Candidate detection for CVE-2026-21945 - severity: high - cvss: 7.5 + id: CVE-2022-26644-CANDIDATE + cve_id: CVE-2022-26644 + name: Candidate detection for CVE-2022-26644 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle - GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported - versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, - 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM - Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated - attacker with network access via multiple protocols to compromise Oracle Java - SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks - of this vulnerability can result in unauthorized ability to cause a hang or frequently - repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle - GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, - typically in clients running sandboxed Java Web Start applications or sandboxed - Java applets, that load and run untrusted code (e.g., code that comes from the - internet) and rely on the Java sandbox for security. This vulnerability does not - apply to Java deployments, typically in servers, that load and run only trusted - code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Availability - impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).' + description: Online Banking System Protect v1.0 was discovered to contain multiple + cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info + and accounts management. detection: payload: null verify: null @@ -10256,30 +8917,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-21945 - - https://www.oracle.com/security-alerts/cpujan2026.html - - https://access.redhat.com/errata/RHSA-2026:0847 - - https://access.redhat.com/errata/RHSA-2026:0848 - - https://access.redhat.com/errata/RHSA-2026:0895 + - https://nvd.nist.gov/vuln/detail/CVE-2022-26644 + - https://github.com/erik-451/CVE/tree/main/CVE-2022-26644 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-13878-CANDIDATE - cve_id: CVE-2025-13878 - name: Candidate detection for CVE-2025-13878 - severity: high - cvss: 7.5 + id: CVE-2022-26645-CANDIDATE + cve_id: CVE-2022-26645 + name: Candidate detection for CVE-2022-26645 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. - - This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, - 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through - 9.20.17-S1.' + description: A remote code execution (RCE) vulnerability in Online Banking System + Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file + uploaded through the Upload Image function. detection: payload: null verify: null @@ -10287,30 +8943,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-13878 - - https://downloads.isc.org/isc/bind9/9.18.44 - - https://downloads.isc.org/isc/bind9/9.20.18 - - https://downloads.isc.org/isc/bind9/9.21.17 - - https://kb.isc.org/docs/cve-2025-13878 + - https://nvd.nist.gov/vuln/detail/CVE-2022-26645 + - https://github.com/erik-451/CVE/tree/main/CVE-2022-26645 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-13465-CANDIDATE - cve_id: CVE-2025-13465 - name: Candidate detection for CVE-2025-13465 - severity: medium - cvss: 5.3 + id: CVE-2022-26646-CANDIDATE + cve_id: CVE-2022-26646 + name: Candidate detection for CVE-2022-26646 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype\ - \ pollution in the _.unset\_and _.omit\_functions. An attacker can pass crafted\ - \ paths which cause Lodash to delete methods from global prototypes.\n\nThe issue\ - \ permits deletion of properties but does not allow overwriting their original\ - \ behavior.\n\nThis issue is patched on 4.17.23" + description: Online Banking System Protect v1.0 was discovered to contain a local + file inclusion (LFI) vulnerability via the pages parameter. detection: payload: null verify: null @@ -10318,33 +8968,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-13465 - - https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg - - https://access.redhat.com/errata/RHSA-2026:11414 - - https://access.redhat.com/errata/RHSA-2026:13542 - - https://access.redhat.com/errata/RHSA-2026:13548 + - https://nvd.nist.gov/vuln/detail/CVE-2022-26646 + - https://github.com/erik-451/CVE/blob/main/CVE-2022-26646/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-22807-CANDIDATE - cve_id: CVE-2026-22807 - name: Candidate detection for CVE-2026-22807 - severity: high - cvss: 8.8 + id: CVE-2021-42868-CANDIDATE + cve_id: CVE-2021-42868 + name: Candidate detection for CVE-2021-42868 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: vLLM is an inference and serving engine for large language models (LLMs). - Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face - `auto_map` dynamic modules during model resolution without gating on `trust_remote_code`, - allowing attacker-controlled Python code in a model repo/path to execute at server - startup. An attacker who can influence the model repo/path (local directory or - remote Hugging Face repo) can achieve arbitrary code execution on the vLLM host - during model load. This happens before any request handling and does not require - API access. Version 0.14.0 fixes the issue. + description: A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient + Management Software 2.0.2 in the first_name parameter in (1) patient/insert, (2) + patient_report, (3) appointment_report, (4) visit_report, and (5) bill_detail_report + pages. . detection: payload: null verify: null @@ -10352,35 +8995,23 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-22807 - - https://github.com/vllm-project/vllm/commit/78d13ea9de4b1ce5e4d8a5af9738fea71fb024e5 - - https://github.com/vllm-project/vllm/pull/32194 - - https://github.com/vllm-project/vllm/releases/tag/v0.14.0 - - https://github.com/vllm-project/vllm/security/advisories/GHSA-2pc9-4j83-qjmr + - https://nvd.nist.gov/vuln/detail/CVE-2021-42868 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-22822-CANDIDATE - cve_id: CVE-2026-22822 - name: Candidate detection for CVE-2026-22822 + id: CVE-2022-26281-CANDIDATE + cve_id: CVE-2022-26281 + name: Candidate detection for CVE-2022-26281 severity: high - cvss: 8.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: External Secrets Operator reads information from a third-party service - and automatically injects the values as Kubernetes Secrets. Starting in version - 0.20.2 and prior to version 1.2.0, the `getSecretKey` template function, while - introduced for senhasegura Devops Secrets Management (DSM) provider, has the ability - to fetch secrets cross-namespaces with the roleBinding of the external-secrets - controller, bypassing our security mechanisms. This function was completely removed - in version 1.2.0, as everything done with that templating function can be done - in a different way while respecting External Secrets Operator's safeguards As - a workaround, use a policy engine such as Kubernetes, Kyverno, Kubewarden, or - OPA to prevent the usage of `getSecretKey` in any ExternalSecret resource. + description: BigAnt Server v5.6.06 was discovered to contain an incorrect access + control issue. detection: payload: null verify: null @@ -10388,31 +9019,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-22822 - - https://github.com/external-secrets/external-secrets/commit/17d3e22b8d3fbe339faf8515a95ec06ec92b1feb - - https://github.com/external-secrets/external-secrets/issues/5690 - - https://github.com/external-secrets/external-secrets/pull/3895 - - https://github.com/external-secrets/external-secrets/releases/tag/v1.2.0 + - https://nvd.nist.gov/vuln/detail/CVE-2022-26281 + - https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-26281 + - https://www.bigantsoft.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23960-CANDIDATE - cve_id: CVE-2026-23960 - name: Candidate detection for CVE-2026-23960 - severity: medium - cvss: 5.4 + id: CVE-2022-26250-CANDIDATE + cve_id: CVE-2022-26250 + name: Candidate detection for CVE-2022-26250 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Argo Workflows is an open source container-native workflow engine\ - \ for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and\ - \ 3.7.8, stored XSS in the artifact directory listing allows any workflow author\ - \ to execute arbitrary JavaScript in another user\u2019s browser under the Argo\ - \ Server origin, enabling API actions with the victim\u2019s privileges. Versions\ - \ 3.6.17 and 3.7.8 fix the issue." + description: Synaman v5.1 and below was discovered to contain weak file permissions + which allows authenticated attackers to escalate privileges. detection: payload: null verify: null @@ -10420,42 +9045,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23960 - - https://github.com/argoproj/argo-workflows/blob/9872c296d29dcc5e9c78493054961ede9fc30797/server/artifacts/artifact_server.go#L194-L244 - - https://github.com/argoproj/argo-workflows/commit/159a5c56285ecd4d3bb0a67aeef4507779a44e17 - - https://github.com/argoproj/argo-workflows/releases/tag/v3.6.17 - - https://github.com/argoproj/argo-workflows/releases/tag/v3.7.8 + - https://nvd.nist.gov/vuln/detail/CVE-2022-26250 + - https://www.bencteux.fr/posts/synaman/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24046-CANDIDATE - cve_id: CVE-2026-24046 - name: Candidate detection for CVE-2026-24046 + id: CVE-2022-26251-CANDIDATE + cve_id: CVE-2022-26251 + name: Candidate detection for CVE-2022-26251 severity: high - cvss: 7.1 + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Backstage is an open framework for building developer portals. Multiple - Scaffolder actions and archive extraction utilities were vulnerable to symlink-based - path traversal attacks. An attacker with access to create and execute Scaffolder - templates could exploit symlinks to read arbitrary files via the `debug:log` action - by creating a symlink pointing to sensitive files (e.g., `/etc/passwd`, configuration - files, secrets); delete arbitrary files via the `fs:delete` action by creating - symlinks pointing outside the workspace, and write files outside the workspace - via archive extraction (tar/zip) containing malicious symlinks. This affects any - Backstage deployment where users can create or execute Scaffolder templates. This - vulnerability is fixed in `@backstage/backend-defaults` versions 0.12.2, 0.13.2, - 0.14.1, and 0.15.0; `@backstage/plugin-scaffolder-backend` versions 2.2.2, 3.0.2, - and 3.1.1; and `@backstage/plugin-scaffolder-node` versions 0.11.2 and 0.12.3. - Users should upgrade to these versions or later. Some workarounds are available. - Follow the recommendation in the Backstage Threat Model to limit access to creating - and updating templates, restrict who can create and execute Scaffolder templates - using the permissions framework, audit existing templates for symlink usage, and/or - run Backstage in a containerized environment with limited filesystem access. + description: The HTTP interface of Synaman v5.1 and below was discovered to allow + authenticated attackers to execute arbitrary code and escalate privileges. detection: payload: null verify: null @@ -10463,46 +9070,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24046 - - https://github.com/backstage/backstage/commit/c641c147ab371a9a8a2f5f67fdb7cb9c97ef345d - - https://github.com/backstage/backstage/security/advisories/GHSA-rq6q-wr2q-7pgp - - https://access.redhat.com/errata/RHSA-2026:6174 - - https://access.redhat.com/errata/RHSA-2026:6802 + - https://nvd.nist.gov/vuln/detail/CVE-2022-26251 + - https://www.bencteux.fr/posts/synaman/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24001-CANDIDATE - cve_id: CVE-2026-24001 - name: Candidate detection for CVE-2026-24001 + id: CVE-2022-26607-CANDIDATE + cve_id: CVE-2022-26607 + name: Candidate detection for CVE-2022-26607 severity: high - cvss: 7.5 + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "jsdiff is a JavaScript text differencing implementation. Prior to\ - \ versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename\ - \ headers contain the line break characters `\\r`, `\\u2028`, or `\\u2029` can\ - \ cause the `parsePatch` method to enter an infinite loop. It then consumes memory\ - \ without limit until the process crashes due to running out of memory. Applications\ - \ are therefore likely to be vulnerable to a denial-of-service attack if they\ - \ call `parsePatch` with a user-provided patch as input. A large payload is not\ - \ needed to trigger the vulnerability, so size limits on user input do not provide\ - \ any protection. Furthermore, some applications may be vulnerable even when calling\ - \ `parsePatch` on a patch generated by the application itself if the user is nonetheless\ - \ able to control the filename headers (e.g. by directly providing the filenames\ - \ of the files to be diffed). The `applyPatch` method is similarly affected if\ - \ (and only if) called with a string representation of a patch as an argument,\ - \ since under the hood it parses that string using `parsePatch`. Other methods\ - \ of the library are unaffected. Finally, a second and lesser interdependent bug\ - \ - a ReDOS - also exhibits when those same line break characters are present\ - \ in a patch's *patch* header (also known as its \"leading garbage\"). A maliciously-crafted\ - \ patch header of length *n* can take `parsePatch` O(*n*\xB3) time to parse. Versions\ - \ 8.0.3, 5.2.2, 4.0.4, and 3.5.1 contain a fix. As a workaround, do not attempt\ - \ to parse patches that contain any of these characters: `\\r`, `\\u2028`, or\ - \ `\\u2029`." + description: A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 + was discovered to allow attackers to execute arbitrary code via uploading a crafted + PHP file. detection: payload: null verify: null @@ -10510,34 +9096,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24001 - - https://github.com/kpdecker/jsdiff/commit/15a1585230748c8ae6f8274c202e0c87309142f5 - - https://github.com/kpdecker/jsdiff/issues/653 - - https://github.com/kpdecker/jsdiff/pull/649 - - https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx + - https://nvd.nist.gov/vuln/detail/CVE-2022-26607 + - https://github.com/baigoStudio/baigoCMS/ + - https://github.com/baigoStudio/baigoCMS/issues/9 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24049-CANDIDATE - cve_id: CVE-2026-24049 - name: Candidate detection for CVE-2026-24049 + id: CVE-2020-27373-CANDIDATE + cve_id: CVE-2020-27373 + name: Candidate detection for CVE-2020-27373 severity: high - cvss: 7.1 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: wheel is a command line tool for manipulating Python wheel files, as - defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is - vulnerable to file permission modification through mishandling of file permissions - after extraction. The logic blindly trusts the filename from the archive header - for the chmod operation, even though the extraction process itself might have - sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, - changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, - config files), allowing for Privilege Escalation or arbitrary code execution by - modifying now-writable scripts. This issue has been fixed in version 0.46.2. + description: Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable + to Plain text command over BLE. detection: payload: null verify: null @@ -10545,27 +9122,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24049 - - https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef - - https://github.com/pypa/wheel/releases/tag/0.46.2 - - https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx - - https://access.redhat.com/errata/RHSA-2026:10184 + - https://nvd.nist.gov/vuln/detail/CVE-2020-27373 + - https://drtrust.in/collections/dr-trust-blood-pressure-testing/products/dr-trust-usa-icheck-connect-bp-monitor + - https://nvermaa.medium.com/cve-on-radio-technology-d-4b65efa1ba5c generated_from: - nvd - status: candidate executable: false - id: CVE-2026-1260-CANDIDATE - cve_id: CVE-2026-1260 - name: Candidate detection for CVE-2026-1260 + id: CVE-2020-27374-CANDIDATE + cve_id: CVE-2020-27374 + name: Candidate detection for CVE-2020-27374 severity: high - cvss: 7.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Invalid memory access in Sentencepiece versions less than 0.2.1 when - using a vulnerable model file, which is not created in the normal training procedure. + description: Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable + to a Replay Attack to BP Monitoring. detection: payload: null verify: null @@ -10573,29 +9148,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1260 - - https://github.com/google/sentencepiece/releases/tag/v0.2.1 - - https://access.redhat.com/errata/RHSA-2026:3713 - - https://access.redhat.com/errata/RHSA-2026:3782 - - https://access.redhat.com/security/cve/CVE-2026-1260 + - https://nvd.nist.gov/vuln/detail/CVE-2020-27374 + - https://drtrust.in/collections/dr-trust-blood-pressure-testing/products/dr-trust-usa-icheck-connect-bp-monitor + - https://nvermaa.medium.com/cve-on-radio-technology-d-4b65efa1ba5c generated_from: - nvd - status: candidate executable: false - id: CVE-2026-20736-CANDIDATE - cve_id: CVE-2026-20736 - name: Candidate detection for CVE-2026-20736 - severity: high - cvss: 7.5 + id: CVE-2020-27375-CANDIDATE + cve_id: CVE-2020-27375 + name: Candidate detection for CVE-2020-27375 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Gitea does not properly verify repository context when deleting attachments. - A user who previously uploaded an attachment to a repository may be able to delete - it after losing access to that repository by making the request through a different - repository they can access. + description: Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 + is vulnerable to Transmitting Write Requests and Chars. detection: payload: null verify: null @@ -10603,28 +9174,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-20736 - - https://blog.gitea.com/release-of-1.25.4/ - - https://github.com/go-gitea/gitea/pull/36320 - - https://github.com/go-gitea/gitea/releases/tag/v1.25.4 - - https://github.com/go-gitea/gitea/security/advisories/GHSA-jr6h-pwwp-c8g6 + - https://nvd.nist.gov/vuln/detail/CVE-2020-27375 + - https://drtrust.in/collections/dr-trust-blood-pressure-testing/products/dr-trust-usa-icheck-connect-bp-monitor + - https://nvermaa.medium.com/cve-on-radio-technology-d-4b65efa1ba5c generated_from: - nvd - status: candidate executable: false - id: CVE-2026-20750-CANDIDATE - cve_id: CVE-2026-20750 - name: Candidate detection for CVE-2026-20750 - severity: critical - cvss: 9.1 + id: CVE-2020-27376-CANDIDATE + cve_id: CVE-2020-27376 + name: Candidate detection for CVE-2020-27376 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Gitea does not properly validate project ownership in organization - project operations. A user with project write access in one organization may be - able to modify projects belonging to a different organization. + description: Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 + is vulnerable to Missing Authentication. detection: payload: null verify: null @@ -10632,28 +9200,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-20750 - - https://blog.gitea.com/release-of-1.25.4/ - - https://github.com/go-gitea/gitea/pull/36318 - - https://github.com/go-gitea/gitea/pull/36373 - - https://github.com/go-gitea/gitea/releases/tag/v1.25.4 + - https://nvd.nist.gov/vuln/detail/CVE-2020-27376 + - https://drtrust.in/collections/dr-trust-blood-pressure-testing/products/dr-trust-usa-icheck-connect-bp-monitor + - https://nvermaa.medium.com/cve-on-radio-technology-d-4b65efa1ba5c generated_from: - nvd - status: candidate executable: false - id: CVE-2026-20897-CANDIDATE - cve_id: CVE-2026-20897 - name: Candidate detection for CVE-2026-20897 - severity: critical - cvss: 9.1 + id: CVE-2021-43432-CANDIDATE + cve_id: CVE-2021-43432 + name: Candidate detection for CVE-2021-43432 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Gitea does not properly validate repository ownership when deleting - Git LFS locks. A user with write access to one repository may be able to delete - LFS locks belonging to other repositories. + description: A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin + Panel as of 11/7/2021 via the GET parameter in product-add.jsp. detection: payload: null verify: null @@ -10661,29 +9226,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-20897 - - https://blog.gitea.com/release-of-1.25.4/ - - https://github.com/go-gitea/gitea/pull/36344 - - https://github.com/go-gitea/gitea/pull/36349 - - https://github.com/go-gitea/gitea/releases/tag/v1.25.4 + - https://nvd.nist.gov/vuln/detail/CVE-2021-43432 + - https://github.com/Exrick/xmall + - https://github.com/Exrick/xmall/blob/b146cceb21ca42d4237f31dbd7af5ced49048a56/xmall-manager-web/src/main/webapp/WEB-INF/jsp/product-add.jsp#L38 + - https://github.com/Exrick/xmall/blob/b146cceb21ca42d4237f31dbd7af5ced49048a56/xmall-manager-web/src/main/webapp/WEB-INF/jsp/product-add.jsp#L4 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-20912-CANDIDATE - cve_id: CVE-2026-20912 - name: Candidate detection for CVE-2026-20912 - severity: critical - cvss: 9.1 + id: CVE-2021-40219-CANDIDATE + cve_id: CVE-2021-40219 + name: Candidate detection for CVE-2021-40219 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Gitea does not properly validate repository ownership when linking - attachments to releases. An attachment uploaded to a private repository could - potentially be linked to a release in a different public repository, making it - accessible to unauthorized users. + description: Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme + rendering allows an authenticated attacker to edit theme to inject server-side + template injection that leads to remote code execution. detection: payload: null verify: null @@ -10691,36 +9254,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-20912 - - https://blog.gitea.com/release-of-1.25.4/ - - https://github.com/go-gitea/gitea/pull/36320 - - https://github.com/go-gitea/gitea/pull/36355 - - https://github.com/go-gitea/gitea/releases/tag/v1.25.4 + - https://nvd.nist.gov/vuln/detail/CVE-2021-40219 + - https://github.com/bolt/core + - https://github.com/bolt/core/blob/3b21a73ebf519b76756d3ad2841312d10ef11461/src/Controller/Frontend/TemplateController.php + - https://github.com/iiSiLvEr/CVEs/tree/main/CVE-2021-40219 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-15059-CANDIDATE - cve_id: CVE-2025-15059 - name: Candidate detection for CVE-2025-15059 - severity: high - cvss: 7.8 + id: CVE-2021-37291-CANDIDATE + cve_id: CVE-2021-37291 + name: Candidate detection for CVE-2021-37291 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution - Vulnerability. This vulnerability allows remote attackers to execute arbitrary - code on affected installations of GIMP. User interaction is required to exploit - this vulnerability in that the target must visit a malicious page or open a malicious - file. - - - The specific flaw exists within the parsing of PSP files. The issue results from - the lack of proper validation of the length of user-supplied data prior to copying - it to a heap-based buffer. An attacker can leverage this vulnerability to execute - code in the context of the current process. Was ZDI-CAN-28232.' + description: An SQL Injection vulnerability exists in KevinLAB Inc Building Energy + Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php. detection: payload: null verify: null @@ -10728,35 +9281,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-15059 - - https://gitlab.gnome.org/GNOME/gimp/-/commit/03575ac8cbb0ef3103b0a15d6598475088dcc15e - - https://www.zerodayinitiative.com/advisories/ZDI-25-1196/ - - https://access.redhat.com/errata/RHSA-2026:2707 - - https://access.redhat.com/errata/RHSA-2026:2930 + - https://nvd.nist.gov/vuln/detail/CVE-2021-37291 + - https://www.zeroscience.mk/en/vulnerabilities/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-0775-CANDIDATE - cve_id: CVE-2026-0775 - name: Candidate detection for CVE-2026-0775 + id: CVE-2021-37292-CANDIDATE + cve_id: CVE-2021-37292 + name: Candidate detection for CVE-2021-37292 severity: high - cvss: 7.0 + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'npm cli Incorrect Permission Assignment Local Privilege Escalation - Vulnerability. This vulnerability allows local attackers to escalate privileges - on affected installations of npm cli. An attacker must first obtain the ability - to execute low-privileged code on the target system in order to exploit this vulnerability. - - - The specific flaw exists within the handling of modules. The application loads - modules from an unsecured location. An attacker can leverage this vulnerability - to escalate privileges and execute arbitrary code in the context of a target user. - Was ZDI-CAN-25430.' + description: An Access Control vulnerability exists in KevinLAB Inc Building Energy + Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious + user can log in using the backdor account with admin highest privileges and obtain + system control. detection: payload: null verify: null @@ -10764,31 +9308,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-0775 - - https://www.zerodayinitiative.com/advisories/ZDI-26-043/ - - https://access.redhat.com/security/cve/CVE-2026-0775 - - https://bugzilla.redhat.com/show_bug.cgi?id=2432280 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0775.json + - https://nvd.nist.gov/vuln/detail/CVE-2021-37292 + - https://www.zeroscience.mk/en/vulnerabilities/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-0603-CANDIDATE - cve_id: CVE-2026-0603 - name: Candidate detection for CVE-2026-0603 - severity: high - cvss: 8.3 + id: CVE-2021-37293-CANDIDATE + cve_id: CVE-2021-37293 + name: Candidate detection for CVE-2021-37293 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Hibernate. A remote attacker with low privileges - could exploit a second-order SQL injection vulnerability by providing specially - crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder - is used. This could lead to sensitive information disclosure, such as reading - system files, and allow for data manipulation or deletion within the application's - database, resulting in an application level denial of service. + description: A Directory Traversal vulnerability exists in KevinLAB Inc Building + Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php. detection: payload: null verify: null @@ -10796,31 +9333,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-0603 - - https://access.redhat.com/errata/RHSA-2026:4915 - - https://access.redhat.com/errata/RHSA-2026:4916 - - https://access.redhat.com/errata/RHSA-2026:4917 - - https://access.redhat.com/errata/RHSA-2026:4924 + - https://nvd.nist.gov/vuln/detail/CVE-2021-37293 + - https://www.zeroscience.mk/en/vulnerabilities/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-0994-CANDIDATE - cve_id: CVE-2026-0994 - name: Candidate detection for CVE-2026-0994 - severity: high - cvss: 7.5 + id: CVE-2022-27260-CANDIDATE + cve_id: CVE-2022-27260 + name: Candidate detection for CVE-2022-27260 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict()\ - \ in Python, where the max_recursion_depth limit can be bypassed when parsing\ - \ nested google.protobuf.Any messages.\n\nDue to missing recursion depth accounting\ - \ inside the internal Any-handling logic, an attacker can supply deeply nested\ - \ Any structures that bypass the intended recursion limit, eventually exhausting\ - \ Python\u2019s recursion stack and causing a RecursionError." + description: An arbitrary file upload vulnerability in the file upload component + of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG + file. detection: payload: null verify: null @@ -10828,27 +9359,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-0994 - - https://github.com/protocolbuffers/protobuf/pull/25239 - - https://access.redhat.com/errata/RHSA-2026:16174 - - https://access.redhat.com/errata/RHSA-2026:3059 - - https://access.redhat.com/errata/RHSA-2026:3094 + - https://nvd.nist.gov/vuln/detail/CVE-2022-27260 + - https://github.com/ButterCMS/buttercms-js + - https://share.getcloudapp.com/nOuR70WB + - https://www.youtube.com/watch?v=Tw8OhtVd-mE generated_from: - nvd - status: candidate executable: false - id: CVE-2026-21509-CANDIDATE - cve_id: CVE-2026-21509 - name: Candidate detection for CVE-2026-21509 - severity: high - cvss: 7.8 + id: CVE-2022-27262-CANDIDATE + cve_id: CVE-2022-27262 + name: Candidate detection for CVE-2022-27262 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: - cisa_kev: true + cisa_kev: false exploitdb_reference: false - description: Reliance on untrusted inputs in a security decision in Microsoft Office - allows an unauthorized attacker to bypass a security feature locally. + description: An arbitrary file upload vulnerability in the file upload module of + Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file. detection: payload: null verify: null @@ -10856,31 +9386,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-21509 - - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509 - - https://www.vicarius.io/vsociety/posts/cve-2026-21509-detection-script-microsoft-office-security-feature-bypass-vulnerability - - https://www.vicarius.io/vsociety/posts/cve-2026-21509-mitigation-script-microsoft-office-security-feature-bypass-vulnerability - - https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21509 - - https://www.cisa.gov/known-exploited-vulnerabilities-catalog + - https://nvd.nist.gov/vuln/detail/CVE-2022-27262 + - https://www.youtube.com/watch?v=cA7G2kidTF4 generated_from: - nvd - - cisa_kev - status: candidate executable: false - id: CVE-2025-11065-CANDIDATE - cve_id: CVE-2025-11065 - name: Candidate detection for CVE-2025-11065 - severity: medium - cvss: 5.3 + id: CVE-2022-28397-CANDIDATE + cve_id: CVE-2022-28397 + name: Candidate detection for CVE-2022-28397 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in github.com/go-viper/mapstructure/v2, in the field - processing component using mapstructure.WeakDecode. This vulnerability allows - information disclosure through detailed error messages that may leak sensitive - input values via malformed user-supplied data processed in security-critical contexts. + description: 'An arbitrary file upload vulnerability in the file upload module of + Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. + NOTE: Vendor states as detailed in Ghost''s security documentation, files can + only be uploaded and published by trusted users, this is intentional.' detection: payload: null verify: null @@ -10888,29 +9413,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-11065 - - https://access.redhat.com/security/cve/CVE-2025-11065 - - https://bugzilla.redhat.com/show_bug.cgi?id=2391829 - - https://github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc5075d2c39c - - https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm + - https://nvd.nist.gov/vuln/detail/CVE-2022-28397 + - https://ghost.org/customers/ + - https://ghost.org/docs/security/#privilege-escalation-attacks + - https://github.com/TryGhost/Ghost + - https://trends.builtwith.com/cms/Ghost generated_from: - nvd - status: candidate executable: false - id: CVE-2025-14459-CANDIDATE - cve_id: CVE-2025-14459 - name: Candidate detection for CVE-2025-14459 - severity: high - cvss: 8.5 + id: CVE-2022-26643-CANDIDATE + cve_id: CVE-2022-26643 + name: Candidate detection for CVE-2022-26643 + severity: medium + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in KubeVirt Containerized Data Importer (CDI). This - vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized - namespaces, resulting in unauthorized access to data via the DataImportCron PVC - source mechanism. + description: An issue in EasyIO CPT Graphics v0.8 allows attackers to discover valid + users in the application. detection: payload: null verify: null @@ -10918,29 +9441,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-14459 - - https://access.redhat.com/errata/RHSA-2026:0950 - - https://access.redhat.com/security/cve/CVE-2025-14459 - - https://bugzilla.redhat.com/show_bug.cgi?id=2420938 - - https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14459.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-26643 + - https://gist.github.com/rvismit/3fd33b47a753e1b7065421f42b2dd496 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-9615-CANDIDATE - cve_id: CVE-2025-9615 - name: Candidate detection for CVE-2025-9615 - severity: low - cvss: 3.3 + id: CVE-2022-26594-CANDIDATE + cve_id: CVE-2022-26594 + name: Candidate detection for CVE-2022-26594 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in NetworkManager. The NetworkManager package allows - access to files that may belong to other users. NetworkManager allows non-root - users to configure the system's network. The daemon runs with root privileges - and can access files owned by users different from the one who added the connection. + description: Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal + 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers + to inject arbitrary web script or HTML via a form field's help text to (1) Forms + module's form builder, or (2) App Builder module's object form view's form builder. detection: payload: null verify: null @@ -10948,32 +9468,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-9615 - - https://access.redhat.com/errata/RHSA-2026:18142 - - https://access.redhat.com/errata/RHSA-2026:18597 - - https://access.redhat.com/security/cve/CVE-2025-9615 - - https://bugzilla.redhat.com/show_bug.cgi?id=2391503 + - https://nvd.nist.gov/vuln/detail/CVE-2022-26594 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-26594-xss-vulnerability-with-form-field-help-text generated_from: - nvd - status: candidate executable: false - id: CVE-2025-9820-CANDIDATE - cve_id: CVE-2025-9820 - name: Candidate detection for CVE-2025-9820 + id: CVE-2022-26593-CANDIDATE + cve_id: CVE-2022-26593 + name: Candidate detection for CVE-2022-26593 severity: medium - cvss: 4.0 + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() - function that handles PKCS#11 token initialization. When a token label longer - than expected is processed, the function writes past the end of a fixed-size stack - buffer. This programming error can cause the application using GnuTLS to crash - or, in certain conditions, be exploited for code execution. As a result, systems - or applications relying on GnuTLS may be vulnerable to a denial of service or - local privilege escalation attacks. + description: Cross-site scripting (XSS) vulnerability in the Asset module's asset + categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 + before service pack 3 allows remote attackers to inject arbitrary web script or + HTML via the name of a asset category. detection: payload: null verify: null @@ -10981,38 +9495,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-9820 - - https://access.redhat.com/errata/RHSA-2026:13812 - - https://access.redhat.com/errata/RHSA-2026:3477 - - https://access.redhat.com/errata/RHSA-2026:4188 - - https://access.redhat.com/errata/RHSA-2026:4655 + - https://nvd.nist.gov/vuln/detail/CVE-2022-26593 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-26593-stored-xss-with-category-name-in-asset-categories-selector generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23864-CANDIDATE - cve_id: CVE-2026-23864 - name: Candidate detection for CVE-2026-23864 - severity: high - cvss: 7.5 + id: CVE-2022-26595-CANDIDATE + cve_id: CVE-2022-26595 + name: Candidate detection for CVE-2022-26595 + severity: medium + cvss: 4.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Multiple denial of service vulnerabilities exist in React Server Components, - affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, - react-server-dom-webpack. - - - The vulnerabilities are triggered by sending specially crafted HTTP requests to - Server Function endpoints, and could lead to server crashes, out-of-memory exceptions - or excessive CPU usage; depending on the vulnerable code path being exercised, - the application configuration and application code. - - - Strongly consider upgrading to the latest package versions to reduce risk and - prevent availability issues in applications using React Server Components.' + description: Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack + 13, and 7.3 fix pack 2 does not properly check user permission when accessing + a list of sites/groups, which allows remote authenticated users to view sites/groups + via the user's site membership assignment UI. detection: payload: null verify: null @@ -11020,31 +9522,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23864 - - https://www.facebook.com/security/advisories/cve-2026-23864 - - https://access.redhat.com/errata/RHSA-2026:13571 - - https://access.redhat.com/security/cve/CVE-2026-23864 - - https://bugzilla.redhat.com/show_bug.cgi?id=2433059 + - https://nvd.nist.gov/vuln/detail/CVE-2022-26595 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-26595-unauthorized-access-to-site-group-list generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24486-CANDIDATE - cve_id: CVE-2026-24486 - name: Candidate detection for CVE-2026-24486 + id: CVE-2022-27405-CANDIDATE + cve_id: CVE-2022-27405 + name: Candidate detection for CVE-2022-27405 severity: high - cvss: 8.6 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: true - description: Python-Multipart is a streaming multipart parser for Python. Prior - to version 0.0.22, a Path Traversal vulnerability exists when using non-default - configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker - can write uploaded files to arbitrary locations on the filesystem by crafting - a malicious filename. Users should upgrade to version 0.0.22 to receive a patch - or, as a workaround, avoid using `UPLOAD_KEEP_FILENAME=True` in project configurations. + exploitdb_reference: false + description: FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered + to contain a segmentation violation via the function FNT_Size_Request. detection: payload: null verify: null @@ -11052,19 +9547,18 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24486 - - https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4 - - https://github.com/Kludex/python-multipart/releases/tag/0.0.22 - - https://github.com/Kludex/python-multipart/security/advisories/GHSA-wp53-j4wj-2cfg - - https://access.redhat.com/errata/RHSA-2026:10184 + - https://nvd.nist.gov/vuln/detail/CVE-2022-27405 + - https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139 + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/ + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/ + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/ generated_from: - nvd - - exploit_db - status: candidate executable: false - id: CVE-2026-21720-CANDIDATE - cve_id: CVE-2026-21720 - name: Candidate detection for CVE-2026-21720 + id: CVE-2022-27406-CANDIDATE + cve_id: CVE-2022-27406 + name: Candidate detection for CVE-2022-27406 severity: high cvss: 7.5 risk_level: unknown @@ -11072,12 +9566,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: Every uncached /avatar/:hash request spawns a goroutine that refreshes - the Gravatar image. If the refresh sits in the 10-slot worker queue longer than - three seconds, the handler times out and stops listening for the result, so that - goroutine blocks forever trying to send on an unbuffered channel. Sustained traffic - with random hashes keeps tripping this timeout, so goroutine count grows linearly, - eventually exhausting memory and causing Grafana to crash on some systems. + description: FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered + to contain a segmentation violation via the function FT_Request_Size. detection: payload: null verify: null @@ -11085,29 +9575,30 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-21720 - - https://grafana.com/security/security-advisories/cve-2026-21720 - - https://access.redhat.com/security/cve/CVE-2026-21720 - - https://bugzilla.redhat.com/show_bug.cgi?id=2433226 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21720.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-27406 + - https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140 + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/ + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/ + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-21721-CANDIDATE - cve_id: CVE-2026-21721 - name: Candidate detection for CVE-2026-21721 + id: CVE-2021-36460-CANDIDATE + cve_id: CVE-2021-36460 + name: Candidate detection for CVE-2021-36460 severity: high - cvss: 8.1 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "The dashboard permissions API does not verify the target dashboard\ - \ scope and only checks the dashboards.permissions:* action. As a result, a user\ - \ who has permission management rights on one dashboard can read and modify permissions\ - \ on other dashboards. This is an organization\u2011internal privilege escalation." + description: VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password + locally on the device and uses the hash to authenticate in all communication with + the backend API, including login, registration and changing of passwords. This + allows an attacker in possession of a hash to takeover a user's account, rendering + the benefits of storing hashed passwords in the database useless. detection: payload: null verify: null @@ -11115,73 +9606,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-21721 - - https://grafana.com/security/security-advisories/cve-2026-21721 - - https://access.redhat.com/errata/RHSA-2026:2914 - - https://access.redhat.com/errata/RHSA-2026:2920 - - https://access.redhat.com/errata/RHSA-2026:3078 + - https://nvd.nist.gov/vuln/detail/CVE-2021-36460 + - https://github.com/martinfrancois/CVE-2021-36460 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-15467-CANDIDATE - cve_id: CVE-2025-15467 - name: Candidate detection for CVE-2025-15467 - severity: high - cvss: 8.8 + id: CVE-2022-28093-CANDIDATE + cve_id: CVE-2022-28093 + name: Candidate detection for CVE-2022-28093 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message - with - - maliciously crafted AEAD parameters can trigger a stack buffer overflow. - - - Impact summary: A stack buffer overflow may lead to a crash, causing Denial - - of Service, or potentially remote code execution. - - - When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as - - AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is - - copied into a fixed-size stack buffer without verifying that its length fits - - the destination. An attacker can supply a crafted CMS message with an - - oversized IV, causing a stack-based out-of-bounds write before any - - authentication or tag verification occurs. - - - Applications and services that parse untrusted CMS or PKCS#7 content using - - AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. - - Because the overflow occurs prior to authentication, no valid key material - - is required to trigger it. While exploitability to remote code execution - - depends on platform and toolchain mitigations, the stack-based write - - primitive represents a severe risk. - - - The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this - - issue, as the CMS implementation is outside the OpenSSL FIPS module - - boundary. - - - OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. - - - OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.' + description: SCBS Online Sports Venue Reservation System v1.0 was discovered to + contain a local file inclusion vulnerability which allow attackers to execute + arbitrary code via a crafted PHP file. detection: payload: null verify: null @@ -11189,27 +9632,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-15467 - - https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703 - - https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9 - - https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3 - - https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e + - https://nvd.nist.gov/vuln/detail/CVE-2022-28093 + - https://github.com/wkeyi0x1/vul-report/blob/main/SCBS%20online%20sports%20venue%20reservation%20system/SCBS%20online%20sports%20venue%20reservation%20system%20v1.0%20-%20File%20Inclusion.md + - https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24869-CANDIDATE - cve_id: CVE-2026-24869 - name: Candidate detection for CVE-2026-24869 - severity: high - cvss: 8.8 + id: CVE-2022-28094-CANDIDATE + cve_id: CVE-2022-28094 + name: Candidate detection for CVE-2022-28094 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Use-after-free in the Layout: Scrolling and Overflow component. This - vulnerability was fixed in Firefox 147.0.2.' + description: SCBS Online Sports Venue Reservation System v1.0 was discovered to + contain a cross-site scripting (XSS) vulnerability via the fid parameter at booking.php. detection: payload: null verify: null @@ -11217,30 +9658,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24869 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2008698 - - https://www.mozilla.org/security/advisories/mfsa2026-06/ - - https://access.redhat.com/security/cve/CVE-2026-24869 - - https://bugzilla.redhat.com/show_bug.cgi?id=2433424 + - https://nvd.nist.gov/vuln/detail/CVE-2022-28094 + - https://github.com/wkeyi0x1/vul-report/blob/main/SCBS%20online%20sports%20venue%20reservation%20system/SCBS%20online%20sports%20venue%20reservation%20system%20v1.0%20-%20Self-XSS.md + - https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24881-CANDIDATE - cve_id: CVE-2026-24881 - name: Candidate detection for CVE-2026-24881 - severity: high - cvss: 8.1 + id: CVE-2022-26596-CANDIDATE + cve_id: CVE-2022-26596 + name: Candidate detection for CVE-2022-26596 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message - carrying an oversized wrapped session key can cause a stack-based buffer overflow - in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged - for denial of service; however, there is also memory corruption that could lead - to remote code execution. + description: Cross-site scripting (XSS) vulnerability in Journal module's web content + display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay + DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, + allows remote attackers to inject arbitrary web script or HTML via web content + template names. detection: payload: null verify: null @@ -11248,27 +9687,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24881 - - https://dev.gnupg.org/T8044 - - https://www.openwall.com/lists/oss-security/2026/01/27/8 - - https://access.redhat.com/security/cve/CVE-2026-24881 - - https://bugzilla.redhat.com/show_bug.cgi?id=2433480 + - https://nvd.nist.gov/vuln/detail/CVE-2022-26596 + - https://liferay.dev/w/cve-2022-26596-stored-xss-with-template-name generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24882-CANDIDATE - cve_id: CVE-2026-24882 - name: Candidate detection for CVE-2026-24882 - severity: high - cvss: 8.4 + id: CVE-2022-26597-CANDIDATE + cve_id: CVE-2022-26597 + name: Candidate detection for CVE-2022-26597 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon - during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys. + description: Cross-site scripting (XSS) vulnerability in the Layout module's Open + Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before + service pack 3 allows remote attackers to inject arbitrary web script or HTML + via the site name. detection: payload: null verify: null @@ -11276,30 +9714,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24882 - - https://dev.gnupg.org/T8045 - - https://www.openwall.com/lists/oss-security/2026/01/27/8 - - https://access.redhat.com/errata/RHSA-2026:2719 - - https://access.redhat.com/errata/RHSA-2026:2753 + - https://nvd.nist.gov/vuln/detail/CVE-2022-26597 + - https://liferay.dev/w/cve-2022-26597-stored-xss-with-site-name-in-open-graph-integration generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24747-CANDIDATE - cve_id: CVE-2026-24747 - name: Candidate detection for CVE-2026-24747 - severity: high - cvss: 8.8 + id: CVE-2022-27984-CANDIDATE + cve_id: CVE-2022-27984 + name: Candidate detection for CVE-2022-27984 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: PyTorch is a Python package that provides tensor computation. Prior - to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows - an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with - `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead - to arbitrary code execution. Version 2.10.0 fixes the issue. + description: CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability + via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. detection: payload: null verify: null @@ -11307,40 +9739,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24747 - - https://github.com/pytorch/pytorch/163122/commit/954dc5183ee9205cbe79876ad05dd2d9ae752139 - - https://github.com/pytorch/pytorch/issues/163105 - - https://github.com/pytorch/pytorch/releases/tag/v2.10.0 - - https://github.com/pytorch/pytorch/security/advisories/GHSA-63cw-57p8-fm3p + - https://nvd.nist.gov/vuln/detail/CVE-2022-27984 + - https://github.com/CuppaCMS/CuppaCMS/issues/30 + - https://www.cuppacms.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24779-CANDIDATE - cve_id: CVE-2026-24779 - name: Candidate detection for CVE-2026-24779 - severity: high - cvss: 7.1 + id: CVE-2022-27985-CANDIDATE + cve_id: CVE-2022-27985 + name: Candidate detection for CVE-2022-27985 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: vLLM is an inference and serving engine for large language models (LLMs). - Prior to version 0.14.1, a Server-Side Request Forgery (SSRF) vulnerability exists - in the `MediaConnector` class within the vLLM project's multimodal feature set. - The load_from_url and load_from_url_async methods obtain and process media from - URLs provided by users, using different Python parsing libraries when restricting - the target host. These two parsing libraries have different interpretations of - backslashes, which allows the host name restriction to be bypassed. This allows - an attacker to coerce the vLLM server into making arbitrary requests to internal - network resources. This vulnerability is particularly critical in containerized - environments like `llm-d`, where a compromised vLLM pod could be used to scan - the internal network, interact with other pods, and potentially cause denial of - service or access sensitive data. For example, an attacker could make the vLLM - pod send malicious requests to an internal `llm-d` management endpoint, leading - to system instability by falsely reporting metrics like the KV cache state. Version - 0.14.1 contains a patch for the issue. + description: CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability + via /administrator/alerts/alertLightbox.php. detection: payload: null verify: null @@ -11348,31 +9765,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24779 - - https://github.com/vllm-project/vllm/commit/f46d576c54fb8aeec5fc70560e850bed38ef17d7 - - https://github.com/vllm-project/vllm/pull/32746 - - https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc - - https://access.redhat.com/errata/RHSA-2026:10184 + - https://nvd.nist.gov/vuln/detail/CVE-2022-27985 + - https://github.com/CuppaCMS/CuppaCMS/issues/31 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24842-CANDIDATE - cve_id: CVE-2026-24842 - name: Candidate detection for CVE-2026-24842 - severity: high - cvss: 8.2 + id: CVE-2021-41945-CANDIDATE + cve_id: CVE-2021-41945 + name: Candidate detection for CVE-2021-41945 + severity: critical + cvss: 9.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: node-tar,a Tar for Node.js, contains a vulnerability in versions prior - to 7.5.7 where the security check for hardlink entries uses different path resolution - semantics than the actual hardlink creation logic. This mismatch allows an attacker - to craft a malicious TAR archive that bypasses path traversal protections and - creates hardlinks to arbitrary files outside the extraction directory. Version - 7.5.7 contains a fix for the issue. + description: Encode OSS httpx < 0.23.0 is affected by improper input validation + in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`. detection: payload: null verify: null @@ -11380,28 +9790,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24842 - - https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46 - - https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v - - https://access.redhat.com/errata/RHSA-2026:18480 - - https://access.redhat.com/errata/RHSA-2026:18868 + - https://nvd.nist.gov/vuln/detail/CVE-2021-41945 + - https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571 + - https://github.com/encode/httpx + - https://github.com/encode/httpx/discussions/1831 + - https://github.com/encode/httpx/issues/2184 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-57283-CANDIDATE - cve_id: CVE-2025-57283 - name: Candidate detection for CVE-2025-57283 - severity: high - cvss: 7.8 + id: CVE-2022-28102-CANDIDATE + cve_id: CVE-2022-28102 + name: Candidate detection for CVE-2022-28102 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The Node.js package browserstack-local 1.5.8 contains a command injection - vulnerability. This occurs because the logfile variable is not properly sanitized - in lib/Local.js. + description: A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel + Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted + payload injected at /edit-db.php. detection: payload: null verify: null @@ -11409,27 +9819,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-57283 - - https://gist.github.com/Dremig/b639c61541dd1482007dc7a5cd7fefb1 - - https://www.npmjs.com - - https://access.redhat.com/security/cve/CVE-2025-57283 - - https://bugzilla.redhat.com/show_bug.cgi?id=2433928 + - https://nvd.nist.gov/vuln/detail/CVE-2022-28102 + - https://github.com/housamz/php-mysql-admin-panel-generator/issues/19 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-61140-CANDIDATE - cve_id: CVE-2025-61140 - name: Candidate detection for CVE-2025-61140 - severity: critical - cvss: 9.8 + id: CVE-2021-44595-CANDIDATE + cve_id: CVE-2021-44595 + name: Candidate detection for CVE-2021-44595 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: The value function in jsonpath 1.1.1 lib/index.js is vulnerable to - Prototype Pollution. + exploitdb_reference: true + description: Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable + to Incorrect Access Control. A normal user can send manually crafted packets to + the ElevationService.exe and execute arbitrary code without any validation with + SYSTEM privileges. detection: payload: null verify: null @@ -11437,30 +9846,29 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-61140 - - https://gist.github.com/Dremig/8105c189774217222a8ebea3ed4d341d - - https://github.com/dchester/jsonpath - - https://access.redhat.com/errata/RHSA-2026:2180 - - https://access.redhat.com/errata/RHSA-2026:2181 + - https://nvd.nist.gov/vuln/detail/CVE-2021-44595 + - https://medium.com/@tomerp_77017/wondershell-a82372914f26 + - https://medium.com/%40tomerp_77017/wondershell-a82372914f26 generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2025-61726-CANDIDATE - cve_id: CVE-2025-61726 - name: Candidate detection for CVE-2025-61726 - severity: high - cvss: 7.5 + id: CVE-2021-44596-CANDIDATE + cve_id: CVE-2021-44596 + name: Candidate detection for CVE-2021-44596 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: The net/url package does not set a limit on the number of query parameters - in a query. While the maximum size of query parameters in URLs is generally limited - by the maximum request header size, the net/http.Request.ParseForm method can - parse large URL-encoded forms. Parsing a large form containing many unique query - parameters can cause excessive memory consumption. + exploitdb_reference: true + description: Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote + code execution. Due to software design flaws an unauthenticated user can communicate + over UDP with the "InstallAssistService.exe" service(the service is running under + SYSTEM privileges) and manipulate it to execute malicious executable without any + validation from a remote location and gain SYSTEM privileges detection: payload: null verify: null @@ -11468,30 +9876,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-61726 - - https://go.dev/cl/736712 - - https://go.dev/issue/77101 - - https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc - - https://pkg.go.dev/vuln/GO-2026-4341 + - https://nvd.nist.gov/vuln/detail/CVE-2021-44596 + - https://medium.com/@tomerp_77017/wondershell-a82372914f26 + - https://medium.com/%40tomerp_77017/wondershell-a82372914f26 generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2025-61731-CANDIDATE - cve_id: CVE-2025-61731 - name: Candidate detection for CVE-2025-61731 - severity: high - cvss: 7.8 + id: CVE-2021-31673-CANDIDATE + cve_id: CVE-2021-31673 + name: Candidate detection for CVE-2021-31673 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: Building a malicious file with cmd/go can cause can cause a write to - an attacker-controlled file with partial control of the file content. The "#cgo - pkg-config:" directive in a Go source file provides command-line arguments to - provide to the Go pkg-config command. An attacker can provide a "--log-file" argument - to this directive, causing pkg-config to write to an attacker-controlled location. + exploitdb_reference: true + description: A Dom-based Cross-site scripting (XSS) vulnerability at registration + account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary + web script or HTML via the groupId parameter. detection: payload: null verify: null @@ -11499,29 +9904,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-61731 - - https://go.dev/cl/736711 - - https://go.dev/issue/77100 - - https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc - - https://pkg.go.dev/vuln/GO-2026-4339 + - https://nvd.nist.gov/vuln/detail/CVE-2021-31673 + - https://tf1t.gitbook.io/mycve/cylos/cyclos-4.14.7-dom-based-cross-site-scripting-cve-2021-31673 generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2024-4027-CANDIDATE - cve_id: CVE-2024-4027 - name: Candidate detection for CVE-2024-4027 - severity: high - cvss: 7.5 + id: CVE-2021-31674-CANDIDATE + cve_id: CVE-2021-31674 + name: Candidate detection for CVE-2021-31674 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() - can cause an OutOfMemoryError when the client sends a request with large parameter - names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service - (DoS) attack. + exploitdb_reference: true + description: Cyclos 4 PRO 4.14.7 and before does not validate user input at error + inform, which allows remote unauthenticated attacker to execute javascript code + via undefine enum constant. detection: payload: null verify: null @@ -11529,43 +9931,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-4027 - - https://access.redhat.com/security/cve/CVE-2024-4027 - - https://bugzilla.redhat.com/show_bug.cgi?id=2276410 - - https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4027.json + - https://nvd.nist.gov/vuln/detail/CVE-2021-31674 + - https://tf1t.gitbook.io/mycve/cylos/cyclos-4.14.7-dom-based-cross-site-scripting-in-undefined-enum-cve-2021-31674 + - https://www.exploit-db.com/exploits/50908 generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2025-24293-CANDIDATE - cve_id: CVE-2025-24293 - name: Candidate detection for CVE-2025-24293 - severity: high - cvss: 8.1 + id: CVE-2022-28118-CANDIDATE + cve_id: CVE-2022-28118 + name: Candidate detection for CVE-2022-28118 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "# Active Storage allowed transformation methods potentially unsafe\r\ - \n\r\nActive Storage attempts to prevent the use of potentially unsafe image\r\ - \ntransformation methods and parameters by default.\r\n\r\nThe default allowed\ - \ list contains three methods allow for the circumvention\r\nof the safe defaults\ - \ which enables potential command injection\r\nvulnerabilities in cases where\ - \ arbitrary user supplied input is accepted as\r\nvalid transformation methods\ - \ or parameters.\r\n\r\n\r\nImpact\r\n------\r\nThis vulnerability impacts applications\ - \ that use Active Storage with the image_processing processing gem in addition\ - \ to mini_magick as the image processor.\r\n\r\nVulnerable code will look something\ - \ similar to this:\r\n```\r\n<%= image_tag blob.variant(params[:t] => params[:v])\ - \ %>\r\n```\r\n\r\nWhere the transformation method or its arguments are untrusted\ - \ arbitrary input.\r\n\r\nAll users running an affected release should either\ - \ upgrade or use one of the workarounds immediately.\r\n\r\n\r\n\r\nWorkarounds\r\ - \n-----------\r\nConsuming user supplied input for image transformation methods\ - \ or their parameters is unsupported behavior and should be considered dangerous.\r\ - \n\r\nStrict validation of user supplied methods and parameters should be performed\r\ - \nas well as having a strong [ImageMagick security\r\npolicy](https://imagemagick.org/script/security-policy.php)\ - \ deployed.\r\n\r\nCredits\r\n-------\r\n\r\nThank you [lio346](https://hackerone.com/lio346)\ - \ for reporting this!" + description: SiteServer CMS v7.x allows attackers to execute arbitrary code via + a crafted plug-in. detection: payload: null verify: null @@ -11573,45 +9958,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-24293 - - https://github.com/advisories/GHSA-r4mg-4433-c7g3 - - https://access.redhat.com/security/cve/CVE-2025-24293 - - https://bugzilla.redhat.com/show_bug.cgi?id=2435565 - - https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24293.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-28118 + - https://github.com/Richard-Tang/SSCMS-PluginShell/blob/main/Detail.md + - https://github.com/siteserver/cms + - https://github.com/siteserver/cms/issues/3386 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25153-CANDIDATE - cve_id: CVE-2026-25153 - name: Candidate detection for CVE-2026-25153 + id: CVE-2021-43159-CANDIDATE + cve_id: CVE-2021-43159 + name: Candidate detection for CVE-2021-43159 severity: high - cvss: 7.7 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Backstage is an open framework for building developer portals, and - @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. - In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, when - TechDocs is configured with `runIn: local`, a malicious actor who can submit or - modify a repository''s `mkdocs.yml` file can execute arbitrary Python code on - the TechDocs build server via MkDocs hooks configuration. @backstage/plugin-techdocs-node - versions 1.13.11 and 1.14.1 contain a fix. The fix introduces an allowlist of - supported MkDocs configuration keys. Unsupported configuration keys (including - `hooks`) are now removed from `mkdocs.yml` before running the generator, with - a warning logged to indicate which keys were removed. Users of `@techdocs/cli` - should also upgrade to the latest version, which includes the fixed `@backstage/plugin-techdocs-node` - dependency. Some workarounds are available. Configure TechDocs with `runIn: docker` - instead of `runIn: local` to provide container isolation, though it does not fully - mitigate the risk. Limit who can modify `mkdocs.yml` files in repositories that - TechDocs processes; only allow trusted contributors. Implement PR review requirements - for changes to `mkdocs.yml` files to detect malicious `hooks` configurations before - they are merged. Use MkDocs < 1.4.0 (e.g., 1.3.1) which does not support hooks. - Note: This may limit access to newer MkDocs features. Building documentation in - CI/CD pipelines using `@techdocs/cli` does not mitigate this vulnerability, as - the CLI uses the same vulnerable `@backstage/plugin-techdocs-node` package.' + description: A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks + Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the + setSessionTime function in /cgi-bin/luci/api/common.. detection: payload: null verify: null @@ -11619,30 +9986,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25153 - - https://github.com/backstage/backstage/security/advisories/GHSA-6jr7-99pf-8vgf - - https://access.redhat.com/errata/RHSA-2026:6174 - - https://access.redhat.com/errata/RHSA-2026:6802 - - https://access.redhat.com/security/cve/CVE-2026-25153 + - https://nvd.nist.gov/vuln/detail/CVE-2021-43159 + - https://seclists.org/fulldisclosure/2022/May/0 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-1530-CANDIDATE - cve_id: CVE-2026-1530 - name: Candidate detection for CVE-2026-1530 + id: CVE-2021-43160-CANDIDATE + cve_id: CVE-2021-43160 + name: Candidate detection for CVE-2021-43160 severity: high - cvss: 8.1 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in fog-kubevirt. This vulnerability allows a remote - attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate - validation. This enables the attacker to intercept and potentially alter sensitive - communications between Satellite and OpenShift, resulting in information disclosure - and data integrity compromise. + description: A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks + Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the + switchFastDhcp function in /cgi-bin/luci/api/diagnose. detection: payload: null verify: null @@ -11650,31 +10012,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1530 - - https://access.redhat.com/errata/RHSA-2026:5970 - - https://access.redhat.com/errata/RHSA-2026:5971 - - https://access.redhat.com/security/cve/CVE-2026-1530 - - https://bugzilla.redhat.com/show_bug.cgi?id=2433784 + - https://nvd.nist.gov/vuln/detail/CVE-2021-43160 + - https://seclists.org/fulldisclosure/2022/May/0 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-1531-CANDIDATE - cve_id: CVE-2026-1531 - name: Candidate detection for CVE-2026-1531 + id: CVE-2021-43161-CANDIDATE + cve_id: CVE-2021-43161 + name: Candidate detection for CVE-2021-43161 severity: high - cvss: 8.1 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in foreman_kubevirt. When configuring the connection - to OpenShift, the system disables SSL verification if a Certificate Authority - (CA) certificate is not explicitly set. This insecure default allows a remote - attacker, capable of intercepting network traffic between Satellite and OpenShift, - to perform a Man-in-the-Middle (MITM) attack. Such an attack could lead to the - disclosure or alteration of sensitive information. + description: A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks + Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the + doSwitchApi function in /cgi-bin/luci/api/switch. detection: payload: null verify: null @@ -11682,31 +10038,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1531 - - https://access.redhat.com/errata/RHSA-2026:5968 - - https://access.redhat.com/errata/RHSA-2026:5970 - - https://access.redhat.com/errata/RHSA-2026:5971 - - https://access.redhat.com/security/cve/CVE-2026-1531 + - https://nvd.nist.gov/vuln/detail/CVE-2021-43161 + - https://seclists.org/fulldisclosure/2022/May/0 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-1761-CANDIDATE - cve_id: CVE-2026-1761 - name: Candidate detection for CVE-2026-1761 + id: CVE-2021-43162-CANDIDATE + cve_id: CVE-2021-43162 + name: Candidate detection for CVE-2021-43162 severity: high - cvss: 8.6 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libsoup. This stack-based buffer overflow vulnerability - occurs during the parsing of multipart HTTP responses due to an incorrect length - calculation. A remote attacker can exploit this by sending a specially crafted - multipart HTTP response, which can lead to memory corruption. This issue may result - in application crashes or arbitrary code execution in applications that process - untrusted server responses, and it does not require authentication or user interaction. + description: A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks + Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the + runPackDiagnose function in /cgi-bin/luci/api/diagnose. detection: payload: null verify: null @@ -11714,18 +10064,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1761 - - https://access.redhat.com/errata/RHSA-2026:1948 - - https://access.redhat.com/errata/RHSA-2026:2005 - - https://access.redhat.com/errata/RHSA-2026:2006 - - https://access.redhat.com/errata/RHSA-2026:2007 + - https://nvd.nist.gov/vuln/detail/CVE-2021-43162 + - https://seclists.org/fulldisclosure/2022/May/0 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-22778-CANDIDATE - cve_id: CVE-2026-22778 - name: Candidate detection for CVE-2026-22778 + id: CVE-2021-43163-CANDIDATE + cve_id: CVE-2021-43163 + name: Candidate detection for CVE-2021-43163 severity: critical cvss: 9.8 risk_level: unknown @@ -11733,12 +10080,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: vLLM is an inference and serving engine for large language models (LLMs). - From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal - endpoint, PIL throws an error. vLLM returns this error to the client, leaking - a heap address. With this leak, we reduce ASLR from 4 billion guesses to ~8 guesses. - This vulnerability can be chained a heap overflow with JPEG2000 decoder in OpenCV/FFmpeg - to achieve remote code execution. This vulnerability is fixed in 0.14.1. + description: A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks + Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the + checkNet function in /cgi-bin/luci/api/auth. detection: payload: null verify: null @@ -11746,69 +10090,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-22778 - - https://github.com/vllm-project/vllm/pull/31987 - - https://github.com/vllm-project/vllm/pull/32319 - - https://github.com/vllm-project/vllm/releases/tag/v0.14.1 - - https://github.com/vllm-project/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv + - https://nvd.nist.gov/vuln/detail/CVE-2021-43163 + - https://seclists.org/fulldisclosure/2022/May/0 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24737-CANDIDATE - cve_id: CVE-2026-24737 - name: Candidate detection for CVE-2026-24737 + id: CVE-2021-43164-CANDIDATE + cve_id: CVE-2021-43164 + name: Candidate detection for CVE-2021-43164 severity: high - cvss: 8.1 - risk_level: unknown - requires_confirmation: true - priority: - cisa_kev: false - exploitdb_reference: false - description: jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, - user control of properties and methods of the Acroform module allows users to - inject arbitrary PDF objects, such as JavaScript actions. If given the possibility - to pass unsanitized input to one of the following methods or properties, a user - can inject arbitrary PDF objects, such as JavaScript actions, which are executed - when the victim opens the document. The vulnerable API members are AcroformChoiceField.addOption, - AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, and AcroFormRadioButton.appearanceState. - The vulnerability has been fixed in jsPDF@4.1.0. - detection: - payload: null - verify: null - review_required: Define a read-only matcher and classify execution risk before - promotion. - remediation: Apply the vendor remediation or patched version documented in the advisory. - references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24737 - - https://github.com/parallax/jsPDF/commit/da291a5f01b96282545c9391996702cdb8879f79 - - https://github.com/parallax/jsPDF/releases/tag/v4.1.0 - - https://github.com/parallax/jsPDF/security/advisories/GHSA-pqxr-3g65-p328 - - https://access.redhat.com/errata/RHSA-2026:4466 - generated_from: - - nvd -- status: candidate - executable: false - id: CVE-2026-1207-CANDIDATE - cve_id: CVE-2026-1207 - name: Candidate detection for CVE-2026-1207 - severity: medium - cvss: 5.4 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: 'An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and - 4.2 before 4.2.28. - - Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote - attackers to inject SQL via the band index parameter. - - Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not - evaluated and may also be affected. - - Django would like to thank Tarek Nakkouch for reporting this issue.' + exploitdb_reference: true + description: A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks + Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the + updateVersion function in /cgi-bin/luci/api/wireless. detection: payload: null verify: null @@ -11816,37 +10116,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1207 - - https://docs.djangoproject.com/en/dev/releases/security/ - - https://groups.google.com/g/django-announce - - https://www.djangoproject.com/weblog/2026/feb/03/security-releases/ - - https://access.redhat.com/errata/RHSA-2026:14835 + - https://nvd.nist.gov/vuln/detail/CVE-2021-43164 + - https://seclists.org/fulldisclosure/2022/May/0 generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2026-1287-CANDIDATE - cve_id: CVE-2026-1287 - name: Candidate detection for CVE-2026-1287 + id: CVE-2022-27461-CANDIDATE + cve_id: CVE-2022-27461 + name: Candidate detection for CVE-2022-27461 severity: medium - cvss: 5.4 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and - 4.2 before 4.2.28. - - `FilteredRelation` is subject to SQL injection in column aliases via control characters, - using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` - passed to `QuerySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, - `values_list()`, and `alias()`. - - Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not - evaluated and may also be affected. - - Django would like to thank Solomon Kebede for reporting this issue.' + description: In nopCommerce 4.50.1, an open redirect vulnerability can be triggered + by luring a user to authenticate to a nopCommerce page by clicking on a crafted + link. detection: payload: null verify: null @@ -11854,36 +10143,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1287 - - https://docs.djangoproject.com/en/dev/releases/security/ - - https://groups.google.com/g/django-announce - - https://www.djangoproject.com/weblog/2026/feb/03/security-releases/ - - https://access.redhat.com/errata/RHSA-2026:14835 + - https://nvd.nist.gov/vuln/detail/CVE-2022-27461 + - https://tf1t.gitbook.io/mycve/nopcommerce/open-redirect-on-nopcommerce-4.50.1 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-1312-CANDIDATE - cve_id: CVE-2026-1312 - name: Candidate detection for CVE-2026-1312 - severity: medium - cvss: 5.4 + id: CVE-2022-28568-CANDIDATE + cve_id: CVE-2022-28568 + name: Candidate detection for CVE-2022-28568 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and - 4.2 before 4.2.28. - - `.QuerySet.order_by()` is subject to SQL injection in column aliases containing - periods when the same alias is, using a suitably crafted dictionary, with dictionary - expansion, used in `FilteredRelation`. - - Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not - evaluated and may also be affected. - - Django would like to thank Solomon Kebede for reporting this issue.' + description: Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File + Upload to RCE via Image upload from the administrator panel. An attacker can obtain + remote command execution just by knowing the path where the images are stored. detection: payload: null verify: null @@ -11891,32 +10169,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1312 - - https://docs.djangoproject.com/en/dev/releases/security/ - - https://groups.google.com/g/django-announce - - https://www.djangoproject.com/weblog/2026/feb/03/security-releases/ - - https://access.redhat.com/errata/RHSA-2026:14835 + - https://nvd.nist.gov/vuln/detail/CVE-2022-28568 + - https://github.com/b3nj1-1/CVE/tree/main/CVE-2022-28568 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25223-CANDIDATE - cve_id: CVE-2026-25223 - name: Candidate detection for CVE-2026-25223 - severity: high - cvss: 7.5 + id: CVE-2022-29347-CANDIDATE + cve_id: CVE-2022-29347 + name: Candidate detection for CVE-2022-29347 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Fastify is a fast and low overhead web framework, for Node.js. Prior - to version 5.7.2, a validation bypass vulnerability exists in Fastify where request - body validation schemas specified by Content-Type can be completely circumvented. - By appending a tab character (\t) followed by arbitrary content to the Content-Type - header, attackers can bypass body validation while the server still processes - the body as the original content type. This issue has been patched in version - 5.7.2. + description: An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers + to execute arbitrary commands via a crafted PHP file. detection: payload: null verify: null @@ -11924,35 +10194,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25223 - - https://fastify.dev/docs/latest/Reference/Validation-and-Serialization - - https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125 - - https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272 - - https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821 + - https://nvd.nist.gov/vuln/detail/CVE-2022-29347 + - https://github.com/evildrummer/MyOwnCVEs/tree/main/CVE-2022-29347 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-20111-CANDIDATE - cve_id: CVE-2026-20111 - name: Candidate detection for CVE-2026-20111 + id: CVE-2021-45783-CANDIDATE + cve_id: CVE-2021-45783 + name: Candidate detection for CVE-2021-45783 severity: medium - cvss: 4.8 + cvss: 4.6 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: "A vulnerability in the web-based management interface of Cisco Prime\ - \ Infrastructure could allow an authenticated, remote attacker to conduct a stored\ - \ cross-site scripting (XSS) attack against users of the interface of an affected\ - \ system.\r\n\r\nThis vulnerability exists because the web-based management interface\ - \ does not properly validate user-supplied input. An attacker could exploit this\ - \ vulnerability by inserting malicious code into specific data fields in the interface.\ - \ A successful exploit could allow the attacker to execute arbitrary script code\ - \ in the context of the affected interface or access sensitive, browser-based\ - \ information. To exploit this vulnerability, an attacker must have valid administrative\ - \ credentials." + exploitdb_reference: true + description: Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory + traversal vulnerability that allows an attacker to obtain sensitive information. detection: payload: null verify: null @@ -11960,29 +10219,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-20111 - - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-xss-bYeVKCD + - https://nvd.nist.gov/vuln/detail/CVE-2021-45783 + - https://github.com/cmaillioux/SecurityResearch/blob/main/CVE-2021-45783 generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2026-20123-CANDIDATE - cve_id: CVE-2026-20123 - name: Candidate detection for CVE-2026-20123 + id: CVE-2021-43712-CANDIDATE + cve_id: CVE-2021-43712 + name: Candidate detection for CVE-2021-43712 severity: medium - cvss: 4.3 + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A vulnerability in the web-based management interface of Cisco Evolved\ - \ Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow\ - \ an unauthenticated, remote attacker to redirect a user to a malicious web page.\r\ - \n\r\nThis vulnerability is due to improper input validation of the parameters\ - \ in the HTTP request. An attacker could exploit this vulnerability by intercepting\ - \ and modifying an HTTP request from a user. A successful exploit could allow\ - \ the attacker to redirect the user to a malicious web page." + description: Stored XSS in Add New Employee Form in Sourcecodester Employee Daily + Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code + via the Name Field. detection: payload: null verify: null @@ -11990,15 +10246,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-20123 - - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-redirect-6sX82dN + - https://nvd.nist.gov/vuln/detail/CVE-2021-43712 + - https://patelvarshil.medium.com/cve-2021-43712-stored-xss-how-i-got-my-first-cve-5381370482d4 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23074-CANDIDATE - cve_id: CVE-2026-23074 - name: Candidate detection for CVE-2026-23074 + id: CVE-2022-26987-CANDIDATE + cve_id: CVE-2022-26987 + name: Candidate detection for CVE-2022-26987 severity: high cvss: 7.8 risk_level: unknown @@ -12006,25 +10262,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: "In the Linux kernel, the following vulnerability has been resolved:\n\ - \nnet/sched: Enforce that teql can only be used as root qdisc\n\nDesign intent\ - \ of teql is that it is only supposed to be used as root qdisc.\nWe need to check\ - \ for that constraint.\n\nAlthough not important, I will describe the scenario\ - \ that unearthed this\nissue for the curious.\n\nGangMin Kim \ - \ managed to concot a scenario as follows:\n\nROOT qdisc 1:0 (QFQ)\n \u251C\u2500\ - \u2500 class 1:1 (weight=15, lmax=16384) netem with delay 6.4s\n \u2514\u2500\ - \u2500 class 1:2 (weight=1, lmax=1514) teql\n\nGangMin sends a packet which is\ - \ enqueued to 1:1 (netem).\nAny invocation of dequeue by QFQ from this class will\ - \ not return a packet\nuntil after 6.4s. In the meantime, a second packet is sent\ - \ and it lands on\n1:2. teql's enqueue will return success and this will activate\ - \ class 1:2.\nMain issue is that teql only updates the parent visible qlen (sch->q.qlen)\n\ - at dequeue. Since QFQ will only call dequeue if peek succeeds (and teql's\npeek\ - \ always returns NULL), dequeue will never be called and thus the qlen\nwill remain\ - \ as 0. With that in mind, when GangMin updates 1:2's lmax value,\nthe qfq_change_class\ - \ calls qfq_deact_rm_from_agg. Since the child qdisc's\nqlen was not incremented,\ - \ qfq fails to deactivate the class, but still\nfrees its pointers from the aggregate.\ - \ So when the first packet is\nrescheduled after 6.4 seconds (netem's delay),\ - \ a dangling pointer is\naccessed causing GangMin's causing a UAF." + description: TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R + 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. + Local users could get remote code execution. detection: payload: null verify: null @@ -12032,31 +10272,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23074 - - https://git.kernel.org/stable/c/0686bedfed34155520f3f735cbf3210cb9044380 - - https://git.kernel.org/stable/c/16ed73c1282d376b956bff23e5139add061767ba - - https://git.kernel.org/stable/c/4c7e8aa71c9232cba84c289b4b56cba80b280841 - - https://git.kernel.org/stable/c/50da4b9d07a7a463e2cfb738f3ad4cff6b2c9c3b + - https://nvd.nist.gov/vuln/detail/CVE-2022-26987 + - https://drive.google.com/file/d/1SnNoqRlJiBD673UROLwdgg_roMOneVR9/view?usp=sharing + - https://github.com/GANGE666 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25521-CANDIDATE - cve_id: CVE-2026-25521 - name: Candidate detection for CVE-2026-25521 + id: CVE-2022-26988-CANDIDATE + cve_id: CVE-2022-26988 + name: Candidate detection for CVE-2022-26988 severity: high - cvss: 8.8 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Locutus brings stdlibs of other programming languages to JavaScript - for educational purposes. In versions from 2.0.12 to before 2.0.39, a prototype - pollution vulnerability exists in locutus. Despite a previous fix that attempted - to mitigate prototype pollution by checking whether user input contained a forbidden - key, it is still possible to pollute Object.prototype via a crafted input using - String.prototype. This issue has been patched in version 2.0.39. + description: TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R + 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Local + users could get remote code execution. detection: payload: null verify: null @@ -12064,30 +10299,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25521 - - https://github.com/locutusjs/locutus/commit/042af9ca7fde2ff599120783e720a17f335bb01c - - https://github.com/locutusjs/locutus/security/advisories/GHSA-rxrv-835q-v5mh - - https://access.redhat.com/security/cve/CVE-2026-25521 - - https://bugzilla.redhat.com/show_bug.cgi?id=2436950 + - https://nvd.nist.gov/vuln/detail/CVE-2022-26988 + - https://drive.google.com/file/d/1J1KzojrMCq-MrV0HqkWiu17MIXGhRuUH/view?usp=sharing + - https://github.com/GANGE666 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25536-CANDIDATE - cve_id: CVE-2026-25536 - name: Candidate detection for CVE-2026-25536 + id: CVE-2022-28986-CANDIDATE + cve_id: CVE-2022-28986 + name: Candidate detection for CVE-2022-28986 severity: high - cvss: 7.1 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: MCP TypeScript SDK is the official TypeScript SDK for Model Context - Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response - data leak when a single McpServer/Server and transport instance is reused across - multiple client connections, most commonly in stateless StreamableHTTPServerTransport - deployments. This issue has been patched in version 1.26.0. + description: 'LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: + 2021072900 has an Insecure direct object references (IDOR) vulnerability, which + allows remote attackers to update sensitive records such as email, password and + phone number of other user accounts.' detection: payload: null verify: null @@ -12095,27 +10327,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25536 - - https://github.com/modelcontextprotocol/typescript-sdk/issues/204 - - https://github.com/modelcontextprotocol/typescript-sdk/issues/243 - - https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7 - - https://access.redhat.com/errata/RHSA-2026:3960 + - https://nvd.nist.gov/vuln/detail/CVE-2022-28986 + - https://github.com/FlaviuPopescu/CVE-2022-28986 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-61732-CANDIDATE - cve_id: CVE-2025-61732 - name: Candidate detection for CVE-2025-61732 + id: CVE-2020-19228-CANDIDATE + cve_id: CVE-2020-19228 + name: Candidate detection for CVE-2020-19228 severity: high - cvss: 8.6 + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A discrepancy between how Go and C/C++ comments were parsed allowed - for code smuggling into the resulting cgo binary. + description: An issue was found in bludit v3.13.0, unsafe implementation of the + backup plugin allows attackers to upload arbitrary files. detection: payload: null verify: null @@ -12123,30 +10352,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-61732 - - https://go.dev/cl/734220 - - https://go.dev/issue/76697 - - https://groups.google.com/g/golang-announce/c/K09ubi9FQFk - - https://pkg.go.dev/vuln/GO-2026-4433 + - https://nvd.nist.gov/vuln/detail/CVE-2020-19228 + - https://github.com/bludit/bludit/issues/1242 generated_from: - nvd - status: candidate executable: false - id: CVE-2020-37131-CANDIDATE - cve_id: CVE-2020-37131 - name: Candidate detection for CVE-2020-37131 + id: CVE-2022-28077-CANDIDATE + cve_id: CVE-2022-28077 + name: Candidate detection for CVE-2022-28077 severity: medium - cvss: 6.2 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service - vulnerability that allows local attackers to crash the application by inputting - a specially crafted registration key. Attackers can generate a payload of 1000 - bytes of repeated characters and paste it into the 'Key' input field to trigger - the application crash. + description: Home Owners Collection Management v1 was discovered to contain a reflected + cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] + parameter. detection: payload: null verify: null @@ -12154,29 +10378,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2020-37131 - - https://www.exploit-db.com/exploits/48284 - - https://www.vulncheck.com/advisories/product-key-explorer-key-denial-of-service + - https://nvd.nist.gov/vuln/detail/CVE-2022-28077 + - https://github.com/bigzooooz/CVE-2022-28077 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-1709-CANDIDATE - cve_id: CVE-2026-1709 - name: Candidate detection for CVE-2026-1709 - severity: critical - cvss: 9.4 + id: CVE-2022-28078-CANDIDATE + cve_id: CVE-2022-28078 + name: Candidate detection for CVE-2022-28078 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, - does not enforce client-side Transport Layer Security (TLS) authentication. This - authentication bypass vulnerability allows unauthenticated clients with network - access to perform administrative operations, including listing agents, retrieving - public Trusted Platform Module (TPM) data, and deleting agents, by connecting - without presenting a client certificate. + description: Home Owners Collection Management v1 was discovered to contain a reflected + cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] + parameter. detection: payload: null verify: null @@ -12184,39 +10404,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1709 - - https://access.redhat.com/errata/RHSA-2026:2224 - - https://access.redhat.com/errata/RHSA-2026:2225 - - https://access.redhat.com/errata/RHSA-2026:2298 - - https://access.redhat.com/security/cve/CVE-2026-1709 + - https://nvd.nist.gov/vuln/detail/CVE-2022-28078 + - https://github.com/bigzooooz/CVE-2022-28078 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25640-CANDIDATE - cve_id: CVE-2026-25640 - name: Candidate detection for CVE-2026-25640 - severity: high - cvss: 7.1 + id: CVE-2020-22984-CANDIDATE + cve_id: CVE-2020-22984 + name: Candidate detection for CVE-2020-22984 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Pydantic AI is a Python agent framework for building applications and - workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal - vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary - JavaScript in the context of the application by crafting a malicious URL. In affected - versions, the CDN URL is constructed using a version query parameter from the - request URL. This parameter is not validated, allowing path traversal sequences - that cause the server to fetch and serve attacker-controlled HTML/JavaScript from - an arbitrary source on the same CDN, instead of the legitimate chat UI package. - If a victim clicks the link or visits it via an iframe, attacker-controlled code - executes in their browser, enabling theft of chat history and other client-side - data. This vulnerability only affects applications that use Agent.to_web to serve - a chat interface and clai web to serve a chat interface from the CLI. These are - typically run locally (on localhost), but may also be deployed on a remote server. - This vulnerability is fixed in 1.51.0. + description: Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 + and earlier, allows remote unauthenticated attackers to execute arbitrary code + via key parameter to the getGoogleExtraConfig task. detection: payload: null verify: null @@ -12224,33 +10430,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25640 - - https://github.com/pydantic/pydantic-ai/releases/tag/v1.51.0 - - https://github.com/pydantic/pydantic-ai/security/advisories/GHSA-wjp5-868j-wqv7 - - https://access.redhat.com/security/cve/CVE-2026-25640 - - https://bugzilla.redhat.com/show_bug.cgi?id=2437753 + - https://nvd.nist.gov/vuln/detail/CVE-2020-22984 + - https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d + - https://www.microstrategy.com/us/report-a-security-vulnerability + - https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25580-CANDIDATE - cve_id: CVE-2026-25580 - name: Candidate detection for CVE-2026-25580 - severity: high - cvss: 8.6 + id: CVE-2020-22985-CANDIDATE + cve_id: CVE-2020-22985 + name: Candidate detection for CVE-2020-22985 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Pydantic AI is a Python agent framework for building applications and - workflows with Generative AI. From 0.0.26 to before 1.56.0, aServer-Side Request - Forgery (SSRF) vulnerability exists in Pydantic AI's URL download functionality. - When applications accept message history from untrusted sources, attackers can - include malicious URLs that cause the server to make HTTP requests to internal - network resources, potentially accessing internal services or cloud credentials. - This vulnerability only affects applications that accept message history from - external users. This vulnerability is fixed in 1.56.0. + description: Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 + and earlier, allows remote unauthenticated attackers to execute arbitrary code + via the key parameter to the getESRIExtraConfig task. detection: payload: null verify: null @@ -12258,34 +10458,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25580 - - https://github.com/pydantic/pydantic-ai/commit/d398bc9d39aecca6530fa7486a410d5cce936301 - - https://github.com/pydantic/pydantic-ai/security/advisories/GHSA-2jrp-274c-jhv3 - - https://access.redhat.com/security/cve/CVE-2026-25580 - - https://bugzilla.redhat.com/show_bug.cgi?id=2437781 + - https://nvd.nist.gov/vuln/detail/CVE-2020-22985 + - https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d + - https://www.microstrategy.com/us/report-a-security-vulnerability + - https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d generated_from: - nvd - status: candidate executable: false - id: CVE-2026-1615-CANDIDATE - cve_id: CVE-2026-1615 - name: Candidate detection for CVE-2026-1615 - severity: critical - cvss: 9.8 + id: CVE-2020-22986-CANDIDATE + cve_id: CVE-2020-22986 + name: Candidate detection for CVE-2020-22986 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary - Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The - library relies on the static-eval module to process JSON Path input, which is - not designed to handle untrusted data safely. An attacker can exploit this vulnerability - by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary - JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site - Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON - Paths against objects, including .query, .nodes, .paths, .value, .parent, and - .apply. + description: Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 + and earlier, allows remote unauthenticated attackers to execute arbitrary code + via the searchString parameter to the wikiScrapper task. detection: payload: null verify: null @@ -12293,29 +10486,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1615 - - https://github.com/dchester/jsonpath/blob/c1dd8ec74034fb0375233abb5fdbec51ac317b4b/lib/handlers.js%23L243 - - https://github.com/dchester/jsonpath/commit/b61111f07ac1a8d0f3133b5fc51438ecb76a6c39 - - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15141219 - - https://security.snyk.io/vuln/SNYK-JS-JSONPATH-13645034 + - https://nvd.nist.gov/vuln/detail/CVE-2020-22986 + - https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d + - https://tinyurl.com/ + - https://www.microstrategy.com/us/report-a-security-vulnerability + - https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d generated_from: - nvd - status: candidate executable: false - id: CVE-2025-14831-CANDIDATE - cve_id: CVE-2025-14831 - name: Candidate detection for CVE-2025-14831 + id: CVE-2020-22987-CANDIDATE + cve_id: CVE-2020-22987 + name: Candidate detection for CVE-2020-22987 severity: medium - cvss: 5.3 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in GnuTLS. This vulnerability allows a denial of service - (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially - crafted malicious certificates containing a large number of name constraints and - subject alternative names (SANs). + description: Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 + and earlier, allows remote unauthenticated attackers to execute arbitrary code + via the fileToUpload parameter to the uploadFile task. detection: payload: null verify: null @@ -12323,29 +10515,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-14831 - - https://access.redhat.com/errata/RHSA-2026:13812 - - https://access.redhat.com/errata/RHSA-2026:16008 - - https://access.redhat.com/errata/RHSA-2026:16009 - - https://access.redhat.com/errata/RHSA-2026:16174 + - https://nvd.nist.gov/vuln/detail/CVE-2020-22987 + - https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d + - https://www.microstrategy.com/us/report-a-security-vulnerability + - https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24678-CANDIDATE - cve_id: CVE-2026-24678 - name: Candidate detection for CVE-2026-24678 + id: CVE-2020-22983-CANDIDATE + cve_id: CVE-2020-22983 + name: Candidate detection for CVE-2020-22983 severity: high - cvss: 7.5 + cvss: 8.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior - to 3.22.0, A capture thread sends sample responses using a freed channel callback - after a device channel close, leading to a use after free in ecam_channel_write. - This vulnerability is fixed in 3.22.0. + description: A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy + Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a + server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL + task. detection: payload: null verify: null @@ -12353,32 +10544,29 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24678 - - https://github.com/FreeRDP/FreeRDP/commit/f3ab1a16139036179d9852745fdade18fec11600 - - https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6gvg-29wx-6v7h - - https://access.redhat.com/errata/RHSA-2026:19033 - - https://access.redhat.com/errata/RHSA-2026:3068 + - https://nvd.nist.gov/vuln/detail/CVE-2020-22983 + - https://medium.com/@win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204 + - https://tinyurl.com/ + - https://www.microstrategy.com/us/report-a-security-vulnerability + - https://medium.com/%40win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-1486-CANDIDATE - cve_id: CVE-2026-1486 - name: Candidate detection for CVE-2026-1486 - severity: high - cvss: 8.8 + id: CVE-2022-29351-CANDIDATE + cve_id: CVE-2022-29351 + name: Candidate detection for CVE-2022-29351 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant - flow where the server fails to verify if an Identity Provider (IdP) is enabled - before issuing tokens. The issuer lookup mechanism (lookupIdentityProviderFromIssuer) - retrieves the IdP configuration but does not filter for isEnabled=false. If an - administrator disables an IdP (e.g., due to a compromise or offboarding), an entity - possessing that IdP's signing key can still generate valid JWT assertions that - Keycloak accepts, resulting in the issuance of valid access tokens. + description: 'An arbitrary file upload vulnerability in the file upload module of + Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG + file. Note: The vendor argues that this is not a legitimate issue and there is + no vulnerability here.' detection: payload: null verify: null @@ -12386,30 +10574,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1486 - - https://access.redhat.com/errata/RHSA-2026:2365 - - https://access.redhat.com/errata/RHSA-2026:2366 - - https://access.redhat.com/security/cve/CVE-2026-1486 - - https://bugzilla.redhat.com/show_bug.cgi?id=2433347 + - https://nvd.nist.gov/vuln/detail/CVE-2022-29351 + - https://github.com/Jermolene/TiddlyWiki5 + - https://github.com/jimcola99/corruptsvgfile + - https://www.youtube.com/watch?v=F_DBx4psWns generated_from: - nvd - status: candidate executable: false - id: CVE-2026-1529-CANDIDATE - cve_id: CVE-2026-1529 - name: Candidate detection for CVE-2026-1529 - severity: high - cvss: 8.1 + id: CVE-2022-24611-CANDIDATE + cve_id: CVE-2022-24611 + name: Candidate detection for CVE-2022-24611 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Keycloak. An attacker can exploit this vulnerability - by modifying the organization ID and target email within a legitimate invitation - token's JSON Web Token (JWT) payload. This lack of cryptographic signature verification - allows the attacker to successfully self-register into an unauthorized organization, - leading to unauthorized access. + description: Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification + in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected + Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but + absent NodeIDs. detection: payload: null verify: null @@ -12417,18 +10603,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1529 - - https://access.redhat.com/errata/RHSA-2026:2363 - - https://access.redhat.com/errata/RHSA-2026:2364 - - https://access.redhat.com/errata/RHSA-2026:2365 - - https://access.redhat.com/errata/RHSA-2026:2366 + - https://nvd.nist.gov/vuln/detail/CVE-2022-24611 + - https://github.com/ITSecLab-HSEL/CVE-2022-24611 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25639-CANDIDATE - cve_id: CVE-2026-25639 - name: Candidate detection for CVE-2026-25639 + id: CVE-2022-29641-CANDIDATE + cve_id: CVE-2022-29641 + name: Candidate detection for CVE-2022-29641 severity: high cvss: 7.5 risk_level: unknown @@ -12436,12 +10619,10 @@ priority: cisa_kev: false exploitdb_reference: false - description: Axios is a promise based HTTP client for the browser and Node.js. Prior - to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with - a TypeError when processing configuration objects containing __proto__ as an own - property. An attacker can trigger this by providing a malicious configuration - object created via JSON.parse(), causing complete denial of service. This vulnerability - is fixed in versions 0.30.3 and 1.13.5. + description: TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 + were discovered to contain a stack overflow via the startTime and endTime parameters + in the function setParentalRules. This vulnerability allows attackers to cause + a Denial of Service (DoS) via a crafted POST request. detection: payload: null verify: null @@ -12449,68 +10630,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25639 - - https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57 - - https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e - - https://github.com/axios/axios/pull/7369 - - https://github.com/axios/axios/pull/7388 + - https://nvd.nist.gov/vuln/detail/CVE-2022-29641 + - https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/4.md generated_from: - nvd - status: candidate executable: false - id: CVE-2025-35998-CANDIDATE - cve_id: CVE-2025-35998 - name: Candidate detection for CVE-2025-35998 - severity: high - cvss: 7.9 - risk_level: unknown - requires_confirmation: true - priority: - cisa_kev: false - exploitdb_reference: false - description: 'Missing protection mechanism for alternate hardware interface in the - Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel - may allow an escalation of privilege. System software adversary with a privileged - user combined with a low complexity attack may enable escalation of privilege. - This result may potentially occur via local access when attack requirements are - present with special internal knowledge and requires no user interaction. The - potential vulnerability may impact the confidentiality (high), integrity (high) - and availability (none) of the vulnerable system, resulting in subsequent system - confidentiality (none), integrity (none) and availability (none) impacts.' - detection: - payload: null - verify: null - review_required: Define a read-only matcher and classify execution risk before - promotion. - remediation: Apply the vendor remediation or patched version documented in the advisory. - references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-35998 - - https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01406.html - - https://access.redhat.com/errata/RHSA-2026:6888 - - https://access.redhat.com/security/cve/CVE-2025-35998 - - https://bugzilla.redhat.com/show_bug.cgi?id=2438523 - generated_from: - - nvd -- status: candidate - executable: false - id: CVE-2026-25646-CANDIDATE - cve_id: CVE-2026-25646 - name: Candidate detection for CVE-2026-25646 - severity: high - cvss: 8.1 + id: CVE-2022-28932-CANDIDATE + cve_id: CVE-2022-28932 + name: Candidate detection for CVE-2022-28932 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: LIBPNG is a reference library for use in applications that read, create, - and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, - an out-of-bounds read vulnerability exists in the png_set_quantize() API function. - When the function is called with no histogram and the number of colors in the - palette is more than twice the maximum supported by the user's display, certain - palettes will cause the function to enter into an infinite loop that reads past - the end of an internal heap-allocated buffer. The images that trigger this vulnerability - are valid per the PNG specification. This vulnerability is fixed in 1.6.55. + description: D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure + permissions. detection: payload: null verify: null @@ -12518,34 +10655,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25646 - - https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88 - - https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3 - - https://access.redhat.com/errata/RHSA-2026:10097 - - https://access.redhat.com/errata/RHSA-2026:12274 + - https://nvd.nist.gov/vuln/detail/CVE-2022-28932 + - https://github.com/1759134370/iot/blob/main/dsl + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25506-CANDIDATE - cve_id: CVE-2026-25506 - name: Candidate detection for CVE-2026-25506 - severity: high - cvss: 7.7 + id: CVE-2022-29004-CANDIDATE + cve_id: CVE-2022-29004 + name: Candidate detection for CVE-2022-29004 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: MUNGE is an authentication service for creating and validating user - credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow - vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic - key material from process memory. With the leaked key material, the attacker could - forge arbitrary MUNGE credentials to impersonate any user (including root) to - services that rely on MUNGE for authentication. The vulnerability allows a buffer - overflow by sending a crafted message with an oversized address length field, - corrupting munged's internal state and enabling extraction of the MAC subkey used - for credential verification. This vulnerability is fixed in 0.5.18. + description: Diary Management System v1.0 was discovered to contain a cross-site + scripting (XSS) vulnerability via the Name parameter in search-result.php. detection: payload: null verify: null @@ -12553,39 +10681,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25506 - - https://github.com/dun/munge/commit/bf40cc27c4ce8451d4b062c9de0b67ec40894812 - - https://github.com/dun/munge/releases/tag/munge-0.5.18 - - https://github.com/dun/munge/security/advisories/GHSA-r9cr-jf4v-75gh - - https://lists.debian.org/debian-lts-announce/2026/02/msg00015.html + - https://nvd.nist.gov/vuln/detail/CVE-2022-29004 + - https://github.com/sudoninja-noob/CVE-2022-29004/blob/main/CVE-2022-29004.txt + - https://phpgurukul.com/e-diary-management-system-using-php-and-mysql/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-26007-CANDIDATE - cve_id: CVE-2026-26007 - name: Candidate detection for CVE-2026-26007 + id: CVE-2022-29005-CANDIDATE + cve_id: CVE-2022-29005 + name: Candidate detection for CVE-2022-29005 severity: medium - cvss: 6.5 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: cryptography is a package designed to expose cryptographic primitives - and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers - (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), - load_der_public_key() and load_pem_public_key() functions do not verify that the - point belongs to the expected prime-order subgroup of the curve. This missing - validation allows an attacker to provide a public key point P from a small-order - subgroup. This can lead to security issues in various situations, such as the - most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). - When the victim computes the shared secret as S = [victim_private_key]P via ECDH, - this leaks information about victim_private_key mod (small_subgroup_order). For - curves with cofactor > 1, this reveals the least significant bits of the private - key. When these weak public keys are used in ECDSA , it's easy to forge signatures - on the small subgroup. Only SECT curves are impacted by this. This vulnerability - is fixed in 46.0.5. + description: Multiple cross-site scripting (XSS) vulnerabilities in the component + /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers + to execute arbitrary web scripts or HTML via a crafted payload injected into the + fname or lname parameters. detection: payload: null verify: null @@ -12593,99 +10709,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-26007 - - https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c - - https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2 - - https://access.redhat.com/errata/RHSA-2026:10184 - - https://access.redhat.com/errata/RHSA-2026:12176 + - https://nvd.nist.gov/vuln/detail/CVE-2022-29005 + - https://github.com/sudoninja-noob/CVE-2022-29005/blob/main/CVE-2022-29005.txt + - https://phpgurukul.com/online-birth-certificate-system-using-php-and-mysql/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-1837-CANDIDATE - cve_id: CVE-2026-1837 - name: Candidate detection for CVE-2026-1837 + id: CVE-2022-30014-CANDIDATE + cve_id: CVE-2022-30014 + name: Candidate detection for CVE-2022-30014 severity: high - cvss: 7.5 - risk_level: unknown - requires_confirmation: true - priority: - cisa_kev: false - exploitdb_reference: false - description: 'A specially-crafted file can cause libjxl''s decoder to write pixel - data to uninitialized unallocated memory. Soon after that data from another uninitialized - unallocated region is copied to pixel data. - - - This can be done by requesting color transformation of grayscale images to another - grayscale color space. Buffers allocated for 1-float-per-pixel are used as if - they are allocated for 3-float-per-pixel. That happens only if LCMS2 is used as - CMS engine. There is another CMS engine available (selected by build flags).' - detection: - payload: null - verify: null - review_required: Define a read-only matcher and classify execution risk before - promotion. - remediation: Apply the vendor remediation or patched version documented in the advisory. - references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1837 - - https://github.com/libjxl/libjxl/issues/4549 - - https://access.redhat.com/security/cve/CVE-2026-1837 - - https://bugzilla.redhat.com/show_bug.cgi?id=2438974 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1837.json - generated_from: - - nvd -- status: candidate - executable: false - id: CVE-2025-69872-CANDIDATE - cve_id: CVE-2025-69872 - name: Candidate detection for CVE-2025-69872 - severity: critical - cvss: 9.8 - risk_level: unknown - requires_confirmation: true - priority: - cisa_kev: false - exploitdb_reference: false - description: DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization - by default. An attacker with write access to the cache directory can achieve arbitrary - code execution when a victim application reads from the cache. - detection: - payload: null - verify: null - review_required: Define a read-only matcher and classify execution risk before - promotion. - remediation: Apply the vendor remediation or patched version documented in the advisory. - references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-69872 - - https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69872-DiskCache-Pickle-Deserialization.md - - https://github.com/grantjenks/python-diskcache - - https://access.redhat.com/errata/RHSA-2026:3713 - - https://access.redhat.com/security/cve/CVE-2025-69872 - generated_from: - - nvd -- status: candidate - executable: false - id: CVE-2025-69873-CANDIDATE - cve_id: CVE-2025-69873 - name: Candidate detection for CVE-2025-69873 - severity: low - cvss: 2.9 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to - Regular Expression Denial of Service (ReDoS) when the $data option is enabled. - The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), - which is passed directly to the JavaScript RegExp() constructor without validation. - An attacker can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with - crafted input to cause catastrophic backtracking. A 31-character payload causes - approximately 44 seconds of CPU blocking, with each additional character doubling - execution time. This enables complete denial of service with a single HTTP request - against any API using ajv with $data: true for dynamic schema validation. This - issue is also fixed in version 6.14.0.' + description: Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site + Request Forgery (CSRF) which allows anyone to takeover admin/moderater account. detection: payload: null verify: null @@ -12693,29 +10735,32 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-69873 - - https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md - - https://github.com/advisories/GHSA-2g4f-4pwh-qvx6 - - https://github.com/ajv-validator/ajv/pull/2588 - - https://github.com/ajv-validator/ajv/pull/2590 + - https://nvd.nist.gov/vuln/detail/CVE-2022-30014 + - https://github.com/offsecin/bugsdisclose/blob/main/csrf generated_from: - nvd - status: candidate executable: false - id: CVE-2020-37196-CANDIDATE - cve_id: CVE-2020-37196 - name: Candidate detection for CVE-2020-37196 + id: CVE-2022-28944-CANDIDATE + cve_id: CVE-2022-28944 + name: Candidate detection for CVE-2022-28944 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Dnss Domain Name Search Software contains a denial of service vulnerability - that allows attackers to crash the application by providing an oversized registration - key. Attackers can generate a 1000-character buffer payload and paste it into - the registration key field to trigger an application crash. + description: "Certain EMCO Software products are affected by: CWE-494: Download\ + \ of Code Without Integrity Check. This affects MSI Package Builder for Windows\ + \ 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18\ + \ and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network Inventory\ + \ for Windows 5.8.22 and Network Software Scanner for Windows 2.0.8 and UnLock\ + \ IT for Windows 6.1.1. The impact is: execute arbitrary code (remote). The component\ + \ is: Updater. The attack vector is: To exploit this vulnerability, a user must\ + \ trigger an update of an affected installation of EMCO Software. \xB6\xB6 Multiple\ + \ products from EMCO Software are affected by a remote code execution vulnerability\ + \ during the update process." detection: payload: null verify: null @@ -12723,27 +10768,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2020-37196 - - https://www.exploit-db.com/exploits/47856 - - https://www.vulncheck.com/advisories/dnss-domain-name-search-software-key-denial-of-service + - https://nvd.nist.gov/vuln/detail/CVE-2022-28944 + - https://github.com/gerr-re/cve-2022-28944/blob/main/cve-2022-28944_public-advisory.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2020-37197-CANDIDATE - cve_id: CVE-2020-37197 - name: Candidate detection for CVE-2020-37197 + id: CVE-2022-29333-CANDIDATE + cve_id: CVE-2022-29333 + name: Candidate detection for CVE-2022-29333 severity: high - cvss: 7.5 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Dnss Domain Name Search Software contains a denial of service vulnerability - that allows attackers to crash the application by overflowing the 'Name' input - field. Attackers can generate a 1000-character buffer payload and paste it into - the registration name field to trigger an application crash. + description: A vulnerability in CyberLink Power Director v14 allows attackers to + escalate privileges via a crafted .exe file. detection: payload: null verify: null @@ -12751,27 +10793,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2020-37197 - - https://www.exploit-db.com/exploits/47861 - - https://www.vulncheck.com/advisories/dnss-domain-name-search-software-name-denial-of-service + - https://nvd.nist.gov/vuln/detail/CVE-2022-29333 + - https://www.youtube.com/watch?v=r75k-ae3_ng + - https://youtu.be/B46wtd-ZNog generated_from: - nvd - status: candidate executable: false - id: CVE-2020-37199-CANDIDATE - cve_id: CVE-2020-37199 - name: Candidate detection for CVE-2020-37199 + id: CVE-2022-27305-CANDIDATE + cve_id: CVE-2022-27305 + name: Candidate detection for CVE-2022-27305 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: NBMonitor 1.6.6.0 contains a denial of service vulnerability in its - registration key input that allows attackers to crash the application. Attackers - can generate a 1000-character buffer payload and paste it into the 'Key' field - to trigger an application crash. + description: Gibbon v23 does not generate a new session ID cookie after a user authenticates, + making the application vulnerable to session fixation. detection: payload: null verify: null @@ -12779,27 +10819,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2020-37199 - - https://www.exploit-db.com/exploits/47866 - - https://www.vulncheck.com/advisories/nbmonitor-key-denial-of-service + - https://nvd.nist.gov/vuln/detail/CVE-2022-27305 + - https://github.com/GibbonEdu/core/security/advisories/GHSA-4mq5-8jvh-qq3p generated_from: - nvd - status: candidate executable: false - id: CVE-2020-37200-CANDIDATE - cve_id: CVE-2020-37200 - name: Candidate detection for CVE-2020-37200 - severity: high - cvss: 7.5 + id: CVE-2021-42872-CANDIDATE + cve_id: CVE-2021-42872 + name: Candidate detection for CVE-2021-42872 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in - the registration key input that allows attackers to crash the application by supplying - oversized input. Attackers can generate a 1000-character payload and paste it - into the registration key field to trigger an application crash. + description: TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability + that can remotely execute arbitrary code. detection: payload: null verify: null @@ -12807,27 +10844,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2020-37200 - - https://www.exploit-db.com/exploits/47860 - - https://www.vulncheck.com/advisories/netsharewatcher-key-denial-of-service + - https://nvd.nist.gov/vuln/detail/CVE-2021-42872 + - https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_NoticeUrl_rce4.md generated_from: - nvd - status: candidate executable: false - id: CVE-2020-37201-CANDIDATE - cve_id: CVE-2020-37201 - name: Candidate detection for CVE-2020-37201 - severity: high - cvss: 7.5 + id: CVE-2022-24238-CANDIDATE + cve_id: CVE-2022-24238 + name: Candidate detection for CVE-2022-24238 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in - the registration name input that allows attackers to crash the application. Attackers - can generate a 1000-character payload and paste it into the 'Name' field to trigger - an application crash. + description: ACEweb Online Portal 3.5.065 was discovered to contain a cross-site + scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp. detection: payload: null verify: null @@ -12835,27 +10869,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2020-37201 - - https://www.exploit-db.com/exploits/47848 - - https://www.vulncheck.com/advisories/netsharewatcher-name-denial-of-service + - https://nvd.nist.gov/vuln/detail/CVE-2022-24238 + - https://www.aceware.com/forum/viewtopic.php?f=7&t=481 generated_from: - nvd - status: candidate executable: false - id: CVE-2020-37204-CANDIDATE - cve_id: CVE-2020-37204 - name: Candidate detection for CVE-2020-37204 - severity: high - cvss: 7.5 + id: CVE-2022-24239-CANDIDATE + cve_id: CVE-2022-24239 + name: Candidate detection for CVE-2022-24239 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: RemShutdown 2.9.0.0 contains a denial of service vulnerability in its - registration key input that allows attackers to crash the application. Attackers - can generate a 1000-character buffer payload and paste it into the registration - key field to trigger an application crash. + description: ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted + file upload vulnerability via attachments.awp. detection: payload: null verify: null @@ -12863,27 +10894,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2020-37204 - - https://www.exploit-db.com/exploits/47863 - - https://www.vulncheck.com/advisories/remshutdown-key-denial-of-service + - https://nvd.nist.gov/vuln/detail/CVE-2022-24239 + - https://www.aceware.com/forum/viewtopic.php?f=7&t=481 generated_from: - nvd - status: candidate executable: false - id: CVE-2020-37205-CANDIDATE - cve_id: CVE-2020-37205 - name: Candidate detection for CVE-2020-37205 - severity: high - cvss: 7.5 + id: CVE-2022-24240-CANDIDATE + cve_id: CVE-2022-24240 + name: Candidate detection for CVE-2022-24240 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: RemShutdown 2.9.0.0 contains a denial of service vulnerability that - allows attackers to crash the application by overflowing the 'Name' registration - field. Attackers can generate a 1000-character buffer payload and paste it into - the registration name field to trigger an application crash. + description: ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection + vulnerability via the criteria parameter in showschedule.awp. detection: payload: null verify: null @@ -12891,16 +10919,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2020-37205 - - https://www.exploit-db.com/exploits/47865 - - https://www.vulncheck.com/advisories/remshutdown-name-denial-of-service + - https://nvd.nist.gov/vuln/detail/CVE-2022-24240 + - https://www.aceware.com/forum/viewtopic.php?f=7&t=481 generated_from: - nvd - status: candidate executable: false - id: CVE-2020-37206-CANDIDATE - cve_id: CVE-2020-37206 - name: Candidate detection for CVE-2020-37206 + id: CVE-2022-24241-CANDIDATE + cve_id: CVE-2022-24241 + name: Candidate detection for CVE-2022-24241 severity: high cvss: 7.5 risk_level: unknown @@ -12908,10 +10935,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: ShareAlarmPro contains a denial of service vulnerability that allows - attackers to crash the application by supplying an oversized registration key. - Attackers can generate a 1000-character buffer payload to trigger an application - crash when pasted into the registration key field. + description: ACEweb Online Portal 3.5.065 was discovered to contain an External + Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. detection: payload: null verify: null @@ -12919,16 +10944,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2020-37206 - - https://www.exploit-db.com/exploits/47859 - - https://www.vulncheck.com/advisories/sharealarmpro-advanced-network-access-control-key-denial-of-service + - https://nvd.nist.gov/vuln/detail/CVE-2022-24241 + - https://www.aceware.com/forum/viewtopic.php?f=7&t=481 generated_from: - nvd - status: candidate executable: false - id: CVE-2020-37207-CANDIDATE - cve_id: CVE-2020-37207 - name: Candidate detection for CVE-2020-37207 + id: CVE-2022-24581-CANDIDATE + cve_id: CVE-2022-24581 + name: Candidate detection for CVE-2022-24581 severity: high cvss: 7.5 risk_level: unknown @@ -12936,10 +10960,10 @@ priority: cisa_kev: false exploitdb_reference: false - description: SpotDialup 1.6.7 contains a denial of service vulnerability in the - registration key input field that allows attackers to crash the application. Attackers - can generate a 1000-character buffer payload and paste it into the 'Key' field - to trigger an application crash. + description: ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture + via UNC. By specifying the UNC file path of an external SMB share when uploading + a file, an attacker can induce the victim server to disclose the username and + password hash of the user executing the ACEweb Online software. detection: payload: null verify: null @@ -12947,27 +10971,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2020-37207 - - https://www.exploit-db.com/exploits/47872 - - https://www.vulncheck.com/advisories/spotdialup-key-denial-of-service + - https://nvd.nist.gov/vuln/detail/CVE-2022-24581 + - https://www.aceware.com/forum/viewtopic.php?f=7&t=481 generated_from: - nvd - status: candidate executable: false - id: CVE-2020-37208-CANDIDATE - cve_id: CVE-2020-37208 - name: Candidate detection for CVE-2020-37208 - severity: high - cvss: 7.5 + id: CVE-2022-28945-CANDIDATE + cve_id: CVE-2022-28945 + name: Candidate detection for CVE-2022-28945 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration - key input field that allows attackers to crash the application. Attackers can - generate a 1000-character payload and paste it into the 'Key' field to trigger - an application crash and denial of service. + description: An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory + traversal via a crafted ZIP file. detection: payload: null verify: null @@ -12975,27 +10996,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2020-37208 - - https://www.exploit-db.com/exploits/47849 - - https://www.vulncheck.com/advisories/spotftp-ftp-password-recovery-key-denial-of-service + - https://nvd.nist.gov/vuln/detail/CVE-2022-28945 + - https://github.com/WeBankPartners/wecube-platform/issues/2324 + - https://github.com/WeBankPartners/wecube-platform/releases/tag/v3.2.2 generated_from: - nvd - status: candidate executable: false - id: CVE-2020-37209-CANDIDATE - cve_id: CVE-2020-37209 - name: Candidate detection for CVE-2020-37209 + id: CVE-2022-30034-CANDIDATE + cve_id: CVE-2022-30034 + name: Candidate detection for CVE-2022-30034 severity: high - cvss: 7.5 + cvss: 8.6 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration - name input field that allows attackers to crash the application. Attackers can - generate a 1000-character buffer payload and paste it into the 'Name' field to - trigger an application crash. + description: Flower, a web UI for the Celery Python RPC framework, all versions + as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker + could then access the Flower API to discover and invoke arbitrary Celery RPC calls + or deny service by shutting down Celery task nodes. detection: payload: null verify: null @@ -13003,27 +11024,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2020-37209 - - https://www.exploit-db.com/exploits/47868 - - https://www.vulncheck.com/advisories/spotftp-ftp-password-recovery-name-denial-of-service + - https://nvd.nist.gov/vuln/detail/CVE-2022-30034 + - https://github.com/mher/flower/issues/1217 + - https://tprynn.github.io/2022/05/26/flower-vulns.html generated_from: - nvd - status: candidate executable: false - id: CVE-2020-37210-CANDIDATE - cve_id: CVE-2020-37210 - name: Candidate detection for CVE-2020-37210 - severity: high - cvss: 7.5 + id: CVE-2022-30490-CANDIDATE + cve_id: CVE-2022-30490 + name: Candidate detection for CVE-2022-30490 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: SpotIE 2.9.5 contains a denial of service vulnerability in the registration - key input that allows attackers to crash the application. Attackers can generate - a 1000-character buffer payload and paste it into the 'Key' field to trigger an - application crash. + description: Badminton Center Management System V1.0 is vulnerable to SQL Injection + via parameter 'id' in /bcms/admin/court_rentals/update_status.php. detection: payload: null verify: null @@ -13031,27 +11050,23 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2020-37210 - - https://www.exploit-db.com/exploits/47855 - - https://www.vulncheck.com/advisories/spotie-key-denial-of-service + - https://nvd.nist.gov/vuln/detail/CVE-2022-30490 + - https://github.com/yasinyildiz26/Badminton-Center-Management-System generated_from: - nvd - status: candidate executable: false - id: CVE-2020-37211-CANDIDATE - cve_id: CVE-2020-37211 - name: Candidate detection for CVE-2020-37211 - severity: high - cvss: 7.5 + id: CVE-2022-29704-CANDIDATE + cve_id: CVE-2022-29704 + name: Candidate detection for CVE-2022-29704 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: SpotIM 2.2 contains a denial of service vulnerability that allows attackers - to crash the application by inputting a large buffer in the registration name - field. Attackers can generate a 1000-character payload and paste it into the 'Name' - field to trigger an application crash. + description: BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability. detection: payload: null verify: null @@ -13059,27 +11074,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2020-37211 - - https://www.exploit-db.com/exploits/47870 - - https://www.vulncheck.com/advisories/spotim-name-denial-of-service + - https://nvd.nist.gov/vuln/detail/CVE-2022-29704 + - https://www.youtube.com/watch?v=ECTu2QVAl1c generated_from: - nvd - status: candidate executable: false - id: CVE-2020-37212-CANDIDATE - cve_id: CVE-2020-37212 - name: Candidate detection for CVE-2020-37212 - severity: high - cvss: 7.5 + id: CVE-2021-42875-CANDIDATE + cve_id: CVE-2021-42875 + name: Candidate detection for CVE-2021-42875 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: SpotMSN 2.4.6 contains a denial of service vulnerability in the registration - name input field that allows attackers to crash the application. Attackers can - generate a 1000-character payload and paste it into the 'Name' field to trigger - an application crash. + description: TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection + vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so + to control the ipDoamin. detection: payload: null verify: null @@ -13087,16 +11100,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2020-37212 - - https://www.exploit-db.com/exploits/47869 - - https://www.vulncheck.com/advisories/spotmsn-name-denial-of-service + - https://nvd.nist.gov/vuln/detail/CVE-2021-42875 + - https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_ipdoamin_rce.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25990-CANDIDATE - cve_id: CVE-2026-25990 - name: Candidate detection for CVE-2026-25990 + id: CVE-2021-42877-CANDIDATE + cve_id: CVE-2021-42877 + name: Candidate detection for CVE-2021-42877 severity: high cvss: 7.5 risk_level: unknown @@ -13104,9 +11116,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an - out-of-bounds write may be triggered when loading a specially crafted PSD image. - This vulnerability is fixed in 12.1.1. + description: TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability + in function RebootSystem of the file lib/cste_modules/system which can reboot + the system. detection: payload: null verify: null @@ -13114,30 +11126,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25990 - - https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa - - https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc - - https://access.redhat.com/errata/RHSA-2026:10184 - - https://access.redhat.com/errata/RHSA-2026:14873 + - https://nvd.nist.gov/vuln/detail/CVE-2021-42877 + - https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_reboot.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-26157-CANDIDATE - cve_id: CVE-2026-26157 - name: Candidate detection for CVE-2026-26157 + id: CVE-2022-27438-CANDIDATE + cve_id: CVE-2022-27438 + name: Candidate detection for CVE-2022-27438 severity: high - cvss: 7.0 + cvss: 8.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: true - description: A flaw was found in BusyBox. Incomplete path sanitization in its archive - extraction utilities allows an attacker to craft malicious archives that when - extracted, and under specific conditions, may write to files outside the intended - directory. This can lead to arbitrary file overwrite, potentially enabling code - execution through the modification of sensitive system files. + exploitdb_reference: false + description: Caphyon Ltd Advanced Installer 19.3 and earlier and many products that + use the updater from Advanced Installer (Advanced Updater) are affected by a remote + code execution vulnerability via the CustomDetection parameter in the update check + function. To exploit this vulnerability, a user must start an affected installation + to trigger the update check. detection: payload: null verify: null @@ -13145,31 +11154,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-26157 - - https://access.redhat.com/errata/RHSA-2026:13831 - - https://access.redhat.com/security/cve/CVE-2026-26157 - - https://bugzilla.redhat.com/show_bug.cgi?id=2439039 - - https://git.busybox.net/busybox/commit/archival?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb + - https://nvd.nist.gov/vuln/detail/CVE-2022-27438 + - https://gerr.re/posts/cve-2022-27438/ + - https://www.advancedinstaller.com/security-updates-auto-updater.html generated_from: - nvd - - exploit_db - status: candidate executable: false - id: CVE-2026-26158-CANDIDATE - cve_id: CVE-2026-26158 - name: Candidate detection for CVE-2026-26158 + id: CVE-2022-30075-CANDIDATE + cve_id: CVE-2022-30075 + name: Candidate detection for CVE-2022-30075 severity: high - cvss: 7.0 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: A flaw was found in BusyBox. This vulnerability allows an attacker - to modify files outside of the intended extraction directory by crafting a malicious - tar archive containing unvalidated hardlink or symlink entries. If the tar archive - is extracted with elevated privileges, this flaw can lead to privilege escalation, - enabling an attacker to gain unauthorized access to critical system files. + exploitdb_reference: true + description: In TP-Link Router AX50 firmware 210730 and older, import of a malicious + backup file via web interface can lead to remote code execution due to improper + validation. detection: payload: null verify: null @@ -13177,29 +11181,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-26158 - - https://access.redhat.com/errata/RHSA-2026:13831 - - https://access.redhat.com/security/cve/CVE-2026-26158 - - https://bugzilla.redhat.com/show_bug.cgi?id=2439040 - - https://git.busybox.net/busybox/commit/archival?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb + - https://nvd.nist.gov/vuln/detail/CVE-2022-30075 + - https://github.com/aaronsvk + - https://github.com/aaronsvk/CVE-2022-30075 + - https://www.exploit-db.com/exploits/50962 generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2026-1669-CANDIDATE - cve_id: CVE-2026-1669 - name: Candidate detection for CVE-2026-1669 - severity: high - cvss: 7.5 + id: CVE-2021-41663-CANDIDATE + cve_id: CVE-2021-41663 + name: Candidate detection for CVE-2021-41663 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Arbitrary file read in the model loading mechanism (HDF5 integration) - in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote - attacker to read local files and disclose sensitive information via a crafted - .keras model file utilizing HDF5 external dataset references. + description: 'A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. + The vulnerability exists in the article upload: post-edit.php page.' detection: payload: null verify: null @@ -13207,29 +11209,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1669 - - https://github.com/google/security-research/security/advisories - - https://access.redhat.com/security/cve/CVE-2026-1669 - - https://bugzilla.redhat.com/show_bug.cgi?id=2439205 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1669.json + - https://nvd.nist.gov/vuln/detail/CVE-2021-41663 + - https://github.com/bg5sbk/MiniCMS + - https://github.com/bg5sbk/MiniCMS/issues/41 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-20608-CANDIDATE - cve_id: CVE-2026-20608 - name: Candidate detection for CVE-2026-20608 + id: CVE-2021-40649-CANDIDATE + cve_id: CVE-2021-40649 + name: Candidate detection for CVE-2021-40649 severity: medium - cvss: 5.5 + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: This issue was addressed through improved state management. This issue - is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, - macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may - lead to an unexpected process crash. + description: In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the + application and not have the HttpOnly flag set. detection: payload: null verify: null @@ -13237,29 +11235,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-20608 - - https://support.apple.com/en-us/126346 - - https://support.apple.com/en-us/126347 - - https://support.apple.com/en-us/126348 - - https://support.apple.com/en-us/126353 + - https://nvd.nist.gov/vuln/detail/CVE-2021-40649 + - https://github.com/l00neyhacker/CVE-2021-40649 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-20635-CANDIDATE - cve_id: CVE-2026-20635 - name: Candidate detection for CVE-2026-20635 + id: CVE-2021-40650-CANDIDATE + cve_id: CVE-2021-40650 + name: Candidate detection for CVE-2021-40650 severity: medium - cvss: 4.3 + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, - macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing maliciously - crafted web content may lead to an unexpected process crash. + description: In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the + application and not have the secure flag set. detection: payload: null verify: null @@ -13267,28 +11260,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-20635 - - https://support.apple.com/en-us/126346 - - https://support.apple.com/en-us/126347 - - https://support.apple.com/en-us/126348 - - https://support.apple.com/en-us/126351 + - https://nvd.nist.gov/vuln/detail/CVE-2021-40650 + - https://github.com/l00neyhacker/CVE-2021-40650 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-20636-CANDIDATE - cve_id: CVE-2026-20636 - name: Candidate detection for CVE-2026-20636 - severity: medium - cvss: 6.5 + id: CVE-2021-42675-CANDIDATE + cve_id: CVE-2021-42675 + name: Candidate detection for CVE-2021-42675 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. - Processing maliciously crafted web content may lead to an unexpected process crash. + description: Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the + media directory. One can upload a malicious PHP file and obtain remote code execution. detection: payload: null verify: null @@ -13296,18 +11285,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-20636 - - https://support.apple.com/en-us/126346 - - https://support.apple.com/en-us/126348 - - https://support.apple.com/en-us/126353 - - https://support.apple.com/en-us/126354 + - https://nvd.nist.gov/vuln/detail/CVE-2021-42675 + - https://twitter.com/1ofThegutHakrs/status/1536246485188128768 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-20644-CANDIDATE - cve_id: CVE-2026-20644 - name: Candidate detection for CVE-2026-20644 + id: CVE-2021-41672-CANDIDATE + cve_id: CVE-2021-41672 + name: Candidate detection for CVE-2021-41672 severity: medium cvss: 6.5 risk_level: unknown @@ -13315,10 +11301,10 @@ priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, - macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may - lead to an unexpected process crash. + description: PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection + in utilisateurs.php. A user that belongs to the administrator group can inject + a malicious SQL query in order to affect the execution logic of the application + and retrive information from the database. detection: payload: null verify: null @@ -13326,28 +11312,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-20644 - - https://support.apple.com/en-us/126346 - - https://support.apple.com/en-us/126347 - - https://support.apple.com/en-us/126348 - - https://support.apple.com/en-us/126353 + - https://nvd.nist.gov/vuln/detail/CVE-2021-41672 + - https://github.com/advisto/peel-shopping/issues/5 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-20652-CANDIDATE - cve_id: CVE-2026-20652 - name: Candidate detection for CVE-2026-20652 + id: CVE-2022-30023-CANDIDATE + cve_id: CVE-2022-30023 + name: Candidate detection for CVE-2022-30023 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, - macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service. + description: Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command + Injection via the Ping function. detection: payload: null verify: null @@ -13355,29 +11337,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-20652 - - https://support.apple.com/en-us/126346 - - https://support.apple.com/en-us/126347 - - https://support.apple.com/en-us/126348 - - https://support.apple.com/en-us/126353 + - https://nvd.nist.gov/vuln/detail/CVE-2022-30023 + - https://github.com/Haniwa0x01/CVE-2022-30023 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2004-CANDIDATE - cve_id: CVE-2026-2004 - name: Candidate detection for CVE-2026-2004 - severity: high - cvss: 8.8 + id: CVE-2022-31382-CANDIDATE + cve_id: CVE-2022-31382 + name: Candidate detection for CVE-2022-31382 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Missing validation of type of input in PostgreSQL intarray extension - selectivity estimator function allows an object creator to execute arbitrary code - as the operating system user running the database. Versions before PostgreSQL - 18.2, 17.8, 16.12, 15.16, and 14.21 are affected. + description: Directory Management System v1.0 was discovered to contain a SQL injection + vulnerability via the searchdata parameter in search-dirctory.php. detection: payload: null verify: null @@ -13385,28 +11362,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2004 - - https://www.postgresql.org/support/security/CVE-2026-2004/ - - https://access.redhat.com/errata/RHSA-2026:19009 - - https://access.redhat.com/errata/RHSA-2026:19010 - - https://access.redhat.com/errata/RHSA-2026:3730 + - https://nvd.nist.gov/vuln/detail/CVE-2022-31382 + - https://github.com/laotun-s/POC/blob/main/CVE-2022-31382.txt generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2005-CANDIDATE - cve_id: CVE-2026-2005 - name: Candidate detection for CVE-2026-2005 - severity: high - cvss: 8.8 + id: CVE-2022-31383-CANDIDATE + cve_id: CVE-2022-31383 + name: Candidate detection for CVE-2022-31383 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider - to execute arbitrary code as the operating system user running the database. Versions - before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected. + description: Directory Management System v1.0 was discovered to contain a SQL injection + vulnerability via the editid parameter in view-directory.php. detection: payload: null verify: null @@ -13414,30 +11387,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2005 - - https://www.postgresql.org/support/security/CVE-2026-2005/ - - https://access.redhat.com/errata/RHSA-2026:19009 - - https://access.redhat.com/errata/RHSA-2026:19010 - - https://access.redhat.com/errata/RHSA-2026:3730 + - https://nvd.nist.gov/vuln/detail/CVE-2022-31383 + - https://github.com/laotun-s/POC/blob/main/CVE-2022-31383.txt generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2006-CANDIDATE - cve_id: CVE-2026-2006 - name: Candidate detection for CVE-2026-2006 - severity: high - cvss: 8.8 + id: CVE-2022-31384-CANDIDATE + cve_id: CVE-2022-31384 + name: Candidate detection for CVE-2022-31384 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Missing validation of multibyte character length in PostgreSQL text - manipulation allows a database user to issue crafted queries that achieve a buffer - overrun. That suffices to execute arbitrary code as the operating system user - running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and - 14.21 are affected. + description: Directory Management System v1.0 was discovered to contain a SQL injection + vulnerability via the fullname parameter in add-directory.php. detection: payload: null verify: null @@ -13445,29 +11412,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2006 - - https://www.postgresql.org/support/security/CVE-2026-2006/ - - https://access.redhat.com/errata/RHSA-2026:19009 - - https://access.redhat.com/errata/RHSA-2026:19010 - - https://access.redhat.com/errata/RHSA-2026:3730 + - https://nvd.nist.gov/vuln/detail/CVE-2022-31384 + - https://github.com/laotun-s/POC/blob/main/CVE-2022-31384.txt generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2007-CANDIDATE - cve_id: CVE-2026-2007 - name: Candidate detection for CVE-2026-2007 - severity: high - cvss: 8.2 + id: CVE-2022-24562-CANDIDATE + cve_id: CVE-2022-24562 + name: Candidate detection for CVE-2022-24562 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: Heap buffer overflow in PostgreSQL pg_trgm allows a database user to - achieve unknown impacts via a crafted input string. The attacker has limited - control over the byte patterns to be written, but we have not ruled out the viability - of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected. + exploitdb_reference: true + description: In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send + GET and POST requests to Airserv and gain arbitrary read/write access to the entire + file-system (with admin privileges) on the victim's endpoint, which can result + in data theft and remote code execution. detection: payload: null verify: null @@ -13475,31 +11439,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2007 - - https://www.postgresql.org/support/security/CVE-2026-2007/ - - https://access.redhat.com/errata/RHSA-2026:19009 - - https://access.redhat.com/errata/RHSA-2026:8756 - - https://access.redhat.com/security/cve/CVE-2026-2007 + - https://nvd.nist.gov/vuln/detail/CVE-2022-24562 + - https://medium.com/@tomerp_77017/exploiting-iotransfer-insecure-api-cve-2022-24562-a2c4a3f9149d + - https://medium.com/%40tomerp_77017/exploiting-iotransfer-insecure-api-cve-2022-24562-a2c4a3f9149d generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2026-25949-CANDIDATE - cve_id: CVE-2026-25949 - name: Candidate detection for CVE-2026-25949 + id: CVE-2022-26173-CANDIDATE + cve_id: CVE-2022-26173 + name: Candidate detection for CVE-2022-26173 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, - there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated - client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending - the 8-byte Postgres SSLRequest (STARTTLS) prelude and then stalling, causing connections - to remain open indefinitely, leading to a denial of service. This vulnerability - is fixed in 3.6.8. + description: JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery + (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers + to arbitrarily add admin accounts. detection: payload: null verify: null @@ -13507,49 +11467,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25949 - - https://github.com/traefik/traefik/commit/31e566e9f1d7888ccb6fbc18bfed427203c35678 - - https://github.com/traefik/traefik/releases/tag/v3.6.8 - - https://github.com/traefik/traefik/security/advisories/GHSA-89p3-4642-cr2w - - https://access.redhat.com/errata/RHSA-2026:6192 + - https://nvd.nist.gov/vuln/detail/CVE-2022-26173 + - https://community.jforum.net/posts/list/248.page + - https://github.com/WULINPIN/CVE/blob/main/JForum/poc.html + - https://jforum.net/ + - https://sourceforge.net/p/jforum2/wiki2/NewFeatures281/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23111-CANDIDATE - cve_id: CVE-2026-23111 - name: Candidate detection for CVE-2026-23111 - severity: high - cvss: 7.8 + id: CVE-2021-45024-CANDIDATE + cve_id: CVE-2021-45024 + name: Candidate detection for CVE-2021-45024 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "In the Linux kernel, the following vulnerability has been resolved:\n\ - \nnetfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate()\n\ - \nnft_map_catchall_activate() has an inverted element activity check\ncompared\ - \ to its non-catchall counterpart nft_mapelem_activate() and\ncompared to what\ - \ is logically required.\n\nnft_map_catchall_activate() is called from the abort\ - \ path to re-activate\ncatchall map elements that were deactivated during a failed\ - \ transaction.\nIt should skip elements that are already active (they don't need\n\ - re-activation) and process elements that are inactive (they need to be\nrestored).\ - \ Instead, the current code does the opposite: it skips inactive\nelements and\ - \ processes active ones.\n\nCompare the non-catchall activate callback, which\ - \ is correct:\n\n nft_mapelem_activate():\n if (nft_set_elem_active(ext, iter->genmask))\n\ - \ return 0; /* skip active, process inactive */\n\nWith the buggy catchall\ - \ version:\n\n nft_map_catchall_activate():\n if (!nft_set_elem_active(ext,\ - \ genmask))\n continue; /* skip inactive, process active */\n\nThe consequence\ - \ is that when a DELSET operation is aborted,\nnft_setelem_data_activate() is\ - \ never called for the catchall element.\nFor NFT_GOTO verdict elements, this\ - \ means nft_data_hold() is never\ncalled to restore the chain->use reference count.\ - \ Each abort cycle\npermanently decrements chain->use. Once chain->use reaches\ - \ zero,\nDELCHAIN succeeds and frees the chain while catchall verdict elements\n\ - still reference it, resulting in a use-after-free.\n\nThis is exploitable for\ - \ local privilege escalation from an unprivileged\nuser via user namespaces +\ - \ nftables on distributions that enable\nCONFIG_USER_NS and CONFIG_NF_TABLES.\n\ - \nFix by removing the negation so the check matches nft_mapelem_activate():\n\ - skip active elements, process inactive ones." + description: ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform + Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE). detection: payload: null verify: null @@ -13557,46 +11495,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23111 - - https://git.kernel.org/stable/c/1444ff890b4653add12f734ffeffc173d42862dd - - https://git.kernel.org/stable/c/42c574c1504aa089a0a142e4c13859327570473d - - https://git.kernel.org/stable/c/8b68a45f9722f2babe9e7bad00aa74638addf081 - - https://git.kernel.org/stable/c/8c760ba4e36c750379d13569f23f5a6e185333f5 + - https://nvd.nist.gov/vuln/detail/CVE-2021-45024 + - https://docs.rocketsoftware.com/bundle/ven1649700711249/page/ayk1652945111726.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23185-CANDIDATE - cve_id: CVE-2026-23185 - name: Candidate detection for CVE-2026-23185 + id: CVE-2021-45025-CANDIDATE + cve_id: CVE-2021-45025 + name: Candidate detection for CVE-2021-45025 severity: high - cvss: 7.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'In the Linux kernel, the following vulnerability has been resolved: - - - wifi: iwlwifi: mld: cancel mlo_scan_start_wk - - - mlo_scan_start_wk is not canceled on disconnection. In fact, it is not - - canceled anywhere except in the restart cleanup, where we don''t really - - have to. - - - This can cause an init-after-queue issue: if, for example, the work was - - queued and then drv_change_interface got executed. - - - This can also cause use-after-free: if the work is executed after the - - vif is freed.' + description: ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform + Server Enterprise Edition 4.2.1 is vulnerable to Cleartext Storage of Sensitive + Information in a Cookie. detection: payload: null verify: null @@ -13604,28 +11521,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23185 - - https://git.kernel.org/stable/c/5ff641011ab7fb63ea101251087745d9826e8ef5 - - https://git.kernel.org/stable/c/9b9f52f052f4953fecd2190ae2dde3aa76d10962 - - https://access.redhat.com/security/cve/CVE-2026-23185 - - https://bugzilla.redhat.com/show_bug.cgi?id=2439925 + - https://nvd.nist.gov/vuln/detail/CVE-2021-45025 + - https://docs.rocketsoftware.com/bundle/ven1649700711249/page/ayk1652945111726.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2447-CANDIDATE - cve_id: CVE-2026-2447 - name: Candidate detection for CVE-2026-2447 - severity: high - cvss: 8.8 + id: CVE-2021-45026-CANDIDATE + cve_id: CVE-2021-45026 + name: Candidate detection for CVE-2021-45026 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox - 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird - 147.0.2. + description: ASG technologies ASG-Zena Cross Platform Server Enterprise Edition + 4.2.1 is vulnerable to Cross Site Scripting (XSS). detection: payload: null verify: null @@ -13633,38 +11546,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2447 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2014390 - - https://www.mozilla.org/security/advisories/mfsa2026-10/ - - https://www.mozilla.org/security/advisories/mfsa2026-11/ - - https://lists.debian.org/debian-lts-announce/2026/02/msg00028.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-45026 + - https://docs.rocketsoftware.com/bundle/ven1649700711249/page/ayk1652945111726.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24734-CANDIDATE - cve_id: CVE-2026-24734 - name: Candidate detection for CVE-2026-24734 - severity: high - cvss: 7.5 + id: CVE-2022-25585-CANDIDATE + cve_id: CVE-2022-25585 + name: Candidate detection for CVE-2022-25585 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Improper Input Validation vulnerability in Apache Tomcat Native, Apache\ - \ Tomcat.\n\nWhen using an OCSP responder, Tomcat Native (and Tomcat's FFM port\ - \ of the Tomcat Native code) did not complete verification or freshness checks\ - \ on the OCSP response which could allow certificate revocation to be bypassed.\n\ - \nThis issue affects Apache Tomcat Native:\_ from 1.3.0 through 1.3.4, from 2.0.0\ - \ through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7\ - \ through 10.1.51, from 9.0.83 through 9.0.114.\n\n\nThe following versions were\ - \ EOL at the time the CVE was created but are \nknown to be affected: from 1.1.23\ - \ through 1.1.34, from 1.2.0 through 1.2.39.\_Older EOL versions are not affected.\n\ - \nApache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later\ - \ or 2.0.12 or later, which fix the issue.\n\nApache Tomcat users are recommended\ - \ to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later\ - \ which fix the issue." + description: Unioncms v1.0.13 was discovered to contain a stored cross-site scripting + (XSS) vulnerability via the Default settings. detection: payload: null verify: null @@ -13672,35 +11571,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24734 - - https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml - - https://access.redhat.com/errata/RHSA-2026:19054 - - https://access.redhat.com/errata/RHSA-2026:26323 - - https://access.redhat.com/errata/RHSA-2026:5611 + - https://nvd.nist.gov/vuln/detail/CVE-2022-25585 + - https://github.com/union-home/unioncms/issues/5 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-14009-CANDIDATE - cve_id: CVE-2025-14009 - name: Candidate detection for CVE-2025-14009 + id: CVE-2020-21046-CANDIDATE + cve_id: CVE-2020-21046 + name: Candidate detection for CVE-2020-21046 severity: high - cvss: 8.8 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A critical vulnerability exists in the NLTK downloader component of - nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py - uses zipfile.extractall() without performing path validation or security checks. - This allows attackers to craft malicious zip packages that, when downloaded and - extracted by NLTK, can execute arbitrary code. The vulnerability arises because - NLTK assumes all downloaded packages are trusted and extracts them without validation. - If a malicious package contains Python files, such as __init__.py, these files - are executed automatically upon import, leading to remote code execution. This - issue can result in full system compromise, including file system access, network - access, and potential persistence mechanisms. + description: A local privilege escalation vulnerability was identified within the + "luminati_net_updater_win_eagleget_com" service in EagleGet Downloader version + 2.1.5.20 Stable. This issue allows authenticated non-administrative user to escalate + their privilege and conduct code execution as a SYSTEM privilege. detection: payload: null verify: null @@ -13708,32 +11598,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-14009 - - https://huntr.com/bounties/49ecbc02-054e-4470-b2e0-b267936cc4e4 - - https://access.redhat.com/errata/RHSA-2026:10184 - - https://access.redhat.com/security/cve/CVE-2025-14009 - - https://bugzilla.redhat.com/show_bug.cgi?id=2440724 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21046 + - https://medium.com/@n1pwn/local-privilege-escalation-in-eagleget-1fde79fe47c0 + - https://medium.com/%40n1pwn/local-privilege-escalation-in-eagleget-1fde79fe47c0 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24708-CANDIDATE - cve_id: CVE-2026-24708 - name: Candidate detection for CVE-2026-24708 - severity: high - cvss: 8.2 + id: CVE-2022-29330-CANDIDATE + cve_id: CVE-2022-29330 + name: Candidate detection for CVE-2022-29330 + severity: medium + cvss: 4.9 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: An issue was discovered in OpenStack Nova before 30.2.2, 31 before - 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or - ephemeral disk and then triggering a resize, a user may convince Nova's Flat image - backend to call qemu-img without a format restriction, resulting in an unsafe - image resize operation that could destroy data on the host system. Only compute - nodes using the Flat image backend (usually configured with use_cow_images=False) - are affected. + description: Missing access control in the backup system of Telesoft VitalPBX before + 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic + keys and voicemails files via unspecified vectors. detection: payload: null verify: null @@ -13741,31 +11625,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24708 - - https://bugs.launchpad.net/nova/+bug/2137507 - - https://www.openwall.com/lists/oss-security/2026/02/17/7 - - https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html - - https://access.redhat.com/errata/RHSA-2026:7884 + - https://nvd.nist.gov/vuln/detail/CVE-2022-29330 + - https://www.arsouyes.org/blog/2022/2022-06-30-VitalPBX-0day generated_from: - nvd - status: candidate executable: false - id: CVE-2026-22860-CANDIDATE - cve_id: CVE-2026-22860 - name: Candidate detection for CVE-2026-22860 - severity: high - cvss: 7.5 + id: CVE-2020-27509-CANDIDATE + cve_id: CVE-2020-27509 + name: Candidate detection for CVE-2020-27509 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Rack is a modular Ruby web server interface. Prior to versions 2.2.22,\ - \ 3.1.20, and 3.2.5, `Rack::Directory`\u2019s path check used a string prefix\ - \ match on the expanded path. A request like `/../root_example/` can escape the\ - \ configured root if the target path starts with the root string, allowing directory\ - \ listing outside the intended root. Versions 2.2.22, 3.1.20, and 3.2.5 fix the\ - \ issue." + description: Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 + allows an attacker to perform an account takeover by intercepting the HTTP Post + request when sending an email and injecting a specially crafted XSS payload in + the 'subject' field. The payload executes when the recipient logs into their mailbox. detection: payload: null verify: null @@ -13773,31 +11652,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-22860 - - https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7 - - https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh - - https://access.redhat.com/security/cve/CVE-2026-22860 - - https://bugzilla.redhat.com/show_bug.cgi?id=2440737 + - https://nvd.nist.gov/vuln/detail/CVE-2020-27509 + - https://medium.com/@tomhulme_74888/persistent-cross-site-scripting-leading-to-full-account-takeover-on-galaxkey-v5-6-11-4-8bf96be35b54 + - https://medium.com/%40tomhulme_74888/persistent-cross-site-scripting-leading-to-full-account-takeover-on-galaxkey-v5-6-11-4-8bf96be35b54 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-9953-CANDIDATE - cve_id: CVE-2025-9953 - name: Candidate detection for CVE-2025-9953 - severity: critical - cvss: 9.8 + id: CVE-2020-21161-CANDIDATE + cve_id: CVE-2020-21161 + name: Candidate detection for CVE-2020-21161 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Authorization Bypass Through User-Controlled SQL Primary Key vulnerability - in DATABASE Software Training Consulting Ltd. Databank Accreditation Software - allows SQL Injection. - - - This issue affects Databank Accreditation Software: before 2026/04.' + description: Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirector + 9.8.3.0. detection: payload: null verify: null @@ -13805,32 +11678,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-9953 - - https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0078 - - https://www.usom.gov.tr/bildirim/tr-26-0078 + - https://nvd.nist.gov/vuln/detail/CVE-2020-21161 + - https://dollahibrahim.blogspot.com/2019/11/cross-site-scripting-on-ruckus.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25535-CANDIDATE - cve_id: CVE-2026-25535 - name: Candidate detection for CVE-2026-25535 - severity: high - cvss: 7.5 + id: CVE-2022-33009-CANDIDATE + cve_id: CVE-2022-33009 + name: Candidate detection for CVE-2022-33009 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, - user control of the first argument of the `addImage` method results in denial - of service. If given the possibility to pass unsanitized image data or URLs to - the `addImage` method, a user can provide a harmful GIF file that results in out - of memory errors and denial of service. Harmful GIF files have large width and/or - height entries in their headers, which lead to excessive memory allocation. Other - affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. - As a workaround, sanitize image data or URLs before passing it to the addImage - method or one of the other affected methods.' + description: A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 + allows attackers to execute arbitrary web scripts or HTML via uploading a crafted + PDF file. detection: payload: null verify: null @@ -13838,32 +11704,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25535 - - https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md - - https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6 - - https://github.com/parallax/jsPDF/releases/tag/v4.2.0 - - https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj + - https://nvd.nist.gov/vuln/detail/CVE-2022-33009 + - https://github.com/eddy8/LightCMS + - https://github.com/eddy8/LightCMS/issues/30 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25755-CANDIDATE - cve_id: CVE-2026-25755 - name: Candidate detection for CVE-2026-25755 - severity: high - cvss: 8.1 + id: CVE-2022-31897-CANDIDATE + cve_id: CVE-2022-31897 + name: Candidate detection for CVE-2022-31897 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, - user control of the argument of the `addJS` method allows an attacker to inject - arbitrary PDF objects into the generated document. By crafting a payload that - escapes the JavaScript string delimiter, an attacker can execute malicious actions - or alter the document structure, impacting any user who opens the generated PDF. - The vulnerability has been fixed in jspdf@4.2.0. As a workaround, escape parentheses - in user-provided JavaScript code before passing them to the `addJS` method. + description: SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site + Scripting (XSS) via public_html/register_visitor?msg=. detection: payload: null verify: null @@ -13871,32 +11730,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25755 - - https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md - - https://github.com/parallax/jsPDF/commit/56b46d45b052346f5995b005a34af5dcdddd5437 - - https://github.com/parallax/jsPDF/releases/tag/v4.2.0 - - https://github.com/parallax/jsPDF/security/advisories/GHSA-9vjf-qc39-jprp + - https://nvd.nist.gov/vuln/detail/CVE-2022-31897 + - https://packetstormsecurity.com/files/167572/Zoo-Management-System-1.0-Cross-Site-Scripting.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25940-CANDIDATE - cve_id: CVE-2026-25940 - name: Candidate detection for CVE-2026-25940 + id: CVE-2022-32384-CANDIDATE + cve_id: CVE-2022-32384 + name: Candidate detection for CVE-2022-32384 severity: high - cvss: 8.1 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, - user control of properties and methods of the Acroform module allows users to - inject arbitrary PDF objects, such as JavaScript actions. If given the possibility - to pass unsanitized input to one of the following property, a user can inject - arbitrary PDF objects, such as JavaScript actions, which are executed when the - victim hovers over the radio option. The vulnerability has been fixed in jsPDF@4.2.0. - As a workaround, sanitize user input before passing it to the vulnerable API members. + description: Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow + via the security_5g parameter in the function formWifiBasicSet. detection: payload: null verify: null @@ -13904,34 +11755,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25940 - - https://github.com/parallax/jsPDF/commit/71ad2dbfa6c7c189ab42b855b782620fa8a38375 - - https://github.com/parallax/jsPDF/releases/tag/v4.2.0 - - https://github.com/parallax/jsPDF/security/advisories/GHSA-p5xg-68wr-hm3m - - https://access.redhat.com/errata/RHSA-2026:7110 + - https://nvd.nist.gov/vuln/detail/CVE-2022-32384 + - https://drive.google.com/file/d/16hshiCHS8j3YaFPkQD3xajVuwu_QVBe3/view?usp=sharing generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24834-CANDIDATE - cve_id: CVE-2026-24834 - name: Candidate detection for CVE-2026-24834 - severity: critical - cvss: 9.3 + id: CVE-2022-33075-CANDIDATE + cve_id: CVE-2022-33075 + name: Candidate detection for CVE-2022-33075 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Kata Containers is an open source project focusing on a standard implementation\ - \ of lightweight Virtual Machines (VMs) that perform like containers. In versions\ - \ prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the\ - \ container to modify the file system used by the Guest micro VM ultimately achieving\ - \ arbitrary code execution as root in said VM. The current understanding is this\ - \ doesn\u2019t impact the security of the Host or of other containers / VMs running\ - \ on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed\ - \ that until the upstream QEMU gains this capability, a guest write could reach\ - \ the image file). Version 3.27.0 patches the issue." + description: A stored cross-site scripting (XSS) vulnerability in the Add Classification + function of Zoo Management System v1.0 allows attackers to execute arbitrary web + scripts or HTML via unspecified vectors. detection: payload: null verify: null @@ -13939,32 +11781,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24834 - - https://github.com/kata-containers/kata-containers/commit/6a672503973bf7c687053e459bfff8a9652e16bf - - https://github.com/kata-containers/kata-containers/releases/tag/3.27.0 - - https://github.com/kata-containers/kata-containers/security/advisories/GHSA-wwj6-vghv-5p64 - - https://access.redhat.com/security/cve/CVE-2026-24834 + - https://nvd.nist.gov/vuln/detail/CVE-2022-33075 + - https://packetstormsecurity.com/files/167603/Zoo-Management-System-1.0-Cross-Site-Scripting.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-26200-CANDIDATE - cve_id: CVE-2026-26200 - name: Candidate detection for CVE-2026-26200 - severity: high - cvss: 7.8 + id: CVE-2022-32385-CANDIDATE + cve_id: CVE-2022-32385 + name: Candidate detection for CVE-2022-32385 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker - who can control an `h5` file parsed by HDF5 can trigger a write-based heap buffer - overflow condition. This can lead to a denial-of-service condition, and potentially - further issues such as remote code execution depending on the practical exploitability - of the heap overflow against modern operating systems. Real-world exploitability - of this issue in terms of remote-code execution is currently unknown. Version - 1.14.4-2 fixes the issue. + description: Tenda AC23 v16.03.07.44 is vulnerable to Stack Overflow that will allow + for the execution of arbitrary code (remote). detection: payload: null verify: null @@ -13972,32 +11806,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-26200 - - https://github.com/HDFGroup/hdf5/security/advisories/GHSA-5p2m-j456-9mr2 - - https://access.redhat.com/security/cve/CVE-2026-26200 - - https://bugzilla.redhat.com/show_bug.cgi?id=2441088 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26200.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-32385 + - https://drive.google.com/file/d/1wyc9CBd3NW2bFbRhGcAaHEYJK1G2a21Y/view?usp=sharing + - https://github.com/LuGakki/Vuln/blob/main/Tenda%20AC23.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2026-26278-CANDIDATE - cve_id: CVE-2026-26278 - name: Candidate detection for CVE-2026-26278 - severity: high - cvss: 7.5 + id: CVE-2022-32386-CANDIDATE + cve_id: CVE-2022-32386 + name: Candidate detection for CVE-2022-32386 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "fast-xml-parser allows users to validate XML, parse XML to JS object,\ - \ or build XML from JS object without C/C++ based libraries and no callback. In\ - \ versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited\ - \ amount of entity expansion. With a very small XML input, it\u2019s possible\ - \ to make the parser spend seconds or even minutes processing a single request,\ - \ effectively freezing the application. Version 5.3.6 fixes the issue. As a workaround,\ - \ avoid using DOCTYPE parsing by `processEntities: false` option." + description: Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow + via fromAdvSetMacMtuWan. detection: payload: null verify: null @@ -14005,36 +11832,29 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-26278 - - https://github.com/NaturalIntelligence/fast-xml-parser/commit/910dae5be2de2955e968558fadf6e8f74f117a77 - - https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.6 - - https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jmr7-xgp7-cmfj - - https://access.redhat.com/errata/RHSA-2026:6174 + - https://nvd.nist.gov/vuln/detail/CVE-2022-32386 + - https://drive.google.com/file/d/1XPTEt10yJt9WcLrIt6YpDV5OlP-U6dBR/view?usp=sharing + - https://github.com/LuGakki/Vuln/blob/main/Tenda%20AC23.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2026-26280-CANDIDATE - cve_id: CVE-2026-26280 - name: Candidate detection for CVE-2026-26280 + id: CVE-2022-24138-CANDIDATE + cve_id: CVE-2022-24138 + name: Candidate detection for CVE-2022-24138 severity: high - cvss: 8.4 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: systeminformation is a System and OS information library for node.js. - In versions prior to 5.30.8, a command injection vulnerability in the `wifiNetworks()` - function allows an attacker to execute arbitrary OS commands via an unsanitized - network interface parameter in the retry code path. In `lib/wifi.js`, the `wifiNetworks()` - function sanitizes the `iface` parameter on the initial call (line 437). However, - when the initial scan returns empty results, a `setTimeout` retry (lines 440-441) - calls `getWifiNetworkListIw(iface)` with the **original unsanitized** `iface` - value, which is passed directly to `execSync('iwlist ${iface} scan')`. Any application - passing user-controlled input to `si.wifiNetworks()` is vulnerable to arbitrary - command execution with the privileges of the Node.js process. Version 5.30.8 fixes - the issue. + description: IOBit Advanced System Care (Asc.exe) 15 and Action Download Center + both download components of IOBit suite into ProgramData folder, ProgramData folder + has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock + to wait for CreateProcess and switch the genuine component with a malicious executable + thus gaining code execution as a high privilege user (Low Privilege -> high integrity + ADMIN). detection: payload: null verify: null @@ -14042,28 +11862,29 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-26280 - - https://github.com/sebhildebrandt/systeminformation/commit/22242aa56188f2bffcbd7d265a11e1ebb808b460 - - https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-9c88-49p5-5ggf - - https://access.redhat.com/security/cve/CVE-2026-26280 - - https://bugzilla.redhat.com/show_bug.cgi?id=2441121 + - https://nvd.nist.gov/vuln/detail/CVE-2022-24138 + - https://github.com/tomerpeled92/CVE/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-26318-CANDIDATE - cve_id: CVE-2026-26318 - name: Candidate detection for CVE-2026-26318 + id: CVE-2022-24139-CANDIDATE + cve_id: CVE-2022-24139 + name: Candidate detection for CVE-2022-24139 severity: high - cvss: 8.8 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: systeminformation is a System and OS information library for node.js. - Versions prior to 5.31.0 are vulnerable to command injection via unsanitized `locate` - output in `versions()`. Version 5.31.0 fixes the issue. + description: In IOBit Advanced System Care (AscService.exe) 15, an attacker with + SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's + named pipes. ASCService first tries to connect before trying to create the named + pipes, because of that during login the service will try to connect to the attacker + which will lead to either escalation of privileges (through token manipulation + and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> + Domain ADMIN depending on the user and named pipe that is used. detection: payload: null verify: null @@ -14071,28 +11892,29 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-26318 - - https://github.com/sebhildebrandt/systeminformation/commit/b67d3715eec881038ccbaace2f2711419ac3e107 - - https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-5vv4-hvf7-2h46 - - https://access.redhat.com/security/cve/CVE-2026-26318 - - https://bugzilla.redhat.com/show_bug.cgi?id=2441124 + - https://nvd.nist.gov/vuln/detail/CVE-2022-24139 + - https://github.com/tomerpeled92/CVE/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2818-CANDIDATE - cve_id: CVE-2026-2818 - name: Candidate detection for CVE-2026-2818 - severity: high - cvss: 8.2 + id: CVE-2022-24140-CANDIDATE + cve_id: CVE-2022-24140 + name: Candidate detection for CVE-2022-24140 + severity: medium + cvss: 6.6 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A zip-slip path traversal vulnerability in Spring Data Geode's import - snapshot functionality allows attackers to write files outside the intended extraction - directory. This vulnerability appears to be susceptible on Windows OS only. + description: IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, + Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure + in order to download a config file. After downloading the config file, the products + will parse the HTTP location of the update from the file and will try to install + the update automatically with ADMIN privileges. An attacker Intercepting this + communication can supply the product a fake config file with malicious locations + for the updates thus gaining a remote code execution on an endpoint. detection: payload: null verify: null @@ -14100,31 +11922,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2818 - - https://www.herodevs.com/vulnerability-directory/cve-2026-2818 - - https://access.redhat.com/security/cve/CVE-2026-2818 - - https://bugzilla.redhat.com/show_bug.cgi?id=2441384 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2818.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-24140 + - https://github.com/tomerpeled92/CVE/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2472-CANDIDATE - cve_id: CVE-2026-2472 - name: Candidate detection for CVE-2026-2472 - severity: high - cvss: 8.1 + id: CVE-2022-24141-CANDIDATE + cve_id: CVE-2022-24141 + name: Candidate detection for CVE-2022-24141 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization - component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from - 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker - to execute arbitrary JavaScript in a victim's Jupyter or Colab environment via - injecting script escape sequences into model evaluation results or dataset JSON - data. + description: The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to + datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe + with the same name can use it to gain the token of another user by listening for + connections and abusing ImpersonateNamedPipeClient(). detection: payload: null verify: null @@ -14132,32 +11949,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2472 - - https://docs.cloud.google.com/support/bulletins#gcp-2026-011 - - https://github.com/JoshuaProvoste/CVE-2026-2472-Vertex-AI-SDK-Google-Cloud - - https://access.redhat.com/errata/RHSA-2026:10184 - - https://access.redhat.com/security/cve/CVE-2026-2472 + - https://nvd.nist.gov/vuln/detail/CVE-2022-24141 + - https://github.com/tomerpeled92/CVE/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25896-CANDIDATE - cve_id: CVE-2026-25896 - name: Candidate detection for CVE-2026-25896 + id: CVE-2022-33047-CANDIDATE + cve_id: CVE-2022-33047 + name: Candidate detection for CVE-2022-33047 severity: critical - cvss: 9.3 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: fast-xml-parser allows users to validate XML, parse XML to JS object, - or build XML from JS object without C/C++ based libraries and no callback. From - 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex - wildcard during entity replacement, allowing an attacker to shadow built-in XML - entities (<, >, &, ", ') with arbitrary values. This bypasses - entity encoding and leads to XSS when parsed output is rendered. This vulnerability - is fixed in 5.3.5. + description: OTFCC v0.10.4 was discovered to contain a heap buffer overflow after + free via otfccbuild.c. detection: payload: null verify: null @@ -14165,36 +11974,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25896 - - https://github.com/NaturalIntelligence/fast-xml-parser/commit/943ef0eb1b2d3284e72dd74f44a042ee9f07026e - - https://github.com/NaturalIntelligence/fast-xml-parser/commit/ddcd0acf26ddd682cb0dc15a2bd6aa3b96bb1e69 - - https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.5 - - https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-m7jm-9gc2-mpf2 + - https://nvd.nist.gov/vuln/detail/CVE-2022-33047 + - https://drive.google.com/file/d/1g3MQajVLZAaZMRfIQHSLT6XRw-B4Dmz8/view?usp=sharing generated_from: - nvd - status: candidate executable: false - id: CVE-2026-0797-CANDIDATE - cve_id: CVE-2026-0797 - name: Candidate detection for CVE-2026-0797 - severity: high - cvss: 8.8 + id: CVE-2022-33098-CANDIDATE + cve_id: CVE-2022-33098 + name: Candidate detection for CVE-2022-33098 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: 'GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution - Vulnerability. This vulnerability allows remote attackers to execute arbitrary - code on affected installations of GIMP. User interaction is required to exploit - this vulnerability in that the target must visit a malicious page or open a malicious - file. - - - The specific flaw exists within the parsing of ICO files. The issue results from - the lack of proper validation of the length of user-supplied data prior to copying - it to a heap-based buffer. An attacker can leverage this vulnerability to execute - code in the context of the current process. Was ZDI-CAN-28599.' + exploitdb_reference: true + description: Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting + (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers + to execute arbitrary web scripts or HTML via a crafted SVG document, with JavaScript, + for a profile picture. detection: payload: null verify: null @@ -14202,30 +12001,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-0797 - - https://gitlab.gnome.org/GNOME/gimp/-/commit/69cc6b1a6645dc9c4d7b484483dbe6a84b922b9c - - https://www.zerodayinitiative.com/advisories/ZDI-26-050/ - - https://access.redhat.com/errata/RHSA-2026:4173 - - https://access.redhat.com/errata/RHSA-2026:5113 + - https://nvd.nist.gov/vuln/detail/CVE-2022-33098 + - https://docs.magnolia-cms.com/product-docs/6.2/releases/release-notes-for-magnolia-cms-6.2.22/ generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2019-25434-CANDIDATE - cve_id: CVE-2019-25434 - name: Candidate detection for CVE-2019-25434 + id: CVE-2021-36665-CANDIDATE + cve_id: CVE-2021-36665 + name: Candidate detection for CVE-2021-36665 severity: high - cvss: 7.5 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: SpotAuditor 5.3.1.0 contains a denial of service vulnerability that - allows unauthenticated attackers to crash the application by submitting excessive - data in the registration name field. Attackers can enter a large string of characters - (5000 bytes or more) in the name field during registration to trigger an unhandled - exception that crashes the application. + description: An issue was discovered in Druva 6.9.0 for macOS, allows attackers + to gain escalated local privileges via the inSyncUpgradeDaemon. detection: payload: null verify: null @@ -14233,33 +12027,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2019-25434 - - https://www.exploit-db.com/exploits/47494 - - https://www.vulncheck.com/advisories/spotauditor-denial-of-service-via-registration-name-field + - https://nvd.nist.gov/vuln/detail/CVE-2021-36665 + - https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before + - https://imhotepisinvisible.com/druva-lpe/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2033-CANDIDATE - cve_id: CVE-2026-2033 - name: Candidate detection for CVE-2026-2033 + id: CVE-2021-36666-CANDIDATE + cve_id: CVE-2021-36666 + name: Candidate detection for CVE-2021-36666 severity: high - cvss: 7.3 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'MLflow Tracking Server Artifact Handler Directory Traversal Remote - Code Execution Vulnerability. This vulnerability allows remote attackers to execute - arbitrary code on affected installations of MLflow Tracking Server. Authentication - is not required to exploit this vulnerability. - - - The specific flaw exists within the handling of artifact file paths. The issue - results from the lack of proper validation of a user-supplied path prior to using - it in file operations. An attacker can leverage this vulnerability to execute - code in the context of the service account. Was ZDI-CAN-26649.' + description: An issue was discovered in Druva 6.9.0 for MacOS, allows attackers + to gain escalated local privileges via the inSyncDecommission. detection: payload: null verify: null @@ -14267,35 +12053,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2033 - - https://github.com/mlflow/mlflow/pull/19260 - - https://www.zerodayinitiative.com/advisories/ZDI-26-105/ - - https://access.redhat.com/security/cve/CVE-2026-2033 - - https://bugzilla.redhat.com/show_bug.cgi?id=2441508 + - https://nvd.nist.gov/vuln/detail/CVE-2021-36666 + - https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before + - https://imhotepisinvisible.com/druva-lpe/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2044-CANDIDATE - cve_id: CVE-2026-2044 - name: Candidate detection for CVE-2026-2044 + id: CVE-2021-36667-CANDIDATE + cve_id: CVE-2021-36667 + name: Candidate detection for CVE-2021-36667 severity: high - cvss: 8.8 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. - This vulnerability allows remote attackers to execute arbitrary code on affected - installations of GIMP. User interaction is required to exploit this vulnerability - in that the target must visit a malicious page or open a malicious file. - - - The specific flaw exists within the parsing of PGM files. The issue results from - the lack of proper initialization of memory prior to accessing it. An attacker - can leverage this vulnerability to execute code in the context of the current - process. Was ZDI-CAN-28158.' + description: Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows + attackers to execute arbitrary commands via crafted payload to the local HTTP + server due to un-sanitized call to the python os.system library. detection: payload: null verify: null @@ -14303,35 +12080,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2044 - - https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2569/diffs?commit_id=112a5e038f0646eae5ae314988ec074433d2b365 - - https://www.zerodayinitiative.com/advisories/ZDI-26-118/ - - https://access.redhat.com/errata/RHSA-2026:4173 - - https://access.redhat.com/errata/RHSA-2026:5113 + - https://nvd.nist.gov/vuln/detail/CVE-2021-36667 + - https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before + - https://imhotepisinvisible.com/druva-lpe/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2045-CANDIDATE - cve_id: CVE-2026-2045 - name: Candidate detection for CVE-2026-2045 + id: CVE-2021-36668-CANDIDATE + cve_id: CVE-2021-36668 + name: Candidate detection for CVE-2021-36668 severity: high - cvss: 7.3 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. - This vulnerability allows remote attackers to execute arbitrary code on affected - installations of GIMP. User interaction is required to exploit this vulnerability - in that the target must visit a malicious page or open a malicious file. - - - The specific flaw exists within the parsing of XWD files. The issue results from - the lack of proper validation of user-supplied data, which can result in a write - past the end of an allocated buffer. An attacker can leverage this vulnerability - to execute code in the context of the current process. Was ZDI-CAN-28265.' + description: URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to + force a visit to an arbitrary url via the port parameter to the Electron App. detection: payload: null verify: null @@ -14339,36 +12106,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2045 - - https://gitlab.gnome.org/GNOME/gimp/-/commit/68b27dfb1cbd9b3f22d7fa624dbab8647ee5f275 - - https://www.zerodayinitiative.com/advisories/ZDI-26-119/ - - https://access.redhat.com/errata/RHSA-2026:4173 - - https://access.redhat.com/errata/RHSA-2026:5113 + - https://nvd.nist.gov/vuln/detail/CVE-2021-36668 + - https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before + - https://imhotepisinvisible.com/druva-lpe/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2047-CANDIDATE - cve_id: CVE-2026-2047 - name: Candidate detection for CVE-2026-2047 - severity: high - cvss: 7.8 + id: CVE-2022-31904-CANDIDATE + cve_id: CVE-2022-31904 + name: Candidate detection for CVE-2022-31904 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution - Vulnerability. This vulnerability allows remote attackers to execute arbitrary - code on affected installations of GIMP. User interaction is required to exploit - this vulnerability in that the target must visit a malicious page or open a malicious - file. - - - The specific flaw exists within the parsing of ICNS files. The issue results from - the lack of proper validation of the length of user-supplied data prior to copying - it to a heap-based buffer. An attacker can leverage this vulnerability to execute - code in the context of the current process. Was ZDI-CAN-28530.' + description: EGT-Kommunikationstechnik UG Mediacenter before v2.0 was discovered + to contain a cross-site scripting (XSS) vulnerability via the component Online_Update.php. detection: payload: null verify: null @@ -14376,35 +12132,29 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2047 - - https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2600/diffs?commit_id=dd2faac351f1ff2588529fedc606e6a5f815577c - - https://www.zerodayinitiative.com/advisories/ZDI-26-120/ - - https://access.redhat.com/errata/RHSA-2026:4173 - - https://access.redhat.com/security/cve/CVE-2026-2047 + - https://nvd.nist.gov/vuln/detail/CVE-2022-31904 + - https://uberrider.de/?page_id=247 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2048-CANDIDATE - cve_id: CVE-2026-2048 - name: Candidate detection for CVE-2026-2048 + id: CVE-2022-32114-CANDIDATE + cve_id: CVE-2022-32114 + name: Candidate detection for CVE-2022-32114 severity: high - cvss: 7.8 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. - This vulnerability allows remote attackers to execute arbitrary code on affected - installations of GIMP. User interaction is required to exploit this vulnerability - in that the target must visit a malicious page or open a malicious file. - - - The specific flaw exists within the parsing of XWD files. The issue results from - the lack of proper validation of user-supplied data, which can result in a write - past the end of an allocated buffer. An attacker can leverage this vulnerability - to execute code in the context of the current process. Was ZDI-CAN-28591.' + description: 'An unrestricted file upload vulnerability in the Add New Assets function + of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. + NOTE: the project documentation suggests that a user with the Media Library "Create + (upload)" permission is supposed to be able to upload PDF files containing JavaScript, + and that all files in a public assets folder are accessible to the outside world + (unless the filename begins with a dot character). The administrator can choose + to allow only image, video, and audio files (i.e., not PDF) if desired.' detection: payload: null verify: null @@ -14412,36 +12162,30 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2048 - - https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2586/diffs?commit_id=57712677007793118388c5be6fb8231f22a2b341 - - https://www.zerodayinitiative.com/advisories/ZDI-26-121/ - - https://access.redhat.com/errata/RHSA-2026:4173 - - https://access.redhat.com/errata/RHSA-2026:5113 + - https://nvd.nist.gov/vuln/detail/CVE-2022-32114 + - https://docs.strapi.io/dev-docs/configurations/public-assets + - https://docs.strapi.io/user-docs/users-roles-permissions/configuring-administrator-roles + - https://github.com/bypazs/strapi + - https://github.com/strapi/strapi/blob/d9277d616b4478a3839e79e47330a4aaf167a2f1/packages/core/content-type-builder/admin/src/components/AllowedTypesSelect/index.js#L14 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2492-CANDIDATE - cve_id: CVE-2026-2492 - name: Candidate detection for CVE-2026-2492 + id: CVE-2022-30024-CANDIDATE + cve_id: CVE-2022-30024 + name: Candidate detection for CVE-2022-30024 severity: high - cvss: 7.8 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege - Escalation Vulnerability. This vulnerability allows local attackers to escalate - privileges on affected installations of TensorFlow. An attacker must first obtain - the ability to execute low-privileged code on the target system in order to exploit - this vulnerability. - - - The specific flaw exists within the handling of plugins. The application loads - plugins from an unsecured location. An attacker can leverage this vulnerability - to escalate privileges and execute arbitrary code in the context of a target user. - Was ZDI-CAN-25480.' + description: A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware + version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary + code via a GET request to the page for the System Tools of the Wi-Fi network. + This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841 V11 TL-WR841N(EU)_V11_160325 + , TL-WR841N_V11_150616 and TL-WR841 V10 TL-WR841N_V10_150310 are also affected. detection: payload: null verify: null @@ -14449,33 +12193,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2492 - - https://github.com/tensorflow/tensorflow/commit/46e7f7fb144fd11cf6d17c23dd47620328d77082 - - https://www.zerodayinitiative.com/advisories/ZDI-26-116/ - - https://access.redhat.com/errata/RHSA-2026:10184 - - https://access.redhat.com/security/cve/CVE-2026-2492 + - https://nvd.nist.gov/vuln/detail/CVE-2022-30024 + - https://pastebin.com/0XRFr3zE generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2635-CANDIDATE - cve_id: CVE-2026-2635 - name: Candidate detection for CVE-2026-2635 + id: CVE-2022-32119-CANDIDATE + cve_id: CVE-2022-32119 + name: Candidate detection for CVE-2022-32119 severity: high - cvss: 7.3 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'MLflow Use of Default Password Authentication Bypass Vulnerability. - This vulnerability allows remote attackers to bypass authentication on affected - installations of MLflow. Authentication is not required to exploit this vulnerability. - - - The specific flaw exists within the basic_auth.ini file. The file contains hard-coded - default credentials. An attacker can leverage this vulnerability to bypass authentication - and execute arbitrary code in the context of the administrator. Was ZDI-CAN-28256.' + description: Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary + file upload vulnerabilities via the Add Photo function at photogalleries.inc.php + and the import staff excel function at 1finance_master.inc.php. detection: payload: null verify: null @@ -14483,38 +12219,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2635 - - https://github.com/mlflow/mlflow/pull/19260 - - https://www.zerodayinitiative.com/advisories/ZDI-26-111/ - - https://access.redhat.com/security/cve/CVE-2026-2635 - - https://bugzilla.redhat.com/show_bug.cgi?id=2441514 + - https://nvd.nist.gov/vuln/detail/CVE-2022-32119 + - https://github.com/JC175/CVE-2022-32119 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27134-CANDIDATE - cve_id: CVE-2026-27134 - name: Candidate detection for CVE-2026-27134 - severity: high - cvss: 8.1 + id: CVE-2020-35305-CANDIDATE + cve_id: CVE-2020-35305 + name: Candidate detection for CVE-2020-35305 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Strimzi provides a way to run an Apache Kafka cluster on Kubernetes - or OpenShift in various deployment configurations. In versions 0.49.0 through - 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting - of multiple CAs, Strimzi incorrectly configures the trusted certificates for mTLS - authentication on the internal as well as user-configured listeners. All CAs from - the CA chain will be trusted. And users with certificates signed by any of the - CAs in the chain will be able to authenticate. This issue affects only users using - a custom Cluster or Clients CA with a multistage CA chain consisting of multiple - CAs. It does not affect users using the Strimzi-managed Cluster and Clients CAs. - It also does not affect users using custom Cluster or Clients CA with only a single - CA (i.e., no CA chain with multiple CAs). This issue has been fixed in version - 0.50.1. To workaround this issue, instead of providing the full CA chain as the - custom CA, users can provide only the single CA that should be used. + description: Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename + parameter to the 'New Page' dialog. detection: payload: null verify: null @@ -14522,43 +12244,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27134 - - https://github.com/strimzi/strimzi-kafka-operator/releases/tag/0.50.1 - - https://github.com/strimzi/strimzi-kafka-operator/security/advisories/GHSA-2qwx-rq6j-8r6j - - https://access.redhat.com/security/cve/CVE-2026-27134 - - https://bugzilla.redhat.com/show_bug.cgi?id=2441564 + - https://nvd.nist.gov/vuln/detail/CVE-2020-35305 + - https://github.com/Szarny/ + - https://github.com/gollum/ + - https://github.com/gollum/gollum/releases/tag/v5.1.2 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25747-CANDIDATE - cve_id: CVE-2026-25747 - name: Candidate detection for CVE-2026-25747 + id: CVE-2021-42923-CANDIDATE + cve_id: CVE-2021-42923 + name: Candidate detection for CVE-2021-42923 severity: high - cvss: 8.8 + cvss: 7.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB - component. - - - The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the - LevelDB aggregation repository using java.io.ObjectInputStream without applying - any ObjectInputFilter or class-loading restrictions. An attacker who can write - to the LevelDB database files used by a Camel application can inject a crafted - serialized Java object that, when deserialized during normal aggregation repository - operations, results in arbitrary code execution in the context of the application. - - This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before - 4.14.5, from 4.15.0 before 4.18.0. - - - Users are recommended to upgrade to version 4.18.0, which fixes the issue. For - the 4.10.x LTS releases, users are recommended to upgrade to 4.10.9, while for - 4.14.x LTS releases, users are recommended to upgrade to 4.14.5' + description: ShowMyPC 3606 on Windows suffers from a DLL hijack vulnerability. If + an attacker overwrites the file %temp%\ShowMyPC\-ShowMyPC3606\wodVPN.dll, it will + run any malicious code contained in that file. The code will run with normal user + privileges unless the user specifically runs ShowMyPC as administrator. detection: payload: null verify: null @@ -14566,32 +12273,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25747 - - https://camel.apache.org/security/CVE-2026-25747.html - - https://github.com/oscerd/CVE-2026-25747 - - https://access.redhat.com/security/cve/CVE-2026-25747 - - https://bugzilla.redhat.com/show_bug.cgi?id=2441910 + - https://nvd.nist.gov/vuln/detail/CVE-2021-42923 + - https://f20.be/cves/showmypc-cve-2021-42923 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-14905-CANDIDATE - cve_id: CVE-2025-14905 - name: Candidate detection for CVE-2025-14905 + id: CVE-2022-32450-CANDIDATE + cve_id: CVE-2022-32450 + name: Candidate detection for CVE-2022-32450 severity: high - cvss: 7.2 + cvss: 7.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the 389-ds-base server. A heap buffer overflow - vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` - file. This occurs because the code incorrectly calculates the buffer size by summing - alias string lengths without accounting for additional formatting characters. - When a large number of aliases are processed, this oversight can lead to a heap - overflow, potentially allowing a remote attacker to cause a Denial of Service - (DoS) or achieve Remote Code Execution (RCE). + description: AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic + link because the user can write to their own %APPDATA% folder (used for ad.trace + and chat) but the product runs as SYSTEM when writing chat-room data there. detection: payload: null verify: null @@ -14599,31 +12299,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-14905 - - https://access.redhat.com/errata/RHSA-2026:3189 - - https://access.redhat.com/errata/RHSA-2026:3208 - - https://access.redhat.com/errata/RHSA-2026:3379 - - https://access.redhat.com/errata/RHSA-2026:3504 + - https://nvd.nist.gov/vuln/detail/CVE-2022-32450 + - https://seclists.org/fulldisclosure/2022/Jun/44 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-67733-CANDIDATE - cve_id: CVE-2025-67733 - name: Candidate detection for CVE-2025-67733 + id: CVE-2022-29709-CANDIDATE + cve_id: CVE-2022-29709 + name: Candidate detection for CVE-2022-29709 severity: high - cvss: 8.5 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Valkey is a distributed key-value database. Prior to versions 9.0.2, - 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject - arbitrary information into the response stream for the given client, potentially - corrupting or returning tampered data to other users on the same connection. The - error handling code for lua scripts does not properly handle null characters. - Versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12 fix the issue. + description: CommuniLink Internet Limited CLink Office v2.0 was discovered to contain + multiple SQL injection vulnerabilities via the username and password parameters. detection: payload: null verify: null @@ -14631,18 +12324,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-67733 - - https://github.com/valkey-io/valkey/security/advisories/GHSA-p876-p7q5-hv2m - - https://access.redhat.com/errata/RHSA-2026:3443 - - https://access.redhat.com/errata/RHSA-2026:3507 - - https://access.redhat.com/errata/RHSA-2026:5445 + - https://nvd.nist.gov/vuln/detail/CVE-2022-29709 + - https://packetstormsecurity.com/files/167240/CLink-Office-2.0-SQL-Injection.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-21863-CANDIDATE - cve_id: CVE-2026-21863 - name: Candidate detection for CVE-2026-21863 + id: CVE-2022-24992-CANDIDATE + cve_id: CVE-2022-24992 + name: Candidate detection for CVE-2022-24992 severity: high cvss: 7.5 risk_level: unknown @@ -14650,15 +12340,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: Valkey is a distributed key-value database. Prior to versions 9.0.2, - 8.1.6, 8.0.7, and 7.2.12, a malicious actor with access to the Valkey clusterbus - port can send an invalid packet that may cause an out bound read, which might - result in the system crashing. The Valkey clusterbus packet processing code does - not validate that a clusterbus ping extension packet is located within buffer - of the clusterbus packet before attempting to read it. Versions 9.0.2, 8.1.6, - 8.0.7, and 7.2.12 fix the issue. As an additional mitigation, don't expose the - cluster bus connection directly to end users, and protect the connection with - its own network ACLs. + description: A vulnerability in the component process.php of QR Code Generator v5.2.7 + allows attackers to perform directory traversal. detection: payload: null verify: null @@ -14666,33 +12349,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-21863 - - https://github.com/valkey-io/valkey/security/advisories/GHSA-c677-q3wr-gggq - - https://access.redhat.com/errata/RHSA-2026:3443 - - https://access.redhat.com/errata/RHSA-2026:3507 - - https://access.redhat.com/errata/RHSA-2026:5445 + - https://nvd.nist.gov/vuln/detail/CVE-2022-24992 + - https://codecanyon.net/item/qrcdr-responsive-qr-code-generator/9226839 + - https://n0lsec.medium.com/qrcdr-path-traversal-vulnerability-bb89acc0c100 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27623-CANDIDATE - cve_id: CVE-2026-27623 - name: Candidate detection for CVE-2026-27623 - severity: high - cvss: 7.5 + id: CVE-2022-35131-CANDIDATE + cve_id: CVE-2022-35131 + name: Candidate detection for CVE-2022-35131 + severity: critical + cvss: 9.0 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Valkey is a distributed key-value database. Starting in version 9.0.0 - and prior to version 9.0.3, a malicious actor with network access to Valkey can - cause the system to abort by triggering an assertion. When processing incoming - requests, the Valkey system does not properly reset the networking state after - processing an empty request. A malicious actor can then send a request that the - server incorrectly identifies as breaking server side invariants, which results - in the server shutting down. Version 9.0.3 fixes the issue. As an additional mitigation, - properly isolate Valkey deployments so that only trusted users have access. + description: Joplin v2.8.8 allows attackers to execute arbitrary commands via a + crafted payload injected into the Node titles. detection: payload: null verify: null @@ -14700,31 +12375,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27623 - - https://github.com/valkey-io/valkey/security/advisories/GHSA-93p9-5vc7-8wgr - - https://access.redhat.com/security/cve/CVE-2026-27623 - - https://bugzilla.redhat.com/show_bug.cgi?id=2442021 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27623.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-35131 + - https://github.com/laurent22/joplin/releases/tag/v2.9.1 + - https://github.com/ly1g3/Joplin-CVE-2022-35131 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25794-CANDIDATE - cve_id: CVE-2026-25794 - name: Candidate detection for CVE-2026-25794 - severity: high - cvss: 8.2 + id: CVE-2022-34611-CANDIDATE + cve_id: CVE-2022-34611 + name: Candidate detection for CVE-2022-34611 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: ImageMagick is free and open-source software used for editing and manipulating - digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute - the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, - the multiplication overflows 32-bit `int`, causing an undersized heap allocation - followed by an out-of-bounds write. This can crash the process or potentially - lead to an out of bounds heap write. Version 7.1.2-15 contains a patch. + description: 'A cross-site scripting (XSS) vulnerability in /index.php/?p=report + of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web + scripts or HTML via a crafted payload injected into the "Contac #" text field.' detection: payload: null verify: null @@ -14732,36 +12402,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25794 - - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhqj-f5cj-9x8h - - https://access.redhat.com/security/cve/CVE-2026-25794 - - https://bugzilla.redhat.com/show_bug.cgi?id=2442110 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25794.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-34611 + - https://github.com/As4ki/CVE-report/blob/main/OFRS.md + - https://www.sourcecodester.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25965-CANDIDATE - cve_id: CVE-2026-25965 - name: Candidate detection for CVE-2026-25965 - severity: high - cvss: 8.6 + id: CVE-2022-31321-CANDIDATE + cve_id: CVE-2022-31321 + name: Candidate detection for CVE-2022-31321 + severity: critical + cvss: 9.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "ImageMagick is free and open-source software used for editing and\ - \ manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick\u2019\ - s path security policy is enforced on the raw filename string before the filesystem\ - \ resolves it. As a result, a policy rule such as /etc/* can be bypassed by a\ - \ path traversal. The OS resolves the traversal and opens the sensitive file,\ - \ but the policy matcher only sees the unnormalized path and therefore allows\ - \ the read. This enables local file disclosure (LFI) even when policy-secure.xml\ - \ is applied. Actions to prevent reading from files have been taken in versions\ - \ .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following\ - \ should be added to one's policy. This will also be included in ImageMagick's\ - \ more secure policies by default." + description: The foldername parameter in Bolt 5.1.7 was discovered to have incorrect + input validation, allowing attackers to perform directory enumeration or cause + a Denial of Service (DoS) via a crafted input. detection: payload: null verify: null @@ -14769,29 +12429,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25965 - - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7 - - https://access.redhat.com/errata/RHSA-2026:5573 - - https://access.redhat.com/security/cve/CVE-2026-25965 - - https://bugzilla.redhat.com/show_bug.cgi?id=2442118 + - https://nvd.nist.gov/vuln/detail/CVE-2022-31321 + - https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25985-CANDIDATE - cve_id: CVE-2026-25985 - name: Candidate detection for CVE-2026-25985 - severity: high - cvss: 7.5 + id: CVE-2022-34530-CANDIDATE + cve_id: CVE-2022-34530 + name: Candidate detection for CVE-2022-34530 + severity: medium + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: ImageMagick is free and open-source software used for editing and manipulating - digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file containing - an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, - leading to an out-of-memory abort. Versions 7.1.2-15 and 6.9.13-40 contain a patch. + description: An issue in the login and reset password functionality of Backdrop + CMS v1.22.0 allows attackers to enumerate usernames via password reset requests + and distinct responses returned based on usernames. detection: payload: null verify: null @@ -14799,28 +12455,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25985 - - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v7g2-m8c5-mf84 - - https://access.redhat.com/errata/RHSA-2026:5573 - - https://access.redhat.com/security/cve/CVE-2026-25985 - - https://bugzilla.redhat.com/show_bug.cgi?id=2442127 + - https://nvd.nist.gov/vuln/detail/CVE-2022-34530 + - https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2757-CANDIDATE - cve_id: CVE-2026-2757 - name: Candidate detection for CVE-2026-2757 - severity: critical - cvss: 9.8 + id: CVE-2022-35118-CANDIDATE + cve_id: CVE-2022-35118 + name: Candidate detection for CVE-2022-35118 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Incorrect boundary conditions in the WebRTC: Audio/Video component. - This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, - Thunderbird 148, and Thunderbird 140.8.' + description: PyroCMS v3.9 was discovered to contain multiple cross-site scripting + (XSS) vulnerabilities. detection: payload: null verify: null @@ -14828,18 +12480,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2757 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2001637 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-14/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-35118 + - https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2758-CANDIDATE - cve_id: CVE-2026-2758 - name: Candidate detection for CVE-2026-2758 + id: CVE-2022-36262-CANDIDATE + cve_id: CVE-2022-36262 + name: Candidate detection for CVE-2022-36262 severity: critical cvss: 9.8 risk_level: unknown @@ -14847,9 +12496,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'Use-after-free in the JavaScript: GC component. This vulnerability - was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, - and Thunderbird 140.8.' + description: An issue was discovered in taocms 3.0.2. in the website settings that + allows arbitrary php code to be injected by modifying config.php. detection: payload: null verify: null @@ -14857,28 +12505,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2758 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2009608 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-14/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-36262 + - https://github.com/taogogo/taocms + - https://github.com/taogogo/taocms/issues/34 + - https://github.com/taogogo/taocms/issues/34?by=xboy%28topsec%29 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2759-CANDIDATE - cve_id: CVE-2026-2759 - name: Candidate detection for CVE-2026-2759 - severity: critical - cvss: 9.8 + id: CVE-2022-36524-CANDIDATE + cve_id: CVE-2022-36524 + name: Candidate detection for CVE-2022-36524 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Incorrect boundary conditions in the Graphics: ImageLib component. - This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, - Thunderbird 148, and Thunderbird 140.8.' + description: D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 + is vulnerable to Static Default Credentials via /etc/init0.d/S80telnetd.sh. detection: payload: null verify: null @@ -14886,28 +12532,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2759 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2010933 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-14/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-36524 + - https://drive.google.com/file/d/1WNKrDUbYfSWbSve9ONILkLY6dbM8I7hh/view?usp=sharing + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2760-CANDIDATE - cve_id: CVE-2026-2760 - name: Candidate detection for CVE-2026-2760 - severity: critical - cvss: 10.0 + id: CVE-2022-36526-CANDIDATE + cve_id: CVE-2022-36526 + name: Candidate detection for CVE-2022-36526 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Sandbox escape due to incorrect boundary conditions in the Graphics: - WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR - 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.' + description: D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 + is vulnerable to Authentication Bypass via function phpcgi_main in cgibin. detection: payload: null verify: null @@ -14915,28 +12558,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2760 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2011062 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-14/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-36526 + - https://drive.google.com/file/d/1ji5Ph6c-qgp0lBvbY8BZJjeqbju3VeK8/view?usp=sharing + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2761-CANDIDATE - cve_id: CVE-2026-2761 - name: Candidate detection for CVE-2026-2761 - severity: critical - cvss: 10.0 + id: CVE-2022-24654-CANDIDATE + cve_id: CVE-2022-24654 + name: Candidate detection for CVE-2022-24654 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Sandbox escape in the Graphics: WebRender component. This vulnerability - was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, - and Thunderbird 140.8.' + description: Authenticated stored cross-site scripting (XSS) vulnerability in "Field + Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers + to inject JavaScript code through a crafted payload. detection: payload: null verify: null @@ -14944,28 +12585,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2761 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2011063 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-14/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-24654 + - https://github.com/leonardobg/CVE-2022-24654 + - https://packetstormsecurity.com/files/168064/Intelbras-ATA-200-Cross-Site-Scripting.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2762-CANDIDATE - cve_id: CVE-2026-2762 - name: Candidate detection for CVE-2026-2762 - severity: critical - cvss: 9.8 + id: CVE-2022-36530-CANDIDATE + cve_id: CVE-2022-36530 + name: Candidate detection for CVE-2022-36530 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Integer overflow in the JavaScript: Standard Library component. This - vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and - Thunderbird 140.8.' + description: An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability + in the user agent related parameters of the info.php page. detection: payload: null verify: null @@ -14973,28 +12611,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2762 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2011649 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ - - https://www.mozilla.org/security/advisories/mfsa2026-16/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-36530 + - https://github.com/jianyan74/rageframe2 + - https://github.com/jianyan74/rageframe2/issues/106 + - https://github.com/jianyan74/rageframe2/issues/106?by=xboy%28Topsec%29 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2763-CANDIDATE - cve_id: CVE-2026-2763 - name: Candidate detection for CVE-2026-2763 - severity: critical - cvss: 9.8 + id: CVE-2022-35167-CANDIDATE + cve_id: CVE-2022-35167 + name: Candidate detection for CVE-2022-35167 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Use-after-free in the JavaScript Engine component. This vulnerability - was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, - and Thunderbird 140.8. + description: Printix Cloud Print Management v1.3.1149.0 for Windows was discovered + to contain insecure permissions. detection: payload: null verify: null @@ -15002,28 +12638,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2763 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2012018 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-14/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-35167 + - https://www.pentagrid.ch/en/blog/vulnerabilities-in-printix-cloud-print-management/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2764-CANDIDATE - cve_id: CVE-2026-2764 - name: Candidate detection for CVE-2026-2764 - severity: critical - cvss: 9.8 + id: CVE-2022-34624-CANDIDATE + cve_id: CVE-2022-34624 + name: Candidate detection for CVE-2022-34624 + severity: medium + cvss: 5.9 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. - This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, - Thunderbird 148, and Thunderbird 140.8.' + description: Mealie1.0.0beta3 does not terminate download tokens after a user logs + out, allowing attackers to perform a man-in-the-middle attack via a crafted GET + request. detection: payload: null verify: null @@ -15031,18 +12664,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2764 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2012608 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-14/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-34624 + - https://gainsec.com/2022/08/19/cve-2022-34615-cve-2022-34621-cve-2022-34623-cve-2022-34624/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2765-CANDIDATE - cve_id: CVE-2026-2765 - name: Candidate detection for CVE-2026-2765 + id: CVE-2022-35201-CANDIDATE + cve_id: CVE-2022-35201 + name: Candidate detection for CVE-2022-35201 severity: critical cvss: 9.8 risk_level: unknown @@ -15050,9 +12680,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: Use-after-free in the JavaScript Engine component. This vulnerability - was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird - 140.8. + description: Tenda-AC18 V15.03.05.05 was discovered to contain a remote command + execution (RCE) vulnerability. detection: payload: null verify: null @@ -15060,28 +12689,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2765 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2013562 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ - - https://www.mozilla.org/security/advisories/mfsa2026-16/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-35201 + - https://www.tendacn.com/default.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2766-CANDIDATE - cve_id: CVE-2026-2766 - name: Candidate detection for CVE-2026-2766 - severity: critical - cvss: 9.8 + id: CVE-2022-36233-CANDIDATE + cve_id: CVE-2022-36233 + name: Candidate detection for CVE-2022-36233 + severity: medium + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Use-after-free in the JavaScript Engine: JIT component. This vulnerability - was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird - 140.8.' + description: Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. + httpd. detection: payload: null verify: null @@ -15089,28 +12714,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2766 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2013583 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ - - https://www.mozilla.org/security/advisories/mfsa2026-16/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-36233 + - https://www.cnblogs.com/Amalll/p/16606980.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2767-CANDIDATE - cve_id: CVE-2026-2767 - name: Candidate detection for CVE-2026-2767 - severity: critical - cvss: 9.8 + id: CVE-2022-35554-CANDIDATE + cve_id: CVE-2022-35554 + name: Candidate detection for CVE-2022-35554 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Use-after-free in the JavaScript: WebAssembly component. This vulnerability - was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird - 140.8.' + description: Multiple reflected XSS vulnerabilities occur when handling error message + of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code + at client side. detection: payload: null verify: null @@ -15118,28 +12740,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2767 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2013741 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ - - https://www.mozilla.org/security/advisories/mfsa2026-16/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-35554 + - https://tf1t.gitbook.io/mycve/smartvista/smartvista-cardgen/reflected-xss-in-smartvista-cardgen-version-3.28.0-cve-2022-35554 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2768-CANDIDATE - cve_id: CVE-2026-2768 - name: Candidate detection for CVE-2026-2768 - severity: critical - cvss: 10.0 + id: CVE-2022-28598-CANDIDATE + cve_id: CVE-2022-28598 + name: Candidate detection for CVE-2022-28598 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: 'Sandbox escape in the Storage: IndexedDB component. This vulnerability - was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird - 140.8.' + exploitdb_reference: true + description: Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does + not neutralize or incorrectly neutralize user-controllable input before it is + placed in output that is used as a web page that is served to other users. detection: payload: null verify: null @@ -15147,28 +12766,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2768 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2014101 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ - - https://www.mozilla.org/security/advisories/mfsa2026-16/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-28598 + - https://github.com/patrickdeanramos/CVE-2022-28598/blob/main/ERPNext%20-%2012.29.0.pdf generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2026-2769-CANDIDATE - cve_id: CVE-2026-2769 - name: Candidate detection for CVE-2026-2769 - severity: high - cvss: 8.8 + id: CVE-2022-35191-CANDIDATE + cve_id: CVE-2022-35191 + name: Candidate detection for CVE-2022-35191 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Use-after-free in the Storage: IndexedDB component. This vulnerability - was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, - and Thunderbird 140.8.' + description: D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware + v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via + a crafted HTTP connection request. detection: payload: null verify: null @@ -15176,18 +12793,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2769 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2014550 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-14/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-35191 + - https://pastebin.com/wD1UfaZz + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2770-CANDIDATE - cve_id: CVE-2026-2770 - name: Candidate detection for CVE-2026-2770 + id: CVE-2021-42232-CANDIDATE + cve_id: CVE-2021-42232 + name: Candidate detection for CVE-2021-42232 severity: critical cvss: 9.8 risk_level: unknown @@ -15195,9 +12810,10 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability - was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, - and Thunderbird 140.8.' + description: TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command + injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program + taking part of the received data packet as part of the command. This will cause + an attacker to execute arbitrary commands on the router. detection: payload: null verify: null @@ -15205,18 +12821,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2770 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2014585 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-14/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-42232 + - https://github.com/mQaLeX/IoT/blob/main/tp-link/Archer%20A7%28US%29_V5_20519_tddp.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2771-CANDIDATE - cve_id: CVE-2026-2771 - name: Candidate detection for CVE-2026-2771 + id: CVE-2021-42627-CANDIDATE + cve_id: CVE-2021-42627 + name: Candidate detection for CVE-2021-42627 severity: critical cvss: 9.8 risk_level: unknown @@ -15224,9 +12837,10 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'Undefined behavior in the DOM: Core & HTML component. This vulnerability - was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, - and Thunderbird 140.8.' + description: The WAN configuration page "wan.htm" on D-Link DIR-615 devices with + firmware 20.06 can be accessed directly without authentication which can lead + to disclose the information about WAN settings and also leverage attacker to modify + the data fields of page. detection: payload: null verify: null @@ -15234,28 +12848,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2771 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2014593 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-14/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-42627 + - https://github.com/sanjokkarki/D-Link-DIR-615/blob/main/CVE-2021-42627 + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2772-CANDIDATE - cve_id: CVE-2026-2772 - name: Candidate detection for CVE-2026-2772 - severity: critical - cvss: 9.8 + id: CVE-2022-35203-CANDIDATE + cve_id: CVE-2022-35203 + name: Candidate detection for CVE-2022-35203 + severity: high + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Use-after-free in the Audio/Video: Playback component. This vulnerability - was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, - and Thunderbird 140.8.' + description: An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated + attackers to access sensitive system information. detection: payload: null verify: null @@ -15263,28 +12874,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2772 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2014827 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-14/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-35203 + - https://medium.com/@shrutukapoor25/cve-2022-35203-2372a0728279 + - https://medium.com/%40shrutukapoor25/cve-2022-35203-2372a0728279 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2773-CANDIDATE - cve_id: CVE-2026-2773 - name: Candidate detection for CVE-2026-2773 - severity: critical - cvss: 9.8 + id: CVE-2018-14519-CANDIDATE + cve_id: CVE-2018-14519 + name: Candidate detection for CVE-2018-14519 + severity: medium + cvss: 4.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Incorrect boundary conditions in the Web Audio component. This vulnerability - was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, - and Thunderbird 140.8. + description: An issue was discovered in Kirby 2.5.12. The delete page functionality + suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and + force the user to delete a page. detection: payload: null verify: null @@ -15292,28 +12901,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2773 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2014832 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-14/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ + - https://nvd.nist.gov/vuln/detail/CVE-2018-14519 + - https://www.exploit-db.com/exploits/45090 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2774-CANDIDATE - cve_id: CVE-2026-2774 - name: Candidate detection for CVE-2026-2774 - severity: critical - cvss: 9.8 + id: CVE-2022-35192-CANDIDATE + cve_id: CVE-2022-35192 + name: Candidate detection for CVE-2022-35192 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Integer overflow in the Audio/Video component. This vulnerability was - fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, - and Thunderbird 140.8. + description: D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware + v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via + the User parameter or Pwd parameter to Login.asp. detection: payload: null verify: null @@ -15321,18 +12927,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2774 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2014883 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-14/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-35192 + - https://pastebin.com/upHp001e + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2775-CANDIDATE - cve_id: CVE-2026-2775 - name: Candidate detection for CVE-2026-2775 + id: CVE-2022-37053-CANDIDATE + cve_id: CVE-2022-37053 + name: Candidate detection for CVE-2022-37053 severity: critical cvss: 9.8 risk_level: unknown @@ -15340,9 +12944,7 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'Mitigation bypass in the DOM: HTML Parser component. This vulnerability - was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, - and Thunderbird 140.8.' + description: TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php. detection: payload: null verify: null @@ -15350,28 +12952,23 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2775 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2015199 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-14/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-37053 + - https://drive.google.com/file/d/1P_-h5wNtRiyVToDUjRNZhsmtILINv7EL/view?usp=sharing generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2776-CANDIDATE - cve_id: CVE-2026-2776 - name: Candidate detection for CVE-2026-2776 + id: CVE-2022-38555-CANDIDATE + cve_id: CVE-2022-38555 + name: Candidate detection for CVE-2022-38555 severity: critical - cvss: 10.0 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Sandbox escape due to incorrect boundary conditions in the Telemetry - component in External Software. This vulnerability was fixed in Firefox 148, Firefox - ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. + description: Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name. detection: payload: null verify: null @@ -15379,18 +12976,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2776 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2015266 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-14/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-38555 + - https://github.com/xxy1126/Vuln/tree/main/1 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2777-CANDIDATE - cve_id: CVE-2026-2777 - name: Candidate detection for CVE-2026-2777 + id: CVE-2022-32993-CANDIDATE + cve_id: CVE-2022-32993 + name: Candidate detection for CVE-2022-32993 severity: critical cvss: 9.8 risk_level: unknown @@ -15398,9 +12992,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: Privilege escalation in the Messaging System component. This vulnerability - was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, - and Thunderbird 140.8. + description: TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control + issue via /cgi-bin/ExportSettings.sh. detection: payload: null verify: null @@ -15408,28 +13001,51 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2777 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2015305 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-14/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-32993 + - https://github.com/laotun-s/POC/blob/main/CVE-2022-32993.txt generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2778-CANDIDATE - cve_id: CVE-2026-2778 - name: Candidate detection for CVE-2026-2778 + id: CVE-2022-36552-CANDIDATE + cve_id: CVE-2022-36552 + name: Candidate detection for CVE-2022-36552 + severity: high + cvss: 7.5 + risk_level: unknown + requires_confirmation: true + priority: + cisa_kev: false + exploitdb_reference: false + description: Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an + issue in the component /cgi-bin/DownloadFlash which allows attackers to steal + all data such as source code and system files via a crafted GET request. + detection: + payload: null + verify: null + review_required: Define a read-only matcher and classify execution risk before + promotion. + remediation: Apply the vendor remediation or patched version documented in the advisory. + references: + - https://nvd.nist.gov/vuln/detail/CVE-2022-36552 + - https://drive.google.com/drive/folders/1VxR4lhaWNWLuAPdJK2aRF6zfo_mRyiFO?usp=sharing + generated_from: + - nvd +- status: candidate + executable: false + id: CVE-2022-37176-CANDIDATE + cve_id: CVE-2022-37176 + name: Candidate detection for CVE-2022-37176 severity: critical - cvss: 10.0 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Sandbox escape due to incorrect boundary conditions in the DOM: Core - & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, - Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.' + description: Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a + vulnerability which allows attackers to remove the Wi-Fi password and force the + device into open security mode via a crafted packet sent to goform/setWizard. detection: payload: null verify: null @@ -15437,18 +13053,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2778 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2016358 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-14/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-37176 + - https://drive.google.com/drive/folders/1L6ojSooP8sbZLQYRsAxlb0IWVAZef8Z7?usp=sharing generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2792-CANDIDATE - cve_id: CVE-2026-2792 - name: Candidate detection for CVE-2026-2792 + id: CVE-2022-36202-CANDIDATE + cve_id: CVE-2022-36202 + name: Candidate detection for CVE-2022-36202 severity: critical cvss: 9.8 risk_level: unknown @@ -15456,11 +13069,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, - Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory - corruption and we presume that with enough effort some of these could have been - exploited to run arbitrary code. This vulnerability was fixed in Firefox 148, - Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. + description: Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control + via edoc/patient/settings.php. The settings.php is affected by Broken Access Control + (IDOR) via id= parameter. detection: payload: null verify: null @@ -15468,18 +13079,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2792 - - https://bugzilla.mozilla.org/buglist.cgi?bug_id=2008912%2C2010050%2C2010275%2C2012331 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ - - https://www.mozilla.org/security/advisories/mfsa2026-16/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-36202 + - https://github.com/aznull/CVEs + - https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2793-CANDIDATE - cve_id: CVE-2026-2793 - name: Candidate detection for CVE-2026-2793 + id: CVE-2022-36640-CANDIDATE + cve_id: CVE-2022-36640 + name: Candidate detection for CVE-2022-36640 severity: critical cvss: 9.8 risk_level: unknown @@ -15487,12 +13096,13 @@ priority: cisa_kev: false exploitdb_reference: false - description: Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, - Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed - evidence of memory corruption and we presume that with enough effort some of these - could have been exploited to run arbitrary code. This vulnerability was fixed - in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird - 140.8. + description: 'influxData influxDB before v1.8.10 contains no authentication mechanism + or controls, allowing unauthenticated attackers to execute arbitrary commands. + NOTE: the CVE ID assignment is disputed because the vendor''s documentation states + "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly + recommend authentication be enabled. Otherwise the data will be publicly available + to any unauthenticated user. The default settings do NOT enable authentication + and authorization."' detection: payload: null verify: null @@ -15500,27 +13110,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2793 - - https://bugzilla.mozilla.org/buglist.cgi?bug_id=2015196%2C2016423%2C2016498 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-14/ - - https://www.mozilla.org/security/advisories/mfsa2026-15/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-36640 + - https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb + - https://portal.influxdata.com/downloads/ + - https://www.influxdata.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2794-CANDIDATE - cve_id: CVE-2026-2794 - name: Candidate detection for CVE-2026-2794 + id: CVE-2022-36271-CANDIDATE + cve_id: CVE-2022-36271 + name: Candidate detection for CVE-2022-36271 severity: high - cvss: 7.5 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Information disclosure due to uninitialized memory in Firefox and Firefox - Focus for Android. This vulnerability was fixed in Firefox 148. + description: Outbyte PC Repair Installation File 1.7.112.7856 is vulnerable to Dll + Hijacking. iertutil.dll is missing so an attacker can use a malicious dll with + same name and can get admin privileges. detection: payload: null verify: null @@ -15528,27 +13138,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2794 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2008365 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://access.redhat.com/security/cve/CVE-2026-2794 - - https://bugzilla.redhat.com/show_bug.cgi?id=2442286 + - https://nvd.nist.gov/vuln/detail/CVE-2022-36271 + - https://github.com/SaumyajeetDas/POC-of-CVE-2022-36271 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2795-CANDIDATE - cve_id: CVE-2026-2795 - name: Candidate detection for CVE-2026-2795 - severity: critical - cvss: 9.8 + id: CVE-2022-30078-CANDIDATE + cve_id: CVE-2022-30078 + name: Candidate detection for CVE-2022-30078 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Use-after-free in the JavaScript: GC component. This vulnerability - was fixed in Firefox 148 and Thunderbird 148.' + description: NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 + and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote + authenticated attackers to execute arbitrary command via shell metacharacters + in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length + parameters. detection: payload: null verify: null @@ -15556,27 +13166,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2795 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2010940 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-16/ - - https://access.redhat.com/security/cve/CVE-2026-2795 + - https://nvd.nist.gov/vuln/detail/CVE-2022-30078 + - https://github.com/10TG/vulnerabilities/blob/main/Netgear/CVE-2022-30078/CVE-2022-30078.md + - https://www.netgear.com/about/security/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2796-CANDIDATE - cve_id: CVE-2026-2796 - name: Candidate detection for CVE-2026-2796 - severity: critical - cvss: 9.8 + id: CVE-2022-37144-CANDIDATE + cve_id: CVE-2022-37144 + name: Candidate detection for CVE-2022-37144 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'JIT miscompilation in the JavaScript: WebAssembly component. This - vulnerability was fixed in Firefox 148 and Thunderbird 148.' + description: The PlexTrac platform prior to API version 1.17.0 does not restrict + excessive MFA TOTP submission attempts. An unauthenticated remote attacker in + possession of a valid username and password can bruteforce their way past MFA + protections to login as the targeted user. detection: payload: null verify: null @@ -15584,27 +13194,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2796 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2013165 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-16/ - - https://access.redhat.com/security/cve/CVE-2026-2796 + - https://nvd.nist.gov/vuln/detail/CVE-2022-37144 + - https://www.controlgap.com/blog/a-plextrac-story generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2797-CANDIDATE - cve_id: CVE-2026-2797 - name: Candidate detection for CVE-2026-2797 - severity: critical - cvss: 9.8 + id: CVE-2022-37145-CANDIDATE + cve_id: CVE-2022-37145 + name: Candidate detection for CVE-2022-37145 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Use-after-free in the JavaScript: GC component. This vulnerability - was fixed in Firefox 148 and Thunderbird 148.' + description: The PlexTrac platform prior to version 1.17.0 does not restrict excessive + authentication attempts for accounts configured to use the PlexTrac authentication + provider. An unauthenticated remote attacker could perform a bruteforce attack + on the login page with no time or attempt limitation in an attempt to obtain valid + credentials for the platform users configured to use the PlexTrac authentication + provider. detection: payload: null verify: null @@ -15612,27 +13223,31 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2797 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2013561 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-16/ - - https://access.redhat.com/security/cve/CVE-2026-2797 + - https://nvd.nist.gov/vuln/detail/CVE-2022-37145 + - https://www.controlgap.com/blog/a-plextrac-story generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2798-CANDIDATE - cve_id: CVE-2026-2798 - name: Candidate detection for CVE-2026-2798 - severity: high - cvss: 8.8 + id: CVE-2022-37146-CANDIDATE + cve_id: CVE-2022-37146 + name: Candidate detection for CVE-2022-37146 + severity: medium + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Use-after-free in the DOM: Core & HTML component. This vulnerability - was fixed in Firefox 148 and Thunderbird 148.' + description: The PlexTrac platform prior to version 1.28.0 allows for username enumeration + via HTTP response times on invalid login attempts for users configured to use + the PlexTrac authentication provider. Login attempts for valid, unlocked users + configured to use PlexTrac as their authentication provider take significantly + longer than those for invalid users, allowing for valid users to be enumerated + by an unauthenticated remote attacker. Note that the lockout policy implemented + in Plextrac version 1.17.0 makes it impossible to distinguish between valid, locked + user accounts and user accounts that do not exist, but does not prevent valid, + unlocked users from being enumerated. detection: payload: null verify: null @@ -15640,27 +13255,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2798 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2014136 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-16/ - - https://access.redhat.com/security/cve/CVE-2026-2798 + - https://nvd.nist.gov/vuln/detail/CVE-2022-37146 + - https://www.controlgap.com/blog/a-plextrac-story generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2799-CANDIDATE - cve_id: CVE-2026-2799 - name: Candidate detection for CVE-2026-2799 - severity: critical - cvss: 9.8 + id: CVE-2022-30079-CANDIDATE + cve_id: CVE-2022-30079 + name: Candidate detection for CVE-2022-30079 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Use-after-free in the DOM: Core & HTML component. This vulnerability - was fixed in Firefox 148 and Thunderbird 148.' + description: Command injection vulnerability was discovered in Netgear R6200 v2 + firmware through R6200v2-V1.0.3.12 via binary /sbin/acos_service that could allow + remote authenticated attackers the ability to modify values in the vulnerable + parameter. detection: payload: null verify: null @@ -15668,29 +13282,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2799 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2014551 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-16/ - - https://access.redhat.com/security/cve/CVE-2026-2799 + - https://nvd.nist.gov/vuln/detail/CVE-2022-30079 + - https://github.com/10TG/vulnerabilities/blob/main/Netgear/CVE-2022-30079/CVE-2022-30079.md + - https://www.netgear.com/about/security/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2807-CANDIDATE - cve_id: CVE-2026-2807 - name: Candidate detection for CVE-2026-2807 - severity: critical - cvss: 9.8 + id: CVE-2022-38613-CANDIDATE + cve_id: CVE-2022-38613 + name: Candidate detection for CVE-2022-38613 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Memory safety bugs present in Firefox 147 and Thunderbird 147. Some - of these bugs showed evidence of memory corruption and we presume that with enough - effort some of these could have been exploited to run arbitrary code. This vulnerability - was fixed in Firefox 148 and Thunderbird 148. + description: A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows + authenticated attackers to read arbitrary files in the system. detection: payload: null verify: null @@ -15698,18 +13308,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2807 - - https://bugzilla.mozilla.org/buglist.cgi?bug_id=1756056%2C1999402%2C2004872%2C2006037%2C2012855 - - https://www.mozilla.org/security/advisories/mfsa2026-13/ - - https://www.mozilla.org/security/advisories/mfsa2026-16/ - - https://access.redhat.com/security/cve/CVE-2026-2807 + - https://nvd.nist.gov/vuln/detail/CVE-2022-38613 + - https://tf1t.gitbook.io/mycve/smartvista/smartvista-cardgen/path-traversal-in-smartvista-cardgen-version-3.28.0-cve-2022-38613 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27595-CANDIDATE - cve_id: CVE-2026-27595 - name: Candidate detection for CVE-2026-27595 + id: CVE-2022-38614-CANDIDATE + cve_id: CVE-2022-38614 + name: Candidate detection for CVE-2022-38614 severity: high cvss: 7.5 risk_level: unknown @@ -15717,17 +13324,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: Parse Dashboard is a standalone dashboard for managing Parse Server - apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint - (POST `/apps/:appId/agent`) has multiple security vulnerabilities that, when chained, - allow unauthenticated remote attackers to perform arbitrary read and write operations - against any connected Parse Server database using the master key. The agent feature - is opt-in; dashboards without an agent config are not affected. The fix in version - 9.0.0-alpha.8 adds authentication, CSRF validation, and per-app authorization - middleware to the agent endpoint. Read-only users are restricted to the `readOnlyMasterKey` - with write permissions stripped server-side. A cache key collision between master - key and read-only master key was also corrected. As a workaround, remove or comment - out the agent configuration block from your Parse Dashboard configuration. + description: An issue in the IGB Files and OutfileService features of SmartVista + Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying + the PATH parameter. detection: payload: null verify: null @@ -15735,32 +13334,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27595 - - https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8 - - https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-qwc3-h9mg-4582 + - https://nvd.nist.gov/vuln/detail/CVE-2022-38614 + - https://tf1t.gitbook.io/mycve/smartvista/smartvista-cardgen/list-all-files-in-arbitrary-folder-in-smartvista-cardgen-version-3.28.0-cve-2022-38614 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27606-CANDIDATE - cve_id: CVE-2026-27606 - name: Candidate detection for CVE-2026-27606 - severity: critical - cvss: 9.8 + id: CVE-2022-38615-CANDIDATE + cve_id: CVE-2022-38615 + name: Candidate detection for CVE-2022-38615 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, - 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present - in current source) is vulnerable to an Arbitrary File Write via Path Traversal. - Insecure file name sanitization in the core engine allows an attacker to control - output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious - plugins) and use traversal sequences (`../`) to overwrite files anywhere on the - host filesystem that the build process has permissions for. This can lead to persistent - Remote Code Execution (RCE) by overwriting critical system or user configuration - files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue. + description: SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection + vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 + parameters at /SVFE2/pages/feegroups/service_group.jsf. detection: payload: null verify: null @@ -15768,37 +13360,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27606 - - https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2 - - https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e - - https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3 - - https://github.com/rollup/rollup/releases/tag/v2.80.0 + - https://nvd.nist.gov/vuln/detail/CVE-2022-38615 + - https://tf1t.gitbook.io/mycve/smartvista/smartvista-svfe2/sql-injection-in-service-group-feature-of-smartvista-svfe2-version-2.2.22-cve-2022-38615 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27608-CANDIDATE - cve_id: CVE-2026-27608 - name: Candidate detection for CVE-2026-27608 + id: CVE-2022-34108-CANDIDATE + cve_id: CVE-2022-34108 + name: Candidate detection for CVE-2022-34108 severity: high - cvss: 8.1 + cvss: 7.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Parse Dashboard is a standalone dashboard for managing Parse Server - apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint - (`POST /apps/:appId/agent`) does not enforce authorization. Authenticated users - scoped to specific apps can access any other app's agent endpoint by changing - the app ID in the URL. Read-only users are given the full master key instead of - the read-only master key and can supply write permissions in the request body - to perform write and delete operations. Only dashboards with `agent` configuration - enabled are affected. The fix in version 9.0.0-alpha.8 adds per-app authorization - checks and restricts read-only users to the `readOnlyMasterKey` with write permissions - stripped server-side. As a workaround, remove the `agent` configuration block - from your dashboard configuration. Dashboards without an `agent` config are not - affected. + description: An issue in the Feature Navigator of Micro-Star International MSI Feature + Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service (DoS) via + a crafted image or video file. detection: payload: null verify: null @@ -15806,31 +13386,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27608 - - https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8 - - https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-cvwj-6c9h-jg6v + - https://nvd.nist.gov/vuln/detail/CVE-2022-34108 + - https://gainsec.com/2022/08/26/cve-2022-34109-cve-2022-34110-cve-2022-34108/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27609-CANDIDATE - cve_id: CVE-2026-27609 - name: Candidate detection for CVE-2026-27609 - severity: medium - cvss: 6.5 + id: CVE-2022-34109-CANDIDATE + cve_id: CVE-2022-34109 + name: Candidate detection for CVE-2022-34109 + severity: high + cvss: 7.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Parse Dashboard is a standalone dashboard for managing Parse Server - apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint - (`POST /apps/:appId/agent`) lacks CSRF protection. An attacker can craft a malicious - page that, when visited by an authenticated dashboard user, submits requests to - the agent endpoint using the victim's session. The fix in version 9.0.0-alpha.8 - adds CSRF middleware to the agent endpoint and embeds a CSRF token in the dashboard - page. As a workaround, remove the `agent` configuration block from your dashboard - configuration. Dashboards without an `agent` config are not affected. + description: An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 + allows attackers to write arbitrary files to the directory \PromoPhoto\, regardless + of file type or size. detection: payload: null verify: null @@ -15838,31 +13412,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27609 - - https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8 - - https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-3534-xp88-25rc + - https://nvd.nist.gov/vuln/detail/CVE-2022-34109 + - https://gainsec.com/2022/08/26/cve-2022-34109-cve-2022-34110-cve-2022-34108/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27610-CANDIDATE - cve_id: CVE-2026-27610 - name: Candidate detection for CVE-2026-27610 + id: CVE-2022-34110-CANDIDATE + cve_id: CVE-2022-34110 + name: Candidate detection for CVE-2022-34110 severity: medium - cvss: 5.3 + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Parse Dashboard is a standalone dashboard for managing Parse Server - apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the `ConfigKeyCache` uses - the same cache key for both master key and read-only master key when resolving - function-typed keys. Under specific timing conditions, a read-only user can receive - the cached full master key, or a regular user can receive the cached read-only - master key. The fix in version 9.0.0-alpha.8 uses distinct cache keys for master - key and read-only master key. As a workaround, avoid using function-typed master - keys, or remove the `agent` configuration block from your dashboard configuration. + description: An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 + allows attackers to download arbitrary files regardless of file type or size. detection: payload: null verify: null @@ -15870,31 +13437,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27610 - - https://github.com/parse-community/parse-dashboard/commit/f92a9ef5246d57e51696bd881a15f3b133b2bb50 - - https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8 - - https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-jhp4-jvq3-w5xr + - https://nvd.nist.gov/vuln/detail/CVE-2022-34110 + - https://gainsec.com/2022/08/26/cve-2022-34109-cve-2022-34110-cve-2022-34108/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-26103-CANDIDATE - cve_id: CVE-2026-26103 - name: Candidate detection for CVE-2026-26103 + id: CVE-2022-38616-CANDIDATE + cve_id: CVE-2022-38616 + name: Candidate detection for CVE-2022-38616 severity: high - cvss: 7.1 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the udisks storage management daemon that exposes - a privileged D-Bus API for restoring LUKS encryption headers without proper authorization - checks. The issue allows a local unprivileged user to instruct the root-owned - udisks daemon to overwrite encryption metadata on block devices. This can permanently - invalidate encryption keys and render encrypted volumes inaccessible. Successful - exploitation results in a denial-of-service condition through irreversible data - loss. + description: SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection + vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf. detection: payload: null verify: null @@ -15902,18 +13462,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-26103 - - https://access.redhat.com/errata/RHSA-2026:3476 - - https://access.redhat.com/errata/RHSA-2026:5831 - - https://access.redhat.com/security/cve/CVE-2026-26103 - - https://bugzilla.redhat.com/show_bug.cgi?id=2433719 + - https://nvd.nist.gov/vuln/detail/CVE-2022-38616 + - https://tf1t.gitbook.io/mycve/smartvista/smartvista-svfe2/sql-injection-in-terminal-tariff-group-feature-of-smartvista-svfe2-version-2.2.22-cve-2022-38616 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27727-CANDIDATE - cve_id: CVE-2026-27727 - name: Candidate detection for CVE-2026-27727 + id: CVE-2022-37257-CANDIDATE + cve_id: CVE-2022-37257 + name: Candidate detection for CVE-2022-37257 severity: critical cvss: 9.8 risk_level: unknown @@ -15921,21 +13478,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: mchange-commons-java, a library that provides Java utilities, includes - code that mirrors early implementations of JNDI functionality, including support - for remote `factoryClassLocation` values, by which code can be downloaded and - invoked within a running application. If an attacker can provoke an application - to read a maliciously crafted `jaxax.naming.Reference` or serialized object, they - can provoke the download and execution of malicious code. Implementations of this - functionality within the JDK were disabled by default behind a System property - that defaults to `false`, `com.sun.jndi.ldap.object.trustURLCodebase`. However, - since mchange-commons-java includes an independent implementation of JNDI derefencing, - libraries (such as c3p0) that resolve references via that implementation could - be provoked to download and execute malicious code even after the JDK was hardened. - Mirroring the JDK patch, mchange-commons-java's JNDI functionality is gated by - configuration parameters that default to restrictive values starting in version - 0.4.0. No known workarounds are available. Versions prior to 0.4.0 should be avoided - on application CLASSPATHs. + description: Prototype pollution vulnerability in function convertLater in npm-convert.js + in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js. detection: payload: null verify: null @@ -15943,39 +13487,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27727 - - https://github.com/swaldman/mchange-commons-java/security/advisories/GHSA-m2cm-222f-qw44 - - https://mogwailabs.de/en/blog/2025/02/c3p0-you-little-rascal - - https://www.mchange.com/projects/c3p0/#configuring_security - - https://www.mchange.com/projects/c3p0/#security-note + - https://nvd.nist.gov/vuln/detail/CVE-2022-37257 + - https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/npm-convert.js#L362 + - https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9/ext/npm-convert.js#L371 + - https://github.com/stealjs/steal/issues/1526 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-26955-CANDIDATE - cve_id: CVE-2026-26955 - name: Candidate detection for CVE-2026-26955 - severity: high - cvss: 8.8 + id: CVE-2022-29649-CANDIDATE + cve_id: CVE-2022-29649 + name: Candidate detection for CVE-2022-29649 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior\ - \ to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow\ - \ in FreeRDP clients using the GDI surface pipeline (e.g., `xfreerdp`) by sending\ - \ an RDPGFX ClearCodec surface command with an out-of-bounds destination rectangle.\ - \ The `gdi_SurfaceCommand_ClearCodec()` handler does not call `is_within_surface()`\ - \ to validate the command rectangle against the destination surface dimensions,\ - \ allowing attacker-controlled `cmd->left`/`cmd->top` (and subcodec rectangle\ - \ offsets) to reach image copy routines that write into `surface->data` without\ - \ bounds enforcement. The OOB write corrupts an adjacent `gdiGfxSurface` struct's\ - \ `codecs*` pointer with attacker-controlled pixel data, and corruption of `codecs*`\ - \ is sufficient to reach an indirect function pointer call (`NSC_CONTEXT.decode`\ - \ at `nsc.c:500`) on a subsequent codec command \u2014 full instruction pointer\ - \ (RIP) control demonstrated in exploitability harness. Users should upgrade to\ - \ version 3.23.0 to receive a patch." + description: Qsmart Next v4.1.2 was discovered to contain a cross-site scripting + (XSS) vulnerability. detection: payload: null verify: null @@ -15983,18 +13514,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-26955 - - https://github.com/FreeRDP/FreeRDP/commit/7d8fdce2d0ef337cb86cb37fc0c436c905e04d77 - - https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mr6w-ch7c-mqqj - - https://access.redhat.com/errata/RHSA-2026:19033 - - https://access.redhat.com/errata/RHSA-2026:5936 + - https://nvd.nist.gov/vuln/detail/CVE-2022-29649 + - https://gist.github.com/arifseyda/bce00ed14562975d1a96d1d9a0660ec7 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-26965-CANDIDATE - cve_id: CVE-2026-26965 - name: Candidate detection for CVE-2026-26965 + id: CVE-2022-36532-CANDIDATE + cve_id: CVE-2022-36532 + name: Candidate detection for CVE-2022-36532 severity: high cvss: 8.8 risk_level: unknown @@ -16002,20 +13530,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior\ - \ to version 3.23.0, in the RLE planar decode path, `planar_decompress_plane_rle()`\ - \ writes into `pDstData` at `((nYDst+y) * nDstStep) + (4*nXDst) + nChannel` without\ - \ verifying that `(nYDst+nSrcHeight)` fits in the destination height or that `(nXDst+nSrcWidth)`\ - \ fits in the destination stride. When `TempFormat != DstFormat`, `pDstData` becomes\ - \ `planar->pTempData` (sized for the desktop), while `nYDst` is only validated\ - \ against the **surface** by `is_within_surface()`. A malicious RDP server can\ - \ exploit this to perform a heap out-of-bounds write with attacker-controlled\ - \ offset and pixel data on any connecting FreeRDP client. The OOB write reaches\ - \ up to 132,096 bytes past the temp buffer end, and on the brk heap (desktop\ - \ \u2264 128\xD7128), an adjacent `NSC_CONTEXT` struct's `decode` function pointer\ - \ is overwritten with attacker-controlled pixel data \u2014 control-flow\u2013\ - relevant corruption (function pointer overwritten) demonstrated under deterministic\ - \ heap layout (`nsc->decode = 0xFF414141FF414141`). Version 3.23.0 fixes the vulnerability." + description: Bolt CMS contains a vulnerability in version 5.1.12 and below that + allows an authenticated user with the ROLE_EDITOR privileges to upload and rename + a malicious file to achieve remote code execution. detection: payload: null verify: null @@ -16023,41 +13540,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-26965 - - https://github.com/FreeRDP/FreeRDP/commit/a0be5cb87d760bb1c803ad1bb835aa1e73e62abc - - https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5vgf-mw4f-r33h - - https://access.redhat.com/errata/RHSA-2026:19033 - - https://access.redhat.com/errata/RHSA-2026:5936 + - https://nvd.nist.gov/vuln/detail/CVE-2022-36532 + - https://lutrasecurity.com/en/articles/cve-2022-36532/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27148-CANDIDATE - cve_id: CVE-2026-27148 - name: Candidate detection for CVE-2026-27148 - severity: critical - cvss: 9.6 + id: CVE-2022-36533-CANDIDATE + cve_id: CVE-2022-36533 + name: Candidate detection for CVE-2022-36533 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Storybook is a frontend workshop for building user interface components - and pages in isolation. Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, - the WebSocket functionality in Storybook's dev server, used to create and update - stories, is vulnerable to WebSocket hijacking. This vulnerability only affects - the Storybook dev server; production builds are not impacted. Exploitation requires - a developer to visit a malicious website while their local Storybook dev server - is running. Because the WebSocket connection does not validate the origin of incoming - connections, a malicious site can silently send WebSocket messages to the local - instance without any further user interaction. If the Storybook dev server is - intentionally exposed publicly (e.g. for design reviews or stakeholder demos) - the risk is higher, as no malicious site visit is required. Any unauthenticated - attacker can send WebSocket messages to it directly. The vulnerability affects - the WebSocket message handlers for creating and saving stories. Both are vulnerable - to injection via unsanitized input in the componentFilePath field, which can be - exploited to achieve persistent XSS or Remote Code Execution (RCE). Versions 7.6.23, - 8.6.17, 9.1.19, and 10.2.10 contain a fix for the issue. + description: Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x + and below was discovered to contain a cross-site scripting (XSS) vulnerability. detection: payload: null verify: null @@ -16065,52 +13565,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27148 - - https://github.com/storybookjs/storybook/commit/0affdf928bd6fafbadfb1dfe22ce6104805e10e8 - - https://github.com/storybookjs/storybook/commit/54689a8add18ea75d628c540f4bc677592a1e685 - - https://github.com/storybookjs/storybook/commit/b8cfa77c73940c140acdcd8a06ab1ea913c44761 - - https://github.com/storybookjs/storybook/commit/d34085f39c647f5c23c3a3b2d197c18602fcf876 + - https://nvd.nist.gov/vuln/detail/CVE-2022-36533 + - https://www.mgm-sp.com/en/multiple-vulnerabilities-in-syncovery-for-linux/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27830-CANDIDATE - cve_id: CVE-2026-27830 - name: Candidate detection for CVE-2026-27830 + id: CVE-2022-36534-CANDIDATE + cve_id: CVE-2022-36534 + name: Candidate detection for CVE-2022-36534 severity: high - cvss: 8.0 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: c3p0, a JDBC Connection pooling library, is vulnerable to attack via - maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. - Several c3p0 `ConnectionPoolDataSource` implementations have a property called - `userOverridesAsString` which conceptually represents a `Map>`. - Prior to v0.12.0, that property was maintained as a hex-encoded serialized object. - Any attacker able to reset this property, on an existing `ConnectionPoolDataSource` - or via maliciously crafted serialized objects or `javax.naming.Reference` instances - could be tailored execute unexpected code on the application's `CLASSPATH`. The - danger of this vulnerability was strongly magnified by vulnerabilities in c3p0's - main dependency, mchange-commons-java. This library includes code that mirrors - early implementations of JNDI functionality, including ungated support for remote - `factoryClassLocation` values. Attackers could set c3p0's `userOverridesAsString` - hex-encoded serialized objects that include objects "indirectly serialized" via - JNDI references. Deserialization of those objects and dereferencing of the embedded - `javax.naming.Reference` objects could provoke download and execution of malicious - code from a remote `factoryClassLocation`. Although hazard presented by c3p0's - vulnerabilites are exarcerbated by vulnerabilities in mchange-commons-java, use - of Java-serialized-object hex as the format for a writable Java-Bean property, - of objects that may be exposed across JNDI interfaces, represents a serious independent - fragility. The `userOverridesAsString` property of c3p0 `ConnectionPoolDataSource` - classes has been reimplemented to use a safe CSV-based format, rather than rely - upon potentially dangerous Java object deserialization. c3p0-0.12.0+ and above - depend upon mchange-commons-java 0.4.0+, which gates support for remote `factoryClassLocation` - values by configuration parameters that default to restrictive values. c3p0 additionally - enforces the new mchange-commons-java `com.mchange.v2.naming.nameGuardClassName` - to prevent injection of unexpected, potentially remote JNDI names. There is no - supported workaround for versions of c3p0 prior to 0.12.0. + description: Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x + and below was discovered to contain multiple remote code execution (RCE) vulnerabilities + via the Job_ExecuteBefore and Job_ExecuteAfter parameters at post_profilesettings.php. detection: payload: null verify: null @@ -16118,35 +13591,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27830 - - https://github.com/swaldman/c3p0/commit/e14cbd8166e423e2e9a9d6f08b2add3433492d6e - - https://github.com/swaldman/c3p0/security/advisories/GHSA-5476-xc4j-rqcv - - https://mogwailabs.de/en/blog/2025/02/c3p0-you-little-rascal - - https://www.mchange.com/projects/c3p0/#configuring_security + - https://nvd.nist.gov/vuln/detail/CVE-2022-36534 + - https://www.mgm-sp.com/en/multiple-vulnerabilities-in-syncovery-for-linux/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27896-CANDIDATE - cve_id: CVE-2026-27896 - name: Candidate detection for CVE-2026-27896 - severity: high - cvss: 7.5 + id: CVE-2022-36536-CANDIDATE + cve_id: CVE-2022-36536 + name: Candidate detection for CVE-2022-36536 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC\ - \ and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library\ - \ performs case-insensitive matching of JSON keys to struct field tags \u2014\ - \ a field tagged json:\"method\" would also match \"Method\", \"METHOD\", etc.\ - \ This violated the JSON-RPC 2.0 specification, which defines exact field names.\ - \ A malicious MCP peer may have been able to send protocol messages with non-standard\ - \ field casing that the SDK would silently accept. This had the potential for\ - \ bypassing intermediary inspection and coss-implementation inconsistency. Go's\ - \ standard JSON unmarshaling was replaced with a case-sensitive decoder in commit\ - \ 7b8d81c. Users are advised to update to v1.3.1 to resolve this issue." + description: An issue in the component post_applogin.php of Super Flexible Software + GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate + privileges via creating crafted session tokens. detection: payload: null verify: null @@ -16154,33 +13617,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27896 - - https://github.com/modelcontextprotocol/go-sdk/commit/7b8d81c264074404abdf5aa16e2cf0c2d9c64cc0 - - https://github.com/modelcontextprotocol/go-sdk/security/advisories/GHSA-wvj2-96wp-fq3f - - https://access.redhat.com/security/cve/CVE-2026-27896 - - https://bugzilla.redhat.com/show_bug.cgi?id=2442903 + - https://nvd.nist.gov/vuln/detail/CVE-2022-36536 + - https://www.mgm-sp.com/en/multiple-vulnerabilities-in-syncovery-for-linux/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27959-CANDIDATE - cve_id: CVE-2026-27959 - name: Candidate detection for CVE-2026-27959 - severity: high - cvss: 7.5 + id: CVE-2022-37775-CANDIDATE + cve_id: CVE-2022-37775 + name: Candidate detection for CVE-2022-37775 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Koa is middleware for Node.js using ES2017 async functions. Prior to - versions 3.1.2 and 2.16.4, Koa's `ctx.hostname` API performs naive parsing of - the HTTP Host header, extracting everything before the first colon without validating - the input conforms to RFC 3986 hostname syntax. When a malformed Host header containing - a `@` symbol is received, `ctx.hostname` returns `evil[.]com` - an attacker-controlled - value. Applications using `ctx.hostname` for URL generation, password reset links, - email verification URLs, or routing decisions are vulnerable to Host header injection - attacks. Versions 3.1.2 and 2.16.4 fix the issue. + description: Genesys PureConnect Interaction Web Tools Chat Service (up to at least + 26- September- 2019) allows XSS within the Printable Chat History via the participant + -> name JSON POST parameter. detection: payload: null verify: null @@ -16188,52 +13643,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27959 - - https://github.com/koajs/koa/commit/55ab9bab044ead4e82c70a30a4f9dc0fc9c1b6df - - https://github.com/koajs/koa/commit/b76ddc01fdb703e51652b0fd131d16394cadcfeb - - https://github.com/koajs/koa/security/advisories/GHSA-7gcc-r8m5-44qm - - https://access.redhat.com/errata/RHSA-2026:10184 + - https://nvd.nist.gov/vuln/detail/CVE-2022-37775 + - https://cxsecurity.com/issue/WLB-2022090038 + - https://help.genesys.com/pureconnect/mergedprojects/wh_tr/desktop/pdfs/web_tools_dg.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27970-CANDIDATE - cve_id: CVE-2026-27970 - name: Candidate detection for CVE-2026-27970 + id: CVE-2022-37251-CANDIDATE + cve_id: CVE-2022-37251 + name: Candidate detection for CVE-2022-37251 severity: medium - cvss: 6.1 + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Angular is a development platform for building mobile and desktop web - applications using TypeScript/JavaScript and other languages. Versions prior to - 21.2.0, 21.1.16, 20.3.17, and 19.2.19 have a cross-Site scripting vulnerability - in the Angular internationalization (i18n) pipeline. In ICU messages (International - Components for Unicode), HTML from translated content was not properly sanitized - and could execute arbitrary JavaScript. Angular i18n typically involves three - steps, extracting all messages from an application in the source language, sending - the messages to be translated, and then merging their translations back into the - final source code. Translations are frequently handled by contracts with specific - partner companies, and involve sending the source messages to a separate contractor - before receiving final translations for display to the end user. If the returned - translations have malicious content, it could be rendered into the application - and execute arbitrary JavaScript. When successfully exploited, this vulnerability - allows for execution of attacker controlled JavaScript in the application origin. - Depending on the nature of the application being exploited this could lead to - credential exfiltration and/or page vandalism. Several preconditions apply to - the attack. The attacker must compromise the translation file (xliff, xtb, etc.). - Unlike most XSS vulnerabilities, this issue is not exploitable by arbitrary users. - An attacker must first compromise an application's translation file before they - can escalate privileges into the Angular application client. The victim application - must use Angular i18n, use one or more ICU messages, render an ICU message, and - not defend against XSS via a safe content security policy. Versions 21.2.0, 21.1.6, - 20.3.17, and 19.2.19 patch the issue. Until the patch is applied, developers should - consider reviewing and verifying translated content received from untrusted third - parties before incorporating it in an Angular application, enabling strict CSP - controls to block unauthorized JavaScript from executing on the page, and enabling - Trusted Types to enforce proper HTML sanitization. + description: Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts. detection: payload: null verify: null @@ -16241,30 +13668,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27970 - - https://github.com/angular/angular/commit/306f367899dfc2e04238fecd3455547b5d54075d - - https://github.com/angular/angular/commit/7d58b798c626bb0e4e5f89ca8affdce4f352b232 - - https://github.com/angular/angular/commit/b85830953281ff3a1a77bbfe69019d352d509c93 - - https://github.com/angular/angular/pull/67183 + - https://nvd.nist.gov/vuln/detail/CVE-2022-37251 + - https://labs.integrity.pt/advisories/cve-2022-37251/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28364-CANDIDATE - cve_id: CVE-2026-28364 - name: Candidate detection for CVE-2026-28364 + id: CVE-2022-38617-CANDIDATE + cve_id: CVE-2022-38617 + name: Candidate detection for CVE-2022-38617 severity: high - cvss: 7.9 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in - Marshal deserialization (runtime/intern.c) enables remote code execution through - a multi-phase attack chain. The vulnerability stems from missing bounds validation - in the readblock() function, which performs unbounded memcpy() operations using - attacker-controlled lengths from crafted Marshal data. + description: SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection + vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf. detection: payload: null verify: null @@ -16272,18 +13693,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28364 - - https://github.com/ocaml/security-advisories/blob/generated-osv/2026/OSEC-2026-01.json - - https://osv.dev/vulnerability/OSEC-2026-01 - - https://access.redhat.com/security/cve/CVE-2026-28364 - - https://bugzilla.redhat.com/show_bug.cgi?id=2443348 + - https://nvd.nist.gov/vuln/detail/CVE-2022-38617 + - https://dtro.gitbook.io/note_cve/sql-injection-in-terminal-voice-audit-feature-of-smartvista-svfe2-version-2.2.22-cve-2022-38617 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-10990-CANDIDATE - cve_id: CVE-2025-10990 - name: Candidate detection for CVE-2025-10990 + id: CVE-2022-37700-CANDIDATE + cve_id: CVE-2022-37700 + name: Candidate detection for CVE-2022-37700 severity: high cvss: 7.5 risk_level: unknown @@ -16291,11 +13709,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in REXML. A remote attacker could exploit inefficient - regular expression (regex) parsing when processing hex numeric character references - (&#x...;) in XML documents. This could lead to a Regular Expression Denial of - Service (ReDoS), impacting the availability of the affected component. This issue - is the result of an incomplete fix for CVE-2024-49761. + description: 'Zentao Demo15 is vulnerable to Directory Traversal. The impact is: + obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig.' detection: payload: null verify: null @@ -16303,30 +13718,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-10990 - - https://access.redhat.com/errata/RHSA-2025:17606 - - https://access.redhat.com/errata/RHSA-2025:17613 - - https://access.redhat.com/errata/RHSA-2025:17693 - - https://access.redhat.com/security/cve/CVE-2025-10990 + - https://nvd.nist.gov/vuln/detail/CVE-2022-37700 + - https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig + - https://medium.com/@sc0p3hacker/cve-2022-37700-directory-transversal-in-zentao-easy-soft-alm-2573c1f0fc21 + - https://medium.com/%40sc0p3hacker/cve-2022-37700-directory-transversal-in-zentao-easy-soft-alm-2573c1f0fc21 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2359-CANDIDATE - cve_id: CVE-2026-2359 - name: Candidate detection for CVE-2026-2359 + id: CVE-2022-38577-CANDIDATE + cve_id: CVE-2022-38577 + name: Candidate detection for CVE-2022-38577 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Multer is a node.js middleware for handling `multipart/form-data`. - A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger - a Denial of Service (DoS) by dropping connection during file upload, potentially - causing resource exhaustion. Users should upgrade to version 2.1.0 to receive - a patch. No known workarounds are available. + description: ProcessMaker before v3.5.4 was discovered to contain insecure permissions + in the user profile page. This vulnerability allows attackers to escalate normal + users to Administrators. detection: payload: null verify: null @@ -16334,30 +13746,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2359 - - https://cna.openjsf.org/security-advisories.html - - https://github.com/expressjs/multer/commit/cccf0fe0e64150c4f42ccf6654165c0d66b9adab - - https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc - - https://www.cve.org/CVERecord?id=CVE-2026-2359 + - https://nvd.nist.gov/vuln/detail/CVE-2022-38577 + - https://drive.google.com/file/d/1iP9NYUkYEy_FGMpcnTkUWn8nGcqDT02_/view?usp=sharing generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3304-CANDIDATE - cve_id: CVE-2026-3304 - name: Candidate detection for CVE-2026-3304 + id: CVE-2022-38618-CANDIDATE + cve_id: CVE-2022-38618 + name: Candidate detection for CVE-2022-38618 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Multer is a node.js middleware for handling `multipart/form-data`. - A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger - a Denial of Service (DoS) by sending malformed requests, potentially causing resource - exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known - workarounds are available. + description: SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection + vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters + at /SVFE2/pages/feegroups/country_group.jsf. detection: payload: null verify: null @@ -16365,18 +13772,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3304 - - https://cna.openjsf.org/security-advisories.html - - https://github.com/expressjs/multer/commit/739919097dde3921ec31b930e4b9025036fa74ee - - https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p - - https://www.cve.org/CVERecord?id=CVE-2026-3304 + - https://nvd.nist.gov/vuln/detail/CVE-2022-38618 + - https://dtro.gitbook.io/note_cve/sql-injection-in-terminal-tariff-group-feature-of-smartvista-svfe2-version-2.2.22-cve-2022-38618 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2293-CANDIDATE - cve_id: CVE-2026-2293 - name: Candidate detection for CVE-2026-2293 + id: CVE-2022-38619-CANDIDATE + cve_id: CVE-2022-38619 + name: Candidate detection for CVE-2022-38619 severity: critical cvss: 9.8 risk_level: unknown @@ -16384,14 +13788,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'A NestJS application using @nestjs/platform-fastify can allow bypass - of authentication/authorization middleware when Fastify path-normalization options - are enabled. - - - - - This issue affects nest.Js: 11.1.13.' + description: SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection + vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf. detection: payload: null verify: null @@ -16399,33 +13797,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2293 - - https://fluidattacks.com/advisories/neton - - https://github.com/nestjs/nest/ - - https://github.com/nestjs/nest/releases/tag/v11.1.14 - - https://access.redhat.com/security/cve/CVE-2026-2293 + - https://nvd.nist.gov/vuln/detail/CVE-2022-38619 + - https://dtro.gitbook.io/note_cve/sql-injection-in-terminal-mcc-group-feature-of-smartvista-svfe2-version-2.2.22-cve-2022-38619 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28406-CANDIDATE - cve_id: CVE-2026-28406 - name: Candidate detection for CVE-2026-28406 - severity: high - cvss: 8.2 + id: CVE-2022-40027-CANDIDATE + cve_id: CVE-2022-40027 + name: Candidate detection for CVE-2022-40027 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: kaniko is a tool to build container images from a Dockerfile, inside - a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version - 1.25.10, kaniko unpacks build context archives using `filepath.Join(dest, cleanedName)` - without enforcing that the final path stays within `dest`. A tar entry like `../outside.txt` - escapes the extraction root and writes files outside the destination directory. - In environments with registry authentication, this can be chained with docker - credential helpers to achieve code execution within the executor process. Version - 1.25.10 uses securejoin for path resolution in tar extraction. + description: SourceCodester Simple Task Managing System v1.0 was discovered to contain + a cross-site scripting (XSS) vulnerability via the component newTask.php. This + vulnerability allows attackers to execute arbitrary web scripts or HTML via a + crafted payload injected into the shortName parameter. detection: payload: null verify: null @@ -16433,32 +13824,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28406 - - https://github.com/chainguard-forks/kaniko/commit/a370e4b1f66e6e842b685c8f70ed507964c4b221 - - https://github.com/chainguard-forks/kaniko/pull/326 - - https://github.com/chainguard-forks/kaniko/security/advisories/GHSA-6rxq-q92g-4rmf - - https://access.redhat.com/security/cve/CVE-2026-28406 + - https://nvd.nist.gov/vuln/detail/CVE-2022-40027 + - https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS1.md + - https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3336-CANDIDATE - cve_id: CVE-2026-3336 - name: Candidate detection for CVE-2026-3336 - severity: high - cvss: 7.5 + id: CVE-2022-40028-CANDIDATE + cve_id: CVE-2022-40028 + name: Candidate detection for CVE-2022-40028 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Improper certificate validation in PKCS7_verify() in AWS-LC allows - an unauthenticated user to bypass certificate chain verification when processing - PKCS7 objects with multiple signers, except the final signer. - - - Customers of AWS services do not need to take action. Applications using AWS-LC - should upgrade to AWS-LC version 1.69.0.' + description: SourceCodester Simple Task Managing System v1.0 was discovered to contain + a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. + This vulnerability allows attackers to execute arbitrary web scripts or HTML via + a crafted payload injected into the fullName parameter. detection: payload: null verify: null @@ -16466,34 +13852,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3336 - - https://aws.amazon.com/security/security-bulletins/2026-005-AWS/ - - https://github.com/aws/aws-lc/releases/tag/v1.69.0 - - https://github.com/aws/aws-lc/security/advisories/GHSA-cfwj-9wp5-wqvp - - https://access.redhat.com/errata/RHSA-2026:5459 + - https://nvd.nist.gov/vuln/detail/CVE-2022-40028 + - https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS2.md + - https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3338-CANDIDATE - cve_id: CVE-2026-3338 - name: Candidate detection for CVE-2026-3338 - severity: high - cvss: 7.5 + id: CVE-2022-40029-CANDIDATE + cve_id: CVE-2022-40029 + name: Candidate detection for CVE-2022-40029 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Improper signature validation in PKCS7_verify() in AWS-LC allows an - unauthenticated user to bypass signature verification when processing PKCS7 objects - with Authenticated Attributes. - - - - - Customers of AWS services do not need to take action. Applications using AWS-LC - should upgrade to AWS-LC version 1.69.0.' + description: SourceCodester Simple Task Managing System v1.0 was discovered to contain + a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. + This vulnerability allows attackers to execute arbitrary web scripts or HTML via + a crafted payload injected into the shortName parameter. detection: payload: null verify: null @@ -16501,37 +13880,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3338 - - https://aws.amazon.com/security/security-bulletins/2026-005-AWS/ - - https://github.com/aws/aws-lc/releases/tag/v1.69.0 - - https://github.com/aws/aws-lc/security/advisories/GHSA-jchq-39cv-q4wj - - https://access.redhat.com/errata/RHSA-2026:5459 + - https://nvd.nist.gov/vuln/detail/CVE-2022-40029 + - https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-XSS3.md + - https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25673-CANDIDATE - cve_id: CVE-2026-25673 - name: Candidate detection for CVE-2026-25673 - severity: high - cvss: 7.5 + id: CVE-2022-40030-CANDIDATE + cve_id: CVE-2022-40030 + name: Candidate detection for CVE-2022-40030 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and - 4.2 before 4.2.29. - - `URLField.to_python()` in Django calls `urllib.parse.urlsplit()`, which performs - NFKC normalization on Windows that is disproportionately slow for certain Unicode - characters, allowing a remote attacker to cause denial of service via large URL - inputs containing these characters. - - Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not - evaluated and may also be affected. - - Django would like to thank Seokchan Yoon for reporting this issue.' + description: SourceCodester Simple Task Managing System v1.0 was discovered to contain + a SQL injection vulnerability via the bookId parameter at changeStatus.php. detection: payload: null verify: null @@ -16539,30 +13906,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25673 - - https://docs.djangoproject.com/en/dev/releases/security/ - - https://groups.google.com/g/django-announce - - https://www.djangoproject.com/weblog/2026/mar/03/security-releases/ - - https://access.redhat.com/security/cve/CVE-2026-25673 + - https://nvd.nist.gov/vuln/detail/CVE-2022-40030 + - https://github.com/xidaner/CVE_HUNTER/blob/main/CVE_09/2022-09-01-SQL2.md + - https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3437-CANDIDATE - cve_id: CVE-2026-3437 - name: Candidate detection for CVE-2026-3437 - severity: high - cvss: 8.8 + id: CVE-2022-28978-CANDIDATE + cve_id: CVE-2022-28978 + name: Candidate detection for CVE-2022-28978 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: An improper restriction of operations within the bounds of a memory - buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow - a local authenticated attacker to read and write to arbitrary memory via the Portwell - Engineering Toolkits driver. Successful exploitation of this vulnerability could - result in escalation of privileges or cause a denial-of-service condition. + description: Stored cross-site scripting (XSS) vulnerability in the Site module's + user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and + Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack + 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary + web script or HTML via the a user's name. detection: payload: null verify: null @@ -16570,33 +13935,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3437 - - https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-062-04.json - - https://software.portwell.tw/security-advisory/PWS-2026-3437.html - - https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-04 + - https://nvd.nist.gov/vuln/detail/CVE-2022-28978 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28978-stored-xss-with-user-name-in-site-membership generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27622-CANDIDATE - cve_id: CVE-2026-27622 - name: Candidate detection for CVE-2026-27622 - severity: high - cvss: 7.8 + id: CVE-2022-28979-CANDIDATE + cve_id: CVE-2022-28979 + name: Candidate detection for CVE-2022-28979 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: OpenEXR provides the specification and reference implementation of - the EXR file format, an image storage format for the motion picture industry. - In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] - wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and - used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption - proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) - overrun the undersized composite sample buffer. This vulnerability is fixed in - v3.2.6, v3.3.8, and v3.4.6. + description: Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix + pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered + to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's + Custom Facet widget. This vulnerability allows attackers to execute arbitrary + web scripts or HTML via a crafted payload injected into the Custom Parameter Name + text field. detection: payload: null verify: null @@ -16604,49 +13964,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27622 - - https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-cr4v-6jm6-4963 - - https://access.redhat.com/errata/RHSA-2026:12338 - - https://access.redhat.com/errata/RHSA-2026:12339 - - https://access.redhat.com/errata/RHSA-2026:12340 + - https://nvd.nist.gov/vuln/detail/CVE-2022-28979 + - https://issues.liferay.com/browse/LPE-17381 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28979-xss-in-custom-facet-widget generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27446-CANDIDATE - cve_id: CVE-2026-27446 - name: Candidate detection for CVE-2026-27446 - severity: critical - cvss: 9.8 + id: CVE-2022-28982-CANDIDATE + cve_id: CVE-2022-28982 + name: Candidate detection for CVE-2022-28982 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Missing Authentication for Critical Function (CWE-306) vulnerability\ - \ in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker\ - \ can use the Core protocol to force a target broker to establish an outbound\ - \ Core federation connection to an attacker-controlled rogue broker. This could\ - \ potentially result in message injection into any queue and/or message exfiltration\ - \ from any queue via the rogue broker. This impacts environments that allow both:\n\ - \n- incoming Core protocol connections from untrusted sources to the broker\n\n\ - - outgoing Core protocol connections from the broker to untrusted targets\n\n\ - This issue affects:\n\n- Apache Artemis from 2.50.0 through 2.51.0\n\n- Apache\ - \ ActiveMQ Artemis from 2.11.0 through 2.44.0.\n\nUsers are recommended to upgrade\ - \ to Apache Artemis version 2.52.0, which fixes the issue.\n\nThe issue can be\ - \ mitigated by one of the following:\n\n- Remove Core protocol support from any\ - \ acceptor receiving connections from untrusted sources. Incoming Core protocol\ - \ connections are supported by default via the \"artemis\" acceptor listening\ - \ on port 61616. See the \"protocols\" URL parameter configured for the acceptor.\ - \ An acceptor URL without this parameter supports all protocols by default, including\ - \ Core.\n\n- Use two-way SSL (i.e. certificate-based authentication) in order\ - \ to force every client to present the proper SSL certificate when establishing\ - \ a connection before any message protocol handshake is attempted. This will prevent\ - \ unauthenticated exploitation of this vulnerability.\n\n- Implement and deploy\ - \ a Core interceptor to deny all Core downstream federation connect packets. Such\ - \ packets have a type of (int) -16 or (byte)\_0xfffffff0. Documentation for interceptors\ - \ is available at\_ https://artemis.apache.org/components/artemis/documentation/latest/intercepting-operations.html\ - \ ." + description: A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 + through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to + execute arbitrary web scripts or HTML via a crafted payload injected into the + name of a tag. detection: payload: null verify: null @@ -16654,33 +13992,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27446 - - https://lists.apache.org/thread/jwpsdc8tdxotm98od8n8n30fqlzoc8gg - - https://access.redhat.com/errata/RHSA-2026:17668 - - https://access.redhat.com/errata/RHSA-2026:18054 - - https://access.redhat.com/errata/RHSA-2026:18055 + - https://nvd.nist.gov/vuln/detail/CVE-2022-28982 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28982-reflected-xss-with-tag-name-in-%253Cliferay-asset-asset-tags-selector%253E generated_from: - nvd - status: candidate executable: false - id: CVE-2025-12801-CANDIDATE - cve_id: CVE-2025-12801 - name: Candidate detection for CVE-2025-12801 + id: CVE-2022-39975-CANDIDATE + cve_id: CVE-2022-39975 + name: Candidate detection for CVE-2022-39975 severity: medium - cvss: 6.5 + cvss: 4.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'A vulnerability was recently discovered in the rpc.mountd daemon in - the nfs-utils package for Linux, that allows a NFSv3 client to escalate the - - privileges assigned to it in the /etc/exports file at mount time. In particular, - it allows the client to access any subdirectory or subtree of an exported directory, - regardless of the set file permissions, and regardless of any ''root_squash'' - or ''all_squash'' attributes that would normally be expected to apply to that - client.' + description: The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay + DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission + before showing the preview of a "Content Page" type page, allowing attackers to + view unpublished "Content Page" pages via URL manipulation. detection: payload: null verify: null @@ -16688,35 +14019,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-12801 - - https://access.redhat.com/errata/RHSA-2026:3938 - - https://access.redhat.com/errata/RHSA-2026:3939 - - https://access.redhat.com/errata/RHSA-2026:3940 - - https://access.redhat.com/errata/RHSA-2026:3941 + - https://nvd.nist.gov/vuln/detail/CVE-2022-39975 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-39975 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-15558-CANDIDATE - cve_id: CVE-2025-15558 - name: Candidate detection for CVE-2025-15558 - severity: high - cvss: 8.0 + id: CVE-2022-28977-CANDIDATE + cve_id: CVE-2022-28977 + name: Candidate detection for CVE-2022-28977 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Docker CLI for Windows searches for plugin binaries in C:\\ProgramData\\\ - Docker\\cli-plugins, a directory that does not exist by default. A low-privileged\ - \ attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe,\ - \ docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop\ - \ or invokes Docker CLI plugin features, and allow privilege-escalation if the\ - \ docker\_CLI is executed as a privileged user.\n\nThis issue affects Docker CLI:\ - \ through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the\ - \ github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager\ - \ \_package, such as Docker Compose.\n\nThis issue does not impact non-Windows\ - \ binaries, and projects not using the plugin-manager code." + description: HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and + Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack + 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple + forward slashes, which allows remote attackers to redirect users to arbitrary + external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and + (3) others parameters that rely on HtmlUtil.escapeRedirect. detection: payload: null verify: null @@ -16724,30 +14048,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-15558 - - https://docs.docker.com/desktop/release-notes/ - - https://github.com/docker/cli/pull/6713 - - https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/ - - https://access.redhat.com/security/cve/CVE-2025-15558 + - https://nvd.nist.gov/vuln/detail/CVE-2022-28977 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28977-htmlutil.escaperedirect-circumvention-with-multiple-forward-slash generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3520-CANDIDATE - cve_id: CVE-2026-3520 - name: Candidate detection for CVE-2026-3520 - severity: high - cvss: 7.5 + id: CVE-2022-28980-CANDIDATE + cve_id: CVE-2022-28980 + name: Candidate detection for CVE-2022-28980 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Multer is a node.js middleware for handling `multipart/form-data`. - A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger - a Denial of Service (DoS) by sending malformed requests, potentially causing stack - overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds - are available. + description: Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal + v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts + or HTML via parameters with the filter_ prefix. detection: payload: null verify: null @@ -16755,18 +14074,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3520 - - https://cna.openjsf.org/security-advisories.html - - https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752 - - https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2 - - https://www.cve.org/CVERecord?id=CVE-2026-3520 + - https://nvd.nist.gov/vuln/detail/CVE-2022-28980 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28980-reflected-xss-with-filter_%2A-parameters-in-applied-fragment-filters generated_from: - nvd - status: candidate executable: false - id: CVE-2026-0847-CANDIDATE - cve_id: CVE-2026-0847 - name: Candidate detection for CVE-2026-0847 + id: CVE-2022-28981-CANDIDATE + cve_id: CVE-2022-28981 + name: Candidate detection for CVE-2022-28981 severity: high cvss: 7.5 risk_level: unknown @@ -16774,16 +14090,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary - file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, - TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly - sanitize or validate file paths, enabling attackers to traverse directories and - access sensitive files on the server. This issue is particularly critical in scenarios - where user-controlled file inputs are processed, such as in machine learning APIs, - chatbots, or NLP pipelines. Exploitation of this vulnerability can lead to unauthorized - access to sensitive files, including system files, SSH private keys, and API tokens, - and may potentially escalate to remote code execution when combined with other - vulnerabilities. + description: Path traversal vulnerability in the Hypermedia REST APIs module in + Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside + of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter. detection: payload: null verify: null @@ -16791,37 +14100,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-0847 - - https://huntr.com/bounties/fc69914f-36a9-4c18-8503-10013b39f966 - - https://access.redhat.com/errata/RHSA-2026:10184 - - https://access.redhat.com/errata/RHSA-2026:19712 - - https://access.redhat.com/security/cve/CVE-2026-0847 + - https://nvd.nist.gov/vuln/detail/CVE-2022-28981 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-28981-path-traversal-vulnerability-in-hypermedia-rest-apis generated_from: - nvd - status: candidate executable: false - id: CVE-2026-1605-CANDIDATE - cve_id: CVE-2026-1605 - name: Candidate detection for CVE-2026-1605 - severity: high - cvss: 7.5 + id: CVE-2022-38512-CANDIDATE + cve_id: CVE-2022-38512 + name: Candidate detection for CVE-2022-38512 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class - GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: - gzip, is processed and the corresponding response is not compressed. - - - - This happens because the JDK Inflater is allocated for decompressing the request, - but it is not released because the release mechanism is tied to the compressed - response. - - In this case, since the response is not compressed, the release mechanism does - not trigger, causing the leak.' + description: The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, + and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing + a user to export a web content for translation, allowing attackers to download + a web content page's XLIFF translation file via crafted URL. detection: payload: null verify: null @@ -16829,18 +14127,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1605 - - https://github.com/jetty/jetty.project/security/advisories/GHSA-xxh7-fcf3-rj7f - - https://access.redhat.com/errata/RHSA-2026:21772 - - https://access.redhat.com/errata/RHSA-2026:25089 - - https://access.redhat.com/errata/RHSA-2026:25125 + - https://nvd.nist.gov/vuln/detail/CVE-2022-38512 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-38512 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-69534-CANDIDATE - cve_id: CVE-2025-69534 - name: Candidate detection for CVE-2025-69534 + id: CVE-2022-34026-CANDIDATE + cve_id: CVE-2022-34026 + name: Candidate detection for CVE-2022-34026 severity: high cvss: 7.5 risk_level: unknown @@ -16848,15 +14143,7 @@ priority: cisa_kev: false exploitdb_reference: false - description: Python-Markdown version 3.8 contain a vulnerability where malformed - HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError - during Markdown parsing. Because Python-Markdown does not catch this exception, - any application that processes attacker-controlled Markdown may crash. This enables - remote, unauthenticated Denial of Service in web applications, documentation systems, - CI/CD pipelines, and any service that renders untrusted Markdown. The issue was - acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote - Denial of Service in any application parsing untrusted Markdown, and can lead - to Information Disclosure through uncaught exceptions. + description: ICEcoder v8.1 allows attackers to execute a directory traversal. detection: payload: null verify: null @@ -16864,29 +14151,42 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-69534 - - https://github.com/Python-Markdown/markdown - - https://github.com/Python-Markdown/markdown/actions/runs/15736122892 - - https://github.com/Python-Markdown/markdown/issues/1534 - - https://access.redhat.com/errata/RHSA-2026:10184 + - https://nvd.nist.gov/vuln/detail/CVE-2022-34026 + - https://gist.github.com/enferas/85cdbadf5cba32ec7c8db6ea9e6833bf + - https://github.com/icecoder/ICEcoder + - https://github.com/icecoder/ICEcoder/blob/master/classes/Settings.php + - https://github.com/icecoder/ICEcoder/blob/master/lib/settings.php generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25048-CANDIDATE - cve_id: CVE-2026-25048 - name: Candidate detection for CVE-2026-25048 + id: CVE-2022-30426-CANDIDATE + cve_id: CVE-2022-30426 + name: Candidate detection for CVE-2022-30426 severity: high - cvss: 7.5 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: xgrammar is an open-source library for efficient, flexible, and portable - structured generation. Prior to version 0.1.32, the multi-level nested syntax - caused a segmentation fault (core dumped). This issue has been patched in version - 0.1.32. + description: There is a stack buffer overflow vulnerability, which could lead to + arbitrary code execution in UEFI DXE driver on some Acer products. An attack could + exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack + control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version + <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X + firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L + (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 + firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L + (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 + firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L + (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 + firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 + (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 + firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 + (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton + E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= + P21.A3 (latest) and Veriton M2120G fir. detection: payload: null verify: null @@ -16894,29 +14194,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25048 - - https://github.com/mlc-ai/xgrammar/releases/tag/v0.1.32 - - https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-7rgv-gqhr-fxg3 - - https://access.redhat.com/errata/RHSA-2026:24977 - - https://access.redhat.com/errata/RHSA-2026:5809 + - https://nvd.nist.gov/vuln/detail/CVE-2022-30426 + - https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-30426/CVE-2022-30426.md generated_from: - nvd - status: candidate executable: false - id: CVE-2025-45691-CANDIDATE - cve_id: CVE-2025-45691 - name: Candidate detection for CVE-2025-45691 - severity: high - cvss: 7.5 + id: CVE-2022-38553-CANDIDATE + cve_id: CVE-2022-38553 + name: Candidate detection for CVE-2022-38553 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: An Arbitrary File Read vulnerability exists in the ImageTextPromptValue - class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems - from improper validation and sanitization of URLs supplied in the retrieved_contexts - parameter when handling multimodal inputs. + description: Academy Learning Management System before v5.9.1 was discovered to + contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter. detection: payload: null verify: null @@ -16924,37 +14219,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-45691 - - https://adithyanak.com/ragas-v0214-arbitrary-file-read-vulnerability - - https://github.com/explodinggradients/ragas/blob/e97886ac976465efb60e5949c5d69baf30cc811d/src/ragas/prompt/multi_modal_prompt.py#L202 - - https://github.com/explodinggradients/ragas/pull/1559 - - https://github.com/vibrantlabsai/ragas/pull/1991 + - https://nvd.nist.gov/vuln/detail/CVE-2022-38553 + - https://codecanyon.net/item/academy-course-based-learning-management-system/22703468 + - https://demo.creativeitem.com/academy/home/ + - https://demo.creativeitem.com/academy/home/search?query=%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E + - https://github.com/4websecurity/CVE-2022-38553/blob/main/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-26999-CANDIDATE - cve_id: CVE-2026-26999 - name: Candidate detection for CVE-2026-26999 + id: CVE-2022-40048-CANDIDATE + cve_id: CVE-2022-40048 + name: Candidate detection for CVE-2022-40048 severity: high - cvss: 7.5 + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Traefik is an HTTP reverse proxy and load balancer. Prior to versions - 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing TLS - handshake on TCP routers. When Traefik processes a TLS connection on a TCP router, - the read deadline used to bound protocol sniffing is cleared before the TLS handshake - is completed. When a TLS handshake read error occurs, the code attempts a second - handshake with different connection parameters, silently ignoring the initial - error. A remote unauthenticated client can exploit this by sending an incomplete - TLS record and stopping further data transmission, causing the TLS handshake to - stall indefinitely and holding connections open. By opening many such stalled - connections in parallel, an attacker can exhaust file descriptors and goroutines, - degrading availability of all services on the affected entrypoint. This issue - has been patched in versions 2.11.38 and 3.6.9. + description: Flatpress v1.2.1 was discovered to contain a remote code execution + (RCE) vulnerability in the Upload File function. detection: payload: null verify: null @@ -16962,36 +14247,133 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-26999 - - https://github.com/traefik/traefik/releases/tag/v2.11.38 - - https://github.com/traefik/traefik/releases/tag/v3.6.9 - - https://github.com/traefik/traefik/security/advisories/GHSA-xw98-5q62-jx94 - - https://access.redhat.com/errata/RHSA-2026:10175 + - https://nvd.nist.gov/vuln/detail/CVE-2022-40048 + - https://github.com/flatpressblog/flatpress/issues/152 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-29054-CANDIDATE - cve_id: CVE-2026-29054 - name: Candidate detection for CVE-2026-29054 + id: CVE-2022-35155-CANDIDATE + cve_id: CVE-2022-35155 + name: Candidate detection for CVE-2022-35155 + severity: medium + cvss: 6.1 + risk_level: unknown + requires_confirmation: true + priority: + cisa_kev: false + exploitdb_reference: true + description: Bus Pass Management System v1.0 was discovered to contain a reflected + cross-site scripting (XSS) vulnerability via the searchdata parameter. + detection: + payload: null + verify: null + review_required: Define a read-only matcher and classify execution risk before + promotion. + remediation: Apply the vendor remediation or patched version documented in the advisory. + references: + - https://nvd.nist.gov/vuln/detail/CVE-2022-35155 + - https://github.com/shellshok3/Cross-Site-Scripting-XSS/blob/main/Bus%20Pass%20Management%20System%201.0.md + - https://packetstormsecurity.com/files/168555/Bus-Pass-Management-System-1.0-Cross-Site-Scripting.html + generated_from: + - nvd + - exploit_db +- status: candidate + executable: false + id: CVE-2022-35156-CANDIDATE + cve_id: CVE-2022-35156 + name: Candidate detection for CVE-2022-35156 + severity: critical + cvss: 9.8 + risk_level: unknown + requires_confirmation: true + priority: + cisa_kev: false + exploitdb_reference: false + description: Bus Pass Management System 1.0 was discovered to contain a SQL Injection + vulnerability via the searchdata parameter at /buspassms/download-pass.php.. + detection: + payload: null + verify: null + review_required: Define a read-only matcher and classify execution risk before + promotion. + remediation: Apply the vendor remediation or patched version documented in the advisory. + references: + - https://nvd.nist.gov/vuln/detail/CVE-2022-35156 + - https://packetstormsecurity.com/files/168555/Bus-Pass-Management-System-1.0-Cross-Site-Scripting.html + - https://www.exploit-db.com/exploits/50543 + generated_from: + - nvd +- status: candidate + executable: false + id: CVE-2022-40341-CANDIDATE + cve_id: CVE-2022-40341 + name: Candidate detection for CVE-2022-40341 severity: high - cvss: 7.5 + cvss: 8.8 + risk_level: unknown + requires_confirmation: true + priority: + cisa_kev: false + exploitdb_reference: false + description: mojoPortal v2.7 was discovered to contain an arbitrary file upload + vulnerability which allows attackers to execute arbitrary code via a crafted PNG + file. + detection: + payload: null + verify: null + review_required: Define a read-only matcher and classify execution risk before + promotion. + remediation: Apply the vendor remediation or patched version documented in the advisory. + references: + - https://nvd.nist.gov/vuln/detail/CVE-2022-40341 + - https://weed-1.gitbook.io/cve/mojoportal/upload-malicious-file-in-mojoportal-v2.7-cve-2022-40341 + generated_from: + - nvd +- status: candidate + executable: false + id: CVE-2022-36551-CANDIDATE + cve_id: CVE-2022-36551 + name: Candidate detection for CVE-2022-36551 + severity: medium + cvss: 6.5 + risk_level: unknown + requires_confirmation: true + priority: + cisa_kev: false + exploitdb_reference: true + description: A Server Side Request Forgery (SSRF) in the Data Import module in Heartex + - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated + user to access arbitrary files on the system. Furthermore, self-registration is + enabled by default in these versions of Label Studio enabling a remote attacker + to create a new account and then exploit the SSRF. + detection: + payload: null + verify: null + review_required: Define a read-only matcher and classify execution risk before + promotion. + remediation: Apply the vendor remediation or patched version documented in the advisory. + references: + - https://nvd.nist.gov/vuln/detail/CVE-2022-36551 + - https://github.com/heartexlabs/label-studio/pull/2840 + generated_from: + - nvd + - exploit_db +- status: candidate + executable: false + id: CVE-2022-40123-CANDIDATE + cve_id: CVE-2022-40123 + name: Candidate detection for CVE-2022-40123 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Traefik is an HTTP reverse proxy and load balancer. From version 2.11.9 - to 2.11.37 and from version 3.1.3 to 3.6.8, there is a potential vulnerability - in Traefik managing the Connection header with X-Forwarded headers. When Traefik - processes HTTP/1.1 requests, the protection put in place to prevent the removal - of Traefik-managed X-Forwarded headers (such as X-Real-Ip, X-Forwarded-Host, X-Forwarded-Port, - etc.) via the Connection header does not handle case sensitivity correctly. The - Connection tokens are compared case-sensitively against the protected header names, - but the actual header deletion operates case-insensitively. As a result, a remote - unauthenticated client can use lowercase Connection tokens (e.g. Connection: x-real-ip) - to bypass the protection and trigger the removal of Traefik-managed forwarded - identity headers. This issue has been patched in versions 2.11.38 and 3.6.9.' + description: mojoPortal v2.7 was discovered to contain a path traversal vulnerability + via the "f" parameter at /DesignTools/CssEditor.aspx. This vulnerability allows + authenticated attackers to read arbitrary files in the system. detection: payload: null verify: null @@ -16999,31 +14381,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-29054 - - https://github.com/traefik/traefik/releases/tag/v2.11.38 - - https://github.com/traefik/traefik/releases/tag/v3.6.9 - - https://github.com/traefik/traefik/security/advisories/GHSA-92mv-8f8w-wq52 - - https://access.redhat.com/errata/RHSA-2026:10175 + - https://nvd.nist.gov/vuln/detail/CVE-2022-40123 + - https://weed-1.gitbook.io/cve/mojoportal/directory-traversal-in-mojoportal-v2.7-cve-2022-40123 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3009-CANDIDATE - cve_id: CVE-2026-3009 - name: Candidate detection for CVE-2026-3009 + id: CVE-2022-36634-CANDIDATE + cve_id: CVE-2022-36634 + name: Candidate detection for CVE-2022-36634 severity: high - cvss: 8.1 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A security flaw in the IdentityBrokerService.performLogin endpoint - of Keycloak allows authentication to proceed using an Identity Provider (IdP) - even after it has been disabled by an administrator. An attacker who knows the - IdP alias can reuse a previously generated login request to bypass the administrative - restriction. This undermines access control enforcement and may allow unauthorized - authentication through a disabled external provider. + description: An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows + attackers to arbitrarily create admin users via a crafted HTTP request. detection: payload: null verify: null @@ -17031,18 +14406,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3009 - - https://access.redhat.com/errata/RHSA-2026:3947 - - https://access.redhat.com/errata/RHSA-2026:3948 - - https://access.redhat.com/security/cve/CVE-2026-3009 - - https://bugzilla.redhat.com/show_bug.cgi?id=2441867 + - https://nvd.nist.gov/vuln/detail/CVE-2022-36634 + - https://seclists.org/fulldisclosure/2022/Sep/29 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3047-CANDIDATE - cve_id: CVE-2026-3047 - name: Candidate detection for CVE-2026-3047 + id: CVE-2022-36635-CANDIDATE + cve_id: CVE-2022-36635 + name: Candidate detection for CVE-2022-36635 severity: high cvss: 8.8 risk_level: unknown @@ -17050,12 +14422,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in org.keycloak.broker.saml. When a disabled Security - Assertion Markup Language (SAML) client is configured as an Identity Provider - (IdP)-initiated broker landing target, it can still complete the login process - and establish a Single Sign-On (SSO) session. This allows a remote attacker to - gain unauthorized access to other enabled clients without re-authentication, effectively - bypassing security restrictions. + description: ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection + vulnerability via the component /baseOpLog.do. detection: payload: null verify: null @@ -17063,30 +14431,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3047 - - https://access.redhat.com/errata/RHSA-2026:3925 - - https://access.redhat.com/errata/RHSA-2026:3926 - - https://access.redhat.com/errata/RHSA-2026:3947 - - https://access.redhat.com/errata/RHSA-2026:3948 + - https://nvd.nist.gov/vuln/detail/CVE-2022-36635 + - https://medium.com/stolabs/cve-2022-36635-a-sql-injection-in-zksecuritybio-to-rce-c5bde2962d47 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28802-CANDIDATE - cve_id: CVE-2026-28802 - name: Candidate detection for CVE-2026-28802 - severity: critical - cvss: 9.8 + id: CVE-2022-40047-CANDIDATE + cve_id: CVE-2022-40047 + name: Candidate detection for CVE-2022-40047 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Authlib is a Python library which builds OAuth and OpenID Connect - servers. From version 1.6.5 to before version 1.6.7, previous tests involving - passing a malicious JWT containing alg: none and an empty signature was passing - the signature verification step without any changes to the application code when - a failure was expected.. This issue has been patched in version 1.6.7.' + description: Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting + (XSS) vulnerability via the page parameter at /flatpress/admin.php. detection: payload: null verify: null @@ -17094,33 +14456,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28802 - - https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75 - - https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7 - - https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg - - https://access.redhat.com/errata/RHSA-2026:19375 + - https://nvd.nist.gov/vuln/detail/CVE-2022-40047 + - https://github.com/flatpressblog/flatpress/issues/153 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-29062-CANDIDATE - cve_id: CVE-2026-29062 - name: Candidate detection for CVE-2026-29062 - severity: high - cvss: 7.5 + id: CVE-2022-40440-CANDIDATE + cve_id: CVE-2022-40440 + name: Candidate detection for CVE-2022-40440 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'jackson-core contains core low-level incremental ("streaming") parser - and generator abstractions used by Jackson Data Processor. From version 3.0.0 - to before version 3.1.0, the UTF8DataInputJsonParser, which is used when parsing - from a java.io.DataInput source, bypasses the maxNestingDepth constraint (default: - 500) defined in StreamReadConstraints. A similar issue was found in ReaderBasedJsonParser. - This allows a user to supply a JSON document with excessive nesting, which can - cause a StackOverflowError when the structure is processed, leading to a Denial - of Service (DoS). This issue has been patched in version 3.1.0.' + description: mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) + vulnerability via the setTooltips() function. detection: payload: null verify: null @@ -17128,32 +14481,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-29062 - - https://github.com/FasterXML/jackson-core/commit/8b25fd67f20583e75fb09564ce1eaab06cd5a902 - - https://github.com/FasterXML/jackson-core/pull/1554 - - https://github.com/FasterXML/jackson-core/security/advisories/GHSA-6v53-7c9g-w56r - - https://access.redhat.com/security/cve/CVE-2026-29062 + - https://nvd.nist.gov/vuln/detail/CVE-2022-40440 + - https://github.com/SxB64/mxgraph-xss-vul/wiki + - https://github.com/jgraph/mxgraph generated_from: - nvd - status: candidate executable: false - id: CVE-2026-29074-CANDIDATE - cve_id: CVE-2026-29074 - name: Candidate detection for CVE-2026-29074 - severity: high - cvss: 7.5 + id: CVE-2022-33106-CANDIDATE + cve_id: CVE-2022-33106 + name: Candidate detection for CVE-2022-33106 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: SVGO, short for SVG Optimizer, is a Node.js library and command-line - application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, - from version 3.0.0 to before version 3.3.3, and before version 4.0.1, SVGO accepts - XML with custom entities, without guards against entity expansion or recursion. - This can result in a small XML file (811 bytes) stalling the application and even - crashing the Node.js process with JavaScript heap out of memory. This issue has - been patched in versions 2.8.1, 3.3.3, and 4.0.1. + description: WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate + Limit attack, allowing the attacker to brute force the admin password leading + to Account Take Over. detection: payload: null verify: null @@ -17161,30 +14508,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-29074 - - https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673 - - https://access.redhat.com/errata/RHSA-2026:11856 - - https://access.redhat.com/errata/RHSA-2026:11916 - - https://access.redhat.com/errata/RHSA-2026:13512 + - https://nvd.nist.gov/vuln/detail/CVE-2022-33106 + - https://hexisanoob.gitbook.io/hexisanoob/cves/cve-2022-33106 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-26017-CANDIDATE - cve_id: CVE-2026-26017 - name: Candidate detection for CVE-2026-26017 - severity: high - cvss: 7.7 + id: CVE-2022-38902-CANDIDATE + cve_id: CVE-2022-38902 + name: Candidate detection for CVE-2022-38902 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, - a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due - to the default execution order of plugins. Security plugins such as acl are evaluated - before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. - This issue has been patched in version 1.14.2. + description: A Cross-site scripting (XSS) vulnerability in the Blog module - add + new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows + remote attackers to inject arbitrary JS script or HTML into the name field of + newly created topic. detection: payload: null verify: null @@ -17192,31 +14535,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-26017 - - https://github.com/coredns/coredns/releases/tag/v1.14.2 - - https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr - - https://access.redhat.com/errata/RHSA-2026:25127 - - https://access.redhat.com/errata/RHSA-2026:8151 + - https://nvd.nist.gov/vuln/detail/CVE-2022-38902 + - https://drive.proton.me/urls/D27RQ14NGW#b71d8XrBl2Mu + - https://www.offensity.com/en/blog/authenticated-persistent-xss-in-liferay-dxp-cms-cve-2022-38901-and-cve-2022-38902/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-26018-CANDIDATE - cve_id: CVE-2026-26018 - name: Candidate detection for CVE-2026-26018 - severity: high - cvss: 7.5 + id: CVE-2022-41542-CANDIDATE + cve_id: CVE-2022-41542 + name: Candidate detection for CVE-2022-41542 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, - a denial of service vulnerability exists in CoreDNS's loop detection plugin that - allows an attacker to crash the DNS server by sending specially crafted DNS queries. - The vulnerability stems from the use of a predictable pseudo-random number generator - (PRNG) for generating a secret query name, combined with a fatal error handler - that terminates the entire process. This issue has been patched in version 1.14.2. + description: devhub 0.102.0 was discovered to contain a broken session control. detection: payload: null verify: null @@ -17224,33 +14560,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-26018 - - https://github.com/coredns/coredns/releases/tag/v1.14.2 - - https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278 - - https://access.redhat.com/errata/RHSA-2026:25127 - - https://access.redhat.com/errata/RHSA-2026:8151 + - https://nvd.nist.gov/vuln/detail/CVE-2022-41542 + - https://app.devhubapp.com/ + - https://devhubapp.com/ + - https://medium.com/@sc0p3hacker/cve-2022-41542-session-mis-configuration-in-devhub-application-ca956bb9027a + - https://medium.com/%40sc0p3hacker/cve-2022-41542-session-mis-configuration-in-devhub-application-ca956bb9027a generated_from: - nvd - status: candidate executable: false - id: CVE-2026-29091-CANDIDATE - cve_id: CVE-2026-29091 - name: Candidate detection for CVE-2026-29091 - severity: high - cvss: 8.1 + id: CVE-2022-40055-CANDIDATE + cve_id: CVE-2022-40055 + name: Candidate detection for CVE-2022-40055 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Locutus brings stdlibs of other programming languages to JavaScript - for educational purposes. Prior to version 3.0.0, a remote code execution (RCE) - flaw was discovered in the locutus project, specifically within the call_user_func_array - function implementation. The vulnerability allows an attacker to inject arbitrary - JavaScript code into the application's runtime environment. This issue stems from - an insecure implementation of the call_user_func_array function (and its wrapper - call_user_func), which fails to properly validate all components of a callback - array before passing them to eval(). This issue has been patched in version 3.0.0. + description: An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows + attackers to escalate privileges via a brute force attack at the login page. detection: payload: null verify: null @@ -17258,29 +14588,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-29091 - - https://github.com/locutusjs/locutus/commit/977a1fb169441e35996a1d2465b512322de500ad - - https://github.com/locutusjs/locutus/security/advisories/GHSA-fp25-p6mj-qqg6 - - https://access.redhat.com/security/cve/CVE-2026-29091 - - https://bugzilla.redhat.com/show_bug.cgi?id=2445262 + - https://nvd.nist.gov/vuln/detail/CVE-2022-40055 + - https://blog.alphathreat.in/index.php?post/2022/10/01/Achieving-CVE-2022-40055 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-29063-CANDIDATE - cve_id: CVE-2026-29063 - name: Candidate detection for CVE-2026-29063 - severity: critical - cvss: 9.8 + id: CVE-2021-3305-CANDIDATE + cve_id: CVE-2021-3305 + name: Candidate detection for CVE-2021-3305 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Immutable.js provides many Persistent Immutable data structures. Prior - to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable - via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() - APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5. + description: Beijing Feishu Technology Co., Ltd Feishu v3.40.3 was discovered to + contain an untrusted search path vulnerability. detection: payload: null verify: null @@ -17288,27 +14613,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-29063 - - https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3 - - https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8 - - https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5 - - https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw + - https://nvd.nist.gov/vuln/detail/CVE-2021-3305 + - https://github.com/liong007/Feishu/issues/1 + - https://www.feishu.cn/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25679-CANDIDATE - cve_id: CVE-2026-25679 - name: Candidate detection for CVE-2026-25679 - severity: high - cvss: 7.5 + id: CVE-2022-42112-CANDIDATE + cve_id: CVE-2022-42112 + name: Candidate detection for CVE-2022-42112 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: url.Parse insufficiently validated the host/authority component and - accepted some invalid URLs. + description: A Cross-site scripting (XSS) vulnerability in the Portal Search module's + Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before + fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers + to inject arbitrary web script or HTML via a crafted payload. detection: payload: null verify: null @@ -17316,29 +14641,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25679 - - https://go.dev/cl/752180 - - https://go.dev/issue/77578 - - https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk - - https://pkg.go.dev/vuln/GO-2026-4601 + - https://nvd.nist.gov/vuln/detail/CVE-2022-42112 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42112 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27137-CANDIDATE - cve_id: CVE-2026-27137 - name: Candidate detection for CVE-2026-27137 - severity: high - cvss: 7.5 + id: CVE-2022-42113-CANDIDATE + cve_id: CVE-2022-42113 + name: Candidate detection for CVE-2022-42113 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: When verifying a certificate chain which contains a certificate containing - multiple email address constraints which share common local portions but different - domain portions, these constraints will not be properly applied, and only the - last constraint will be considered. + description: A Cross-site scripting (XSS) vulnerability in Document Library module + in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through + update 36 allows remote attackers to inject arbitrary web script or HTML via the + `redirect` parameter. detection: payload: null verify: null @@ -17346,33 +14668,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27137 - - https://go.dev/cl/752182 - - https://go.dev/issue/77952 - - https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk - - https://pkg.go.dev/vuln/GO-2026-4599 + - https://nvd.nist.gov/vuln/detail/CVE-2022-42113 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42113 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24281-CANDIDATE - cve_id: CVE-2026-24281 - name: Candidate detection for CVE-2026-24281 - severity: high - cvss: 7.4 + id: CVE-2022-42114-CANDIDATE + cve_id: CVE-2022-42114 + name: Candidate detection for CVE-2022-42114 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Hostname verification in Apache ZooKeeper ZKTrustManager falls back - to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control - or spoof PTR records to impersonate ZooKeeper servers or clients with a valid - certificate for the PTR name. It's important to note that attacker must present - a certificate which is trusted by ZKTrustManager which makes the attack vector - harder to exploit. Users are recommended to upgrade to version 3.8.6 or 3.9.5, - which fixes this issue by introducing a new configuration option to disable reverse - DNS lookup in client and quorum protocols. + description: A Cross-site scripting (XSS) vulnerability in the Role module's edit + role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP + 7.4 before update 37 allows remote attackers to inject arbitrary web script or + HTML. detection: payload: null verify: null @@ -17380,31 +14695,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24281 - - https://lists.apache.org/thread/088ddsbrzhd5lxzbqf5n24yg0mwh9jt2 - - https://access.redhat.com/errata/RHSA-2026:10184 - - https://access.redhat.com/errata/RHSA-2026:14272 - - https://access.redhat.com/errata/RHSA-2026:14276 + - https://nvd.nist.gov/vuln/detail/CVE-2022-42114 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42114 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24308-CANDIDATE - cve_id: CVE-2026-24308 - name: Candidate detection for CVE-2026-24308 - severity: high - cvss: 7.5 + id: CVE-2022-42115-CANDIDATE + cve_id: CVE-2022-42115 + name: Candidate detection for CVE-2022-42115 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Improper handling of configuration values in ZKConfig in Apache ZooKeeper\ - \ 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information\ - \ stored in client configuration in the client's logfile. Configuration values\ - \ are exposed at INFO level logging rendering potential production systems affected\ - \ by the issue.\_Users are recommended to upgrade to version 3.8.6 or 3.9.5 which\ - \ fixes this issue." + description: Cross-site scripting (XSS) vulnerability in the Object module's edit + object details page in Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers + to inject arbitrary web script or HTML via a crafted payload injected into the + object field's `Label` text field. detection: payload: null verify: null @@ -17412,32 +14722,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24308 - - https://lists.apache.org/thread/qng3rtzv2pqkmko4rhv85jfplkyrgqdr - - https://access.redhat.com/errata/RHSA-2026:10184 - - https://access.redhat.com/errata/RHSA-2026:14272 - - https://access.redhat.com/errata/RHSA-2026:14276 + - https://nvd.nist.gov/vuln/detail/CVE-2022-42115 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42115 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-29186-CANDIDATE - cve_id: CVE-2026-29186 - name: Candidate detection for CVE-2026-29186 - severity: high - cvss: 7.7 + id: CVE-2022-42116-CANDIDATE + cve_id: CVE-2022-42116 + name: Candidate detection for CVE-2022-42116 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Backstage is an open framework for building developer portals. Prior - to version 1.14.3, this is a configuration bypass vulnerability that enables arbitrary - code execution. The @backstage/plugin-techdocs-node package uses an allowlist - to filter dangerous MkDocs configuration keys during the documentation build process. - A gap in this allowlist allows attackers to craft an mkdocs.yml that causes arbitrary - Python code execution, completely bypassing TechDocs' security controls. This - issue has been patched in version 1.14.3. + description: A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's + integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay + DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject + arbitrary web script or HTML via the (1) name, or (2) namespace parameter. detection: payload: null verify: null @@ -17445,26 +14749,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-29186 - - https://github.com/backstage/backstage/security/advisories/GHSA-928r-fm4v-mvrw - - https://access.redhat.com/errata/RHSA-2026:13826 - - https://access.redhat.com/errata/RHSA-2026:9742 - - https://access.redhat.com/security/cve/CVE-2026-29186 + - https://nvd.nist.gov/vuln/detail/CVE-2022-42116 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42116 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28678-CANDIDATE - cve_id: CVE-2026-28678 - name: Candidate detection for CVE-2026-28678 - severity: unknown - cvss: 0.0 + id: CVE-2022-42117-CANDIDATE + cve_id: CVE-2022-42117 + name: Candidate detection for CVE-2022-42117 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Rejected reason: Further research determined the issue is not a vulnerability.' + description: A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module + in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, + and 7.4 before update 17 allows remote attackers to inject arbitrary web script + or HTML. detection: payload: null verify: null @@ -17472,26 +14776,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28678 + - https://nvd.nist.gov/vuln/detail/CVE-2022-42117 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42117 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-29786-CANDIDATE - cve_id: CVE-2026-29786 - name: Candidate detection for CVE-2026-29786 - severity: medium - cvss: 6.3 + id: CVE-2022-33077-CANDIDATE + cve_id: CVE-2022-33077 + name: Candidate detection for CVE-2022-33077 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, - tar can be tricked into creating a hardlink that points outside the extraction - directory by using a drive-relative link target such as C:../target.txt, which - enables file overwrite outside cwd during normal tar.x() extraction. This issue - has been patched in version 7.5.10. + description: An access control issue in nopcommerce v4.50.2 allows attackers to + arbitrarily modify any customer's address via the addressedit endpoint. detection: payload: null verify: null @@ -17499,46 +14801,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-29786 - - https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f - - https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96 - - https://access.redhat.com/security/cve/CVE-2026-29786 - - https://bugzilla.redhat.com/show_bug.cgi?id=2445476 + - https://nvd.nist.gov/vuln/detail/CVE-2022-33077 + - https://medium.com/@rohan_pagey/cve-2022-33077-idor-to-change-address-of-any-customer-via-parameter-pollution-in-nopcommerce-4-5-2fa4bc763cc6 + - https://medium.com/%40rohan_pagey/cve-2022-33077-idor-to-change-address-of-any-customer-via-parameter-pollution-in-nopcommerce-4-5-2fa4bc763cc6 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-14027-CANDIDATE - cve_id: CVE-2024-14027 - name: Candidate detection for CVE-2024-14027 + id: CVE-2022-38901-CANDIDATE + cve_id: CVE-2022-38901 + name: Candidate detection for CVE-2022-38901 severity: medium - cvss: 5.5 + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'In the Linux kernel, the following vulnerability has been resolved: - - - fs/xattr: missing fdput() in fremovexattr error path - - - In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a - - file reference but returns early without calling fdput() when - - strncpy_from_user() fails on the name argument. In multi-threaded processes - - where fdget() takes the slow path, this permanently leaks one - - file reference per call, pinning the struct file and associated kernel - - objects in memory. An unprivileged local user can exploit this to cause - - kernel memory exhaustion. The issue was inadvertently fixed by commit - - a71874379ec8 ("xattr: switch to CLASS(fd)").' + description: A Cross-site scripting (XSS) vulnerability in the Document and Media + module - file upload functionality in Liferay Digital Experience Platform 7.3.10 + SP3 allows remote attackers to inject arbitrary JS script or HTML into the description + field of uploaded svg file. detection: payload: null verify: null @@ -17546,31 +14829,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-14027 - - https://git.kernel.org/stable/c/9a3a2ae5efbbcaed37551218abed94e23c537157 - - https://git.kernel.org/stable/c/a71874379ec8c6e788a61d71b3ad014a8d9a5c08 - - https://git.kernel.org/stable/c/d151b94967c8247005435b63fc60f8f4baa320da + - https://nvd.nist.gov/vuln/detail/CVE-2022-38901 + - https://drive.proton.me/urls/D27RQ14NGW#b71d8XrBl2Mu + - https://www.offensity.com/en/blog/authenticated-persistent-xss-in-liferay-dxp-cms-cve-2022-38901-and-cve-2022-38902/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-0846-CANDIDATE - cve_id: CVE-2026-0846 - name: Candidate detection for CVE-2026-0846 - severity: high - cvss: 7.5 + id: CVE-2022-41415-CANDIDATE + cve_id: CVE-2022-41415 + name: Candidate detection for CVE-2022-41415 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability in the `filestring()` function of the `nltk.util` module - in nltk version 3.9.2 allows arbitrary file read due to improper validation of - input paths. The function directly opens files specified by user input without - sanitization, enabling attackers to access sensitive system files by providing - absolute paths or traversal paths. This vulnerability can be exploited locally - or remotely, particularly in scenarios where the function is used in web APIs - or other interfaces that accept user-supplied input. + description: Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a + stack overflow in the RevserveMem component. This vulnerability allows attackers + to cause a Denial of Service (DoS) via injecting crafted shellcode into the NVRAM + variable. detection: payload: null verify: null @@ -17578,32 +14857,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-0846 - - https://huntr.com/bounties/007b84f8-418e-4300-99d0-bf504c2f97eb - - https://access.redhat.com/errata/RHSA-2026:10184 - - https://access.redhat.com/errata/RHSA-2026:19712 - - https://access.redhat.com/security/cve/CVE-2026-0846 + - https://nvd.nist.gov/vuln/detail/CVE-2022-41415 + - https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-41415/CVE-2022-41415.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25960-CANDIDATE - cve_id: CVE-2026-25960 - name: Candidate detection for CVE-2026-25960 - severity: high - cvss: 7.1 + id: CVE-2021-33231-CANDIDATE + cve_id: CVE-2021-33231 + name: Candidate detection for CVE-2021-33231 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: vLLM is an inference and serving engine for large language models (LLMs). - The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the - load_from_url_async method due to inconsistent URL parsing behavior between the - validation layer and the actual HTTP client. The SSRF fix uses urllib3.util.parse_url() - to validate and extract the hostname from user-provided URLs. However, load_from_url_async - uses aiohttp for making the actual HTTP requests, and aiohttp internally uses - the yarl library for URL parsing. This vulnerability in 0.17.0. + description: Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista + Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via + the notes field. detection: payload: null verify: null @@ -17611,29 +14883,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25960 - - https://github.com/vllm-project/vllm/commit/6f3b2047abd4a748e3db4a68543f8221358002c0 - - https://github.com/vllm-project/vllm/pull/34743 - - https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc - - https://github.com/vllm-project/vllm/security/advisories/GHSA-v359-jj2v-j536 + - https://nvd.nist.gov/vuln/detail/CVE-2021-33231 + - https://armysick.github.io/cve-2021-33231/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28691-CANDIDATE - cve_id: CVE-2026-28691 - name: Candidate detection for CVE-2026-28691 + id: CVE-2022-31366-CANDIDATE + cve_id: CVE-2022-31366 + name: Candidate detection for CVE-2022-31366 severity: high - cvss: 7.5 + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: ImageMagick is free and open-source software used for editing and manipulating - digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an uninitialized pointer - dereference vulnerability exists in the JBIG decoder due to a missing check. This - vulnerability is fixed in 7.1.2-16 and 6.9.13-41. + description: An arbitrary file upload vulnerability in the apiImportLabs function + in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary + code via a crafted UNL file. detection: payload: null verify: null @@ -17641,29 +14909,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28691 - - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wj8w-pjxf-9g4f - - https://access.redhat.com/errata/RHSA-2026:6713 - - https://access.redhat.com/security/cve/CVE-2026-28691 - - https://bugzilla.redhat.com/show_bug.cgi?id=2445902 + - https://nvd.nist.gov/vuln/detail/CVE-2022-31366 + - https://erpaciocco.github.io/2022/eve-ng-rce/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28693-CANDIDATE - cve_id: CVE-2026-28693 - name: Candidate detection for CVE-2026-28693 - severity: high - cvss: 8.1 + id: CVE-2022-38580-CANDIDATE + cve_id: CVE-2022-38580 + name: Candidate detection for CVE-2022-38580 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: ImageMagick is free and open-source software used for editing and manipulating - digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow - in DIB coder can result in out of bounds read or write. This vulnerability is - fixed in 7.1.2-16 and 6.9.13-41. + exploitdb_reference: true + description: Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery + (SSRF). detection: payload: null verify: null @@ -17671,29 +14934,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28693 - - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hffp-q43q-qq76 - - https://access.redhat.com/errata/RHSA-2026:6713 - - https://access.redhat.com/security/cve/CVE-2026-28693 - - https://bugzilla.redhat.com/show_bug.cgi?id=2445888 + - https://nvd.nist.gov/vuln/detail/CVE-2022-38580 + - https://gist.github.com/Fadavvi/9fffcfa4aaa9e25b77cfe7b3044b2857#file-cve-2022-38580 + - https://pastebin.com/dXxpgPAK generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2025-11739-CANDIDATE - cve_id: CVE-2025-11739 - name: Candidate detection for CVE-2025-11739 - severity: high - cvss: 7.8 + id: CVE-2022-42992-CANDIDATE + cve_id: CVE-2022-42992 + name: Candidate detection for CVE-2022-42992 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "CWE\u2011502: Deserialization of Untrusted Data vulnerability exists\ - \ that could cause arbitrary code execution with administrative privileges when\ - \ a locally authenticated attacker sends a crafted data stream, triggering unsafe\ - \ deserialization." + description: Multiple stored cross-site scripting (XSS) vulnerabilities in Train + Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via + a crafted payload injected into the Train Code, Train Name, and Destination text + fields. detection: payload: null verify: null @@ -17701,25 +14963,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-11739 - - https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-069-06.pdf + - https://nvd.nist.gov/vuln/detail/CVE-2022-42992 + - https://github.com/draco1725/POC/blob/main/Exploit/Train%20Scheduler%20App/XSS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-1286-CANDIDATE - cve_id: CVE-2026-1286 - name: Candidate detection for CVE-2026-1286 + id: CVE-2022-42991-CANDIDATE + cve_id: CVE-2022-42991 + name: Candidate detection for CVE-2022-42991 severity: medium - cvss: 6.5 + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'CWE-502: Deserialization of untrusted data vulnerability exists that - could lead to loss of confidentiality, integrity and potential remote code execution - on workstation when an admin authenticated user opens a malicious project file.' + description: A stored cross-site scripting (XSS) vulnerability in Simple Online + Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or + HTML via a crafted payload injected into the Edit Account Full Name field. detection: payload: null verify: null @@ -17727,24 +14989,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1286 - - https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-069-03.pdf + - https://nvd.nist.gov/vuln/detail/CVE-2022-42991 + - https://github.com/draco1725/POC/blob/main/Exploit/Simple%20Online%20Public%20Access%20Catalog/XSS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24294-CANDIDATE - cve_id: CVE-2026-24294 - name: Candidate detection for CVE-2026-24294 - severity: high - cvss: 7.8 + id: CVE-2022-42993-CANDIDATE + cve_id: CVE-2022-42993 + name: Candidate detection for CVE-2022-42993 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Improper authentication in Windows SMB Server allows an authorized - attacker to elevate privileges locally. + description: Password Storage Application v1.0 was discovered to contain a cross-site + scripting (XSS) vulnerability via the Setup page. detection: payload: null verify: null @@ -17752,27 +15014,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24294 - - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24294 - - https://www.vicarius.io/vsociety/posts/cve-2026-24294-detection-script-improper-authentication-vulnerability-in-windows-smb-server - - https://www.vicarius.io/vsociety/posts/cve-2026-24294-mitigation-script-improper-authentication-vulnerability-in-windows-smb-server - - https://github.com/0xNDI/CVE-2026-24294 + - https://nvd.nist.gov/vuln/detail/CVE-2022-42993 + - https://github.com/draco1725/POC/blob/main/Exploit/Password%20Storage%20Application/XSS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-26130-CANDIDATE - cve_id: CVE-2026-26130 - name: Candidate detection for CVE-2026-26130 + id: CVE-2022-43340-CANDIDATE + cve_id: CVE-2022-43340 + name: Candidate detection for CVE-2022-43340 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Allocation of resources without limits or throttling in ASP.NET Core - allows an unauthorized attacker to deny service over a network. + description: A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows + attackers to arbitrarily create user accounts and grant Administrator rights to + regular users. detection: payload: null verify: null @@ -17780,30 +15040,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-26130 - - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26130 - - https://access.redhat.com/errata/RHSA-2026:10082 - - https://access.redhat.com/errata/RHSA-2026:10083 - - https://access.redhat.com/errata/RHSA-2026:10084 + - https://nvd.nist.gov/vuln/detail/CVE-2022-43340 + - https://github.com/zyx0814/dzzoffice + - https://github.com/zyx0814/dzzoffice/issues/223 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28292-CANDIDATE - cve_id: CVE-2026-28292 - name: Candidate detection for CVE-2026-28292 - severity: critical - cvss: 9.8 + id: CVE-2022-40487-CANDIDATE + cve_id: CVE-2022-40487 + name: Candidate detection for CVE-2022-40487 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: '`simple-git`, an interface for running git commands in any node.js - application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker - to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve - full remote code execution on the host machine. Version 3.23.0 contains an updated - fix for the vulnerability.' + description: ProcessWire v3.0.200 was discovered to contain multiple cross-site + scripting (XSS) vulnerabilities via the Search Users and Search Pages function. + These vulnerabilities allow attackers to execute arbitrary web scripts or HTML + via injection of a crafted payload. detection: payload: null verify: null @@ -17811,28 +15068,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28292 - - https://github.com/steveukx/git-js/commit/f7042088aa2dac59e3c49a84d7a2f4b26048a257 - - https://github.com/steveukx/git-js/security/advisories/GHSA-r275-fr43-pm7q - - https://www.codeant.ai/security-research/security-research-simple-git-remote-code-execution-cve-2026-28292 - - https://access.redhat.com/security/cve/CVE-2026-28292 + - https://nvd.nist.gov/vuln/detail/CVE-2022-40487 + - https://gist.github.com/filipaze/32ab8683af8d82827028164e361b6e86 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23868-CANDIDATE - cve_id: CVE-2026-23868 - name: Candidate detection for CVE-2026-23868 + id: CVE-2022-40488-CANDIDATE + cve_id: CVE-2022-40488 + name: Candidate detection for CVE-2022-40488 severity: medium - cvss: 5.1 + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Giflib contains a double-free vulnerability that is the result of a - shallow copy in GifMakeSavedImage and incorrect error handling. The conditions - needed to trigger this vulnerability are difficult but may be possible. + description: ProcessWire v3.0.200 was discovered to contain a Cross-Site Request + Forgery (CSRF). detection: payload: null verify: null @@ -17840,18 +15093,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23868 - - https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7 - - https://www.facebook.com/security/advisories/cve-2026-23868 - - https://access.redhat.com/errata/RHSA-2026:16008 - - https://access.redhat.com/errata/RHSA-2026:16009 + - https://nvd.nist.gov/vuln/detail/CVE-2022-40488 + - https://gist.github.com/filipaze/76138289ded98aa45dfcd939a8afd331 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-30951-CANDIDATE - cve_id: CVE-2026-30951 - name: Candidate detection for CVE-2026-30951 + id: CVE-2022-40839-CANDIDATE + cve_id: CVE-2022-40839 + name: Candidate detection for CVE-2022-40839 severity: high cvss: 7.5 risk_level: unknown @@ -17859,12 +15109,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injection - via unescaped cast type in JSON/JSONB where clause processing. The _traverseJSON() - function splits JSON path keys on :: to extract a cast type, which is interpolated - raw into CAST(... AS ) SQL. An attacker who controls JSON object keys can - inject arbitrary SQL and exfiltrate data from any table. This vulnerability is - fixed in 6.37.8.' + description: A SQL injection vulnerability in the height and width parameter in + NdkAdvancedCustomizationFields v3.5.0 allows unauthenticated attackers to exfiltrate + database data. detection: payload: null verify: null @@ -17872,33 +15119,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-30951 - - https://github.com/sequelize/sequelize/security/advisories/GHSA-6457-6jrx-69cr - - https://access.redhat.com/errata/RHSA-2026:8498 - - https://access.redhat.com/security/cve/CVE-2026-30951 - - https://bugzilla.redhat.com/show_bug.cgi?id=2446250 + - https://nvd.nist.gov/vuln/detail/CVE-2022-40839 + - https://github.com/daaaalllii/cve-s/blob/main/CVE-2022-40839/poc.txt generated_from: - nvd - status: candidate executable: false - id: CVE-2026-31812-CANDIDATE - cve_id: CVE-2026-31812 - name: Candidate detection for CVE-2026-31812 + id: CVE-2022-40840-CANDIDATE + cve_id: CVE-2022-40840 + name: Candidate detection for CVE-2022-40840 severity: medium - cvss: 5.3 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC - transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger - a denial of service in applications using vulnerable quinn versions by sending - a crafted QUIC Initial packet containing malformed quic_transport_parameters. - In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), - so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over - the network with a single packet and no prior trust or authentication. This vulnerability - is fixed in 0.11.14. + description: ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross + Site Scripting (XSS) via createPdf.php. detection: payload: null verify: null @@ -17906,30 +15144,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-31812 - - https://github.com/quinn-rs/quinn/security/advisories/GHSA-6xvm-j4wr-6v98 - - https://access.redhat.com/errata/RHSA-2026:13545 - - https://access.redhat.com/errata/RHSA-2026:19712 - - https://access.redhat.com/errata/RHSA-2026:22862 + - https://nvd.nist.gov/vuln/detail/CVE-2022-40840 + - https://github.com/daaaalllii/cve-s/blob/main/CVE-2022-40840/poc.txt generated_from: - nvd - status: candidate executable: false - id: CVE-2026-31837-CANDIDATE - cve_id: CVE-2026-31837 - name: Candidate detection for CVE-2026-31837 - severity: high - cvss: 7.5 + id: CVE-2022-43321-CANDIDATE + cve_id: CVE-2022-43321 + name: Candidate detection for CVE-2022-43321 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Istio is an open platform to connect, manage, and secure microservices. - Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver - becomes unavailable or the fetch fails, exposing hardcoded defaults regardless - of use of the RequestAuthentication resource. This vulnerability is fixed in 1.29.1, - 1.28.5, and 1.27.8. + description: Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting + (XSS) vulnerability in the component /common/library/Page.php. detection: payload: null verify: null @@ -17937,18 +15169,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-31837 - - https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c - - https://access.redhat.com/errata/RHSA-2026:10184 - - https://access.redhat.com/errata/RHSA-2026:5948 - - https://access.redhat.com/errata/RHSA-2026:5950 + - https://nvd.nist.gov/vuln/detail/CVE-2022-43321 + - https://github.com/shopwind/yii-shopwind/issues/1 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28229-CANDIDATE - cve_id: CVE-2026-28229 - name: Candidate detection for CVE-2026-28229 + id: CVE-2022-44087-CANDIDATE + cve_id: CVE-2022-44087 + name: Candidate detection for CVE-2022-44087 severity: critical cvss: 9.8 risk_level: unknown @@ -17956,12 +15185,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'Argo Workflows is an open source container-native workflow engine - for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow - templates endpoints allow any client to retrieve WorkflowTemplates (and ClusterWorkflowTemplates). - Any request with a Authorization: Bearer nothing token can leak sensitive template - content, including embedded Secret manifests. This vulnerability is fixed in 4.0.2 - and 3.7.11.' + description: ESPCMS P8.21120101 was discovered to contain a remote code execution + (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT. detection: payload: null verify: null @@ -17969,35 +15194,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28229 - - https://github.com/argoproj/argo-workflows/security/advisories/GHSA-56px-hm34-xqj5 - - https://access.redhat.com/errata/RHSA-2026:10184 - - https://access.redhat.com/security/cve/CVE-2026-28229 - - https://bugzilla.redhat.com/show_bug.cgi?id=2446549 + - https://nvd.nist.gov/vuln/detail/CVE-2022-44087 + - https://gitee.com/earclink/espcms/issues/I5WSA0 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-31892-CANDIDATE - cve_id: CVE-2026-31892 - name: Candidate detection for CVE-2026-31892 - severity: high - cvss: 8.1 + id: CVE-2022-44088-CANDIDATE + cve_id: CVE-2022-44088 + name: Candidate detection for CVE-2022-44088 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Argo Workflows is an open source container-native workflow engine - for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and - 3.7.11, A user who can submit Workflows can completely bypass all security settings - defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow - submission. This works even when the controller is configured with templateReferencing: - Strict, which is specifically documented as a mechanism to restrict users to admin-approved - templates. The podSpecPatch field on a submitted Workflow takes precedence over - the referenced WorkflowTemplate during spec merging and is applied directly to - the pod spec at creation time with no security validation. This vulnerability - is fixed in 4.0.2 and 3.7.11.' + description: ESPCMS P8.21120101 was discovered to contain a remote code execution + (RCE) vulnerability in the component INPUT_ISDESCRIPTION. detection: payload: null verify: null @@ -18005,29 +15219,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-31892 - - https://github.com/argoproj/argo-workflows/security/advisories/GHSA-3wf5-g532-rcrr - - https://access.redhat.com/errata/RHSA-2026:10184 - - https://access.redhat.com/security/cve/CVE-2026-31892 - - https://bugzilla.redhat.com/show_bug.cgi?id=2446551 + - https://nvd.nist.gov/vuln/detail/CVE-2022-44088 + - https://gitee.com/earclink/espcms/issues/I5WSND generated_from: - nvd - status: candidate executable: false - id: CVE-2023-43010-CANDIDATE - cve_id: CVE-2023-43010 - name: Candidate detection for CVE-2023-43010 - severity: high - cvss: 8.8 + id: CVE-2022-44089-CANDIDATE + cve_id: CVE-2022-44089 + name: Candidate detection for CVE-2022-44089 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 - and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted - web content may lead to memory corruption. + description: ESPCMS P8.21120101 was discovered to contain a remote code execution + (RCE) vulnerability in the component IS_GETCACHE. detection: payload: null verify: null @@ -18035,32 +15244,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2023-43010 - - https://support.apple.com/en-us/120300 - - https://support.apple.com/en-us/120877 - - https://support.apple.com/en-us/120879 - - https://support.apple.com/en-us/126632 + - https://nvd.nist.gov/vuln/detail/CVE-2022-44089 + - https://gitee.com/earclink/espcms/issues/I5WSQ1 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28356-CANDIDATE - cve_id: CVE-2026-28356 - name: Candidate detection for CVE-2026-28356 - severity: high - cvss: 7.5 + id: CVE-2022-42118-CANDIDATE + cve_id: CVE-2022-42118 + name: Candidate detection for CVE-2022-42118 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: multipart is a fast multipart/form-data parser for python. Prior to - 1.2.2, 1.3.1 and 1.4.0-dev, the parse_options_header() function in multipart.py - uses a regular expression with an ambiguous alternation, which can cause exponential - backtracking (ReDoS) when parsing maliciously crafted HTTP or multipart segment - headers. This can be abused for denial of service (DoS) attacks against web applications - using this library to parse request headers or multipart/form-data streams. The - issue is fixed in 1.2.2, 1.3.1 and 1.4.0-dev. + description: A Cross-site scripting (XSS) vulnerability in the Portal Search module + in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, + 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers + to inject arbitrary web script or HTML via the `tag` parameter. detection: payload: null verify: null @@ -18068,30 +15271,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28356 - - https://github.com/defnull/multipart/security/advisories/GHSA-p2m9-wcp5-6qw3 - - https://access.redhat.com/errata/RHSA-2026:10184 - - https://access.redhat.com/errata/RHSA-2026:5809 - - https://access.redhat.com/errata/RHSA-2026:6761 + - https://nvd.nist.gov/vuln/detail/CVE-2022-42118 + - https://issues.liferay.com/browse/LPE-17342 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42118 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32141-CANDIDATE - cve_id: CVE-2026-32141 - name: Candidate detection for CVE-2026-32141 - severity: high - cvss: 7.5 + id: CVE-2022-42119-CANDIDATE + cve_id: CVE-2022-42119 + name: Candidate detection for CVE-2022-42119 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() - function uses a recursive revive() phase to resolve circular references in deserialized - JSON. When given a crafted payload with deeply nested or self-referential $ indices, - the recursion depth is unbounded, causing a stack overflow that crashes the Node.js - process. This vulnerability is fixed in 3.4.0. + description: Certain Liferay products are vulnerable to Cross Site Scripting (XSS) + via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay + DXP 7.3 before update 8. detection: payload: null verify: null @@ -18099,37 +15298,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32141 - - https://github.com/WebReflection/flatted/commit/7eb65d857e1a40de11c47461cdbc8541449f0606 - - https://github.com/WebReflection/flatted/pull/88 - - https://github.com/WebReflection/flatted/security/advisories/GHSA-25h7-pfq9-p65f - - https://access.redhat.com/errata/RHSA-2026:13826 + - https://nvd.nist.gov/vuln/detail/CVE-2022-42119 + - https://issues.liferay.com/browse/LPE-17632 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42119 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3497-CANDIDATE - cve_id: CVE-2026-3497 - name: Candidate detection for CVE-2026-3497 - severity: high - cvss: 7.5 + id: CVE-2022-42120-CANDIDATE + cve_id: CVE-2022-42120 + name: Candidate detection for CVE-2022-42120 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Vulnerability in the OpenSSH GSSAPI delta included in various Linux - distributions. This vulnerability affects the GSSAPI patches added by various - Linux distributions and does not affect the OpenSSH upstream project itself. The - usage of sshpkt_disconnect() on an error, which does not terminate the process, - allows an attacker to send an unexpected GSSAPI message type during the GSSAPI - key exchange to the server, which will call the underlying function and continue - the execution of the program without setting the related connection variables. - As the variables are not initialized to NULL the code later accesses those uninitialized - variables, accessing random memory, which could lead to undefined behavior. The - recommended workaround is to use ssh_packet_disconnect() instead, which does terminate - the process. The impact of the vulnerability depends heavily on the compiler flag - hardening configuration. + description: A SQL injection vulnerability in the Fragment module in Liferay Portal + 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update + 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' + `namespace` attribute. detection: payload: null verify: null @@ -18137,31 +15326,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3497 - - https://ubuntu.com/security/CVE-2026-3497 - - https://www.openwall.com/lists/oss-security/2026/03/12/3 - - https://lists.debian.org/debian-lts-announce/2026/04/msg00014.html - - https://access.redhat.com/errata/RHSA-2026:10065 + - https://nvd.nist.gov/vuln/detail/CVE-2022-42120 + - https://issues.liferay.com/browse/LPE-17513 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42120 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32274-CANDIDATE - cve_id: CVE-2026-32274 - name: Candidate detection for CVE-2026-32274 + id: CVE-2022-42121-CANDIDATE + cve_id: CVE-2022-42121 + name: Candidate detection for CVE-2022-42121 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Black is the uncompromising Python code formatter. Prior to 26.3.1, - Black writes a cache file, the name of which is computed from various formatting - options. The value of the --python-cell-magics option was placed in the filename - without sanitization, which allowed an attacker who controls the value of this - argument to write cache files to arbitrary file system locations. Fixed in Black - 26.3.1. + description: A SQL injection vulnerability in the Layout module in Liferay Portal + 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix + pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers + to execute arbitrary SQL commands via a crafted payload injected into a page template's + 'Name' field. detection: payload: null verify: null @@ -18169,35 +15355,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32274 - - https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d - - https://github.com/psf/black/pull/5038 - - https://github.com/psf/black/releases/tag/26.3.1 - - https://github.com/psf/black/security/advisories/GHSA-3936-cmfr-pm3m + - https://nvd.nist.gov/vuln/detail/CVE-2022-42121 + - https://issues.liferay.com/browse/LPE-17414 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42121 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-1526-CANDIDATE - cve_id: CVE-2026-1526 - name: Candidate detection for CVE-2026-1526 - severity: high - cvss: 7.5 + id: CVE-2022-42122-CANDIDATE + cve_id: CVE-2022-42122 + name: Candidate detection for CVE-2022-42122 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "The undici WebSocket client is vulnerable to a denial-of-service attack\ - \ via unbounded memory consumption during permessage-deflate decompression. When\ - \ a WebSocket connection negotiates the permessage-deflate extension, the client\ - \ decompresses incoming compressed frames without enforcing any limit on the decompressed\ - \ data size. A malicious WebSocket server can send a small compressed frame (a\ - \ \"decompression bomb\") that expands to an extremely large size in memory, causing\ - \ the Node.js process to exhaust available memory and crash or become unresponsive.\n\ - \nThe vulnerability exists in the\_PerMessageDeflate.decompress()\_method, which\ - \ accumulates all decompressed chunks in memory and concatenates them into a single\ - \ Buffer without checking whether the total size exceeds a safe threshold." + description: A SQL injection vulnerability in the Friendly Url module in Liferay + Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers + to execute arbitrary SQL commands via a crafted payload injected into the `title` + field of a friendly URL. detection: payload: null verify: null @@ -18205,18 +15383,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1526 - - https://cna.openjsf.org/security-advisories.html - - https://datatracker.ietf.org/doc/html/rfc7692 - - https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q - - https://hackerone.com/reports/3481206 + - https://nvd.nist.gov/vuln/detail/CVE-2022-42122 + - https://issues.liferay.com/browse/LPE-17520 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42122 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-1528-CANDIDATE - cve_id: CVE-2026-1528 - name: Candidate detection for CVE-2026-1528 + id: CVE-2022-42123-CANDIDATE + cve_id: CVE-2022-42123 + name: Candidate detection for CVE-2022-42123 severity: high cvss: 7.5 risk_level: unknown @@ -18224,17 +15400,10 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'ImpactA server can reply with a WebSocket frame using the 64-bit length - form and an extremely large length. undici''s ByteParser overflows internal math, - ends up in an invalid state, and throws a fatal TypeError that terminates the - process. - - - Patches - - - Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this - version or later.' + description: A Zip slip vulnerability in the Elasticsearch Connector in Liferay + Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before + update 19 allows attackers to create or overwrite existing files on the filesystem + via the installation of a malicious Elasticsearch Sidecar plugin. detection: payload: null verify: null @@ -18242,18 +15411,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1528 - - https://cna.openjsf.org/security-advisories.html - - https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj - - https://hackerone.com/reports/3537648 - - https://access.redhat.com/errata/RHSA-2026:13826 + - https://nvd.nist.gov/vuln/detail/CVE-2022-42123 + - https://issues.liferay.com/browse/LPE-17518 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42123 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2229-CANDIDATE - cve_id: CVE-2026-2229 - name: Candidate detection for CVE-2026-2229 + id: CVE-2022-42124-CANDIDATE + cve_id: CVE-2022-42124 + name: Candidate detection for CVE-2022-42124 severity: high cvss: 7.5 risk_level: unknown @@ -18261,19 +15428,11 @@ priority: cisa_kev: false exploitdb_reference: false - description: "ImpactThe undici WebSocket client is vulnerable to a denial-of-service\ - \ attack due to improper validation of the\_server_max_window_bits\_parameter\ - \ in the permessage-deflate extension. When a WebSocket client connects to a server,\ - \ it automatically advertises support for permessage-deflate compression. A malicious\ - \ server can respond with an out-of-range\_server_max_window_bits\_value (outside\ - \ zlib's valid range of 8-15). When the server subsequently sends a compressed\ - \ frame, the client attempts to create a zlib InflateRaw instance with the invalid\ - \ windowBits value, causing a synchronous RangeError exception that is not caught,\ - \ resulting in immediate process termination.\n\nThe vulnerability exists because:\n\ - \n * The\_isValidClientWindowBits()\_function only validates that the value\ - \ contains ASCII digits, not that it falls within the valid range 8-15\n * The\_\ - createInflateRaw()\_call is not wrapped in a try-catch block\n * The resulting\ - \ exception propagates up through the call stack and crashes the Node.js process" + description: ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay + Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, + 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive + amount of server resources via a crafted payload injected into the 'name' field + of a layout prototype. detection: payload: null verify: null @@ -18281,32 +15440,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2229 - - https://cna.openjsf.org/security-advisories.html - - https://datatracker.ietf.org/doc/html/rfc7692 - - https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8 - - https://hackerone.com/reports/3487486 + - https://nvd.nist.gov/vuln/detail/CVE-2022-42124 + - https://issues.liferay.com/browse/LPE-17435 + - https://issues.liferay.com/browse/LPE-17535 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42124 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-8766-CANDIDATE - cve_id: CVE-2025-8766 - name: Candidate detection for CVE-2025-8766 - severity: medium - cvss: 6.4 + id: CVE-2022-42125-CANDIDATE + cve_id: CVE-2022-42125 + name: Candidate detection for CVE-2022-42125 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A container privilege escalation flaw was found in certain Multi-Cloud - Object Gateway Core images. This issue stems from the /etc/passwd file being created - with group-writable permissions during build time. In certain conditions, an attacker - who can execute commands within an affected container, even as a non-root user, - can leverage their membership in the root group to modify the /etc/passwd file. - This could allow the attacker to add a new user with any arbitrary UID, including - UID 0, leading to full root privileges within the container + description: Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 + through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers + to create or overwrite existing files on the filesystem via the deployment of + a malicious plugin/module. detection: payload: null verify: null @@ -18314,34 +15469,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-8766 - - https://access.redhat.com/security/cve/CVE-2025-8766 - - https://bugzilla.redhat.com/show_bug.cgi?id=2387265 - - https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8766.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-42125 + - https://issues.liferay.com/browse/LPE-17517 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42125 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-31806-CANDIDATE - cve_id: CVE-2026-31806 - name: Candidate detection for CVE-2026-31806 - severity: critical - cvss: 9.8 + id: CVE-2022-42126-CANDIDATE + cve_id: CVE-2022-42126 + name: Candidate detection for CVE-2022-42126 + severity: medium + cvss: 4.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior - to 3.24.0, the gdi_surface_bits() function processes SURFACE_BITS_COMMAND messages - sent by the RDP server. When the command is handled using NSCodec, the bmp.width - and bmp.height values provided by the server are not properly validated against - the actual desktop dimensions. A malicious RDP server can supply crafted bmp.width - and bmp.height values that exceed the expected surface size. Because these values - are used during bitmap decoding and memory operations without proper bounds checking, - this can lead to a heap buffer overflow. Since the attacker can also control the - associated pixel data transmitted by the server, the overflow may be exploitable - to overwrite adjacent heap memory. This vulnerability is fixed in 3.24.0. + description: The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, + and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly + check permissions of asset libraries, which allows remote authenticated users + to view asset libraries via the UI. detection: payload: null verify: null @@ -18349,31 +15497,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-31806 - - https://github.com/FreeRDP/FreeRDP/commit/83d9aedea278a74af3e490ff5eeb889c016dbb2b - - https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrqm-46rj-cmx2 - - https://access.redhat.com/errata/RHSA-2026:10076 - - https://access.redhat.com/errata/RHSA-2026:10734 + - https://nvd.nist.gov/vuln/detail/CVE-2022-42126 + - https://issues.liferay.com/browse/LPE-17593 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42126 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32304-CANDIDATE - cve_id: CVE-2026-32304 - name: Candidate detection for CVE-2026-32304 - severity: critical - cvss: 9.8 + id: CVE-2022-42127-CANDIDATE + cve_id: CVE-2022-42127 + name: Candidate detection for CVE-2022-42127 + severity: medium + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Locutus brings stdlibs of other programming languages to JavaScript - for educational purposes. Prior to 3.0.14, the create_function(args, code) function - passes both parameters directly to the Function constructor without any sanitization, - allowing arbitrary code execution. This is distinct from CVE-2026-29091 which - was call_user_func_array using eval() in v2.x. This finding affects create_function - using new Function() in v3.x. This vulnerability is fixed in 3.0.14. + description: The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, + and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, + which allows remote attackers to obtain the history of all friendly URLs that + was assigned to a page. detection: payload: null verify: null @@ -18381,31 +15525,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32304 - - https://github.com/locutusjs/locutus/releases/tag/v3.0.14 - - https://github.com/locutusjs/locutus/security/advisories/GHSA-vh9h-29pq-r5m8 - - https://access.redhat.com/security/cve/CVE-2026-32304 - - https://bugzilla.redhat.com/show_bug.cgi?id=2447200 + - https://nvd.nist.gov/vuln/detail/CVE-2022-42127 + - https://issues.liferay.com/browse/LPE-17607 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42127 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32597-CANDIDATE - cve_id: CVE-2026-32597 - name: Candidate detection for CVE-2026-32597 - severity: high - cvss: 7.5 + id: CVE-2022-42128-CANDIDATE + cve_id: CVE-2022-42128 + name: Candidate detection for CVE-2022-42128 + severity: medium + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0,\ - \ PyJWT does not validate the crit (Critical) Header Parameter defined in RFC\ - \ 7515 \xA74.1.11. When a JWS token contains a crit array listing extensions that\ - \ PyJWT does not understand, the library accepts the token instead of rejecting\ - \ it. This violates the MUST requirement in the RFC. This vulnerability is fixed\ - \ in 2.12.0." + description: The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, + and Liferay DXP 7.4 GA does not properly check permissions, which allows remote + attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode + API. detection: payload: null verify: null @@ -18413,34 +15553,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32597 - - https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f - - https://lists.debian.org/debian-lts-announce/2026/05/msg00008.html - - https://access.redhat.com/errata/RHSA-2026:10140 - - https://access.redhat.com/errata/RHSA-2026:10141 + - https://nvd.nist.gov/vuln/detail/CVE-2022-42128 + - https://issues.liferay.com/browse/LPE-17595 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42128 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4111-CANDIDATE - cve_id: CVE-2026-4111 - name: Candidate detection for CVE-2026-4111 - severity: high - cvss: 7.5 + id: CVE-2022-42129-CANDIDATE + cve_id: CVE-2022-42129 + name: Candidate detection for CVE-2022-42129 + severity: medium + cvss: 4.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was identified in the RAR5 archive decompression logic of the - libarchive library, specifically within the archive_read_data() processing path. - When a specially crafted RAR5 archive is processed, the decompression routine - may enter a state where internal logic prevents forward progress. This condition - results in an infinite loop that continuously consumes CPU resources. Because - the archive passes checksum validation and appears structurally valid, affected - applications cannot detect the issue before processing. This can allow attackers - to cause persistent denial-of-service conditions in services that automatically - process archives. + description: An Insecure direct object reference (IDOR) vulnerability in the Dynamic + Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 + before update 4, and 7.4 GA allows remote authenticated users to view and access + form entries via the `formInstanceRecordId` parameter. detection: payload: null verify: null @@ -18448,33 +15581,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4111 - - https://access.redhat.com/errata/RHSA-2026:10065 - - https://access.redhat.com/errata/RHSA-2026:10081 - - https://access.redhat.com/errata/RHSA-2026:10097 - - https://access.redhat.com/errata/RHSA-2026:14773 + - https://nvd.nist.gov/vuln/detail/CVE-2022-42129 + - https://issues.liferay.com/browse/LPE-17448 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42129 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-14287-CANDIDATE - cve_id: CVE-2025-14287 - name: Candidate detection for CVE-2025-14287 - severity: high - cvss: 8.8 + id: CVE-2022-42130-CANDIDATE + cve_id: CVE-2022-42130 + name: Candidate detection for CVE-2022-42130 + severity: medium + cvss: 4.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A command injection vulnerability exists in mlflow/mlflow versions - before v3.7.0, specifically in the `mlflow/sagemaker/__init__.py` file at lines - 161-167. The vulnerability arises from the direct interpolation of user-supplied - container image names into shell commands without proper sanitization, which are - then executed using `os.system()`. This allows attackers to execute arbitrary - commands by supplying malicious input through the `--container` parameter of the - CLI. The issue affects environments where MLflow is used, including development - setups, CI/CD pipelines, and cloud deployments. + description: The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, + and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update + 4, and 7.4 GA does not properly check permission of form entries, which allows + remote authenticated users to view and access all form entries. detection: payload: null verify: null @@ -18482,37 +15609,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-14287 - - https://huntr.com/bounties/229cd526-41aa-4819-b6f0-e2d0371c89e3 - - https://access.redhat.com/security/cve/CVE-2025-14287 - - https://bugzilla.redhat.com/show_bug.cgi?id=2447690 - - https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14287.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-42130 + - https://issues.liferay.com/browse/LPE-17447 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42130 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2920-CANDIDATE - cve_id: CVE-2026-2920 - name: Candidate detection for CVE-2026-2920 - severity: high - cvss: 7.8 + id: CVE-2022-42131-CANDIDATE + cve_id: CVE-2022-42131 + name: Candidate detection for CVE-2022-42131 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution - Vulnerability. This vulnerability allows remote attackers to execute arbitrary - code on affected installations of GStreamer. Interaction with this library is - required to exploit this vulnerability but attack vectors may vary depending on - the implementation. - - - The specific flaw exists within the processing of stream headers within ASF files. - The issue results from the lack of proper validation of the length of user-supplied - data prior to copying it to a fixed-length heap-based buffer. An attacker can - leverage this vulnerability to execute code in the context of the current process. - Was ZDI-CAN-28843.' + description: 'Certain Liferay products are affected by: Missing SSL Certificate + Validation in the Dynamic Data Mapping module''s REST data providers. This affects + Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 + before fix pack 17, and 7.3 before service pack 3.' detection: payload: null verify: null @@ -18520,36 +15637,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2920 - - https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/37d7991168a223d0810fd1f4493ec6a8b6a510d3 - - https://www.zerodayinitiative.com/advisories/ZDI-26-164/ - - https://access.redhat.com/errata/RHSA-2026:19024 - - https://access.redhat.com/errata/RHSA-2026:19180 + - https://nvd.nist.gov/vuln/detail/CVE-2022-42131 + - https://issues.liferay.com/browse/LPE-17377 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42131 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2921-CANDIDATE - cve_id: CVE-2026-2921 - name: Candidate detection for CVE-2026-2921 - severity: high - cvss: 7.8 + id: CVE-2022-42132-CANDIDATE + cve_id: CVE-2022-42132 + name: Candidate detection for CVE-2022-42132 + severity: medium + cvss: 5.9 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. - This vulnerability allows remote attackers to execute arbitrary code on affected - installations of GStreamer. Interaction with this library is required to exploit - this vulnerability but attack vectors may vary depending on the implementation. - - - The specific flaw exists within the handling of palette data in AVI files. The - issue results from the lack of proper validation of user-supplied data, which - can result in an integer overflow before writing to memory. An attacker can leverage - this vulnerability to execute code in the context of the current process. Was - ZDI-CAN-28854.' + description: The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, + and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before + fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential + in the page URL when paginating through the list of users, which allows man-in-the-middle + attackers or attackers with access to the request logs to see the LDAP credential. detection: payload: null verify: null @@ -18557,36 +15666,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2921 - - https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e3a99c35266fc92dd6a18ac5fde028d0cda559e6 - - https://www.zerodayinitiative.com/advisories/ZDI-26-168/ - - https://lists.debian.org/debian-lts-announce/2026/03/msg00018.html - - https://access.redhat.com/errata/RHSA-2026:19024 + - https://nvd.nist.gov/vuln/detail/CVE-2022-42132 + - https://issues.liferay.com/browse/LPE-17438 + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2922-CANDIDATE - cve_id: CVE-2026-2922 - name: Candidate detection for CVE-2026-2922 - severity: high - cvss: 7.8 + id: CVE-2022-36179-CANDIDATE + cve_id: CVE-2022-36179 + name: Candidate detection for CVE-2022-36179 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution - Vulnerability. This vulnerability allows remote attackers to execute arbitrary - code on affected installations of GStreamer. Interaction with this library is - required to exploit this vulnerability but attack vectors may vary depending on - the implementation. - - - The specific flaw exists within the processing of video packets. The issue results - from the lack of proper validation of user-supplied data, which can result in - a write past the end of an allocated buffer. An attacker can leverage this vulnerability - to execute code in the context of the current process. Was ZDI-CAN-28845.' + description: Fusiondirectory 1.3 suffers from Improper Session Handling. detection: payload: null verify: null @@ -18594,36 +15691,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2922 - - https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/88df8d2cd063b95a076e8041b47f778a4402f363 - - https://www.zerodayinitiative.com/advisories/ZDI-26-165/ - - https://access.redhat.com/errata/RHSA-2026:19024 - - https://access.redhat.com/errata/RHSA-2026:19180 + - https://nvd.nist.gov/vuln/detail/CVE-2022-36179 + - https://lists.debian.org/debian-lts-announce/2023/07/msg00009.html + - https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2923-CANDIDATE - cve_id: CVE-2026-2923 - name: Candidate detection for CVE-2026-2923 - severity: high - cvss: 7.8 + id: CVE-2022-36180-CANDIDATE + cve_id: CVE-2022-36180 + name: Candidate detection for CVE-2022-36180 + severity: critical + cvss: 9.6 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution - Vulnerability. This vulnerability allows remote attackers to execute arbitrary - code on affected installations of GStreamer. Interaction with this library is - required to exploit this vulnerability but attack vectors may vary depending on - the implementation. - - - The specific flaw exists within the handling of coordinates. The issue results - from the lack of proper validation of user-supplied data, which can result in - a write past the end of an allocated buffer. An attacker can leverage this vulnerability - to execute code in the context of the current process. Was ZDI-CAN-28838.' + description: Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via + /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], + /fusiondirectory/index.php?signout=1&message=[injection]&plug=106. detection: payload: null verify: null @@ -18631,32 +15718,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2923 - - https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3b8253f447bcc9831dbf643d2c69b205fedbe086 - - https://www.zerodayinitiative.com/advisories/ZDI-26-161/ - - https://access.redhat.com/errata/RHSA-2026:19024 - - https://access.redhat.com/errata/RHSA-2026:19180 + - https://nvd.nist.gov/vuln/detail/CVE-2022-36180 + - https://lists.debian.org/debian-lts-announce/2023/07/msg00009.html + - https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32640-CANDIDATE - cve_id: CVE-2026-32640 - name: Candidate detection for CVE-2026-32640 + id: CVE-2022-40842-CANDIDATE + cve_id: CVE-2022-40842 + name: Candidate detection for CVE-2022-40842 severity: critical - cvss: 9.8 + cvss: 9.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: SimpleEval is a library for adding evaluatable expressions into python - projects. Prior to 1.0.5, objects (including modules) can leak dangerous modules - through to direct access inside the sandbox. If the objects you've passed in as - names to SimpleEval have modules or other disallowed / dangerous objects available - as attrs. Additionally, dangerous functions or modules could be accessed by passing - them as callbacks to other safe functions to call. The latest version 1.0.5 has - this issue fixed. This vulnerability is fixed in 1.0.5. + description: ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side + request forgery (SSRF) via rotateimg.php. detection: payload: null verify: null @@ -18664,36 +15744,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32640 - - https://github.com/danthedeckie/simpleeval/security/advisories/GHSA-44vg-5wv2-h2hg - - https://lists.debian.org/debian-lts-announce/2026/04/msg00023.html - - https://access.redhat.com/errata/RHSA-2026:10184 - - https://access.redhat.com/security/cve/CVE-2026-32640 + - https://nvd.nist.gov/vuln/detail/CVE-2022-40842 + - https://github.com/daaaalllii/cve-s/blob/main/CVE-2022-40842/poc.txt generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3081-CANDIDATE - cve_id: CVE-2026-3081 - name: Candidate detection for CVE-2026-3081 - severity: high - cvss: 7.8 + id: CVE-2022-42989-CANDIDATE + cve_id: CVE-2022-42989 + name: Candidate detection for CVE-2022-42989 + severity: critical + cvss: 9.0 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code - Execution Vulnerability. This vulnerability allows remote attackers to execute - arbitrary code on affected installations of GStreamer. Interaction with this library - is required to exploit this vulnerability but attack vectors may vary depending - on the implementation. - - - The specific flaw exists within the parsing of decoding units. The issue results - from the lack of proper validation of the length of user-supplied data prior to - copying it to a fixed-length stack-based buffer. An attacker can leverage this - vulnerability to execute code in the context of the current process. Was ZDI-CAN-28839.' + description: ERP Sankhya before v4.11b81 was discovered to contain a cross-site + scripting (XSS) vulnerability via the component Caixa de Entrada. detection: payload: null verify: null @@ -18701,36 +15769,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3081 - - https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/2ffdfca2df95a7f605c922d3111e5d5be5314dca - - https://www.zerodayinitiative.com/advisories/ZDI-26-162/ - - https://access.redhat.com/security/cve/CVE-2026-3081 - - https://bugzilla.redhat.com/show_bug.cgi?id=2447494 + - https://nvd.nist.gov/vuln/detail/CVE-2022-42989 + - https://github.com/0xLUC4S/CVEs/blob/main/SankhyaERP_XSS_Account_Takeover.txt generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3082-CANDIDATE - cve_id: CVE-2026-3082 - name: Candidate detection for CVE-2026-3082 - severity: high - cvss: 7.8 + id: CVE-2022-44194-CANDIDATE + cve_id: CVE-2022-44194 + name: Candidate detection for CVE-2022-44194 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution - Vulnerability. This vulnerability allows remote attackers to execute arbitrary - code on affected installations of GStreamer. Interaction with this library is - required to exploit this vulnerability but attack vectors may vary depending on - the implementation. - - - The specific flaw exists within the processing of Huffman tables. The issue results - from the lack of proper validation of the length of user-supplied data prior to - copying it to a fixed-length heap-based buffer. An attacker can leverage this - vulnerability to execute code in the context of the current process. Was ZDI-CAN-28840.' + description: Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters + apmode_dns1_pri and apmode_dns1_sec. detection: payload: null verify: null @@ -18738,36 +15794,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3082 - - https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/7d3c258ed928cf59d126c8ea926b185f046f444c - - https://www.zerodayinitiative.com/advisories/ZDI-26-163/ - - https://access.redhat.com/errata/RHSA-2026:19024 - - https://access.redhat.com/errata/RHSA-2026:19180 + - https://nvd.nist.gov/vuln/detail/CVE-2022-44194 + - https://github.com/RobinWang825/IoT_vuln/tree/main/Netgear/R7000P/11 + - https://www.netgear.com/about/security/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3083-CANDIDATE - cve_id: CVE-2026-3083 - name: Candidate detection for CVE-2026-3083 - severity: high - cvss: 8.8 + id: CVE-2022-37773-CANDIDATE + cve_id: CVE-2022-37773 + name: Candidate detection for CVE-2022-37773 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. - This vulnerability allows remote attackers to execute arbitrary code on affected - installations of GStreamer. Interaction with this library is required to exploit - this vulnerability but attack vectors may vary depending on the implementation. - - - The specific flaw exists within the processing of X-QDM RTP payload elements. - When parsing the packetid element, the process does not properly validate user-supplied - data, which can result in a write past the end of an allocated array. An attacker - can leverage this vulnerability to execute code in the context of the current - process. Was ZDI-CAN-28850.' + description: An authenticated SQL Injection vulnerability in the statistics page + (/statistics/retrieve) of Maarch RM 2.8, via the filter parameter, allows the + complete disclosure of all databases. detection: payload: null verify: null @@ -18775,36 +15821,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3083 - - https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/d60a94dee3c0a0942c9981491bf83e0de1900fbf - - https://www.zerodayinitiative.com/advisories/ZDI-26-166/ - - https://access.redhat.com/errata/RHSA-2026:19024 - - https://access.redhat.com/errata/RHSA-2026:19180 + - https://nvd.nist.gov/vuln/detail/CVE-2022-37773 + - https://github.com/frame84/vulns/blob/main/MaarchRM/CVE-2022-37773/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3084-CANDIDATE - cve_id: CVE-2026-3084 - name: Candidate detection for CVE-2026-3084 - severity: high - cvss: 7.8 + id: CVE-2022-37774-CANDIDATE + cve_id: CVE-2022-37774 + name: Candidate detection for CVE-2022-37774 + severity: medium + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution - Vulnerability. This vulnerability allows remote attackers to execute arbitrary - code on affected installations of GStreamer. Interaction with this library is - required to exploit this vulnerability but attack vectors may vary depending on - the implementation. - - - The specific flaw exists within the parsing of picture partitions. The issue results - from the lack of proper validation of user-supplied data, which can result in - an integer underflow before writing to memory. An attacker can leverage this vulnerability - to execute code in the context of the current process. Was ZDI-CAN-28910.' + description: There is a broken access control vulnerability in the Maarch RM 2.8.3 + solution. When accessing some specific document (pdf, email) from an archive, + a preview is proposed by the application. This preview generates a URL including + an md5 hash of the file accessed. The document's URL (https://{url}/tmp/{MD5 hash + of the document}) is then accessible without authentication. detection: payload: null verify: null @@ -18812,36 +15849,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3084 - - https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/496e4f296e658fba7fd40027d3bbe6095633ec91 - - https://www.zerodayinitiative.com/advisories/ZDI-26-169/ - - https://access.redhat.com/security/cve/CVE-2026-3084 - - https://bugzilla.redhat.com/show_bug.cgi?id=2447483 + - https://nvd.nist.gov/vuln/detail/CVE-2022-37774 + - https://github.com/frame84/vulns/blob/main/MaarchRM/CVE-2022-37774/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3085-CANDIDATE - cve_id: CVE-2026-3085 - name: Candidate detection for CVE-2026-3085 - severity: high - cvss: 8.8 + id: CVE-2022-35500-CANDIDATE + cve_id: CVE-2022-35500 + name: Candidate detection for CVE-2022-35500 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution - Vulnerability. This vulnerability allows remote attackers to execute arbitrary - code on affected installations of GStreamer. Interaction with this library is - required to exploit this vulnerability but attack vectors may vary depending on - the implementation. - - - The specific flaw exists within the processing of X-QDM RTP payloads. The issue - results from the lack of proper validation of the length of user-supplied data - prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability - to execute code in the context of the current process. Was ZDI-CAN-28851.' + description: Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via + leave comment functionality. detection: payload: null verify: null @@ -18849,36 +15874,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3085 - - https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/d60a94dee3c0a0942c9981491bf83e0de1900fbf - - https://www.zerodayinitiative.com/advisories/ZDI-26-167/ - - https://access.redhat.com/errata/RHSA-2026:19024 - - https://access.redhat.com/errata/RHSA-2026:19180 + - https://nvd.nist.gov/vuln/detail/CVE-2022-35500 + - https://github.com/afine-com/CVE-2022-35500 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3086-CANDIDATE - cve_id: CVE-2026-3086 - name: Candidate detection for CVE-2026-3086 + id: CVE-2022-37772-CANDIDATE + cve_id: CVE-2022-37772 + name: Candidate detection for CVE-2022-37772 severity: high - cvss: 7.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution - Vulnerability. This vulnerability allows remote attackers to execute arbitrary - code on affected installations of GStreamer. Interaction with this library is - required to exploit this vulnerability but attack vectors may vary depending on - the implementation. - - - The specific flaw exists within the processing of APS units. The issue results - from the lack of proper validation of user-supplied data, which can result in - a write past the end of an allocated buffer. An attacker can leverage this vulnerability - to execute code in the context of the current process. Was ZDI-CAN-28911.' + description: Maarch RM 2.8.3 solution contains an improper restriction of excessive + authentication attempts due to excessive verbose responses from the application. + An unauthenticated remote attacker could potentially exploit this vulnerability, + leading to compromised accounts. detection: payload: null verify: null @@ -18886,32 +15901,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3086 - - https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/025d59cf3459c2903f0384b6b94bc3235e177b53 - - https://www.zerodayinitiative.com/advisories/ZDI-26-170/ - - https://access.redhat.com/security/cve/CVE-2026-3086 - - https://bugzilla.redhat.com/show_bug.cgi?id=2447493 + - https://nvd.nist.gov/vuln/detail/CVE-2022-37772 + - https://github.com/frame84/vulns/blob/main/MaarchRM/CVE-2022-37772/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3227-CANDIDATE - cve_id: CVE-2026-3227 - name: Candidate detection for CVE-2026-3227 + id: CVE-2022-35501-CANDIDATE + cve_id: CVE-2022-35501 + name: Candidate detection for CVE-2022-35501 severity: medium - cvss: 6.8 + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A command injection vulnerability was identified in TP-Link TL-WR802N\ - \ v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special\ - \ elements used in an OS command. In the router configuration import function\ - \ allows an authenticated attacker to upload a crafted configuration file that\ - \ results in execution of OS commands with root privileges during port-trigger\ - \ processing. \nSuccessful exploitation allows an authenticated attacker to execute\ - \ system commands with root privileges, leading to full device compromise." + description: Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 + and 2.10.4 plugin for Magento 2 because of the duplicate post function. detection: payload: null verify: null @@ -18919,30 +15926,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3227 - - https://www.tp-link.com/en/support/download/tl-wr802n/v4/#Firmware - - https://www.tp-link.com/en/support/download/tl-wr840n/v6/#Firmware - - https://www.tp-link.com/en/support/download/tl-wr841n/v14/#Firmware - - https://www.tp-link.com/us/support/download/tl-wr802n/v4/#Firmware + - https://nvd.nist.gov/vuln/detail/CVE-2022-35501 + - https://github.com/afine-com/CVE-2022-35501 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3441-CANDIDATE - cve_id: CVE-2026-3441 - name: Candidate detection for CVE-2026-3441 - severity: medium - cvss: 6.1 + id: CVE-2022-37720-CANDIDATE + cve_id: CVE-2022-37720 + name: Candidate detection for CVE-2022-37720 + severity: critical + cvss: 9.0 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, - specifically an out-of-bounds read in the bfd linker, allows an attacker to gain - access to sensitive information. By convincing a user to process a specially crafted - XCOFF object file, an attacker can trigger this flaw, potentially leading to information - disclosure or an application level denial of service. + description: Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting + (XSS). When a low privileged user such as an author or publisher, injects a crafted + html and javascript payload in a blog post, leading to full admin account takeover + or privilege escalation when the malicious blog post is loaded in the victim's + browser. detection: payload: null verify: null @@ -18950,30 +15954,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3441 - - https://access.redhat.com/errata/RHSA-2026:33527 - - https://access.redhat.com/security/cve/CVE-2026-3441 - - https://bugzilla.redhat.com/show_bug.cgi?id=2443826 + - https://nvd.nist.gov/vuln/detail/CVE-2022-37720 + - https://labs.integrity.pt/advisories/cve-2022-37720/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3442-CANDIDATE - cve_id: CVE-2026-3442 - name: Candidate detection for CVE-2026-3442 - severity: medium - cvss: 6.1 + id: CVE-2022-37721-CANDIDATE + cve_id: CVE-2022-37721 + name: Candidate detection for CVE-2022-37721 + severity: critical + cvss: 9.0 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in GNU Binutils. This vulnerability, a heap-based - buffer overflow, specifically an out-of-bounds read, exists in the bfd linker - component. An attacker could exploit this by convincing a user to process a specially - crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure - of sensitive information or cause the application to crash, resulting in an application - level denial of service. + description: PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when + a low privileged user such as an author, injects a crafted html and javascript + payload in a blog post, leading to full admin account takeover or privilege escalation. detection: payload: null verify: null @@ -18981,34 +15980,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3442 - - https://access.redhat.com/errata/RHSA-2026:33527 - - https://access.redhat.com/security/cve/CVE-2026-3442 - - https://bugzilla.redhat.com/show_bug.cgi?id=2443828 + - https://nvd.nist.gov/vuln/detail/CVE-2022-37721 + - https://labs.integrity.pt/advisories/cve-2022-37721/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27962-CANDIDATE - cve_id: CVE-2026-27962 - name: Candidate detection for CVE-2026-27962 - severity: critical - cvss: 9.1 + id: CVE-2022-45205-CANDIDATE + cve_id: CVE-2022-45205 + name: Candidate detection for CVE-2022-45205 + severity: medium + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Authlib is a Python library which builds OAuth and OpenID Connect\ - \ servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's\ - \ JWS implementation allows an unauthenticated attacker to forge arbitrary JWT\ - \ tokens that pass signature verification. When key=None is passed to any JWS\ - \ deserialization function, the library extracts and uses the cryptographic key\ - \ embedded in the attacker-controlled JWT jwk header field. An attacker can sign\ - \ a token with their own private key, embed the matching public key in the header,\ - \ and have the server accept the forged token as cryptographically valid \u2014\ - \ bypassing authentication and authorization entirely. This issue has been patched\ - \ in version 1.6.9." + description: Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability + via the component /sys/dict/queryTableData. detection: payload: null verify: null @@ -19016,36 +16005,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27962 - - https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681 - - https://github.com/authlib/authlib/releases/tag/v1.6.9 - - https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5 - - https://access.redhat.com/errata/RHSA-2026:19375 + - https://nvd.nist.gov/vuln/detail/CVE-2022-45205 + - https://github.com/jeecgboot/jeecg-boot/issues/4128 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28498-CANDIDATE - cve_id: CVE-2026-28498 - name: Candidate detection for CVE-2026-28498 - severity: high - cvss: 7.5 + id: CVE-2022-45206-CANDIDATE + cve_id: CVE-2022-45206 + name: Candidate detection for CVE-2022-45206 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Authlib is a Python library which builds OAuth and OpenID Connect servers. - Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib - Python library concerning the validation of OpenID Connect (OIDC) ID Tokens. Specifically, - the internal hash verification logic (_verify_hash) responsible for validating - the at_hash (Access Token Hash) and c_hash (Authorization Code Hash) claims exhibits - a fail-open behavior when encountering an unsupported or unknown cryptographic - algorithm. This flaw allows an attacker to bypass mandatory integrity protections - by supplying a forged ID Token with a deliberately unrecognized alg header parameter. - The library intercepts the unsupported state and silently returns True (validation - passed), inherently violating fundamental cryptographic design principles and - direct OIDC specifications. This issue has been patched in version 1.6.9. + description: Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability + via the component /sys/duplicate/check. detection: payload: null verify: null @@ -19053,29 +16030,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28498 - - https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b - - https://github.com/authlib/authlib/releases/tag/v1.6.9 - - https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j - - https://access.redhat.com/errata/RHSA-2026:6309 + - https://nvd.nist.gov/vuln/detail/CVE-2022-45206 + - https://github.com/jeecgboot/jeecg-boot/issues/4129 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3644-CANDIDATE - cve_id: CVE-2026-3644 - name: Candidate detection for CVE-2026-3644 - severity: high - cvss: 7.5 + id: CVE-2022-45207-CANDIDATE + cve_id: CVE-2022-45207 + name: Candidate detection for CVE-2022-45207 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, - was incomplete. The Morsel.update(), |= operator, and unpickling paths were not - patched, allowing control characters to bypass input validation. Additionally, - BaseCookie.js_output() lacked the output validation applied to BaseCookie.output(). + description: Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability + via the component updateNullByEmptyString. detection: payload: null verify: null @@ -19083,30 +16055,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3644 - - https://github.com/python/cpython/commit/556aa098e738b127c714866f819b4abe2f7593d8 - - https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4 - - https://github.com/python/cpython/commit/62ceb396fcbe69da1ded3702de586f4072b590dd - - https://github.com/python/cpython/commit/d16ecc6c3626f0e2cc8f08c309c83934e8a979dd + - https://nvd.nist.gov/vuln/detail/CVE-2022-45207 + - https://github.com/jeecgboot/jeecg-boot/issues/4127 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-69196-CANDIDATE - cve_id: CVE-2025-69196 - name: Candidate detection for CVE-2025-69196 + id: CVE-2022-45208-CANDIDATE + cve_id: CVE-2022-45208 + name: Candidate detection for CVE-2022-45208 severity: medium - cvss: 6.5 + cvss: 4.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: FastMCP is the standard framework for building MCP applications. Prior - to version 2.14.2, the server does not properly respect the resource parameter - submitted by the client in the authorization and token request. Instead of issuing - the token explicitly for the MCP server, the token is issued for the base_url - passed to the OAuthProxy during initialization. This issue has been patched 2.14.2. + description: Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability + via the component /sys/user/putRecycleBin. detection: payload: null verify: null @@ -19114,40 +16080,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-69196 - - https://github.com/PrefectHQ/fastmcp/security/advisories/GHSA-5h2m-4q8j-pqpj - - https://access.redhat.com/security/cve/CVE-2025-69196 - - https://bugzilla.redhat.com/show_bug.cgi?id=2448179 - - https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69196.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-45208 + - https://github.com/jeecgboot/jeecg-boot/issues/4126 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4177-CANDIDATE - cve_id: CVE-2026-4177 - name: Candidate detection for CVE-2026-4177 - severity: critical - cvss: 9.1 + id: CVE-2022-45210-CANDIDATE + cve_id: CVE-2022-45210 + name: Candidate detection for CVE-2022-45210 + severity: medium + cvss: 4.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'YAML::Syck versions through 1.36 for Perl has several potential security - vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. - - - The heap overflow occurs when class names exceed the initial 512-byte allocation. - - - The base64 decoder could read past the buffer end on trailing newlines. - - - strtok mutated n->type_id in place, corrupting shared node data. - - - A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. - The incoming anchor string ''a'' was leaked on early return.' + description: Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability + via the component /sys/user/deleteRecycleBin. detection: payload: null verify: null @@ -19155,30 +16105,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4177 - - https://github.com/cpan-authors/YAML-Syck/commit/e8844a31c8cf0052914b198fc784ed4e6b8ae69e.patch - - https://metacpan.org/release/TODDR/YAML-Syck-1.37_01/changes#L21 - - https://access.redhat.com/errata/RHSA-2026:6470 - - https://access.redhat.com/errata/RHSA-2026:8311 + - https://nvd.nist.gov/vuln/detail/CVE-2022-45210 + - https://github.com/jeecgboot/jeecg-boot/issues/4125 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32981-CANDIDATE - cve_id: CVE-2026-32981 - name: Candidate detection for CVE-2026-32981 + id: CVE-2022-31877-CANDIDATE + cve_id: CVE-2022-31877 + name: Candidate detection for CVE-2022-31877 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A path traversal vulnerability was identified in Ray Dashboard (default - port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization - of user-supplied paths in the static file handling mechanism, an attacker can - use traversal sequences (e.g., ../) to access files outside the intended static - directory, resulting in local file disclosure. + description: An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 + allows attackers to escalate privileges via a crafted TCP packet. detection: payload: null verify: null @@ -19186,18 +16130,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32981 - - https://github.com/ray-project/ray - - https://packetstorm.news/files/id/215801/ - - https://www.vulncheck.com/advisories/ray-dashboard-path-traversal-leading-to-local-file-disclosure - - https://access.redhat.com/errata/RHSA-2026:19712 + - https://nvd.nist.gov/vuln/detail/CVE-2022-31877 + - https://patsch.dev/2022/07/08/cve-2022-31877-privilege-escalation-in-msi-centers-msi-terminalserver-exe/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27459-CANDIDATE - cve_id: CVE-2026-27459 - name: Candidate detection for CVE-2026-27459 + id: CVE-2022-44290-CANDIDATE + cve_id: CVE-2022-44290 + name: Candidate detection for CVE-2022-44290 severity: critical cvss: 9.8 risk_level: unknown @@ -19205,11 +16146,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: pyOpenSSL is a Python wrapper around the OpenSSL library. Starting - in version 22.0.0 and prior to version 26.0.0, if a user provided callback to - `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, - pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, - cookie values that are too long are now rejected. + description: webTareas 2.4p5 was discovered to contain a SQL injection vulnerability + via the id parameter in deleteapprovalstages.php. detection: payload: null verify: null @@ -19217,36 +16155,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27459 - - https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst - - https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408 - - https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4 - - https://access.redhat.com/errata/RHSA-2026:10754 + - https://nvd.nist.gov/vuln/detail/CVE-2022-44290 + - https://github.com/anhdq201/webtareas/issues/2 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28500-CANDIDATE - cve_id: CVE-2026-28500 - name: Candidate detection for CVE-2026-28500 - severity: high - cvss: 8.6 + id: CVE-2022-44291-CANDIDATE + cve_id: CVE-2022-44291 + name: Candidate detection for CVE-2022-44291 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Open Neural Network Exchange (ONNX) is an open standard for machine - learning interoperability. In versions up to and including 1.20.1, a security - control bypass exists in onnx.hub.load() due to improper logic in the repository - trust verification mechanism. While the function is designed to warn users when - loading models from non-official sources, the use of the silent=True parameter - completely suppresses all security warnings and confirmation prompts. This vulnerability - transforms a standard model-loading function into a vector for Zero-Interaction - Supply-Chain Attacks. When chained with file-system vulnerabilities, an attacker - can silently exfiltrate sensitive files (SSH keys, cloud credentials) from the - victim's machine the moment the model is loaded. As of time of publication, no - known patched versions are available. + description: webTareas 2.4p5 was discovered to contain a SQL injection vulnerability + via the id parameter in phasesets.php. detection: payload: null verify: null @@ -19254,31 +16180,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28500 - - https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-28500.md - - https://github.com/onnx/onnx/security/advisories/GHSA-hqmj-h5c6-369m - - https://access.redhat.com/errata/RHSA-2026:24977 - - https://access.redhat.com/security/cve/CVE-2026-28500 + - https://nvd.nist.gov/vuln/detail/CVE-2022-44291 + - https://github.com/anhdq201/webtareas/issues/1 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2092-CANDIDATE - cve_id: CVE-2026-2092 - name: Candidate detection for CVE-2026-2092 - severity: high - cvss: 7.7 + id: CVE-2022-44944-CANDIDATE + cve_id: CVE-2022-44944 + name: Candidate detection for CVE-2022-44944 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Keycloak. Keycloak's Security Assertion Markup - Language (SAML) broker endpoint does not properly validate encrypted assertions - when the overall SAML response is not signed. An attacker with a valid signed - SAML assertion can exploit this by crafting a malicious SAML response. This allows - the attacker to inject an encrypted assertion for an arbitrary principal, leading - to unauthorized access and potential information disclosure. + description: Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting + (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. + This vulnerability allows attackers to execute arbitrary web scripts or HTML via + a crafted payload injected into the Title field. detection: payload: null verify: null @@ -19286,30 +16207,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2092 - - https://access.redhat.com/errata/RHSA-2026:3925 - - https://access.redhat.com/errata/RHSA-2026:3926 - - https://access.redhat.com/errata/RHSA-2026:3947 - - https://access.redhat.com/errata/RHSA-2026:3948 + - https://nvd.nist.gov/vuln/detail/CVE-2022-44944 + - https://github.com/anhdq201/rukovoditel/issues/14 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2603-CANDIDATE - cve_id: CVE-2026-2603 - name: Candidate detection for CVE-2026-2603 - severity: high - cvss: 8.1 + id: CVE-2022-44945-CANDIDATE + cve_id: CVE-2022-44945 + name: Candidate detection for CVE-2022-44945 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Keycloak. A remote attacker could bypass security - controls by sending a valid SAML response from an external Identity Provider (IdP) - to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the - attacker to complete broker logins even when the SAML Identity Provider is disabled, - leading to unauthorized authentication. + description: Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability + via the heading_field_id parameter. detection: payload: null verify: null @@ -19317,33 +16232,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2603 - - https://access.redhat.com/errata/RHSA-2026:3925 - - https://access.redhat.com/errata/RHSA-2026:3926 - - https://access.redhat.com/errata/RHSA-2026:3947 - - https://access.redhat.com/errata/RHSA-2026:3948 + - https://nvd.nist.gov/vuln/detail/CVE-2022-44945 + - https://github.com/anhdq201/rukovoditel/issues/16 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-31898-CANDIDATE - cve_id: CVE-2026-31898 - name: Candidate detection for CVE-2026-31898 - severity: high - cvss: 8.1 + id: CVE-2022-44946-CANDIDATE + cve_id: CVE-2022-44946 + name: Candidate detection for CVE-2022-44946 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'jsPDF is a library to generate PDFs in JavaScript. Prior to version - 4.2.1, user control of arguments of the `createAnnotation` method allows users - to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility - to pass unsanitized input to the following method, a user can inject arbitrary - PDF objects, such as JavaScript actions, which might trigger when the PDF is opened - or interacted with the `createAnnotation`: `color` parameter. The vulnerability - has been fixed in jsPDF@4.2.1. As a workaround, sanitize user input before passing - it to the vulnerable API members.' + description: Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting + (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. + This vulnerability allows attackers to execute arbitrary web scripts or HTML via + a crafted payload injected into the Title field. detection: payload: null verify: null @@ -19351,36 +16259,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-31898 - - https://github.com/parallax/jsPDF/blob/b1607a9391d4cd65ea7ade25998aea8345ae1be3/src/modules/annotations.js#L193-L208 - - https://github.com/parallax/jsPDF/commit/4155c4819d5eca284168e51e0e1e81126b4f14b8 - - https://github.com/parallax/jsPDF/releases/tag/v4.2.1 - - https://github.com/parallax/jsPDF/security/advisories/GHSA-7x6v-j9x4-qf24 + - https://nvd.nist.gov/vuln/detail/CVE-2022-44946 + - https://github.com/anhdq201/rukovoditel/issues/15 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-31938-CANDIDATE - cve_id: CVE-2026-31938 - name: Candidate detection for CVE-2026-31938 - severity: critical - cvss: 9.6 + id: CVE-2022-44947-CANDIDATE + cve_id: CVE-2022-44947 + name: Candidate detection for CVE-2022-44947 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'jsPDF is a library to generate PDFs in JavaScript. Prior to version - 4.2.1, user control of the `options` argument of the `output` function allows - attackers to inject arbitrary HTML (such as scripts) into the browser context - the created PDF is opened in. The vulnerability can be exploited in the following - scenario: the attacker provides values for the output options, for example via - a web interface. These values are then passed unsanitized (automatically or semi-automatically) - to the attack victim. The victim creates and opens a PDF with the attack vector - using one of the vulnerable method overloads inside their browser. The attacker - can thus inject scripts that run in the victims browser context and can extract - or modify secrets from this context. The vulnerability has been fixed in jspdf@4.2.1. - As a workaround, sanitize user input before passing it to the output method.' + description: Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting + (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. + This vulnerability allows attackers to execute arbitrary web scripts or HTML via + a crafted payload injected into the Note field after clicking "Add". detection: payload: null verify: null @@ -19388,32 +16286,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-31938 - - https://github.com/parallax/jsPDF/commit/87a40bbd07e6b30575196370670b41f264aa78d7 - - https://github.com/parallax/jsPDF/releases/tag/v4.2.1 - - https://github.com/parallax/jsPDF/security/advisories/GHSA-wfv2-pwc8-crg5 - - https://access.redhat.com/errata/RHSA-2026:7110 + - https://nvd.nist.gov/vuln/detail/CVE-2022-44947 + - https://github.com/anhdq201/rukovoditel/issues/13 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33001-CANDIDATE - cve_id: CVE-2026-33001 - name: Candidate detection for CVE-2026-33001 - severity: high - cvss: 8.8 + id: CVE-2022-44948-CANDIDATE + cve_id: CVE-2022-44948 + name: Candidate detection for CVE-2022-44948 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely - handle symbolic links during the extraction of .tar and .tar.gz archives, allowing - crafted archives to write files to arbitrary locations on the filesystem, restricted - only by file system access permissions of the user running Jenkins. - - This can be exploited to deploy malicious scripts or plugins on the controller - by attackers with Item/Configure permission, or able to control agent processes.' + description: Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting + (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. + This vulnerability allows attackers to execute arbitrary web scripts or HTML via + a crafted payload injected into the Name field after clicking "Add". detection: payload: null verify: null @@ -19421,28 +16313,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33001 - - https://www.jenkins.io/security/advisory/2026-03-18/#SECURITY-3657 - - https://access.redhat.com/errata/RHSA-2026:10199 - - https://access.redhat.com/errata/RHSA-2026:10201 - - https://access.redhat.com/errata/RHSA-2026:10204 + - https://nvd.nist.gov/vuln/detail/CVE-2022-44948 + - https://github.com/anhdq201/rukovoditel/issues/8 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-26740-CANDIDATE - cve_id: CVE-2026-26740 - name: Candidate detection for CVE-2026-26740 - severity: high - cvss: 8.2 + id: CVE-2022-44949-CANDIDATE + cve_id: CVE-2022-44949 + name: Candidate detection for CVE-2022-44949 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker - to cause a denial of service via the EGifGCBToExtension overwriting an existing - Graphic Control Extension block without validating its allocated size. + description: Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting + (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. + This vulnerability allows attackers to execute arbitrary web scripts or HTML via + a crafted payload injected into the Short Name field. detection: payload: null verify: null @@ -19450,34 +16340,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-26740 - - https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md - - https://access.redhat.com/errata/RHSA-2026:33452 - - https://access.redhat.com/errata/RHSA-2026:33455 - - https://access.redhat.com/errata/RHSA-2026:33456 + - https://nvd.nist.gov/vuln/detail/CVE-2022-44949 + - https://github.com/anhdq201/rukovoditel/issues/12 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27135-CANDIDATE - cve_id: CVE-2026-27135 - name: Candidate detection for CVE-2026-27135 - severity: high - cvss: 7.5 + id: CVE-2022-44950-CANDIDATE + cve_id: CVE-2022-44950 + name: Candidate detection for CVE-2022-44950 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: nghttp2 is an implementation of the Hypertext Transfer Protocol version - 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming - data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` - is called by the application. They might be called internally by the library when - it detects the situation that is subject to connection error. Due to the missing - internal state validation, the library keeps reading the rest of the data after - one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR - causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid - assertion failure. No known workarounds are available. + description: Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting + (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. + This vulnerability allows attackers to execute arbitrary web scripts or HTML via + a crafted payload injected into the Name field. detection: payload: null verify: null @@ -19485,32 +16367,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27135 - - https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 - - https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 - - https://lists.debian.org/debian-lts-announce/2026/05/msg00025.html - - https://access.redhat.com/errata/RHSA-2026:10065 + - https://nvd.nist.gov/vuln/detail/CVE-2022-44950 + - https://github.com/anhdq201/rukovoditel/issues/10 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-15031-CANDIDATE - cve_id: CVE-2025-15031 - name: Candidate detection for CVE-2025-15031 - severity: critical - cvss: 9.1 + id: CVE-2022-44951-CANDIDATE + cve_id: CVE-2022-44951 + name: Candidate detection for CVE-2022-44951 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability in MLflow's pyfunc extraction process allows for arbitrary - file writes due to improper handling of tar archive entries. Specifically, the - use of `tarfile.extractall` without path validation enables crafted tar.gz files - containing `..` or absolute paths to escape the intended extraction directory. - This issue affects the latest version of MLflow and poses a high/critical risk - in scenarios involving multi-tenant environments or ingestion of untrusted artifacts, - as it can lead to arbitrary file overwrites and potential remote code execution. + description: Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting + (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. + This vulnerability allows attackers to execute arbitrary web scripts or HTML via + a crafted payload injected into the Name field. detection: payload: null verify: null @@ -19518,35 +16394,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-15031 - - https://huntr.com/bounties/09856f77-f968-446f-a930-657d126efe4e - - https://access.redhat.com/security/cve/CVE-2025-15031 - - https://bugzilla.redhat.com/show_bug.cgi?id=2448912 - - https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15031.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-44951 + - https://github.com/anhdq201/rukovoditel/issues/11 generated_from: - nvd - status: candidate executable: false - id: CVE-2006-10003-CANDIDATE - cve_id: CVE-2006-10003 - name: Candidate detection for CVE-2006-10003 - severity: critical - cvss: 9.8 + id: CVE-2022-44952-CANDIDATE + cve_id: CVE-2022-44952 + name: Candidate detection for CVE-2022-44952 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'XML::Parser versions through 2.47 for Perl has an off-by-one heap - buffer overflow in st_serial_stack. - - - In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then - the new value will be written at location (++stackptr), which equals stacksize - and therefore falls just outside the allocated buffer. - - - The bug can be observed when parsing an XML file with very deep element nesting' + description: Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting + (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability + allows attackers to execute arbitrary web scripts or HTML via a crafted payload + injected into the Copyright Text field after clicking "Add". detection: payload: null verify: null @@ -19554,31 +16421,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2006-10003 - - https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch - - https://github.com/cpan-authors/XML-Parser/issues/39 - - https://rt.cpan.org/Ticket/Display.html?id=19860 - - https://lists.debian.org/debian-lts-announce/2026/04/msg00002.html + - https://nvd.nist.gov/vuln/detail/CVE-2022-44952 + - https://github.com/anhdq201/rukovoditel/issues/9 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4424-CANDIDATE - cve_id: CVE-2026-4424 - name: Candidate detection for CVE-2026-4424 - severity: high - cvss: 7.5 + id: CVE-2022-44953-CANDIDATE + cve_id: CVE-2022-44953 + name: Candidate detection for CVE-2022-44953 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libarchive. This heap out-of-bounds read vulnerability - exists in the RAR archive processing logic due to improper validation of the LZSS - sliding window size after transitions between compression methods. A remote attacker - can exploit this by providing a specially crafted RAR archive, leading to the - disclosure of sensitive heap memory information without requiring authentication - or user interaction. + description: webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) + vulnerability in the component /linkedcontent/listfiles.php. This vulnerability + allows attackers to execute arbitrary web scripts or HTML via a crafted payload + injected into the Name field after clicking "Add". detection: payload: null verify: null @@ -19586,27 +16448,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4424 - - https://access.redhat.com/errata/RHSA-2026:10065 - - https://access.redhat.com/errata/RHSA-2026:10097 - - https://access.redhat.com/errata/RHSA-2026:11768 - - https://access.redhat.com/errata/RHSA-2026:12071 + - https://nvd.nist.gov/vuln/detail/CVE-2022-44953 + - https://github.com/anhdq201/webtareas/issues/8 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3029-CANDIDATE - cve_id: CVE-2026-3029 - name: Candidate detection for CVE-2026-3029 - severity: high - cvss: 7.5 + id: CVE-2022-44954-CANDIDATE + cve_id: CVE-2022-44954 + name: Candidate detection for CVE-2022-44954 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A path traversal and arbitrary file write vulnerability exist in the - embedded get function in '_main_.py' in PyMuPDF version, 1.26.5. + description: webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) + vulnerability in the component /contacts/listcontacts.php. This vulnerability + allows attackers to execute arbitrary web scripts or HTML via a crafted payload + injected into the Last Name field after clicking "Add". detection: payload: null verify: null @@ -19614,34 +16475,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3029 - - https://www.kb.cert.org/vuls/id/504749 - - https://access.redhat.com/security/cve/CVE-2026-3029 - - https://bugzilla.redhat.com/show_bug.cgi?id=2449054 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3029.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-44954 + - https://github.com/anhdq201/webtareas/issues/10 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32829-CANDIDATE - cve_id: CVE-2026-32829 - name: Candidate detection for CVE-2026-32829 - severity: high - cvss: 7.5 + id: CVE-2022-44955-CANDIDATE + cve_id: CVE-2022-44955 + name: Candidate detection for CVE-2022-44955 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: lz4_flex is a pure Rust implementation of LZ4 compression/decompression. - In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can - leak sensitive information from uninitialized memory or from previous decompression - operations. The library fails to properly validate offset values during LZ4 "match - copy operations," allowing out-of-bounds reads from the output buffer. The block-based - API functions (`decompress_into`, `decompress_into_with_dict`, and others when - `safe-decode` is disabled) are affected, while all frame APIs are unaffected. - The impact is potential exposure of sensitive data and secrets through crafted - or malformed LZ4 input. This issue has been fixed in versions 0.11.6 and 0.12.1. + description: webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) + vulnerability in the Chat function. This vulnerability allows attackers to execute + arbitrary web scripts or HTML via a crafted payload injected into the Messages + field. detection: payload: null verify: null @@ -19649,35 +16502,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32829 - - https://github.com/PSeitz/lz4_flex/commit/055502ee5d297ecd6bf448ac91c055c7f6df9b6d - - https://github.com/PSeitz/lz4_flex/security/advisories/GHSA-vvp9-7p8x-rfvv - - https://rustsec.org/advisories/RUSTSEC-2026-0041.html - - https://access.redhat.com/errata/RHSA-2026:11800 + - https://nvd.nist.gov/vuln/detail/CVE-2022-44955 + - https://github.com/anhdq201/webtareas/issues/5 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32874-CANDIDATE - cve_id: CVE-2026-32874 - name: Candidate detection for CVE-2026-32874 - severity: high - cvss: 7.5 + id: CVE-2022-44956-CANDIDATE + cve_id: CVE-2022-44956 + name: Candidate detection for CVE-2022-44956 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: UltraJSON is a fast JSON encoder and decoder written in pure C with - bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating - memory leak in JSON parsing large (outside of the range [-2^63, 2^64 - 1]) integers. - The leaked memory is a copy of the string form of the integer plus an additional - NULL byte. The leak occurs irrespective of whether the integer parses successfully - or is rejected due to having more than sys.get_int_max_str_digits() digits, meaning - that any sized leak per malicious JSON can be achieved provided that there is - no limit on the overall size of the payload. Any service that calls ujson.load()/ujson.loads()/ujson.decode() - on untrusted inputs is affected and vulnerable to denial of service attacks. This - issue has been fixed in version 5.12.0. + description: webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) + vulnerability in the component /projects/listprojects.php. This vulnerability + allows attackers to execute arbitrary web scripts or HTML via a crafted payload + injected into the Name field. detection: payload: null verify: null @@ -19685,40 +16529,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32874 - - https://github.com/ultrajson/ultrajson/commit/4baeb950df780092bd3c89fc702a868e99a3a1d2 - - https://github.com/ultrajson/ultrajson/releases/tag/5.12.0 - - https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wgvc-ghv9-3pmm - - https://access.redhat.com/security/cve/CVE-2026-32874 + - https://nvd.nist.gov/vuln/detail/CVE-2022-44956 + - https://github.com/anhdq201/webtareas/issues/3 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32875-CANDIDATE - cve_id: CVE-2026-32875 - name: Candidate detection for CVE-2026-32875 - severity: high - cvss: 7.5 + id: CVE-2022-44957-CANDIDATE + cve_id: CVE-2022-44957 + name: Candidate detection for CVE-2022-44957 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: UltraJSON is a fast JSON encoder and decoder written in pure C with - bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer - overflow or infinite loop through large indent handling. ujson.dumps() crashes - the Python interpreter (segmentation fault) when the product of the indent parameter - and the nested depth of the input exceeds INT32_MAX. It can also get stuck in - an infinite loop if the indent is a large negative number. Both are caused by - an integer overflow/underflow whilst calculating how much memory to reserve for - indentation. And both can be used to achieve denial of service. To be vulnerable, - a service must call ujson.dump()/ujson.dumps()/ujson.encode() whilst giving untrusted - users control over the indent parameter and not restrict that indentation to reasonably - small non-negative values. A service may also be vulnerable to the infinite loop - if it uses a fixed negative indent. An underflow always occurs for any negative - indent when the input data is at least one level nested but, for small negative - indents, the underflow is usually accidentally rectified by another overflow. - This issue has been fixed in version 5.12.0. + description: webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) + vulnerability in the component /clients/listclients.php. This vulnerability allows + attackers to execute arbitrary web scripts or HTML via a crafted payload injected + into the Name field. detection: payload: null verify: null @@ -19726,34 +16556,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32875 - - https://github.com/ultrajson/ultrajson/commit/486bd4553dc471a1de11613bc7347a6b318e37ea - - https://github.com/ultrajson/ultrajson/issues/700 - - https://github.com/ultrajson/ultrajson/security/advisories/GHSA-c8rr-9gxc-jprv - - https://access.redhat.com/security/cve/CVE-2026-32875 + - https://nvd.nist.gov/vuln/detail/CVE-2022-44957 + - https://github.com/anhdq201/webtareas/issues/11 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32305-CANDIDATE - cve_id: CVE-2026-32305 - name: Candidate detection for CVE-2026-32305 + id: CVE-2022-44959-CANDIDATE + cve_id: CVE-2022-44959 + name: Candidate detection for CVE-2022-44959 severity: medium - cvss: 5.3 + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 - and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass - through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. - When a TLS ClientHello is fragmented across multiple records, Traefik's SNI extraction - may fail with an EOF and return an empty SNI. The TCP router then falls back to - the default TLS configuration, which does not require client certificates by default. - This allows an attacker to bypass route-level mTLS enforcement and access services - that should require mutual TLS authentication. This issue is patched in versions - 2.11.41, 3.6.11 and 3.7.0-ea.2. + description: webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) + vulnerability in the component /meetings/listmeetings.php. This vulnerability + allows attackers to execute arbitrary web scripts or HTML via a crafted payload + injected into the Name field. detection: payload: null verify: null @@ -19761,29 +16583,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32305 - - https://github.com/traefik/traefik/releases/tag/v2.11.41 - - https://github.com/traefik/traefik/releases/tag/v3.6.11 - - https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.2 - - https://github.com/traefik/traefik/security/advisories/GHSA-wvvq-wgcr-9q48 + - https://nvd.nist.gov/vuln/detail/CVE-2022-44959 + - https://github.com/anhdq201/webtareas/issues/6 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4519-CANDIDATE - cve_id: CVE-2026-4519 - name: Candidate detection for CVE-2026-4519 - severity: low - cvss: 3.3 + id: CVE-2022-44960-CANDIDATE + cve_id: CVE-2022-44960 + name: Candidate detection for CVE-2022-44960 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "The webbrowser.open() API would accept leading dashes in the URL which\ - \ \ncould be handled as command line options for certain web browsers. New \n\ - behavior rejects leading dashes. Users are recommended to sanitize URLs \nprior\ - \ to passing to webbrowser.open()." + description: webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) + vulnerability in the component /general/search.php?searchtype=simple. This vulnerability + allows attackers to execute arbitrary web scripts or HTML via a crafted payload + injected into the Search field. detection: payload: null verify: null @@ -19791,34 +16610,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4519 - - https://github.com/python/cpython/commit/3681d47a440865aead912a054d4599087b4270dd - - https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866 - - https://github.com/python/cpython/commit/591ed890270c5697b013bf637029fb3e6cd2d73e - - https://github.com/python/cpython/commit/594b5a05dc9913880ac92eded440defbf32a28d1 + - https://nvd.nist.gov/vuln/detail/CVE-2022-44960 + - https://github.com/anhdq201/webtareas/issues/4 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33150-CANDIDATE - cve_id: CVE-2026-33150 - name: Candidate detection for CVE-2026-33150 - severity: high - cvss: 7.8 + id: CVE-2022-44961-CANDIDATE + cve_id: CVE-2022-44961 + name: Candidate detection for CVE-2022-44961 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: libfuse is the reference implementation of the Linux FUSE. From version - 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring - subsystem of libfuse allows a local attacker to crash FUSE filesystem processes - and potentially execute arbitrary code. When io_uring thread creation fails due - to resource exhaustion (e.g., cgroup pids.max), fuse_uring_start() frees the ring - pool structure but stores the dangling pointer in the session state, leading to - a use-after-free when the session shuts down. The trigger is reliable in containerized - environments where cgroup pids.max limits naturally constrain thread creation. - This issue has been patched in version 3.18.2. + description: webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) + vulnerability in the component /forums/editforum.php. This vulnerability allows + attackers to execute arbitrary web scripts or HTML via a crafted payload injected + into the Name field. detection: payload: null verify: null @@ -19826,30 +16637,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33150 - - https://github.com/libfuse/libfuse/commit/49fcd891a58f622c098e2ca67d66086f7b213836 - - https://github.com/libfuse/libfuse/releases/tag/fuse-3.18.2 - - https://github.com/libfuse/libfuse/security/advisories/GHSA-qxv7-xrc2-qmfx - - https://access.redhat.com/security/cve/CVE-2026-33150 + - https://nvd.nist.gov/vuln/detail/CVE-2022-44961 + - https://github.com/anhdq201/webtareas/issues/7 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23536-CANDIDATE - cve_id: CVE-2026-23536 - name: Candidate detection for CVE-2026-23536 - severity: high - cvss: 7.5 + id: CVE-2022-44962-CANDIDATE + cve_id: CVE-2022-44962 + name: Candidate detection for CVE-2022-44962 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A security issue was discovered in the Feast Feature Server's `/read-document` - endpoint that allows an unauthenticated remote attacker to read any file accessible - to the server process. By sending a specially crafted HTTP POST request, an attacker - can bypass intended access restrictions to potentially retrieve sensitive system - files, application configurations, and credentials. + description: webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) + vulnerability in the component /calendar/viewcalendar.php. This vulnerability + allows attackers to execute arbitrary web scripts or HTML via a crafted payload + injected into the Subject field. detection: payload: null verify: null @@ -19857,17 +16664,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23536 - - https://access.redhat.com/security/cve/CVE-2026-23536 - - https://bugzilla.redhat.com/show_bug.cgi?id=2429302 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23536.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-44962 + - https://github.com/anhdq201/webtareas/issues/12 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33180-CANDIDATE - cve_id: CVE-2026-33180 - name: Candidate detection for CVE-2026-33180 + id: CVE-2022-37325-CANDIDATE + cve_id: CVE-2022-37325 + name: Candidate detection for CVE-2022-37325 severity: high cvss: 7.5 risk_level: unknown @@ -19875,63 +16680,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'HAPI FHIR is a complete implementation of the HL7 FHIR standard for - healthcare interoperability in Java. Prior to version 6.9.0, when setting headers - in HTTP requests, the internal HTTP client sends headers first to the host in - the initial URL but also, if asked to follow redirects and a 30X HTTP response - code is returned, to the host mentioned in URL in the Location: response header - value. Sending the same set of headers to subsequent hosts is a problem as this - header often contains privacy sensitive information or data that could allow others - to impersonate the client''s request. This issue has been patched in release - 6.9.0. No known workarounds are available.' - detection: - payload: null - verify: null - review_required: Define a read-only matcher and classify execution risk before - promotion. - remediation: Apply the vendor remediation or patched version documented in the advisory. - references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33180 - - https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-p7m9-v2cm-2h7m - - https://access.redhat.com/security/cve/CVE-2026-33180 - - https://bugzilla.redhat.com/show_bug.cgi?id=2449841 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33180.json - generated_from: - - nvd -- status: candidate - executable: false - id: CVE-2026-33186-CANDIDATE - cve_id: CVE-2026-33186 - name: Candidate detection for CVE-2026-33186 - severity: critical - cvss: 9.1 - risk_level: unknown - requires_confirmation: true - priority: - cisa_kev: false - exploitdb_reference: false - description: 'gRPC-Go is the Go language implementation of gRPC. Versions prior - to 1.79.3 have an authorization bypass resulting from improper input validation - of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its - routing logic, accepting requests where the `:path` omitted the mandatory leading - slash (e.g., `Service/Method` instead of `/Service/Method`). While the server - successfully routed these requests to the correct handler, authorization interceptors - (including the official `grpc/authz` package) evaluated the raw, non-canonical - path string. Consequently, "deny" rules defined using canonical paths (starting - with `/`) failed to match the incoming request, allowing it to bypass the policy - if a fallback "allow" rule was present. This affects gRPC-Go servers that use - path-based authorization interceptors, such as the official RBAC implementation - in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` - or `grpc.Method(ctx)`; AND that have a security policy contains specific "deny" - rules for canonical paths but allows other requests by default (a fallback "allow" - rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 - frames with malformed `:path` headers directly to the gRPC server. The fix in - version 1.79.3 ensures that any request with a `:path` that does not start with - a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing - it from reaching authorization interceptors or handlers with a non-canonical path - string. While upgrading is the most secure and recommended path, users can mitigate - the vulnerability using one of the following methods: Use a validating interceptor - (recommended mitigation); infrastructure-level normalization; and/or policy hardening.' + description: In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, + and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c + with a malformed Calling or Called Party IE can cause a crash. detection: payload: null verify: null @@ -19939,30 +16690,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33186 - - https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 - - https://access.redhat.com/errata/RHSA-2026:10093 - - https://access.redhat.com/errata/RHSA-2026:10094 - - https://access.redhat.com/errata/RHSA-2026:10105 + - https://nvd.nist.gov/vuln/detail/CVE-2022-37325 + - https://downloads.asterisk.org/pub/security/AST-2022-007.html + - https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html + - https://www.debian.org/security/2023/dsa-5358 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33210-CANDIDATE - cve_id: CVE-2026-33210 - name: Candidate detection for CVE-2026-33210 - severity: critical - cvss: 9.1 + id: CVE-2022-38599-CANDIDATE + cve_id: CVE-2022-38599 + name: Candidate detection for CVE-2022-38599 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to - before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability - can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: - false parsing option is used to parse user supplied documents. This issue has - been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2.' + description: Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered + to contain an information leak via the /user/get-role-list web interface. detection: payload: null verify: null @@ -19970,34 +16717,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33210 - - https://github.com/ruby/json/security/advisories/GHSA-3m6g-2423-7cp3 - - https://access.redhat.com/errata/RHSA-2026:20596 - - https://access.redhat.com/errata/RHSA-2026:20606 - - https://access.redhat.com/security/cve/CVE-2026-33210 + - https://nvd.nist.gov/vuln/detail/CVE-2022-38599 + - https://gist.github.com/arleyna/20d858e11c48984d00926fa8cc0c2722 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33228-CANDIDATE - cve_id: CVE-2026-33228 - name: Candidate detection for CVE-2026-33228 - severity: critical - cvss: 9.8 + id: CVE-2021-32415-CANDIDATE + cve_id: CVE-2021-32415 + name: Candidate detection for CVE-2021-32415 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: flatted is a circular JSON parser. Prior to version 3.4.2, the parse() - function in flatted can use attacker-controlled string values from the parsed - JSON as direct array index keys, without validating that they are numeric. Since - the internal input buffer is a JavaScript Array, accessing it with the key "__proto__" - returns Array.prototype via the inherited getter. This object is then treated - as a legitimate parsed value and assigned as a property of the output object, - effectively leaking a live reference to Array.prototype to the consumer. Any code - that subsequently writes to that property will pollute the global prototype. This - issue has been patched in version 3.4.2. + description: EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since version + 6.0.91 will introduce a local privilege escalation vulnerability in installers + it creates. detection: payload: null verify: null @@ -20005,32 +16743,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33228 - - https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802 - - https://github.com/WebReflection/flatted/releases/tag/v3.4.2 - - https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh - - https://access.redhat.com/errata/RHSA-2026:13826 + - https://nvd.nist.gov/vuln/detail/CVE-2021-32415 + - https://improsec.com/tech-blog/privilege-escalation-vulnerability-in-ninjarmm generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33231-CANDIDATE - cve_id: CVE-2026-33231 - name: Candidate detection for CVE-2026-33231 - severity: high - cvss: 7.5 + id: CVE-2022-44303-CANDIDATE + cve_id: CVE-2022-44303 + name: Candidate detection for CVE-2022-44303 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: NLTK (Natural Language Toolkit) is a suite of open source Python modules, - data sets, and tutorials supporting research and development in Natural Language - Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated - remote shutdown of the local WordNet Browser HTTP server when it is started in - its default mode. A simple `GET /SHUTDOWN%20THE%20SERVER` request causes the process - to terminate immediately via `os._exit(0)`, resulting in a denial of service. - Commit bbaae83db86a0f49e00f5b0db44a7254c268de9b patches the issue. + description: Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting + (XSS). A remote attacker could inject javascript code to the "{schedule_job}" + or "args" parameter in /resque/delayed/jobs/{schedule_job}?args={args_id} to execute + javascript at client side. detection: payload: null verify: null @@ -20038,33 +16770,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33231 - - https://github.com/nltk/nltk/commit/bbaae83db86a0f49e00f5b0db44a7254c268de9b - - https://github.com/nltk/nltk/security/advisories/GHSA-jm6w-m3j8-898g - - https://access.redhat.com/errata/RHSA-2026:19712 - - https://access.redhat.com/errata/RHSA-2026:24977 + - https://nvd.nist.gov/vuln/detail/CVE-2022-44303 + - https://trungvm.gitbook.io/cves/resque/resque-1.27.4-multiple-reflected-xss-in-resque-schedule-job generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33236-CANDIDATE - cve_id: CVE-2026-33236 - name: Candidate detection for CVE-2026-33236 - severity: high - cvss: 8.1 + id: CVE-2022-31358-CANDIDATE + cve_id: CVE-2022-31358 + name: Candidate detection for CVE-2022-31358 + severity: critical + cvss: 9.0 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: NLTK (Natural Language Toolkit) is a suite of open source Python modules, - data sets, and tutorials supporting research and development in Natural Language - Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate - the `subdir` and `id` attributes when processing remote XML index files. Attackers - can control a remote XML index server to provide malicious values containing path - traversal sequences (such as `../`), which can lead to arbitrary directory creation, - arbitrary file creation, and arbitrary file overwrite. Commit 89fe2ec2c6bae6e2e7a46dad65cc34231976ed8a - patches the issue. + description: A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual + Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts + or HTML via non-existent endpoints under path /api2/html/. detection: payload: null verify: null @@ -20072,30 +16796,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33236 - - https://github.com/nltk/nltk/commit/89fe2ec2c6bae6e2e7a46dad65cc34231976ed8a - - https://github.com/nltk/nltk/security/advisories/GHSA-469j-vmhf-r6v7 - - https://access.redhat.com/errata/RHSA-2026:10184 - - https://access.redhat.com/errata/RHSA-2026:19712 + - https://nvd.nist.gov/vuln/detail/CVE-2022-31358 + - https://git.proxmox.com/?p=pve-http-server.git;a=commitdiff;h=00661f1223b7c0afffa64e1d91f5e018b985f762 + - https://starlabs.sg/blog/2022/12-multiple-vulnerabilites-in-proxmox-ve--proxmox-mail-gateway/ + - https://www.proxmox.com/en/ + - https://git.proxmox.com/?p=pve-http-server.git%3Ba=commitdiff%3Bh=00661f1223b7c0afffa64e1d91f5e018b985f762 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4598-CANDIDATE - cve_id: CVE-2026-4598 - name: Candidate detection for CVE-2026-4598 - severity: high - cvss: 7.5 + id: CVE-2022-40435-CANDIDATE + cve_id: CVE-2022-40435 + name: Candidate detection for CVE-2022-40435 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite - loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse - implementation receives zero or negative inputs, allowing an attacker to hang - the process permanently by supplying such crafted values (e.g., modInverse(0, - m) or modInverse(-1, m)). + description: Employee Performance Evaluation System v1.0 was discovered to contain + a persistent cross-site scripting (XSS) vulnerability via adding new entries under + the Departments and Designations module. detection: payload: null verify: null @@ -20103,30 +16825,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4598 - - https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264 - - https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323 - - https://github.com/kjur/jsrsasign/pull/648 - - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15812263 + - https://nvd.nist.gov/vuln/detail/CVE-2022-40435 + - https://isaghojaria.medium.com/employee-performance-evaluation-system-v1-0-fdf7eb5eaf92 + - https://www.sourcecodester.com generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4599-CANDIDATE - cve_id: CVE-2026-4599 - name: Candidate detection for CVE-2026-4599 + id: CVE-2022-40434-CANDIDATE + cve_id: CVE-2022-40434 + name: Candidate detection for CVE-2022-40434 severity: critical - cvss: 9.1 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are - vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax - and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can - recover the private key by exploiting the incorrect compareTo checks that accept - out-of-range candidates and thus bias DSA nonces during signature generation. + description: Softr v2.0 was discovered to be vulnerable to HTML injection via the + Name field of the Account page. detection: payload: null verify: null @@ -20134,31 +16851,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4599 - - https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20 - - https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1 - - https://github.com/kjur/jsrsasign/pull/647 - - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15812264 + - https://nvd.nist.gov/vuln/detail/CVE-2022-40434 + - https://isaghojaria.medium.com/softr-v2-0-was-discovered-to-be-vulnerable-to-html-injection-via-the-name-field-of-the-account-page-c6fbd3162254 + - https://www.softr.io/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4600-CANDIDATE - cve_id: CVE-2026-4600 - name: Candidate detection for CVE-2026-4600 - severity: high - cvss: 7.4 + id: CVE-2022-40841-CANDIDATE + cve_id: CVE-2022-40841 + name: Candidate detection for CVE-2022-40841 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper - Verification of Cryptographic Signature via the DSA domain-parameter validation - in KJUR.crypto.DSA.setPublic (and the related DSA/X509 verification flow in src/dsa-2.0.js). - An attacker can forge DSA signatures or X.509 certificates that X509.verifySignature() - accepts by supplying malicious domain parameters such as g=1, y=1, and a fixed - r=1, which make the verification equation true for any hash. + description: A cross-site scripting (XSS) vulnerability in NdkAdvancedCustomizationFields + v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted + payloads injected into the "htmlNodes" parameter. detection: payload: null verify: null @@ -20166,30 +16878,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4600 - - https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7 - - https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60 - - https://github.com/kjur/jsrsasign/pull/646 - - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15812268 + - https://nvd.nist.gov/vuln/detail/CVE-2022-40841 + - https://github.com/daaaalllii/cve-s/blob/main/CVE-2022-40841/poc.txt generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4601-CANDIDATE - cve_id: CVE-2026-4601 - name: Candidate detection for CVE-2026-4601 - severity: high - cvss: 8.7 + id: CVE-2020-22007-CANDIDATE + cve_id: CVE-2020-22007 + name: Candidate detection for CVE-2020-22007 + severity: medium + cvss: 6.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing - Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the - DSA signing implementation. An attacker can recover the private key by forcing - r or s to be zero, so the library emits an invalid signature without retrying, - and then solves for x from the resulting signature. + description: OS Command Injection vulnerability in OKER G955V1 v1.03.02.20161128, + allows physical attackers to interrupt the boot sequence and execute arbitrary + commands with root privileges. detection: payload: null verify: null @@ -20197,18 +16904,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4601 - - https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586 - - https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb - - https://github.com/kjur/jsrsasign/pull/645 - - https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941 + - https://nvd.nist.gov/vuln/detail/CVE-2020-22007 + - https://gist.github.com/tanprathan/69fbf6fbac11988e12f44069ec5b18ea#file-cve-2020-22007-txt + - https://www.dropbox.com/s/cnzwbxhxl0ahzoa/OKER_UART_2.mp4 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4602-CANDIDATE - cve_id: CVE-2026-4602 - name: Candidate detection for CVE-2026-4602 + id: CVE-2021-36630-CANDIDATE + cve_id: CVE-2021-36630 + name: Candidate detection for CVE-2021-36630 severity: high cvss: 7.5 risk_level: unknown @@ -20216,10 +16921,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect - Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. - An attacker can force the computation of incorrect modular inverses and break - signature verification by calling modPow with a negative exponent. + description: DDOS reflection amplification vulnerability in eAut module of Ruckus + Wireless SmartZone controller that allows remote attackers to perform DOS attacks + via crafted request. detection: payload: null verify: null @@ -20227,101 +16931,29 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4602 - - https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5 - - https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195 - - https://github.com/kjur/jsrsasign/pull/650 - - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15812274 + - https://nvd.nist.gov/vuln/detail/CVE-2021-36630 + - https://anquan.baidu.com/article/1434 + - https://github.com/lixiang957/CVE-2021-36630 + - https://www.commscope.com/globalassets/digizuite/921070-faq-security-advisory-id-20210719-v1-0.pdf + - https://www.freebuf.com/articles/web/260338.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4647-CANDIDATE - cve_id: CVE-2026-4647 - name: Candidate detection for CVE-2026-4647 + id: CVE-2021-37498-CANDIDATE + cve_id: CVE-2021-37498 + name: Candidate detection for CVE-2021-37498 severity: medium - cvss: 6.1 - risk_level: unknown - requires_confirmation: true - priority: - cisa_kev: false - exploitdb_reference: false - description: A flaw was found in the GNU Binutils BFD library, a widely used component - for handling binary files such as object files and executables. The issue occurs - when processing specially crafted XCOFF object files, where a relocation type - value is not properly validated before being used. This can cause the program - to read memory outside of intended bounds. As a result, affected tools may crash - or expose unintended memory contents, leading to denial-of-service or limited - information disclosure risks. - detection: - payload: null - verify: null - review_required: Define a read-only matcher and classify execution risk before - promotion. - remediation: Apply the vendor remediation or patched version documented in the advisory. - references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4647 - - https://access.redhat.com/errata/RHSA-2026:33527 - - https://access.redhat.com/security/cve/CVE-2026-4647 - - https://bugzilla.redhat.com/show_bug.cgi?id=2450302 - - https://sourceware.org/bugzilla/show_bug.cgi?id=33919 - generated_from: - - nvd -- status: candidate - executable: false - id: CVE-2026-33195-CANDIDATE - cve_id: CVE-2026-33195 - name: Candidate detection for CVE-2026-33195 - severity: critical - cvss: 9.8 - risk_level: unknown - requires_confirmation: true - priority: - cisa_kev: false - exploitdb_reference: false - description: Active Storage allows users to attach cloud and local files in Rails - applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's - `DiskService#path_for` does not validate that the resolved filesystem path remains - within the storage root directory. If a blob key containing path traversal sequences - (e.g. `../`) is used, it could allow reading, writing, or deleting arbitrary files - on the server. Blob keys are expected to be trusted strings, but some applications - could be passing user input as keys and would be affected. Versions 8.1.2.1, 8.0.4.1, - and 7.2.3.1 contain a patch. - detection: - payload: null - verify: null - review_required: Define a read-only matcher and classify execution risk before - promotion. - remediation: Apply the vendor remediation or patched version documented in the advisory. - references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33195 - - https://github.com/rails/rails/commit/4933c1e3b8c1bb04925d60347be9f69270392f2c - - https://github.com/rails/rails/commit/9b06fbc0f504b8afe333f33d19548f3b85fbe655 - - https://github.com/rails/rails/commit/a290c8a1ec189d793aa6d7f2570b6a763f675348 - - https://github.com/rails/rails/releases/tag/v7.2.3.1 - generated_from: - - nvd -- status: candidate - executable: false - id: CVE-2026-33211-CANDIDATE - cve_id: CVE-2026-33211 - name: Candidate detection for CVE-2026-33211 - severity: critical - cvss: 9.6 + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Tekton Pipelines project provides k8s-style resources for declaring - CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, - 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable - to path traversal via the `pathInRepo` parameter. A tenant with permission to - create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that - use the git resolver) can read arbitrary files from the resolver pod's filesystem, - including ServiceAccount tokens. The file contents are returned base64-encoded - in `resolutionrequest.status.data`. Versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 - contain a patch. + description: An SSRF issue was discovered in Reprise License Manager (RLM) web interface + through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet + servers, conduct port scans via the actserver parameter in License Activation + function. detection: payload: null verify: null @@ -20329,28 +16961,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33211 - - https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c - - https://github.com/tektoncd/pipeline/commit/318006c4e3a5 - - https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd - - https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae + - https://nvd.nist.gov/vuln/detail/CVE-2021-37498 + - https://github.com/blakduk/Advisories/blob/main/Reprise%20License%20Manager/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4684-CANDIDATE - cve_id: CVE-2026-4684 - name: Candidate detection for CVE-2026-4684 - severity: high - cvss: 7.5 + id: CVE-2021-37499-CANDIDATE + cve_id: CVE-2021-37499 + name: Candidate detection for CVE-2021-37499 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Race condition, use-after-free in the Graphics: WebRender component. - This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, - Thunderbird 149, and Thunderbird 140.9.' + description: CRLF vulnerability in Reprise License Manager (RLM) web interface through + 14.2BL4 in the password parameter in View License Result function, that allows + remote attackers to inject arbitrary HTTP headers. detection: payload: null verify: null @@ -20358,28 +16987,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4684 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2011129 - - https://www.mozilla.org/security/advisories/mfsa2026-20/ - - https://www.mozilla.org/security/advisories/mfsa2026-21/ - - https://www.mozilla.org/security/advisories/mfsa2026-22/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-37499 + - https://github.com/blakduk/Advisories/blob/main/Reprise%20License%20Manager/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4685-CANDIDATE - cve_id: CVE-2026-4685 - name: Candidate detection for CVE-2026-4685 + id: CVE-2021-37500-CANDIDATE + cve_id: CVE-2021-37500 + name: Candidate detection for CVE-2021-37500 severity: high - cvss: 7.5 + cvss: 8.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Incorrect boundary conditions in the Graphics: Canvas2D component. - This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, - Thunderbird 149, and Thunderbird 140.9.' + description: Directory traversal vulnerability in Reprise License Manager (RLM) + web interface before 14.2BL4 in the diagnostics function that allows RLM users + with sufficient privileges to overwrite any file the on the server. detection: payload: null verify: null @@ -20387,28 +17013,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4685 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2016349 - - https://www.mozilla.org/security/advisories/mfsa2026-20/ - - https://www.mozilla.org/security/advisories/mfsa2026-21/ - - https://www.mozilla.org/security/advisories/mfsa2026-22/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-37500 + - https://github.com/blakduk/Advisories/blob/main/Reprise%20License%20Manager/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4686-CANDIDATE - cve_id: CVE-2026-4686 - name: Candidate detection for CVE-2026-4686 - severity: high - cvss: 7.5 + id: CVE-2022-41441-CANDIDATE + cve_id: CVE-2022-41441 + name: Candidate detection for CVE-2022-41441 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: 'Incorrect boundary conditions in the Graphics: Canvas2D component. - This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, - Thunderbird 149, and Thunderbird 140.9.' + exploitdb_reference: true + description: Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 + allow attackers to execute arbitrary web scripts or HTML via a crafted payload + injected into the POBatch and WaitDuration parameters. detection: payload: null verify: null @@ -20416,28 +17039,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4686 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2016351 - - https://www.mozilla.org/security/advisories/mfsa2026-20/ - - https://www.mozilla.org/security/advisories/mfsa2026-21/ - - https://www.mozilla.org/security/advisories/mfsa2026-22/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-41441 + - https://okankurtulus.com.tr/2023/01/17/reqlogic-v11-3-unauthenticated-reflected-cross-site-scripting-xss/ + - https://reqlogic.com/ generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2026-4687-CANDIDATE - cve_id: CVE-2026-4687 - name: Candidate detection for CVE-2026-4687 + id: CVE-2020-25502-CANDIDATE + cve_id: CVE-2020-25502 + name: Candidate detection for CVE-2020-25502 severity: high - cvss: 8.6 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Sandbox escape due to incorrect boundary conditions in the Telemetry - component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox - ESR 140.9, Thunderbird 149, and Thunderbird 140.9. + description: Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 + and above, and 20.2.X and above has a DLL hijacking vulnerability, which could + allow a local attacker to execute code with elevated privileges. detection: payload: null verify: null @@ -20445,28 +17067,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4687 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2016368 - - https://www.mozilla.org/security/advisories/mfsa2026-20/ - - https://www.mozilla.org/security/advisories/mfsa2026-21/ - - https://www.mozilla.org/security/advisories/mfsa2026-22/ + - https://nvd.nist.gov/vuln/detail/CVE-2020-25502 + - https://www.cybereason.com/cybereason-vulnerability-disclosure generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4688-CANDIDATE - cve_id: CVE-2026-4688 - name: Candidate detection for CVE-2026-4688 + id: CVE-2020-22452-CANDIDATE + cve_id: CVE-2020-22452 + name: Candidate detection for CVE-2020-22452 severity: critical - cvss: 10.0 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Sandbox escape due to use-after-free in the Disability Access APIs - component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird - 149, and Thunderbird 140.9. + description: SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php + in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters + to tbl_create.php. detection: payload: null verify: null @@ -20474,57 +17093,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4688 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2016373 - - https://www.mozilla.org/security/advisories/mfsa2026-20/ - - https://www.mozilla.org/security/advisories/mfsa2026-22/ - - https://www.mozilla.org/security/advisories/mfsa2026-23/ + - https://nvd.nist.gov/vuln/detail/CVE-2020-22452 + - https://github.com/phpmyadmin/phpmyadmin/blob/master/ChangeLog + - https://github.com/phpmyadmin/phpmyadmin/issues/15898 + - https://github.com/phpmyadmin/phpmyadmin/pull/16004 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4689-CANDIDATE - cve_id: CVE-2026-4689 - name: Candidate detection for CVE-2026-4689 + id: CVE-2022-23334-CANDIDATE + cve_id: CVE-2022-23334 + name: Candidate detection for CVE-2022-23334 severity: critical - cvss: 10.0 - risk_level: unknown - requires_confirmation: true - priority: - cisa_kev: false - exploitdb_reference: false - description: Sandbox escape due to incorrect boundary conditions, integer overflow - in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR - 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. - detection: - payload: null - verify: null - review_required: Define a read-only matcher and classify execution risk before - promotion. - remediation: Apply the vendor remediation or patched version documented in the advisory. - references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4689 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2016374 - - https://www.mozilla.org/security/advisories/mfsa2026-20/ - - https://www.mozilla.org/security/advisories/mfsa2026-21/ - - https://www.mozilla.org/security/advisories/mfsa2026-22/ - generated_from: - - nvd -- status: candidate - executable: false - id: CVE-2026-4690-CANDIDATE - cve_id: CVE-2026-4690 - name: Candidate detection for CVE-2026-4690 - severity: high - cvss: 8.6 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Sandbox escape due to incorrect boundary conditions, integer overflow - in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR - 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. + description: The Robot application in Ip-label Newtest before v8.5R0 was discovered + to use weak signature checks on executed binaries, allowing attackers to have + write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE. detection: payload: null verify: null @@ -20532,28 +17121,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4690 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2016375 - - https://www.mozilla.org/security/advisories/mfsa2026-20/ - - https://www.mozilla.org/security/advisories/mfsa2026-21/ - - https://www.mozilla.org/security/advisories/mfsa2026-22/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-23334 + - https://www.on-x.com/wp-content/uploads/2023/01/ON-X-Security-Advisory-Ip-label-Ekara-Newtest-CVE-2022-23334.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4691-CANDIDATE - cve_id: CVE-2026-4691 - name: Candidate detection for CVE-2026-4691 - severity: critical - cvss: 9.8 + id: CVE-2022-44897-CANDIDATE + cve_id: CVE-2022-44897 + name: Candidate detection for CVE-2022-44897 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Use-after-free in the CSS Parsing and Computation component. This vulnerability - was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, - and Thunderbird 140.9. + description: A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuilder + component through 2.4.4 allows attackers to execute arbitrary web scripts or HTML + via a crafted payload injected into the show_number parameter. detection: payload: null verify: null @@ -20561,28 +17147,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4691 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2017512 - - https://www.mozilla.org/security/advisories/mfsa2026-20/ - - https://www.mozilla.org/security/advisories/mfsa2026-21/ - - https://www.mozilla.org/security/advisories/mfsa2026-22/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-44897 + - https://github.com/daaaalllii/cve-s/blob/main/CVE-2022-44897/poc.txt generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4692-CANDIDATE - cve_id: CVE-2026-4692 - name: Candidate detection for CVE-2026-4692 - severity: critical - cvss: 10.0 + id: CVE-2022-31902-CANDIDATE + cve_id: CVE-2022-31902 + name: Candidate detection for CVE-2022-31902 + severity: medium + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Sandbox escape in the Responsive Design Mode component. This vulnerability - was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, - and Thunderbird 140.9. + description: Notepad++ v8.4.1 was discovered to contain a stack overflow via the + component Finder::add(). detection: payload: null verify: null @@ -20590,18 +17172,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4692 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2017643 - - https://www.mozilla.org/security/advisories/mfsa2026-20/ - - https://www.mozilla.org/security/advisories/mfsa2026-21/ - - https://www.mozilla.org/security/advisories/mfsa2026-22/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-31902 + - https://github.com/CDACesec/CVE-2022-31902 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4693-CANDIDATE - cve_id: CVE-2026-4693 - name: Candidate detection for CVE-2026-4693 + id: CVE-2022-47768-CANDIDATE + cve_id: CVE-2022-47768 + name: Candidate detection for CVE-2022-47768 severity: high cvss: 7.5 risk_level: unknown @@ -20609,9 +17188,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'Incorrect boundary conditions in the Audio/Video: Playback component. - This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, - Thunderbird 149, and Thunderbird 140.9.' + description: Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory + Traversal. detection: payload: null verify: null @@ -20619,28 +17197,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4693 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2018102 - - https://www.mozilla.org/security/advisories/mfsa2026-20/ - - https://www.mozilla.org/security/advisories/mfsa2026-21/ - - https://www.mozilla.org/security/advisories/mfsa2026-22/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-47768 + - https://www.swascan.com/it/security-advisory-serenissima-informatica-fastcheckin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4694-CANDIDATE - cve_id: CVE-2026-4694 - name: Candidate detection for CVE-2026-4694 - severity: high - cvss: 7.5 + id: CVE-2022-47769-CANDIDATE + cve_id: CVE-2022-47769 + name: Candidate detection for CVE-2022-47769 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Incorrect boundary conditions, integer overflow in the Graphics component. - This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, - Thunderbird 149, and Thunderbird 140.9. + description: An arbitrary file write vulnerability in Serenissima Informatica Fast + Checkin v1.0 allows unauthenticated attackers to upload malicious files in the + web root of the application to gain access to the server via the web shell. detection: payload: null verify: null @@ -20648,28 +17223,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4694 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2018430 - - https://www.mozilla.org/security/advisories/mfsa2026-20/ - - https://www.mozilla.org/security/advisories/mfsa2026-21/ - - https://www.mozilla.org/security/advisories/mfsa2026-22/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-47769 + - https://www.swascan.com/it/security-advisory-serenissima-informatica-fastcheckin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4695-CANDIDATE - cve_id: CVE-2026-4695 - name: Candidate detection for CVE-2026-4695 - severity: high - cvss: 7.5 + id: CVE-2022-47770-CANDIDATE + cve_id: CVE-2022-47770 + name: Candidate detection for CVE-2022-47770 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Incorrect boundary conditions in the Audio/Video: Web Codecs component. - This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, - and Thunderbird 140.9.' + description: Serenissima Informatica Fast Checkin version v1.0 is vulnerable to + Unauthenticated SQL Injection. detection: payload: null verify: null @@ -20677,18 +17248,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4695 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2020030 - - https://www.mozilla.org/security/advisories/mfsa2026-20/ - - https://www.mozilla.org/security/advisories/mfsa2026-22/ - - https://www.mozilla.org/security/advisories/mfsa2026-23/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-47770 + - https://www.swascan.com/it/security-advisory-serenissima-informatica-fastcheckin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4696-CANDIDATE - cve_id: CVE-2026-4696 - name: Candidate detection for CVE-2026-4696 + id: CVE-2022-47003-CANDIDATE + cve_id: CVE-2022-47003 + name: Candidate detection for CVE-2022-47003 severity: critical cvss: 9.8 risk_level: unknown @@ -20696,9 +17264,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'Use-after-free in the Layout: Text and Fonts component. This vulnerability - was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, - and Thunderbird 140.9.' + description: A vulnerability in the Remember Me function of Mura CMS before v10.0.580 + allows attackers to bypass authentication via a crafted web request. detection: payload: null verify: null @@ -20706,28 +17273,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4696 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2020190 - - https://www.mozilla.org/security/advisories/mfsa2026-20/ - - https://www.mozilla.org/security/advisories/mfsa2026-21/ - - https://www.mozilla.org/security/advisories/mfsa2026-22/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-47003 + - https://hoyahaxa.blogspot.com/2023/01/preliminary-security-advisory.html + - https://hoyahaxa.blogspot.com/2023/03/authentication-bypass-mura-masa.html + - https://www.masacms.com/ + - https://www.murasoftware.com/mura-cms/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4697-CANDIDATE - cve_id: CVE-2026-4697 - name: Candidate detection for CVE-2026-4697 + id: CVE-2022-46965-CANDIDATE + cve_id: CVE-2022-46965 + name: Candidate detection for CVE-2022-46965 severity: high - cvss: 7.5 + cvss: 8.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Incorrect boundary conditions in the Audio/Video: Web Codecs component. - This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, - and Thunderbird 140.9.' + description: PrestaShop module, totadministrativemandate before v1.7.1 was discovered + to contain a SQL injection vulnerability. detection: payload: null verify: null @@ -20735,28 +17301,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4697 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2020422 - - https://www.mozilla.org/security/advisories/mfsa2026-20/ - - https://www.mozilla.org/security/advisories/mfsa2026-22/ - - https://www.mozilla.org/security/advisories/mfsa2026-23/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-46965 + - https://github.com/202ecommerce/security-advisories/security/advisories/GHSA-hg7m-23j3-rf56 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4698-CANDIDATE - cve_id: CVE-2026-4698 - name: Candidate detection for CVE-2026-4698 - severity: critical - cvss: 9.8 + id: CVE-2021-36712-CANDIDATE + cve_id: CVE-2021-36712 + name: Candidate detection for CVE-2021-36712 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability - was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, - and Thunderbird 140.9.' + description: Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers + to steal user cookies via image clipping function. detection: payload: null verify: null @@ -20764,28 +17326,29 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4698 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2020906 - - https://www.mozilla.org/security/advisories/mfsa2026-20/ - - https://www.mozilla.org/security/advisories/mfsa2026-21/ - - https://www.mozilla.org/security/advisories/mfsa2026-22/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-36712 + - https://github.com/linuka-deception/yzmcms6.1.git generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4699-CANDIDATE - cve_id: CVE-2026-4699 - name: Candidate detection for CVE-2026-4699 + id: CVE-2022-45588-CANDIDATE + cve_id: CVE-2022-45588 + name: Candidate detection for CVE-2022-45588 severity: high - cvss: 7.5 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Incorrect boundary conditions in the Layout: Text and Fonts component. - This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, - Thunderbird 149, and Thunderbird 140.9.' + description: All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially + vulnerable to XML External Entity (XXE) type of attacks. Users should download + the R2022-09 release or later and use it in place of the previous version. Talend + Remote Engine Gen 1 and Talend Cloud Engine for Design are not impacted. This + XXE vulnerability could only be exploited by someone with the appropriate rights + to edit pipelines on the Talend platform. It could not be triggered remotely or + by other user input. detection: payload: null verify: null @@ -20793,28 +17356,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4699 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2021863 - - https://www.mozilla.org/security/advisories/mfsa2026-20/ - - https://www.mozilla.org/security/advisories/mfsa2026-21/ - - https://www.mozilla.org/security/advisories/mfsa2026-22/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-45588 + - https://www.talend.com/security/incident-response/#CVE-2022-45588 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4700-CANDIDATE - cve_id: CVE-2026-4700 - name: Candidate detection for CVE-2026-4700 - severity: critical - cvss: 9.8 + id: CVE-2022-48085-CANDIDATE + cve_id: CVE-2022-48085 + name: Candidate detection for CVE-2022-48085 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Mitigation bypass in the Networking: HTTP component. This vulnerability - was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird - 140.9.' + description: Softr v2.0 was discovered to contain a HTML injection vulnerability + via the Work Space Name parameter. detection: payload: null verify: null @@ -20822,30 +17381,29 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4700 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2003766 - - https://www.mozilla.org/security/advisories/mfsa2026-20/ - - https://www.mozilla.org/security/advisories/mfsa2026-22/ - - https://www.mozilla.org/security/advisories/mfsa2026-23/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-48085 + - https://isaghojaria.medium.com/softr-v2-0-was-discovered-to-contain-a-html-injection-vulnerability-via-the-work-space-name-d0152e1cff51 + - https://studio.softr.io/dashboard + - https://www.softr.io/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4720-CANDIDATE - cve_id: CVE-2026-4720 - name: Candidate detection for CVE-2026-4720 - severity: critical - cvss: 9.8 + id: CVE-2022-45589-CANDIDATE + cve_id: CVE-2022-45589 + name: Candidate detection for CVE-2022-45589 + severity: high + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, - Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory - corruption and we presume that with enough effort some of these could have been - exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, - Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. + description: All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the + Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the + provisioning service only. Users of the provisioning service should upgrade to + either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a later release and use it in + place of the previous version. detection: payload: null verify: null @@ -20853,31 +17411,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4720 - - https://bugzilla.mozilla.org/buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733 - - https://www.mozilla.org/security/advisories/mfsa2026-20/ - - https://www.mozilla.org/security/advisories/mfsa2026-22/ - - https://www.mozilla.org/security/advisories/mfsa2026-23/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-45589 + - https://www.talend.com/security/incident-response/#CVE-2022-45588 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4721-CANDIDATE - cve_id: CVE-2026-4721 - name: Candidate detection for CVE-2026-4721 - severity: critical - cvss: 9.8 + id: CVE-2021-37491-CANDIDATE + cve_id: CVE-2021-37491 + name: Candidate detection for CVE-2021-37491 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, - Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed - evidence of memory corruption and we presume that with enough effort some of these - could have been exploited to run arbitrary code. This vulnerability was fixed - in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird - 140.9. + description: An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin + Core 1.14.3 and earlier allows attackers to view sensitive information via CWallet::CreateTransaction() + function. detection: payload: null verify: null @@ -20885,29 +17437,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4721 - - https://bugzilla.mozilla.org/buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676 - - https://www.mozilla.org/security/advisories/mfsa2026-20/ - - https://www.mozilla.org/security/advisories/mfsa2026-21/ - - https://www.mozilla.org/security/advisories/mfsa2026-22/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-37491 + - https://github.com/VPRLab/BlkVulnReport/blob/main/NDSS23_BlockScope.pdf + - https://github.com/bitcoin/bitcoin/commit/2fb9c1e6681370478e24a19172ed6d78d95d50d3 + - https://github.com/dogecoin/dogecoin/blob/master/src/wallet/wallet.cpp#L2628-L2640 + - https://github.com/dogecoin/dogecoin/issues/2279 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4729-CANDIDATE - cve_id: CVE-2026-4729 - name: Candidate detection for CVE-2026-4729 - severity: critical - cvss: 9.8 + id: CVE-2021-37492-CANDIDATE + cve_id: CVE-2021-37492 + name: Candidate detection for CVE-2021-37492 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Memory safety bugs present in Firefox 148 and Thunderbird 148. Some - of these bugs showed evidence of memory corruption and we presume that with enough - effort some of these could have been exploited to run arbitrary code. This vulnerability - was fixed in Firefox 149 and Thunderbird 149. + description: An issue discovered in src/wallet/wallet.cpp in Ravencoin Core 4.3.2.1 + and earlier allows attackers to view sensitive information via CWallet::CreateTransactionAll() + function. detection: payload: null verify: null @@ -20915,31 +17466,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4729 - - https://bugzilla.mozilla.org/buglist.cgi?bug_id=1944033%2C1997282%2C2009213%2C2011412%2C2021925%2C2022034 - - https://www.mozilla.org/security/advisories/mfsa2026-20/ - - https://www.mozilla.org/security/advisories/mfsa2026-23/ - - https://access.redhat.com/security/cve/CVE-2026-4729 + - https://nvd.nist.gov/vuln/detail/CVE-2021-37492 + - https://github.com/RavenProject/Ravencoin/blob/master/src/wallet/wallet.cpp#L3657-L3671 + - https://github.com/RavenProject/Ravencoin/issues/1086 + - https://github.com/bitcoin/bitcoin/commit/2fb9c1e6681370478e24a19172ed6d78d95d50d3 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27651-CANDIDATE - cve_id: CVE-2026-27651 - name: Candidate detection for CVE-2026-27651 - severity: high - cvss: 7.5 + id: CVE-2022-45724-CANDIDATE + cve_id: CVE-2022-45724 + name: Candidate detection for CVE-2022-45724 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "When the ngx_mail_auth_http_module\_module is enabled on NGINX Plus\ - \ or NGINX Open Source, undisclosed requests can cause worker processes to terminate.\ - \ This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and\ - \ (2) the authentication server permits retry by returning the Auth-Wait response\ - \ header. Note: Software versions which have reached End of Technical Support\ - \ (EoTS) are not evaluated." + description: Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows + a remote attacker on the same network to perform any HTTP request to an unauthenticated + page to force the server to generate a SESSION_ID, and using this SESSION_ID an + attacker can then perform authenticated requests. detection: payload: null verify: null @@ -20947,35 +17495,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27651 - - https://my.f5.com/manage/s/article/K000160383 - - https://access.redhat.com/errata/RHSA-2026:10065 - - https://access.redhat.com/errata/RHSA-2026:13634 - - https://access.redhat.com/errata/RHSA-2026:13680 + - https://nvd.nist.gov/vuln/detail/CVE-2022-45724 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27654-CANDIDATE - cve_id: CVE-2026-27654 - name: Candidate detection for CVE-2026-27654 + id: CVE-2022-45725-CANDIDATE + cve_id: CVE-2022-45725 + name: Candidate detection for CVE-2022-45725 severity: high - cvss: 8.2 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module - module that might allow an attacker to trigger a buffer overflow to the NGINX - worker process; this vulnerability may result in termination of the NGINX worker - process or modification of source or destination file names outside the document - root. This issue affects NGINX Open Source and NGINX Plus when the configuration - file uses DAV module MOVE or COPY methods, prefix location (nonregular expression - location configuration), and alias directives. The integrity impact is constrained - because the NGINX worker process user has low privileges and does not have access - to the entire system. Note: Software versions which have reached End of Technical - Support (EoTS) are not evaluated.' + description: Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows + a remote attacker on the same network to execute arbitrary code on the target + via an HTTP POST request detection: payload: null verify: null @@ -20983,34 +17520,23 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27654 - - https://my.f5.com/manage/s/article/K000160382 - - https://access.redhat.com/errata/RHSA-2026:10065 - - https://access.redhat.com/errata/RHSA-2026:13634 - - https://access.redhat.com/errata/RHSA-2026:13680 + - https://nvd.nist.gov/vuln/detail/CVE-2022-45725 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27784-CANDIDATE - cve_id: CVE-2026-27784 - name: Candidate detection for CVE-2026-27784 - severity: high - cvss: 7.8 + id: CVE-2023-24188-CANDIDATE + cve_id: CVE-2023-24188 + name: Candidate detection for CVE-2023-24188 + severity: critical + cvss: 9.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "The 32-bit implementation of NGINX Open Source has a vulnerability\ - \ in the ngx_http_mp4_module module, which might allow an attacker to over-read\ - \ or over-write NGINX worker memory resulting in its termination, using a specially\ - \ crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built\ - \ with the ngx_http_mp4_module module and the mp4 directive is used in the configuration\ - \ file. Additionally, the attack is possible only if an attacker can trigger the\ - \ processing of a specially crafted MP4 file with the ngx_http_mp4_module module.\ - \ \n\n\nNote: Software versions which have reached End of Technical Support (EoTS)\ - \ are not evaluated." + description: ureport v2.2.9 was discovered to contain a directory traversal vulnerability + via the deletion function which allows for arbitrary files to be deleted. detection: payload: null verify: null @@ -21018,18 +17544,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27784 - - https://my.f5.com/manage/s/article/K000160364 - - https://access.redhat.com/errata/RHSA-2026:10065 - - https://access.redhat.com/errata/RHSA-2026:13634 - - https://access.redhat.com/errata/RHSA-2026:13680 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24188 + - https://github.com/Venus-WQLab/bug_report/blob/main/ureport/ureport-cve-2023-24188.md + - https://github.com/youseries/ureport generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32647-CANDIDATE - cve_id: CVE-2026-32647 - name: Candidate detection for CVE-2026-32647 + id: CVE-2023-24187-CANDIDATE + cve_id: CVE-2023-24187 + name: Candidate detection for CVE-2023-24187 severity: high cvss: 7.8 risk_level: unknown @@ -21037,15 +17561,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: "NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module\ - \ module, which might allow an attacker to trigger a buffer over-read or over-write\ - \ to the NGINX worker memory resulting in its termination or possibly code execution,\ - \ using a specially crafted MP4 file. This issue affects NGINX Open Source and\ - \ NGINX Plus if it is built with the ngx_http_mp4_module module and the mp4 directive\ - \ is used in the configuration file. Additionally, the attack is possible only\ - \ if an attacker can trigger the processing of a specially crafted MP4 file with\ - \ the ngx_http_mp4_module module. \n\n\nNote: Software versions which have reached\ - \ End of Technical Support (EoTS) are not evaluated." + description: An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows + attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile. detection: payload: null verify: null @@ -21053,30 +17570,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32647 - - https://my.f5.com/manage/s/article/K000160366 - - https://access.redhat.com/errata/RHSA-2026:10065 - - https://access.redhat.com/errata/RHSA-2026:13634 - - https://access.redhat.com/errata/RHSA-2026:13680 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24187 + - https://github.com/Venus-WQLab/bug_report/blob/main/ureport/ureport-cve-2023-24187.md + - https://github.com/cgddgc/vulns/blob/main/ureport2-vuln-des.md + - https://github.com/youseries/ureport generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4775-CANDIDATE - cve_id: CVE-2026-4775 - name: Candidate detection for CVE-2026-4775 + id: CVE-2022-45701-CANDIDATE + cve_id: CVE-2022-45701 + name: Candidate detection for CVE-2022-45701 severity: high - cvss: 7.8 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: A flaw was found in the libtiff library. A remote attacker could exploit - a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function - by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds - heap write due to incorrect memory pointer calculations, potentially causing a - denial of service (application crash) or arbitrary code execution. + exploitdb_reference: true + description: Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution + (RCE) via the ping utility feature. detection: payload: null verify: null @@ -21084,31 +17597,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4775 - - https://access.redhat.com/errata/RHSA-2026:12265 - - https://access.redhat.com/errata/RHSA-2026:12271 - - https://access.redhat.com/errata/RHSA-2026:14929 - - https://access.redhat.com/errata/RHSA-2026:16055 + - https://nvd.nist.gov/vuln/detail/CVE-2022-45701 + - https://packetstormsecurity.com/files/171001/Arris-Router-Firmware-9.1.103-Remote-Code-Execution.htmlhttps://github.com/yerodin/CVE-2022-45701 generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2026-33412-CANDIDATE - cve_id: CVE-2026-33412 - name: Candidate detection for CVE-2026-33412 - severity: medium - cvss: 5.6 + id: CVE-2023-24080-CANDIDATE + cve_id: CVE-2023-24080 + name: Candidate detection for CVE-2023-24080 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Vim is an open source, command line text editor. Prior to version 9.2.0202, - a command injection vulnerability exists in Vim's glob() function on Unix-like - systems. By including a newline character (\n) in a pattern passed to glob(), - an attacker may be able to execute arbitrary shell commands. This vulnerability - depends on the user's 'shell' setting. This issue has been patched in version - 9.2.0202. + description: A lack of rate limiting on the password reset endpoint of Chamberlain + myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a + bruteforce attack. detection: payload: null verify: null @@ -21116,30 +17624,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33412 - - https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a - - https://github.com/vim/vim/releases/tag/v9.2.0202 - - https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c - - https://access.redhat.com/errata/RHSA-2026:10065 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24080 + - https://archive.ph/NH0Bk generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4371-CANDIDATE - cve_id: CVE-2026-4371 - name: Candidate detection for CVE-2026-4371 + id: CVE-2023-24317-CANDIDATE + cve_id: CVE-2023-24317 + name: Candidate detection for CVE-2023-24317 severity: high - cvss: 7.4 + cvss: 8.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A malicious mail server could send malformed strings with negative - lengths, causing the parser to read memory outside the buffer. If a mail server - or connection to a mail server were compromised, an attacker could cause the parser - to malfunction, potentially crashing Thunderbird or leaking sensitive data. This - vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9. + description: Judging Management System 1.0 was discovered to contain an arbitrary + file upload vulnerability via the component edit_organizer.php. detection: payload: null verify: null @@ -21147,28 +17649,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4371 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2023493 - - https://www.mozilla.org/security/advisories/mfsa2026-23/ - - https://www.mozilla.org/security/advisories/mfsa2026-24/ - - https://access.redhat.com/errata/RHSA-2026:6188 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24317 + - https://packetstormsecurity.com/files/170205/Judging-Management-System-1.0-Shell-Upload.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-20664-CANDIDATE - cve_id: CVE-2026-20664 - name: Candidate detection for CVE-2026-20664 - severity: medium - cvss: 4.3 + id: CVE-2021-33224-CANDIDATE + cve_id: CVE-2021-33224 + name: Candidate detection for CVE-2021-33224 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. - Processing maliciously crafted web content may lead to an unexpected process crash. + description: File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated + attackers to execute arbitrary code via a crafted web.config and asp file. detection: payload: null verify: null @@ -21176,28 +17674,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-20664 - - https://support.apple.com/en-us/126792 - - https://support.apple.com/en-us/126794 - - https://support.apple.com/en-us/126799 - - https://support.apple.com/en-us/126800 + - https://nvd.nist.gov/vuln/detail/CVE-2021-33224 + - https://our.umbraco.com/packages/developer-tools/umbraco-forms generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28857-CANDIDATE - cve_id: CVE-2026-28857 - name: Candidate detection for CVE-2026-28857 + id: CVE-2021-32302-CANDIDATE + cve_id: CVE-2021-32302 + name: Candidate detection for CVE-2021-32302 severity: medium - cvss: 6.5 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. - Processing maliciously crafted web content may lead to an unexpected process crash. + description: Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router + allows attacker to obtain sensitive information via the Upload File parameter. detection: payload: null verify: null @@ -21205,29 +17699,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28857 - - https://support.apple.com/en-us/126792 - - https://support.apple.com/en-us/126794 - - https://support.apple.com/en-us/126799 - - https://support.apple.com/en-us/126800 + - https://nvd.nist.gov/vuln/detail/CVE-2021-32302 + - https://s4nsec.github.io/2023/02/20/RUH2-GSM-Router-XSS-vulnerabilities.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28859-CANDIDATE - cve_id: CVE-2026-28859 - name: Candidate detection for CVE-2026-28859 - severity: medium - cvss: 4.3 + id: CVE-2022-45697-CANDIDATE + cve_id: CVE-2022-45697 + name: Candidate detection for CVE-2022-45697 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS - 26.4, watchOS 26.4. A malicious website may be able to process restricted web - content outside the sandbox. + description: Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 + when handling files in the Accounts directory. detection: payload: null verify: null @@ -21235,29 +17724,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28859 - - https://support.apple.com/en-us/126792 - - https://support.apple.com/en-us/126794 - - https://support.apple.com/en-us/126797 - - https://support.apple.com/en-us/126798 + - https://nvd.nist.gov/vuln/detail/CVE-2022-45697 + - https://github.com/Wh04m1001/CVE generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28861-CANDIDATE - cve_id: CVE-2026-28861 - name: Candidate detection for CVE-2026-28861 - severity: medium - cvss: 4.3 + id: CVE-2022-45608-CANDIDATE + cve_id: CVE-2022-45608 + name: Candidate detection for CVE-2022-45608 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A logic issue was addressed with improved state management. This issue - is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, - macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script - message handlers intended for other origins. + description: 'An issue was discovered in ThingsBoard 3.4.1, allows low privileged + attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become + an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is important + to note that in order to accomplish this, the attacker must know the corresponding + API''s parameter (authority : value).' detection: payload: null verify: null @@ -21265,30 +17752,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28861 - - https://support.apple.com/en-us/126792 - - https://support.apple.com/en-us/126793 - - https://support.apple.com/en-us/126794 - - https://support.apple.com/en-us/126799 + - https://nvd.nist.gov/vuln/detail/CVE-2022-45608 + - https://wiki.wizard32.net/en/blog/access-control-vulnerability-ThingsBoard generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3608-CANDIDATE - cve_id: CVE-2026-3608 - name: Candidate detection for CVE-2026-3608 - severity: high - cvss: 7.5 + id: CVE-2023-24128-CANDIDATE + cve_id: CVE-2023-24128 + name: Candidate detection for CVE-2023-24128 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, - kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener - can cause the receiving daemon to exit with a stack overflow error. - - This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2.' + description: Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to + contain a stack overflow via the wepkey2 parameter at /goform/WifiBasicSet. detection: payload: null verify: null @@ -21296,33 +17777,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3608 - - https://downloads.isc.org/isc/kea/2.6.5 - - https://downloads.isc.org/isc/kea/3.0.3 - - https://kb.isc.org/docs/cve-2026-3608 - - https://access.redhat.com/errata/RHSA-2026:11344 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24128 + - https://oxnan.com/posts/WifiBasic_wepkey2_DoS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-1519-CANDIDATE - cve_id: CVE-2026-1519 - name: Candidate detection for CVE-2026-1519 - severity: high - cvss: 7.5 + id: CVE-2023-24129-CANDIDATE + cve_id: CVE-2023-24129 + name: Candidate detection for CVE-2023-24129 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'If a BIND resolver is performing DNSSEC validation and encounters - a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only - servers are generally unaffected, although there are circumstances where authoritative - servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries). - - This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, - 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, - 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.' + description: Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to + contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet. detection: payload: null verify: null @@ -21330,33 +17802,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1519 - - https://downloads.isc.org/isc/bind9/9.18.47 - - https://downloads.isc.org/isc/bind9/9.20.21 - - https://downloads.isc.org/isc/bind9/9.21.20 - - https://kb.isc.org/docs/cve-2026-1519 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24129 + - https://oxnan.com/posts/WifiBasic_wepkey4_DoS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3104-CANDIDATE - cve_id: CVE-2026-3104 - name: Candidate detection for CVE-2026-3104 - severity: high - cvss: 7.5 + id: CVE-2023-24130-CANDIDATE + cve_id: CVE-2023-24130 + name: Candidate detection for CVE-2023-24130 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'A specially crafted domain can be used to cause a memory leak in a - BIND resolver simply by querying this domain. - - This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, - and 9.20.9-S1 through 9.20.20-S1. - - BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT - affected.' + description: Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to + contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet. detection: payload: null verify: null @@ -21364,33 +17827,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3104 - - https://downloads.isc.org/isc/bind9/9.20.21 - - https://downloads.isc.org/isc/bind9/9.21.20 - - https://kb.isc.org/docs/cve-2026-3104 - - https://access.redhat.com/errata/RHSA-2026:6935 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24130 + - https://oxnan.com/posts/WifiBasic_wepkey_DoS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-20108-CANDIDATE - cve_id: CVE-2026-20108 - name: Candidate detection for CVE-2026-20108 + id: CVE-2023-24131-CANDIDATE + cve_id: CVE-2023-24131 + name: Candidate detection for CVE-2023-24131 severity: medium - cvss: 5.4 + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A vulnerability in the web-based management interface of Cisco Catalyst\ - \ SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site\ - \ scripting (XSS) attack against a user of the interface of an affected device.\r\ - \n\r This vulnerability is due to insufficient validation of user input. An attacker\ - \ could exploit this vulnerability by persuading a user of the web-based management\ - \ interface to click a crafted link. A successful exploit could allow the attacker\ - \ to execute arbitrary script code in the context of the affected interface or\ - \ access sensitive, browser-based information." + description: Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to + contain a stack overflow via the wepkey1_5g parameter at /goform/WifiBasicSet. detection: payload: null verify: null @@ -21398,25 +17852,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-20108 - - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-xss-ZqkhP9W9 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24131 + - https://oxnan.com/posts/WifiBasic_wepkey1_5g_DoS generated_from: - nvd - status: candidate executable: false - id: CVE-2025-67030-CANDIDATE - cve_id: CVE-2025-67030 - name: Candidate detection for CVE-2025-67030 - severity: high - cvss: 8.8 + id: CVE-2023-24132-CANDIDATE + cve_id: CVE-2023-24132 + name: Candidate detection for CVE-2023-24132 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand - in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an - attacker to execute arbitrary code + description: Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to + contain a stack overflow via the wepkey3_5g parameter at /goform/WifiBasicSet. detection: payload: null verify: null @@ -21424,34 +17877,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-67030 - - https://gist.github.com/weaver4VD/3216dac645220f8c9b488362f61241ec - - https://github.com/codehaus-plexus/plexus-utils/commit/6d780b3378829318ba5c2d29547e0012d5b29642 - - https://github.com/codehaus-plexus/plexus-utils/issues/294 - - https://github.com/codehaus-plexus/plexus-utils/pull/295 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24132 + - https://oxnan.com/posts/WifiBasic_wepkey3_5g_DoS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27889-CANDIDATE - cve_id: CVE-2026-27889 - name: Candidate detection for CVE-2026-27889 - severity: high - cvss: 7.5 + id: CVE-2023-24133-CANDIDATE + cve_id: CVE-2023-24133 + name: Candidate detection for CVE-2023-24133 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: NATS-Server is a High-Performance server for NATS.io, a cloud and edge - native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 - and 2.12.5, a missing sanity check on a WebSockets frame could trigger a server - panic in the nats-server. This happens before authentication, and so is exposed - to anyone who can connect to the websockets port. Versions 2.11.14 and 2.12.5 - contains a fix. A workaround is available. The vulnerability only affects deployments - which use WebSockets and which expose the network port to untrusted end-points. - If one is able to do so, a defense in depth of restricting either of these will - mitigate the attack. + description: Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to + contain a stack overflow via the wepkey_5g parameter at /goform/WifiBasicSet. detection: payload: null verify: null @@ -21459,32 +17902,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27889 - - https://advisories.nats.io/CVE/secnote-2026-03.txt - - https://github.com/nats-io/nats-server/security/advisories/GHSA-pq2q-rcw4-3hr6 - - https://access.redhat.com/errata/RHSA-2026:21769 - - https://access.redhat.com/errata/RHSA-2026:22347 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24133 + - https://oxnan.com/posts/WifiBasic_wepkey_5g_DoS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-29785-CANDIDATE - cve_id: CVE-2026-29785 - name: Candidate detection for CVE-2026-29785 - severity: high - cvss: 7.5 + id: CVE-2023-24134-CANDIDATE + cve_id: CVE-2023-24134 + name: Candidate detection for CVE-2023-24134 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: NATS-Server is a High-Performance server for NATS.io, a cloud and edge - native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server - has the "leafnode" configuration enabled (not default), then anyone who can connect - can crash the nats-server by triggering a panic. This happens pre-authentication - and requires that compression be enabled (which it is, by default, when leafnodes - are used). Versions 2.11.14 and 2.12.5 contain a fix. As a workaround, disable - compression on the leafnode port. + description: Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to + contain a stack overflow via the wepkey3 parameter at /goform/WifiBasicSet. detection: payload: null verify: null @@ -21492,32 +17927,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-29785 - - https://advisories.nats.io/CVE/secnote-2026-04.txt - - https://github.com/nats-io/nats-server/commit/a1488de6f2ba6e666aef0f9cce0016f7f167d6a8 - - https://github.com/nats-io/nats-server/security/advisories/GHSA-52jh-2xxh-pwh6 - - https://access.redhat.com/errata/RHSA-2026:21769 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24134 + - https://oxnan.com/posts/WifiBasic_wepkey3_DoS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33216-CANDIDATE - cve_id: CVE-2026-33216 - name: Candidate detection for CVE-2026-33216 - severity: high - cvss: 8.6 + id: CVE-2023-24117-CANDIDATE + cve_id: CVE-2023-24117 + name: Candidate detection for CVE-2023-24117 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'NATS-Server is a High-Performance server for NATS.io, a cloud and - edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments - using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating - identity statement (JWT) and exposed via monitoring endpoints. Versions 2.11.14 - and 2.12.6 contain a fix. As a workaround, ensure monitoring end-points are adequately - secured. Best practice remains to not expose the monitoring endpoint to the Internet - or other untrusted network users.' + description: Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to + contain a stack overflow via the wepauth_5g parameter at /goform/WifiBasicSet. detection: payload: null verify: null @@ -21525,30 +17952,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33216 - - https://advisories.nats.io/CVE/secnote-2026-05.txt - - https://github.com/nats-io/nats-server/commit/b5b63cfc35a57075e09c1f57503d31721bed8099 - - https://github.com/nats-io/nats-server/security/advisories/GHSA-v722-jcv5-w7mc - - https://access.redhat.com/errata/RHSA-2026:21769 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24117 + - https://oxnan.com/posts/WifiBasic_wepauth_5g_DoS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33217-CANDIDATE - cve_id: CVE-2026-33217 - name: Candidate detection for CVE-2026-33217 - severity: high - cvss: 7.1 + id: CVE-2023-24118-CANDIDATE + cve_id: CVE-2023-24118 + name: Candidate detection for CVE-2023-24118 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: NATS-Server is a High-Performance server for NATS.io, a cloud and edge - native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs - on message subjects, these ACLs were not applied in the `$MQTT.>` namespace, allowing - MQTT clients to bypass ACL checks for MQTT subjects. Versions 2.11.15 and 2.12.6 - contain a fix. No known workarounds are available. + description: Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to + contain a stack overflow via the security parameter at /goform/WifiBasicSet. detection: payload: null verify: null @@ -21556,31 +17977,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33217 - - https://advisories.nats.io/CVE/secnote-2026-07.txt - - https://github.com/nats-io/nats-server/security/advisories/GHSA-jxxm-27vp-c3m5 - - https://access.redhat.com/errata/RHSA-2026:21769 - - https://access.redhat.com/errata/RHSA-2026:22347 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24118 + - https://oxnan.com/posts/WifiBasic_security_DoS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33218-CANDIDATE - cve_id: CVE-2026-33218 - name: Candidate detection for CVE-2026-33218 - severity: high - cvss: 7.5 + id: CVE-2023-24119-CANDIDATE + cve_id: CVE-2023-24119 + name: Candidate detection for CVE-2023-24119 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: NATS-Server is a High-Performance server for NATS.io, a cloud and edge - native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which - can connect to the leafnode port can crash the nats-server with a certain malformed - message pre-authentication. Versions 2.11.15 and 2.12.6 contain a fix. As a workaround, - disable leafnode support if not needed or restrict network connections to the - leafnode port, if plausible without compromising the service offered. + description: Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to + contain a stack overflow via the ssid parameter at /goform/WifiBasicSet. detection: payload: null verify: null @@ -21588,33 +18002,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33218 - - https://advisories.nats.io/CVE/secnote-2026-10.txt - - https://github.com/nats-io/nats-server/security/advisories/GHSA-vprv-35vv-q339 - - https://access.redhat.com/errata/RHSA-2026:21769 - - https://access.redhat.com/errata/RHSA-2026:22347 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24119 + - https://oxnan.com/posts/WifiBasic_wrlEn_5g_DoS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33219-CANDIDATE - cve_id: CVE-2026-33219 - name: Candidate detection for CVE-2026-33219 + id: CVE-2023-24120-CANDIDATE + cve_id: CVE-2023-24120 + name: Candidate detection for CVE-2023-24120 severity: medium - cvss: 5.3 + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: NATS-Server is a High-Performance server for NATS.io, a cloud and edge - native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client - which can connect to the WebSockets port can cause unbounded memory use in the - nats-server before authentication; this requires sending a corresponding amount - of data. This is a milder variant of CVE-2026-27571. That earlier issue was a - compression bomb, this vulnerability is not. Attacks against this new issue thus - require significant client bandwidth. Versions 2.11.15 and 2.12.6 contain a fix. - As a workaround, disable websockets if not required for project deployment. + description: Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to + contain a stack overflow via the wrlEn_5g parameter at /goform/WifiBasicSet. detection: payload: null verify: null @@ -21622,34 +18027,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33219 - - https://advisories.nats.io/CVE/secnote-2026-02.txt - - https://advisories.nats.io/CVE/secnote-2026-11.txt - - https://github.com/advisories/GHSA-qrvq-68c2-7grw - - https://github.com/nats-io/nats-server/security/advisories/GHSA-8r68-gvr4-jh7j + - https://nvd.nist.gov/vuln/detail/CVE-2023-24120 + - https://oxnan.com/posts/WifiBasic_wrlEn_5g_DoS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33247-CANDIDATE - cve_id: CVE-2026-33247 - name: Candidate detection for CVE-2026-33247 - severity: high - cvss: 7.4 + id: CVE-2023-24121-CANDIDATE + cve_id: CVE-2023-24121 + name: Candidate detection for CVE-2023-24121 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: NATS-Server is a High-Performance server for NATS.io, a cloud and edge - native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server - is run with static credentials for all clients provided via argv (the command-line), - then those credentials are visible to any user who can see the monitoring port, - if that too is enabled. The `/debug/vars` end-point contains an unredacted copy - of argv. Versions 2.11.15 and 2.12.6 contain a fix. As a workaround, configure - credentials inside a configuration file instead of via argv, and do not enable - the monitoring port if using secrets in argv. Best practice remains to not expose - the monitoring port to the Internet, or to untrusted network sources. + description: Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to + contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet. detection: payload: null verify: null @@ -21657,33 +18052,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33247 - - https://advisories.nats.io/CVE/secnote-2026-14.txt - - https://github.com/nats-io/nats-server/security/advisories/GHSA-x6g4-f6q3-fqvv - - https://access.redhat.com/errata/RHSA-2026:21769 - - https://access.redhat.com/errata/RHSA-2026:22347 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24121 + - https://oxnan.com/posts/WifiBasic_security_5g_DoS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32748-CANDIDATE - cve_id: CVE-2026-32748 - name: Candidate detection for CVE-2026-32748 - severity: high - cvss: 7.5 + id: CVE-2023-24122-CANDIDATE + cve_id: CVE-2023-24122 + name: Candidate detection for CVE-2023-24122 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Squid is a caching proxy for the Web. Prior to version 7.5, due to - premature release of resource during expected lifetime and heap Use-After-Free - bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This - problem allows a remote attacker to perform a reliable and repeatable Denial of - Service attack against the Squid service using ICP protocol. This attack is limited - to Squid deployments that explicitly enable ICP support (i.e. configure non-zero - `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` - rules. This bug is fixed in Squid version 7.5. + description: Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to + contain a stack overflow via the ssid_5g parameter at /goform/WifiBasicSet. detection: payload: null verify: null @@ -21691,32 +18077,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32748 - - https://github.com/squid-cache/squid/commit/703e07d25ca6fa11f52d20bf0bb879e22ab7481b - - https://github.com/squid-cache/squid/security/advisories/GHSA-f9p7-3jqg-hhvq - - https://access.redhat.com/errata/RHSA-2026:10255 - - https://access.redhat.com/errata/RHSA-2026:10256 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24122 + - https://oxnan.com/posts/WifiBasic_ssid_5g_DoS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33526-CANDIDATE - cve_id: CVE-2026-33526 - name: Candidate detection for CVE-2026-33526 - severity: high - cvss: 7.5 + id: CVE-2023-24123-CANDIDATE + cve_id: CVE-2023-24123 + name: Candidate detection for CVE-2023-24123 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Squid is a caching proxy for the Web. Prior to version 7.5, due to - heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP - traffic. This problem allows a remote attacker to perform a reliable and repeatable - Denial of Service attack against the Squid service using ICP protocol. This attack - is limited to Squid deployments that explicitly enable ICP support (i.e. configure - non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries - using `icp_access` rules. Version 7.5 contains a patch. + description: Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to + contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet. detection: payload: null verify: null @@ -21724,32 +18102,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33526 - - https://github.com/squid-cache/squid/commit/8a7d42f9d44befb8fcbbb619505587c8de6a1e91 - - https://github.com/squid-cache/squid/security/advisories/GHSA-hpfx-h48q-gvwg - - https://access.redhat.com/errata/RHSA-2026:10255 - - https://access.redhat.com/errata/RHSA-2026:10256 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24123 + - https://oxnan.com/posts/WifiBasic_wepauth_DoS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4874-CANDIDATE - cve_id: CVE-2026-4874 - name: Candidate detection for CVE-2026-4874 - severity: low - cvss: 3.1 + id: CVE-2023-24124-CANDIDATE + cve_id: CVE-2023-24124 + name: Candidate detection for CVE-2023-24124 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A flaw was found in Keycloak. An authenticated attacker can perform\ - \ Server-Side Request Forgery (SSRF) by manipulating the `client_session_host`\ - \ parameter during refresh token requests. This occurs when a Keycloak client\ - \ is configured to use the `backchannel.logout.url` with the `application.session.host`\ - \ placeholder. Successful exploitation allows the attacker to make HTTP requests\ - \ from the Keycloak server\u2019s network context, potentially probing internal\ - \ networks or internal APIs, leading to information disclosure." + description: Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to + contain a stack overflow via the wrlEn parameter at /goform/WifiBasicSet. detection: payload: null verify: null @@ -21757,32 +18127,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4874 - - https://access.redhat.com/errata/RHSA-2026:25097 - - https://access.redhat.com/errata/RHSA-2026:25098 - - https://access.redhat.com/errata/RHSA-2026:30049 - - https://access.redhat.com/errata/RHSA-2026:30050 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24124 + - https://oxnan.com/posts/WifiBasic_wrlEn_DoS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-1961-CANDIDATE - cve_id: CVE-2026-1961 - name: Candidate detection for CVE-2026-1961 - severity: high - cvss: 8.0 + id: CVE-2023-24125-CANDIDATE + cve_id: CVE-2023-24125 + name: Candidate detection for CVE-2023-24125 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Foreman. A remote attacker could exploit a command - injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability - arises from the system's use of unsanitized hostname values from compute resource - providers when constructing shell commands. By operating a malicious compute resource - server, an attacker could achieve remote code execution on the Foreman server - when a user accesses VM VNC console functionality. This could lead to the compromise - of sensitive credentials and the entire managed infrastructure. + description: Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to + contain a stack overflow via the wepkey2_5g parameter at /goform/WifiBasicSet. detection: payload: null verify: null @@ -21790,34 +18152,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1961 - - https://access.redhat.com/errata/RHSA-2026:5968 - - https://access.redhat.com/errata/RHSA-2026:5970 - - https://access.redhat.com/errata/RHSA-2026:5971 - - https://access.redhat.com/security/cve/CVE-2026-1961 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24125 + - https://oxnan.com/posts/WifiBasic_wepkey2_5g_DoS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33487-CANDIDATE - cve_id: CVE-2026-33487 - name: Candidate detection for CVE-2026-33487 - severity: high - cvss: 7.5 + id: CVE-2023-24126-CANDIDATE + cve_id: CVE-2023-24126 + name: Candidate detection for CVE-2023-24126 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: goxmlsig provides XML Digital Signatures implemented in Go. Prior to - version 1.6.0, the `validateSignature` function in `validate.go` goes through - the references in the `SignedInfo` block to find one that matches the signed element's - ID. In Go versions before 1.22, or when `go.mod` uses an older version, there - is a loop variable capture issue. The code takes the address of the loop variable - `_ref` instead of its value. As a result, if more than one reference matches the - ID or if the loop logic is incorrect, the `ref` pointer will always end up pointing - to the last element in the `SignedInfo.References` slice after the loop. goxmlsig - version 1.6.0 contains a patch. + description: Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to + contain a stack overflow via the wepkey4_5g parameter at /goform/WifiBasicSet. detection: payload: null verify: null @@ -21825,44 +18177,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33487 - - https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc - - https://access.redhat.com/errata/RHSA-2026:13548 - - https://access.redhat.com/errata/RHSA-2026:20943 - - https://access.redhat.com/errata/RHSA-2026:20946 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24126 + - https://oxnan.com/posts/WifiBasic_wepkey4_5g_DoS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4926-CANDIDATE - cve_id: CVE-2026-4926 - name: Candidate detection for CVE-2026-4926 - severity: high - cvss: 7.5 + id: CVE-2023-24127-CANDIDATE + cve_id: CVE-2023-24127 + name: Candidate detection for CVE-2023-24127 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Impact: - - - A bad regular expression is generated any time you have multiple sequential optional - groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows - exponentially with the number of groups, causing denial of service. - - - Patches: - - - Fixed in version 8.4.0. - - - Workarounds: - - - Limit the number of sequential optional groups in route patterns. Avoid passing - user-controlled input as route patterns.' + description: Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to + contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet. detection: payload: null verify: null @@ -21870,28 +18202,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4926 - - https://cna.openjsf.org/security-advisories.html - - https://access.redhat.com/errata/RHSA-2026:10153 - - https://access.redhat.com/errata/RHSA-2026:10172 - - https://access.redhat.com/errata/RHSA-2026:10175 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24127 + - https://oxnan.com/posts/WifiBasic_wepkey1_DoS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32285-CANDIDATE - cve_id: CVE-2026-32285 - name: Candidate detection for CVE-2026-32285 - severity: high - cvss: 7.5 + id: CVE-2022-46501-CANDIDATE + cve_id: CVE-2022-46501 + name: Candidate detection for CVE-2022-46501 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The Delete function fails to properly validate offsets when processing - malformed JSON input. This can lead to a negative slice index and a runtime panic, - allowing a denial of service attack. + description: Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered + to contain a SQL injection vulnerability via the E-Mail to Work Order function. detection: payload: null verify: null @@ -21899,28 +18227,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32285 - - https://github.com/buger/jsonparser/issues/275 - - https://github.com/golang/vulndb/issues/4514 - - https://pkg.go.dev/vuln/GO-2026-4514 - - https://access.redhat.com/errata/RHSA-2026:13548 + - https://nvd.nist.gov/vuln/detail/CVE-2022-46501 + - https://maintenanceconnection.ca/zero-day-flaw-in-accruent-software/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32286-CANDIDATE - cve_id: CVE-2026-32286 - name: Candidate detection for CVE-2026-32286 - severity: high - cvss: 7.5 + id: CVE-2022-45551-CANDIDATE + cve_id: CVE-2022-45551 + name: Candidate detection for CVE-2022-45551 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The DataRow.Decode function fails to properly validate field lengths. - A malicious or compromised PostgreSQL server can send a DataRow message with a - negative field length, causing a slice bounds out of range panic. + description: An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router + v 21.06.18 allows attackers to escalate privileges via WGET command to the Network + Diagnosis endpoint. detection: payload: null verify: null @@ -21928,31 +18253,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32286 - - https://github.com/advisories/GHSA-jqcq-xjh3-6g23 - - https://github.com/golang/vulndb/issues/4518 - - https://github.com/jackc/pgx/issues/2507 - - https://pkg.go.dev/vuln/GO-2026-4518 + - https://nvd.nist.gov/vuln/detail/CVE-2022-45551 + - https://blog.prodefense.io/zbt-we1626-wireless-router-cve-disclosures-b3534484d97d generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27893-CANDIDATE - cve_id: CVE-2026-27893 - name: Candidate detection for CVE-2026-27893 + id: CVE-2022-45552-CANDIDATE + cve_id: CVE-2022-45552 + name: Candidate detection for CVE-2022-45552 severity: high - cvss: 8.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: vLLM is an inference and serving engine for large language models (LLMs). - Starting in version 0.10.1 and prior to version 0.18.0, two model implementation - files hardcode `trust_remote_code=True` when loading sub-components, bypassing - the user's explicit `--trust-remote-code=False` security opt-out. This enables - remote code execution via malicious model repositories even when the user has - explicitly disabled remote code trust. Version 0.18.0 patches the issue. + description: An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics + ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information + via SPI bus interface connected to pinout of the NAND flash memory. detection: payload: null verify: null @@ -21960,18 +18279,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27893 - - https://github.com/vllm-project/vllm/commit/00bd08edeee5dd4d4c13277c0114a464011acf72 - - https://github.com/vllm-project/vllm/pull/36192 - - https://github.com/vllm-project/vllm/security/advisories/GHSA-7972-pg2x-xr59 - - https://access.redhat.com/errata/RHSA-2026:10140 + - https://nvd.nist.gov/vuln/detail/CVE-2022-45552 + - https://blog.prodefense.io/zbt-we1626-wireless-router-cve-disclosures-b3534484d97d generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33701-CANDIDATE - cve_id: CVE-2026-33701 - name: Candidate detection for CVE-2026-33701 + id: CVE-2022-45553-CANDIDATE + cve_id: CVE-2022-45553 + name: Candidate detection for CVE-2022-45553 severity: critical cvss: 9.8 risk_level: unknown @@ -21979,21 +18295,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: "OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation\ - \ and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI\ - \ instrumentation registered a custom endpoint that deserialized incoming data\ - \ without applying serialization filters. On JDK version 16 and earlier, an attacker\ - \ with network access to a JMX or RMI port on an instrumented JVM could exploit\ - \ this to potentially achieve remote code execution.\_All three of the following\ - \ conditions must be true to exploit this vulnerability: First, OpenTelemetry\ - \ Java instrumentation is attached as a Java agent (`-javaagent`) on Java 16 or\ - \ earlier. Second, JMX/RMI port has been explicitly configured via `-Dcom.sun.management.jmxremote.port`\ - \ and is network-reachable. Third, gadget-chain-compatible library is present\ - \ on the classpath. This results in arbitrary remote code execution with the privileges\ - \ of the user running the instrumented JVM. For JDK >= 17, no action is required,\ - \ but upgrading is strongly encouraged. For JDK < 17, upgrade to version 2.26.1\ - \ or later. As a workaround, set the system property `-Dotel.instrumentation.rmi.enabled=false`\ - \ to disable the RMI integration." + description: An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router + v 21.06.18 allows attacker to execute arbitrary commands via serial connection + to the UART port. detection: payload: null verify: null @@ -22001,30 +18305,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33701 - - https://github.com/open-telemetry/opentelemetry-java-instrumentation/commit/9cf4fbaaa9e79226142b2ed42a6f6b4ac0be2197 - - https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/tag/v2.26.1 - - https://github.com/open-telemetry/opentelemetry-java-instrumentation/security/advisories/GHSA-xw7x-h9fj-p2c7 - - https://access.redhat.com/security/cve/CVE-2026-33701 + - https://nvd.nist.gov/vuln/detail/CVE-2022-45553 + - https://blog.prodefense.io/zbt-we1626-wireless-router-cve-disclosures-b3534484d97d generated_from: - nvd - status: candidate executable: false - id: CVE-2025-59032-CANDIDATE - cve_id: CVE-2025-59032 - name: Candidate detection for CVE-2025-59032 - severity: high - cvss: 7.5 + id: CVE-2021-35377-CANDIDATE + cve_id: CVE-2021-35377 + name: Candidate detection for CVE-2021-35377 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: ManageSieve AUTHENTICATE command crashes when using literal as SASL - initial response. This can be used to crash ManageSieve service repeatedly, making - it unavailable for other users. Control access to ManageSieve port, or disable - the service if it's not needed. Alternatively upgrade to a fixed version. No publicly - available exploits are known. + description: Cross Site Scripting vulnerability found in VICIdial v2.14-610c and + v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, + agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters. detection: payload: null verify: null @@ -22032,29 +18331,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-59032 - - https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json - - https://access.redhat.com/errata/RHSA-2026:13498 - - https://access.redhat.com/errata/RHSA-2026:13830 - - https://access.redhat.com/errata/RHSA-2026:13857 + - https://nvd.nist.gov/vuln/detail/CVE-2021-35377 + - https://www.vicidial.org/VICIDIALforum/viewtopic.php?f=2&t=41634 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24031-CANDIDATE - cve_id: CVE-2026-24031 - name: Candidate detection for CVE-2026-24031 - severity: high - cvss: 7.7 + id: CVE-2022-42248-CANDIDATE + cve_id: CVE-2022-42248 + name: Candidate detection for CVE-2022-42248 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Dovecot SQL based authentication can be bypassed when auth_username_chars - is cleared by admin. This vulnerability allows bypassing authentication for any - user and user enumeration. Do not clear auth_username_chars. If this is not possible, - install latest fixed version. No publicly available exploits are known. + description: QlikView 12.60.2 was discovered to contain a stored cross-site scripting + (XSS) vulnerability in the QvsViewClient functionality. detection: payload: null verify: null @@ -22062,30 +18356,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24031 - - https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json - - https://access.redhat.com/security/cve/CVE-2026-24031 - - https://bugzilla.redhat.com/show_bug.cgi?id=2452181 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24031.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-42248 + - https://github.com/Ozozuz/Qlik-View-Stored-XSS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27856-CANDIDATE - cve_id: CVE-2026-27856 - name: Candidate detection for CVE-2026-27856 - severity: high - cvss: 7.4 + id: CVE-2023-24282-CANDIDATE + cve_id: CVE-2023-24282 + name: Candidate detection for CVE-2023-24282 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Doveadm credentials are verified using direct comparison which is susceptible - to timing oracle attack. An attacker can use this to determine the configured - credentials. Figuring out the credential will lead into full access to the affected - component. Limit access to the doveadm http service port, install fixed version. - No publicly available exploits are known. + description: An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 + allows attackers to execute arbitrary code via a crafted ringtone file. detection: payload: null verify: null @@ -22093,35 +18381,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27856 - - https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json - - https://access.redhat.com/errata/RHSA-2026:26564 - - https://access.redhat.com/security/cve/CVE-2026-27856 - - https://bugzilla.redhat.com/show_bug.cgi?id=2452171 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24282 + - https://www.cryptnetix.com/blog/2023/01/19/Polycom-Trio-Vulnerability-Disclosure.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27857-CANDIDATE - cve_id: CVE-2026-27857 - name: Candidate detection for CVE-2026-27857 + id: CVE-2022-48111-CANDIDATE + cve_id: CVE-2022-48111 + name: Candidate detection for CVE-2022-48111 severity: medium - cvss: 4.3 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Sending "NOOP (((...)))" command with 4000 parenthesis open+close results - in ~1MB extra memory usage. Longer commands will result in client disconnection. - This 1 MB can be left allocated for longer time periods by not sending the command - ending LF. So attacker could connect possibly from even a single IP and create - 1000 connections to allocate 1 GB of memory, which would likely result in reaching - VSZ limit and killing the process and its other proxied connections. Attacker - could connect possibly from even a single IP and create 1000 connections to allocate - 1 GB of memory, which would likely result in reaching VSZ limit and killing the - process and its other proxied connections. Install fixed version, there is no - other remediation. No publicly available exploits are known. + description: A cross-site scripting (XSS) vulnerability in the check_login function + of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute + arbitrary web scripts or HTML via a crafted payload injected into the f parameter. detection: payload: null verify: null @@ -22129,18 +18407,17 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27857 - - https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json - - https://access.redhat.com/errata/RHSA-2026:13498 - - https://access.redhat.com/errata/RHSA-2026:13830 - - https://access.redhat.com/errata/RHSA-2026:13857 + - https://nvd.nist.gov/vuln/detail/CVE-2022-48111 + - https://devisions.github.io/blog/cve-2022-48111 + - https://labs.yarix.com/2023/02/siri-wi400-xss-on-login-page-cve-2022-48111/ + - https://labs.yarix.com/advisories/CVE-2022-48111/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27858-CANDIDATE - cve_id: CVE-2026-27858 - name: Candidate detection for CVE-2026-27858 + id: CVE-2023-27161-CANDIDATE + cve_id: CVE-2023-27161 + name: Candidate detection for CVE-2023-27161 severity: high cvss: 7.5 risk_level: unknown @@ -22148,11 +18425,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: "Attacker can send a specifically crafted message before authentication\ - \ that causes managesieve to allocate large amount of memory.\r\n Attacker can\ - \ force managesieve-login to be unavailable by repeatedly crashing the process.\ - \ Protect access to managesieve protocol, or install fixed version. No publicly\ - \ available exploits are known." + description: Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request + Forgery (SSRF) via the component /Repositories. This vulnerability allows attackers + to access network resources and sensitive information via a crafted POST request. detection: payload: null verify: null @@ -22160,34 +18435,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27858 - - https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json - - https://access.redhat.com/errata/RHSA-2026:13498 - - https://access.redhat.com/errata/RHSA-2026:13830 - - https://access.redhat.com/errata/RHSA-2026:13857 + - https://nvd.nist.gov/vuln/detail/CVE-2023-27161 + - https://gist.github.com/b33t1e/5c067e0538a0b712dc3d59bd4b9a5952 + - https://github.com/jellyfin/jellyfin + - https://notes.sjtu.edu.cn/s/yJ9lPk09a generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32695-CANDIDATE - cve_id: CVE-2026-32695 - name: Candidate detection for CVE-2026-32695 - severity: high - cvss: 7.7 + id: CVE-2023-27164-CANDIDATE + cve_id: CVE-2023-27164 + name: Candidate detection for CVE-2023-27164 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Traefik is an HTTP reverse proxy and load balancer. Prior to versions - 3.6.11 and 3.7.0-ea.2, Traefik's Knative provider builds router rules by interpolating - user-controlled values into backtick-delimited rule expressions without escaping. - In live cluster validation, Knative `rules[].hosts[]` was exploitable for host - restriction bypass (for example `tenant.example.com`) || Host(`attacker.com`), - producing a router that serves attacker-controlled hosts. Knative `headers[].exact` - also allows rule-syntax injection and proves unsafe rule construction. In multi-tenant - clusters, this can route unauthorized traffic to victim services and lead to cross-tenant - traffic exposure. Versions 3.6.11 and 3.7.0-ea.2 patch the issue. + description: An arbitrary file upload vulnerability in Halo up to v1.6.1 allows + attackers to execute arbitrary code via a crafted .md file. detection: payload: null verify: null @@ -22195,49 +18462,29 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32695 - - https://github.com/traefik/traefik/releases/tag/v3.6.11 - - https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.2 - - https://github.com/traefik/traefik/security/advisories/GHSA-67jx-r9pv-98rj - - https://access.redhat.com/errata/RHSA-2026:10175 + - https://nvd.nist.gov/vuln/detail/CVE-2023-27164 + - https://gist.github.com/b33t1e/a1a0d81b1173d0d00de8f4e7958dd867 + - https://github.com/halo-dev/halo + - https://notes.sjtu.edu.cn/s/s5oEvs-p5 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27876-CANDIDATE - cve_id: CVE-2026-27876 - name: Candidate detection for CVE-2026-27876 - severity: critical - cvss: 9.1 + id: CVE-2023-23326-CANDIDATE + cve_id: CVE-2023-23326 + name: Candidate detection for CVE-2023-23326 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'A chained attack via SQL Expressions and a Grafana Enterprise plugin - can lead to a remote arbitrary code execution impact (RCE). This is enabled by - a feature in Grafana (OSS), so all users are always recommended to update to avoid - future attack vectors going this path. - - - Only instances with the sqlExpressions feature toggle enabled are vulnerable. - - - Only instances in the following version ranges are affected: - - - - 11.6.0 (inclusive) to 11.6.14 (exclusive): 11.6.14 has the fix. 11.5 and below - are not affected. - - - 12.0.0 (inclusive) to 12.1.10 (exclusive): 12.1.10 has the fix. 12.0 did not - receive an update, as it is end-of-life. - - - 12.2.0 (inclusive) to 12.2.8 (exclusive): 12.2.8 has the fix. - - - 12.3.0 (inclusive) to 12.3.6 (exclusive): 12.3.6 has the fix. - - - 12.4.0 (inclusive) to 12.4.2 (exclusive): 12.4.2 has the fix. 13.0.0 and above - also have the fix: no v13 release is affected.' + description: A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX + 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into + their e-mail address which is executed when an administrator logs into AvantFAX + to view the admin dashboard. This may result in stealing an administrator's session + cookie and hijacking their session. detection: payload: null verify: null @@ -22245,32 +18492,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27876 - - https://grafana.com/security/security-advisories/cve-2026-27876 - - https://access.redhat.com/security/cve/CVE-2026-27876 - - https://bugzilla.redhat.com/show_bug.cgi?id=2452277 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27876.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-23326 + - https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27877-CANDIDATE - cve_id: CVE-2026-27877 - name: Candidate detection for CVE-2026-27877 + id: CVE-2023-23327-CANDIDATE + cve_id: CVE-2023-23327 + name: Candidate detection for CVE-2023-23327 severity: medium - cvss: 6.5 + cvss: 4.9 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'When using public dashboards and direct data-sources, all direct data-sources'' - passwords are exposed despite not being used in dashboards. - - - No passwords of proxied data-sources are exposed. We encourage all direct data-sources - to be converted to proxied data-sources as far as possible to improve your deployments'' - security.' + description: An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups + of the AvantFAX sent/received faxes, and database backups are stored using the + current date as the filename and hosted on the web server without access controls. detection: payload: null verify: null @@ -22278,27 +18518,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27877 - - https://grafana.com/security/security-advisories/cve-2026-27877 - - https://access.redhat.com/errata/RHSA-2026:10223 - - https://access.redhat.com/errata/RHSA-2026:10226 - - https://access.redhat.com/errata/RHSA-2026:11416 + - https://nvd.nist.gov/vuln/detail/CVE-2023-23327 + - https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27880-CANDIDATE - cve_id: CVE-2026-27880 - name: Candidate detection for CVE-2026-27880 + id: CVE-2023-23328-CANDIDATE + cve_id: CVE-2023-23328 + name: Candidate detection for CVE-2023-23328 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The OpenFeature feature toggle evaluation endpoint reads unbounded - values into memory, which can cause out-of-memory crashes. + description: A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated + user can bypass PHP file type validation in FileUpload.php by uploading a specially + crafted PHP file. detection: payload: null verify: null @@ -22306,32 +18544,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27880 - - https://grafana.com/security/security-advisories/cve-2026-27880 - - https://access.redhat.com/security/cve/CVE-2026-27880 - - https://bugzilla.redhat.com/show_bug.cgi?id=2452295 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27880.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-23328 + - https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33433-CANDIDATE - cve_id: CVE-2026-33433 - name: Candidate detection for CVE-2026-33433 + id: CVE-2023-26769-CANDIDATE + cve_id: CVE-2023-26769 + name: Candidate detection for CVE-2023-26769 severity: high - cvss: 8.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Traefik is an HTTP reverse proxy and load balancer. Prior to versions\ - \ 2.11.42, 3.6.11, and 3.7.0-ea.3, when `headerField` is configured with a non-canonical\ - \ HTTP header name (e.g., `x-auth-user` instead of `X-Auth-User`), an authenticated\ - \ attacker can inject their own canonical version of that header to impersonate\ - \ any identity to the backend. The backend receives two header entries \u2014\ - \ the attacker-injected canonical one is read first, overriding Traefik's non-canonical\ - \ write. Versions 2.11.42, 3.6.11, and 3.7.0-ea.3 patch the issue." + description: Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 + allows a remote attacker to cause a denial of service via the resolveSubtable + function at compileTranslationTabel.c. detection: payload: null verify: null @@ -22339,37 +18570,58 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33433 - - https://github.com/traefik/traefik/releases/tag/v2.11.42 - - https://github.com/traefik/traefik/releases/tag/v3.6.11 - - https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.3 - - https://github.com/traefik/traefik/security/advisories/GHSA-qr99-7898-vr7c + - https://nvd.nist.gov/vuln/detail/CVE-2023-26769 + - https://github.com/liblouis/liblouis + - https://github.com/liblouis/liblouis/pull/1300 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33757-CANDIDATE - cve_id: CVE-2026-33757 - name: Candidate detection for CVE-2026-33757 + id: CVE-2023-27249-CANDIDATE + cve_id: CVE-2023-27249 + name: Candidate detection for CVE-2023-27249 + severity: medium + cvss: 5.5 + risk_level: unknown + requires_confirmation: true + priority: + cisa_kev: false + exploitdb_reference: false + description: swfdump v0.9.2 was discovered to contain a heap buffer overflow in + the function swf_GetPlaceObject at swfobject.c. + detection: + payload: null + verify: null + review_required: Define a read-only matcher and classify execution risk before + promotion. + remediation: Apply the vendor remediation or patched version documented in the advisory. + references: + - https://nvd.nist.gov/vuln/detail/CVE-2023-27249 + - https://github.com/keepinggg/poc/blob/main/poc_of_swfdump/poc + - https://github.com/keepinggg/poc/tree/main/poc_of_swfdump + - https://github.com/matthiaskramm/swftools + - https://github.com/matthiaskramm/swftools/issues/197 + generated_from: + - nvd +- status: candidate + executable: false + id: CVE-2022-45597-CANDIDATE + cve_id: CVE-2022-45597 + name: Candidate detection for CVE-2022-45597 severity: critical - cvss: 9.6 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: OpenBao is an open source identity-based secrets management system. - Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging - in via JWT/OIDC and a role with `callback_mode` set to `direct`. This allows an - attacker to start an authentication request and perform "remote phishing" by having - the victim visit the URL and automatically log-in to the session of the attacker. - Despite being based on the authorization code flow, the `direct` mode calls back - directly to the API and allows an attacker to poll for an OpenBao token until - it is issued. Version 2.5.2 includes an additional confirmation screen for `direct` - type logins that requires manual user interaction in order to finish the authentication. - This issue can be worked around either by removing any roles with `callback_mode=direct` - or enforcing confirmation for every session on the token issuer side for the Client - ID used by OpenBao. + description: "ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE:\ + \ the vendor does not consider this a vulnerability because the report is only\ + \ about use of certificates at the application layer (not the transport layer)\ + \ and \"Certificates are exchanged in a controlled fashion between entities within\ + \ a trust relationship. This is why self-signed certificates may be used and why\ + \ validating certificates isn\u2019t as important as doing so for the transport\ + \ layer certificates.\"" detection: payload: null verify: null @@ -22377,33 +18629,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33757 - - https://datatracker.ietf.org/doc/html/rfc8628#section-5.4 - - https://github.com/openbao/openbao/commit/e32103951925723e9787e33886ab6b6ec20f4964 - - https://github.com/openbao/openbao/security/advisories/GHSA-7q7g-x6vg-xpc3 - - https://access.redhat.com/security/cve/CVE-2026-33757 + - https://nvd.nist.gov/vuln/detail/CVE-2022-45597 + - https://www.componentspace.com/documentation/saml-for-asp-net-core/ComponentSpace%20SAML%20for%20ASP.NET%20Core%20Release%20Notes.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33758-CANDIDATE - cve_id: CVE-2026-33758 - name: Candidate detection for CVE-2026-33758 + id: CVE-2022-41354-CANDIDATE + cve_id: CVE-2022-41354 + name: Candidate detection for CVE-2022-41354 severity: medium - cvss: 6.1 + cvss: 4.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: OpenBao is an open source identity-based secrets management system. - Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication - method enabled and a role with `callback_mode=direct` configured are vulnerable - to XSS via the `error_description` parameter on the page for a failed authentication. - This allows an attacker access to the token used in the Web UI by a victim. The - `error_description` parameter has been replaced with a static error message in - v2.5.2. The vulnerability can be mitigated by removing any roles with `callback_mode` - set to `direct`. + description: An access control issue in Argo CD v2.4.12 and below allows unauthenticated + attackers to enumerate existing applications. detection: payload: null verify: null @@ -22411,32 +18654,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33758 - - https://github.com/openbao/openbao/commit/6e2b2dd84f0e47cebc90d6e79609dd5274732662 - - https://github.com/openbao/openbao/pull/2709 - - https://github.com/openbao/openbao/releases/tag/v2.5.2 - - https://github.com/openbao/openbao/security/advisories/GHSA-cpj3-3r2f-xj59 + - https://nvd.nist.gov/vuln/detail/CVE-2022-41354 + - https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq + - https://github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md generated_from: - nvd - status: candidate executable: false - id: CVE-2025-15381-CANDIDATE - cve_id: CVE-2025-15381 - name: Candidate detection for CVE-2025-15381 + id: CVE-2023-24094-CANDIDATE + cve_id: CVE-2023-24094 + name: Candidate detection for CVE-2023-24094 severity: high - cvss: 7.1 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: In the latest version of mlflow/mlflow, when the `basic-auth` app is - enabled, tracing and assessment endpoints are not protected by permission validators. - This allows any authenticated user, including those with `NO_PERMISSIONS` on the - experiment, to read trace information and create assessments for traces they should - not have access to. This vulnerability impacts confidentiality by exposing trace - metadata and integrity by allowing unauthorized creation of assessments. Deployments - using `mlflow server --app-name=basic-auth` are affected. + description: An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows + attackers to cause a Denial of Service (DoS) via crafted packets. detection: payload: null verify: null @@ -22444,30 +18680,29 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-15381 - - https://huntr.com/bounties/149fb2f9-ef4b-4136-a25c-20563451904c - - https://access.redhat.com/security/cve/CVE-2025-15381 - - https://bugzilla.redhat.com/show_bug.cgi?id=2452341 - - https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15381.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-24094 + - https://github.com/ZYen12138/RouterOS/blob/main/CVE-2023-24094.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28367-CANDIDATE - cve_id: CVE-2026-28367 - name: Candidate detection for CVE-2026-28367 - severity: high - cvss: 8.7 + id: CVE-2023-25261-CANDIDATE + cve_id: CVE-2023-25261 + name: Candidate detection for CVE-2023-25261 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Undertow. A remote attacker can exploit this vulnerability - by sending `\r\r\r` as a header block terminator. This can be used for request - smuggling with certain proxy servers, such as older versions of Apache Traffic - Server and Google Cloud Classic Application Load Balancer, potentially leading - to unauthorized access or manipulation of web requests. + description: 'Certain Stimulsoft GmbH products are affected by: Remote Code Execution. + This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft Designer (Web) + 2023.1.3 and Stimulsoft Viewer (Web) 2023.1.3. Access to the local file system + is not prohibited in any way. Therefore, an attacker may include source code which + reads or writes local directories and files. It is also possible for the attacker + to prepare a report which has a variable that holds the gathered data and render + it in the report.' detection: payload: null verify: null @@ -22475,30 +18710,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28367 - - https://access.redhat.com/errata/RHSA-2026:25125 - - https://access.redhat.com/errata/RHSA-2026:25126 - - https://access.redhat.com/security/cve/CVE-2026-28367 - - https://bugzilla.redhat.com/show_bug.cgi?id=2443260 + - https://nvd.nist.gov/vuln/detail/CVE-2023-25261 + - https://cloud-trustit.spp.at/s/Rskwb3jKXQQsJy2 + - https://cves.at/posts/cve-2023-25261/writeup/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28368-CANDIDATE - cve_id: CVE-2026-28368 - name: Candidate detection for CVE-2026-28368 - severity: high - cvss: 8.7 + id: CVE-2023-25263-CANDIDATE + cve_id: CVE-2023-25263 + name: Candidate detection for CVE-2023-25263 + severity: medium + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Undertow. This vulnerability allows a remote attacker - to construct specially crafted requests where header names are parsed differently - by Undertow compared to upstream proxies. This discrepancy in header interpretation - can be exploited to launch request smuggling attacks, potentially bypassing security - controls and accessing unauthorized resources. + description: In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker + decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring + stored in .mrt files since a static secret is used. The secret does not differ + between the tested versions and different operating systems. detection: payload: null verify: null @@ -22506,18 +18738,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28368 - - https://access.redhat.com/errata/RHSA-2026:25125 - - https://access.redhat.com/errata/RHSA-2026:25126 - - https://access.redhat.com/security/cve/CVE-2026-28368 - - https://bugzilla.redhat.com/show_bug.cgi?id=2443261 + - https://nvd.nist.gov/vuln/detail/CVE-2023-25263 + - https://cloud-trustit.spp.at/s/Db8ZfNq2WYiNCHa + - https://cves.at/posts/cve-2023-25263/writeup/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33870-CANDIDATE - cve_id: CVE-2026-33870 - name: Candidate detection for CVE-2026-33870 + id: CVE-2023-25262-CANDIDATE + cve_id: CVE-2023-25262 + name: Candidate detection for CVE-2023-25262 severity: high cvss: 7.5 risk_level: unknown @@ -22525,10 +18755,13 @@ priority: cisa_kev: false exploitdb_reference: false - description: Netty is an asynchronous, event-driven network application framework. - In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses - quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling - request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fix the issue. + description: Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to + Server Side Request Forgery (SSRF). TThe Reporting Designer (Web) offers the possibility + to embed sources from external locations. If the user chooses an external location, + the request to that resource is performed by the server rather than the client. + Therefore, the server causes outbound traffic and potentially imports data. An + attacker may also leverage this behaviour to exfiltrate data of machines on the + internal network of the server hosting the Stimulsoft Reporting Designer (Web). detection: payload: null verify: null @@ -22536,18 +18769,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33870 - - https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8 - - https://w4ke.info/2025/06/18/funky-chunks.html - - https://w4ke.info/2025/10/29/funky-chunks-2.html - - https://www.rfc-editor.org/rfc/rfc9110 + - https://nvd.nist.gov/vuln/detail/CVE-2023-25262 + - https://cloud-trustit.spp.at/s/HjEksN86SfsMaJM + - https://cves.at/posts/cve-2023-25262/writeup/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33871-CANDIDATE - cve_id: CVE-2026-33871 - name: Candidate detection for CVE-2026-33871 + id: CVE-2023-25260-CANDIDATE + cve_id: CVE-2023-25260 + name: Candidate detection for CVE-2023-25260 severity: high cvss: 7.5 risk_level: unknown @@ -22555,14 +18786,7 @@ priority: cisa_kev: false exploitdb_reference: false - description: Netty is an asynchronous, event-driven network application framework. - In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger - a Denial of Service (DoS) against a Netty HTTP/2 server by sending a flood of - `CONTINUATION` frames. The server's lack of a limit on the number of `CONTINUATION` - frames, combined with a bypass of existing size-based mitigations using zero-byte - frames, allows an user to cause excessive CPU consumption with minimal bandwidth, - rendering the server unresponsive. Versions 4.1.132.Final and 4.2.10.Final fix - the issue. + description: Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion. detection: payload: null verify: null @@ -22570,32 +18794,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33871 - - https://github.com/netty/netty/security/advisories/GHSA-w9fj-cfpg-grvv - - https://access.redhat.com/errata/RHSA-2026:10175 - - https://access.redhat.com/errata/RHSA-2026:10184 - - https://access.redhat.com/errata/RHSA-2026:13571 + - https://nvd.nist.gov/vuln/detail/CVE-2023-25260 + - https://cloud-trustit.spp.at/s/K9ZXWzEmftaxa3C + - https://cves.at/posts/cve-2023-25260/writeup/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33891-CANDIDATE - cve_id: CVE-2026-33891 - name: Candidate detection for CVE-2026-33891 - severity: high - cvss: 7.5 + id: CVE-2023-27167-CANDIDATE + cve_id: CVE-2023-27167 + name: Candidate detection for CVE-2023-27167 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: Forge (also called `node-forge`) is a native implementation of Transport - Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) - vulnerability exists in the node-forge library due to an infinite loop in the - BigInteger.modInverse() function (inherited from the bundled jsbn library). When - modInverse() is called with a zero value as input, the internal Extended Euclidean - Algorithm enters an unreachable exit condition, causing the process to hang indefinitely - and consume 100% CPU. Version 1.4.0 patches the issue. + exploitdb_reference: true + description: Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection + vulnerability via the values parameter at /users/absence?search_month=1. detection: payload: null verify: null @@ -22603,18 +18820,19 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33891 - - https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023 - - https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx - - https://access.redhat.com/errata/RHSA-2026:13826 - - https://access.redhat.com/errata/RHSA-2026:24761 + - https://nvd.nist.gov/vuln/detail/CVE-2023-27167 + - https://biostar2.ciklum.net/api/users/absence?search_month=1 + - https://packetstormsecurity.com/files/171523/Suprema-BioStar-2-2.8.16-SQL-Injection.html + - https://protey.net/threads/cve-2023-27167-suprema-biostar-2-v2-8-16-sql-injection.995/ + - https://www.linkedin.com/in/yuriy-tsarenko-a1453aa4/ generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2026-33894-CANDIDATE - cve_id: CVE-2026-33894 - name: Candidate detection for CVE-2026-33894 + id: CVE-2023-27159-CANDIDATE + cve_id: CVE-2023-27159 + name: Candidate detection for CVE-2023-27159 severity: high cvss: 7.5 risk_level: unknown @@ -22622,16 +18840,10 @@ priority: cisa_kev: false exploitdb_reference: false - description: "Forge (also called `node-forge`) is a native implementation of Transport\ - \ Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature\ - \ verification accepts forged signatures for low public exponent keys (e=3). Attackers\ - \ can forge signatures by stuffing \u201Cgarbage\u201D bytes within the ASN structure\ - \ in order to construct a signature that passes verification, enabling Bleichenbacher\ - \ style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an\ - \ addition field within the ASN structure, rather than outside of it. Additionally,\ - \ forge does not validate that signatures include a minimum of 8 bytes of padding\ - \ as defined by the specification, providing attackers additional space to construct\ - \ Bleichenbacher forgeries. Version 1.4.0 patches the issue." + description: Appwrite up to v1.2.1 was discovered to contain a Server-Side Request + Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows + attackers to access network resources and sensitive information via a crafted + GET request. detection: payload: null verify: null @@ -22639,35 +18851,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33894 - - https://datatracker.ietf.org/doc/html/rfc2313#section-8 - - https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp - - https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE - - https://www.rfc-editor.org/rfc/rfc8017.html + - https://nvd.nist.gov/vuln/detail/CVE-2023-27159 + - https://gist.github.com/b33t1e/43b26c31e895baf7e7aea2dbf9743a9a + - https://gist.github.com/b33t1e/e9e8192317c111e7897e04d2f9bf5fdb + - https://github.com/appwrite/appwrite + - https://notes.sjtu.edu.cn/gMNlpByZSDiwrl9uZyHTKA generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33895-CANDIDATE - cve_id: CVE-2026-33895 - name: Candidate detection for CVE-2026-33895 + id: CVE-2023-27160-CANDIDATE + cve_id: CVE-2023-27160 + name: Candidate detection for CVE-2023-27160 severity: high - cvss: 7.5 + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Forge (also called `node-forge`) is a native implementation of Transport - Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification - accepts forged non-canonical signatures where the scalar S is not reduced modulo - the group order (`S >= L`). A valid signature and its `S + L` variant both verify - in forge, while Node.js `crypto.verify` (OpenSSL-backed) rejects the `S + L` variant, - as defined by the specification. This class of signature malleability has been - exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, - CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by - signature bytes, replay tracking, signed-object canonicalization checks) may be - bypassed. Version 1.4.0 patches the issue. + description: forem up to v2022.11.11 was discovered to contain a Server-Side Request + Forgery (SSRF) via the component /articles/{id}. This vulnerability allows attackers + to access network resources and sensitive information via a crafted POST request. detection: payload: null verify: null @@ -22675,31 +18880,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33895 - - https://datatracker.ietf.org/doc/html/rfc8032#section-8.4 - - https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85 - - https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw - - https://access.redhat.com/errata/RHSA-2026:13826 + - https://nvd.nist.gov/vuln/detail/CVE-2023-27160 + - https://gist.github.com/b33t1e/6172286862a4486b5888f3cbbdc6316d + - https://github.com/forem/forem + - https://notes.sjtu.edu.cn/s/MUUhEymt7 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33896-CANDIDATE - cve_id: CVE-2026-33896 - name: Candidate detection for CVE-2026-33896 - severity: high - cvss: 7.4 + id: CVE-2023-27162-CANDIDATE + cve_id: CVE-2023-27162 + name: Candidate detection for CVE-2023-27162 + severity: critical + cvss: 9.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Forge (also called `node-forge`) is a native implementation of Transport - Layer Security in JavaScript. Prior to version 1.4.0, `pki.verifyCertificateChain()` - does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate - lacks both the `basicConstraints` and `keyUsage` extensions. This allows any leaf - certificate (without these extensions) to act as a CA and sign other certificates, - which node-forge will accept as valid. Version 1.4.0 patches the issue. + description: openapi-generator up to v6.4.0 was discovered to contain a Server-Side + Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability + allows attackers to access network resources and sensitive information via a crafted + API request. detection: payload: null verify: null @@ -22707,36 +18909,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33896 - - https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90 - - https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25 - - https://access.redhat.com/errata/RHSA-2026:13826 - - https://access.redhat.com/errata/RHSA-2026:24761 + - https://nvd.nist.gov/vuln/detail/CVE-2023-27162 + - https://gist.github.com/b33t1e/6121210ebd9efd4f693c73b830d8ab08 + - https://github.com/OpenAPITools/openapi-generator + - https://notes.sjtu.edu.cn/s/2_yki_2Xq generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33937-CANDIDATE - cve_id: CVE-2026-33937 - name: Candidate detection for CVE-2026-33937 - severity: critical - cvss: 9.8 + id: CVE-2023-27163-CANDIDATE + cve_id: CVE-2023-27163 + name: Candidate detection for CVE-2023-27163 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Handlebars provides the power necessary to let users build semantic - templates. In versions 4.0.0 through 4.7.8, `Handlebars.compile()` accepts a pre-parsed - AST object in addition to a template string. The `value` field of a `NumberLiteral` - AST node is emitted directly into the generated JavaScript without quoting or - sanitization. An attacker who can supply a crafted AST to `compile()` can therefore - inject and execute arbitrary JavaScript, leading to Remote Code Execution on the - server. Version 4.7.9 fixes the issue. Some workarounds are available. Validate - input type before calling `Handlebars.compile()`; ensure the argument is always - a `string`, never a plain object or JSON-deserialized value. Use the Handlebars - runtime-only build (`handlebars/runtime`) on the server if templates are pre-compiled - at build time; `compile()` will be unavailable. + description: request-baskets up to v1.2.1 was discovered to contain a Server-Side + Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability + allows attackers to access network resources and sensitive information via a crafted + API request. detection: payload: null verify: null @@ -22744,38 +18938,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33937 - - https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2 - - https://github.com/handlebars-lang/handlebars.js/releases/tag/v4.7.9 - - https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q - - https://access.redhat.com/errata/RHSA-2026:10175 + - https://nvd.nist.gov/vuln/detail/CVE-2023-27163 + - https://gist.github.com/b33t1e/3079c10c88cad379fb166c389ce3b7b3 + - https://github.com/darklynx/request-baskets + - https://notes.sjtu.edu.cn/s/MUUhEymt7 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33938-CANDIDATE - cve_id: CVE-2026-33938 - name: Candidate detection for CVE-2026-33938 - severity: high - cvss: 8.1 + id: CVE-2020-29312-CANDIDATE + cve_id: CVE-2020-29312 + name: Candidate detection for CVE-2020-29312 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Handlebars provides the power necessary to let users build semantic - templates. In versions 4.0.0 through 4.7.8, the `@partial-block` special variable - is stored in the template data context and is reachable and mutable from within - a template via helpers that accept arbitrary objects. When a helper overwrites - `@partial-block` with a crafted Handlebars AST, a subsequent invocation of `{{> - @partial-block}}` compiles and executes that AST, enabling arbitrary JavaScript - execution on the server. Version 4.7.9 fixes the issue. Some workarounds are available. - First, use the runtime-only build (`require('handlebars/runtime')`). The `compile()` - method is absent, eliminating the vulnerable fallback path. Second, audit registered - helpers for any that write arbitrary values to context objects. Helpers should - treat context data as read-only. Third, avoid registering helpers from third-party - packages (such as `handlebars-helpers`) in contexts where templates or context - data can be influenced by untrusted input. + description: 'An issue found in Zend Framework v.3.1.3 and before allow a remote + attacker to execute arbitrary code via the unserialize function. Note: This has + been disputed by third parties as incomplete and incorrect. The framework does + not have a version that surpasses 2.x.x and was deprecated in early 2020.' detection: payload: null verify: null @@ -22783,38 +18967,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33938 - - https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2 - - https://github.com/handlebars-lang/handlebars.js/releases/tag/v4.7.9 - - https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r - - https://access.redhat.com/errata/RHSA-2026:10175 + - https://nvd.nist.gov/vuln/detail/CVE-2020-29312 + - https://cowtransfer.com/s/f9684f004d7149 + - https://github.com/zendframework/zendframework generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33939-CANDIDATE - cve_id: CVE-2026-33939 - name: Candidate detection for CVE-2026-33939 - severity: high - cvss: 7.5 + id: CVE-2021-28235-CANDIDATE + cve_id: CVE-2021-28235 + name: Candidate detection for CVE-2021-28235 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Handlebars provides the power necessary to let users build semantic - templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains - decorator syntax referencing an unregistered decorator (e.g. `{{*n}}`), the compiled - template calls `lookupProperty(decorators, "n")`, which returns `undefined`. The - runtime then immediately invokes the result as a function, causing an unhandled - `TypeError: ... is not a function` that crashes the Node.js process. Any application - that compiles user-supplied templates without wrapping the call in a `try/catch` - is vulnerable to a single-request Denial of Service. Version 4.7.9 fixes the issue. - Some workarounds are available. Wrap compilation and rendering in `try/catch`. - Validate template input before passing it to `compile()`; reject templates containing decorator - syntax (`{{*...}}`) if decorators are not used in your application. Use the pre-compilation - workflow; compile templates at build time and serve only pre-compiled templates; - do not call `compile()` at request time.' + description: Authentication vulnerability found in Etcd-io v.3.4.10 allows remote + attackers to escalate privileges via the debug function. detection: payload: null verify: null @@ -22822,39 +18993,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33939 - - https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2 - - https://github.com/handlebars-lang/handlebars.js/releases/tag/v4.7.9 - - https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff - - https://access.redhat.com/errata/RHSA-2026:10175 + - https://nvd.nist.gov/vuln/detail/CVE-2021-28235 + - https://github.com/etcd-io/etcd + - https://github.com/etcd-io/etcd/pull/15648 + - https://github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj.png + - https://github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj_2.png generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33940-CANDIDATE - cve_id: CVE-2026-33940 - name: Candidate detection for CVE-2026-33940 - severity: high - cvss: 8.1 + id: CVE-2023-22985-CANDIDATE + cve_id: CVE-2023-22985 + name: Candidate detection for CVE-2023-22985 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Handlebars provides the power necessary to let users build semantic - templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template - context can bypass all conditional guards in `resolvePartial()` and cause `invokePartial()` - to return `undefined`. The Handlebars runtime then treats the unresolved partial - as a source that needs to be compiled, passing the crafted object to `env.compile()`. - Because the object is a valid Handlebars AST containing injected code, the generated - JavaScript executes arbitrary commands on the server. The attack requires the - adversary to control a value that can be returned by a dynamic partial lookup. - Version 4.7.9 fixes the issue. Some workarounds are available. First, use the - runtime-only build (`require(''handlebars/runtime'')`). Without `compile()`, the - fallback compilation path in `invokePartial` is unreachable. Second, sanitize - context data before rendering: Ensure no value in the context is a non-primitive object - that could be passed to a dynamic partial. Third, avoid dynamic partial lookups - (`{{> (lookup ...)}}`) when context data is user-controlled.' + description: Sourcecodester Simple Guestbook Management System version 1 is vulnerable + to Cross Site Scripting (XSS) via Name, Referrer, Location, and Comments. detection: payload: null verify: null @@ -22862,40 +19021,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33940 - - https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2 - - https://github.com/handlebars-lang/handlebars.js/releases/tag/v4.7.9 - - https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6 - - https://access.redhat.com/errata/RHSA-2026:10175 + - https://nvd.nist.gov/vuln/detail/CVE-2023-22985 + - https://medium.com/@ivirajjadhav/cve-2023-22985-8869852685b + - https://medium.com/%40ivirajjadhav/cve-2023-22985-8869852685b generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33941-CANDIDATE - cve_id: CVE-2026-33941 - name: Candidate detection for CVE-2026-33941 - severity: high - cvss: 8.2 + id: CVE-2022-43309-CANDIDATE + cve_id: CVE-2022-43309 + name: Candidate detection for CVE-2022-43309 + severity: medium + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Handlebars provides the power necessary to let users build semantic\ - \ templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler (`bin/handlebars`\ - \ / `lib/precompiler.js`) concatenates user-controlled strings \u2014 template\ - \ file names and several CLI options \u2014 directly into the JavaScript it emits,\ - \ without any escaping or sanitization. An attacker who can influence template\ - \ filenames or CLI arguments can inject arbitrary JavaScript that executes when\ - \ the generated bundle is loaded in Node.js or a browser. Version 4.7.9 fixes\ - \ the issue. Some workarounds are available. First, validate all CLI inputs before\ - \ invoking the precompiler. Reject filenames and option values that contain characters\ - \ with JavaScript string-escaping significance (`\"`, `'`, `;`, etc.). Second,\ - \ use a fixed, trusted namespace string passed via a configuration file rather\ - \ than command-line arguments in automated pipelines. Third, run the precompiler\ - \ in a sandboxed environment (container with no write access to sensitive paths)\ - \ to limit the impact of successful exploitation. Fourth, audit template filenames\ - \ in any repository or package that is consumed by an automated build pipeline." + description: Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered + to contain insecure permissions. detection: payload: null verify: null @@ -22903,33 +19047,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33941 - - https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2 - - https://github.com/handlebars-lang/handlebars.js/releases/tag/v4.7.9 - - https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf - - https://access.redhat.com/errata/RHSA-2026:10175 + - https://nvd.nist.gov/vuln/detail/CVE-2022-43309 + - https://www.supermicro.com/en/support/security_VRM_Jan_2023 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33943-CANDIDATE - cve_id: CVE-2026-33943 - name: Candidate detection for CVE-2026-33943 - severity: high - cvss: 8.8 + id: CVE-2023-24721-CANDIDATE + cve_id: CVE-2023-24721 + name: Candidate detection for CVE-2023-24721 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Happy DOM is a JavaScript implementation of a web browser without its - graphical user interface. In versions 15.10.0 through 20.8.7, a code injection - vulnerability in `ECMAScriptModuleCompiler` allows an attacker to achieve Remote - Code Execution (RCE) by injecting arbitrary JavaScript expressions inside `export - { }` declarations in ES module scripts processed by happy-dom. The compiler directly - interpolates unsanitized content into generated code as an executable expression, - and the quote filter does not strip backticks, allowing template literal-based - payloads to bypass sanitization. Version 20.8.8 fixes the issue. + description: A cross-site scripting (XSS) vulnerability in LiveAction LiveSP v21.1.2 + allows attackers to execute arbitrary web scripts or HTML. detection: payload: null verify: null @@ -22937,30 +19072,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33943 - - https://github.com/capricorn86/happy-dom/commit/5437fdf8f13adb9590f9f52616d9f69c3ee8db3c - - https://github.com/capricorn86/happy-dom/releases/tag/v20.8.8 - - https://github.com/capricorn86/happy-dom/security/advisories/GHSA-6q6h-j7hj-3r64 - - https://access.redhat.com/security/cve/CVE-2026-33943 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24721 + - https://github.com/marcovntr/CVE/blob/main/2023/CVE-2023-24721/CVE-2023-24721.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34226-CANDIDATE - cve_id: CVE-2026-34226 - name: Candidate detection for CVE-2026-34226 - severity: high - cvss: 7.5 + id: CVE-2023-0645-CANDIDATE + cve_id: CVE-2023-0645 + name: Candidate detection for CVE-2023-0645 + severity: medium + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Happy DOM is a JavaScript implementation of a web browser without - its graphical user interface. Versions prior to 20.8.9 may attach cookies from - the current page origin (`window.location`) instead of the request target URL - when `fetch(..., { credentials: "include" })` is used. This can leak cookies from - origin A to destination B. Version 20.8.9 fixes the issue.' + description: "An out of bounds read exists in libjxl. An attacker using a specifically\ + \ crafted file could cause an out of bounds read in the exif handler. We recommend\ + \ upgrading to version 0.8.1 or past commit\_ https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159\ + \ https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 " detection: payload: null verify: null @@ -22968,38 +19099,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34226 - - https://github.com/capricorn86/happy-dom/blob/f8d8cad41e9722fab9eefb9dfb3cca696462e908/packages/happy-dom/src/fetch/utilities/FetchRequestHeaderUtility.ts - - https://github.com/capricorn86/happy-dom/commit/68324c21d7b98f53f7bb5a7b3e185bda7106e751 - - https://github.com/capricorn86/happy-dom/pull/2117 - - https://github.com/capricorn86/happy-dom/releases/tag/v20.8.9 + - https://nvd.nist.gov/vuln/detail/CVE-2023-0645 + - https://github.com/libjxl/libjxl/pull/2101 + - https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3256-CANDIDATE - cve_id: CVE-2026-3256 - name: Candidate detection for CVE-2026-3256 - severity: critical - cvss: 9.8 + id: CVE-2023-27775-CANDIDATE + cve_id: CVE-2023-27775 + name: Candidate detection for CVE-2023-27775 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'HTTP::Session versions before 0.54 for Perl defaults to using insecurely - generated session ids. - - - HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids - using a SHA-1 hash seeded with the built-in rand function, the high resolution - epoch time, and the PID. The PID will come from a small set of numbers, and the - epoch time may be guessed, if it is not leaked from the HTTP Date header. The - built-in rand function is unsuitable for cryptographic usage. - - - The distribution includes HTTP::session::ID::MD5 which contains a similar flaw, - but uses the MD5 hash instead.' + description: A stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 + allows attackers to execute arbitrary code via a crafted payload. detection: payload: null verify: null @@ -23007,30 +19125,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3256 - - https://metacpan.org/release/KTAT/http-session-0.53/source/lib/HTTP/Session/ID/MD5.pm - - https://metacpan.org/release/KTAT/http-session-0.53/source/lib/HTTP/Session/ID/SHA1.pm - - https://metacpan.org/release/TOKUHIROM/http-session-0.54/changes - - https://security.metacpan.org/docs/guides/random-data-for-security.html + - https://nvd.nist.gov/vuln/detail/CVE-2023-27775 + - https://github.com/marcovntr/CVE/blob/main/2023/CVE-2023-27775/CVE-2023-27775.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2370-CANDIDATE - cve_id: CVE-2026-2370 - name: Candidate detection for CVE-2026-2370 + id: CVE-2023-27216-CANDIDATE + cve_id: CVE-2023-27216 + name: Candidate detection for CVE-2023-27216 severity: high - cvss: 8.1 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: GitLab has remediated an issue in GitLab CE/EE affecting all versions - from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting - Jira Connect installations that could have allowed an authenticated user with - minimal workspace permissions to obtain installation credentials and impersonate - the GitLab app due to improper authorization checks. + description: An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated + users to execute arbitrary code as root via the network settings page. detection: payload: null verify: null @@ -23038,32 +19150,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2370 - - https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/ - - https://gitlab.com/gitlab-org/gitlab/-/work_items/589635 - - https://hackerone.com/reports/3522829 - - https://access.redhat.com/security/cve/CVE-2026-2370 + - https://nvd.nist.gov/vuln/detail/CVE-2023-27216 + - https://lessonsec.com/cve/cve-2023-27216/ + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-15036-CANDIDATE - cve_id: CVE-2025-15036 - name: Candidate detection for CVE-2025-15036 + id: CVE-2023-27812-CANDIDATE + cve_id: CVE-2023-27812 + name: Candidate detection for CVE-2023-27812 severity: critical - cvss: 10.0 + cvss: 9.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A path traversal vulnerability exists in the `extract_archive_to_dir` - function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow - repository. This vulnerability, present in versions before v3.7.0, arises due - to the lack of validation of tar member paths during extraction. An attacker with - control over the tar.gz file can exploit this issue to overwrite arbitrary files - or gain elevated privileges, potentially escaping the sandbox directory in multi-tenant - or shared cluster environments. + description: bloofox v0.5.2 was discovered to contain an arbitrary file deletion + vulnerability via the delete_file() function. detection: payload: null verify: null @@ -23071,18 +19176,17 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-15036 - - https://github.com/mlflow/mlflow/commit/3bf6d81ac4d38654c8ff012dbd0c3e9f17e7e346 - - https://huntr.com/bounties/36c314cf-fd6e-4fb0-b9b0-1b47bcdf0eb0 - - https://access.redhat.com/security/cve/CVE-2025-15036 - - https://bugzilla.redhat.com/show_bug.cgi?id=2452925 + - https://nvd.nist.gov/vuln/detail/CVE-2023-27812 + - https://github.com/jspring996 + - https://github.com/jspring996/PHPcodecms/issues/1 + - https://www.bloofox.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-15379-CANDIDATE - cve_id: CVE-2025-15379 - name: Candidate detection for CVE-2025-15379 + id: CVE-2023-27779-CANDIDATE + cve_id: CVE-2023-27779 + name: Candidate detection for CVE-2023-27779 severity: critical cvss: 9.8 risk_level: unknown @@ -23090,14 +19194,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: A command injection vulnerability exists in MLflow's model serving - container initialization code, specifically in the `_install_model_dependencies_to_env()` - function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency - specifications from the model artifact's `python_env.yaml` file and directly interpolates - them into a shell command without sanitization. This allows an attacker to supply - a malicious model artifact and achieve arbitrary command execution on systems - that deploy the model. The vulnerability affects versions 3.8.0 and is fixed in - version 3.8.2. + description: AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerability + via the user parameter in the login form. detection: payload: null verify: null @@ -23105,28 +19203,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-15379 - - https://github.com/mlflow/mlflow/commit/361b6f620adf98385c6721e384fb5ef9a30bb05e - - https://huntr.com/bounties/dc9c1c20-7879-4050-87df-4d095fe5ca75 - - https://access.redhat.com/security/cve/CVE-2025-15379 - - https://bugzilla.redhat.com/show_bug.cgi?id=2452949 + - https://nvd.nist.gov/vuln/detail/CVE-2023-27779 + - https://amsystem.es/ + - https://docs.google.com/document/d/1kGzmc6AOCfRzJf9mDz4emkhQj84Y1XemmAMZjYK32-o/edit?usp=sharing + - https://portalempleado.alosuite.com/home generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34714-CANDIDATE - cve_id: CVE-2026-34714 - name: Candidate detection for CVE-2026-34714 + id: CVE-2023-27667-CANDIDATE + cve_id: CVE-2023-27667 + name: Candidate detection for CVE-2023-27667 severity: critical - cvss: 9.2 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Vim before 9.2.0272 allows code execution that happens immediately - upon opening a crafted file in the default configuration, because %{expr} injection - occurs with tabpanel lacking P_MLE. + description: Auto Dealer Management System v1.0 was discovered to contain a SQL + injection vulnerability. detection: payload: null verify: null @@ -23134,34 +19230,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34714 - - https://github.com/vim/vim/commit/664701eb7576edb7c7c7d9f2d600815ec1f43459 - - https://github.com/vim/vim/releases/tag/v9.2.0272 - - https://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvh - - https://www.openwall.com/lists/oss-security/2026/03/30/3 + - https://nvd.nist.gov/vuln/detail/CVE-2023-27667 + - https://gist.github.com/Flower-fertilizer/9c615b0fe5f9589b0d41be1ece7cb28f + - https://www.sourcecodester.com/php/15371/auto-dealer-management-system-phpoop-free-source-code.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-21710-CANDIDATE - cve_id: CVE-2026-21710 - name: Candidate detection for CVE-2026-21710 - severity: high - cvss: 7.5 + id: CVE-2023-27666-CANDIDATE + cve_id: CVE-2023-27666 + name: Candidate detection for CVE-2023-27666 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A flaw in Node.js HTTP request handling causes an uncaught `TypeError`\ - \ when a request is received with a header named `__proto__` and the application\ - \ accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"\ - ]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to\ - \ be called on a non-array. This exception is thrown synchronously inside a property\ - \ getter and cannot be intercepted by `error` event listeners, meaning it cannot\ - \ be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\ - \n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x,\ - \ and v25.x**" + description: Auto Dealer Management System v1.0 was discovered to contain a cross-site + scripting (XSS) vulnerability via the name parameter at /classes/SystemSettings.php?f=update_settings. detection: payload: null verify: null @@ -23169,31 +19256,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-21710 - - https://nodejs.org/en/blog/vulnerability/march-2026-security-releases - - https://access.redhat.com/errata/RHSA-2026:7080 - - https://access.redhat.com/errata/RHSA-2026:7123 - - https://access.redhat.com/errata/RHSA-2026:7302 + - https://nvd.nist.gov/vuln/detail/CVE-2023-27666 + - https://gist.github.com/Flower-fertilizer/a1fb260c02353906f2d2808656dd1559 + - https://www.sourcecodester.com/php/15371/auto-dealer-management-system-phpoop-free-source-code.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33983-CANDIDATE - cve_id: CVE-2026-33983 - name: Candidate detection for CVE-2026-33983 - severity: medium - cvss: 6.5 + id: CVE-2022-46640-CANDIDATE + cve_id: CVE-2022-46640 + name: Candidate detection for CVE-2022-46640 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior - to version 3.24.2, progressive_decompress_tile_upgrade() detects a mismatch via - progressive_rfx_quant_cmp_equal() but only emits WLog_WARN, execution continues. - The wrapped value (247) is used as a shift exponent, causing undefined behavior - and an approximately 80 billion iteration loop (CPU DoS). This issue has been - patched in version 3.24.2. + description: Nanoleaf Desktop App before v1.3.1 was discovered to contain a command + injection vulnerability which is exploited via a crafted HTTP request. detection: payload: null verify: null @@ -23201,18 +19282,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33983 - - https://github.com/FreeRDP/FreeRDP/commit/78188ab479c8e6eb9ba2475b3732c76b4bbe5425 - - https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4gfm-4p52-h478 - - https://access.redhat.com/errata/RHSA-2026:10709 - - https://access.redhat.com/errata/RHSA-2026:11332 + - https://nvd.nist.gov/vuln/detail/CVE-2022-46640 + - https://pwning.tech/cve-2022-46640/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33984-CANDIDATE - cve_id: CVE-2026-33984 - name: Candidate detection for CVE-2026-33984 + id: CVE-2023-26735-CANDIDATE + cve_id: CVE-2023-26735 + name: Candidate detection for CVE-2023-26735 severity: high cvss: 7.5 risk_level: unknown @@ -23220,14 +19298,10 @@ priority: cisa_kev: false exploitdb_reference: false - description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior - to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c, vBarEntry->size - is updated to vBarEntry->count before the winpr_aligned_recalloc() call. If realloc - fails, size is inflated while pixels still points to the old, smaller buffer. - On a subsequent call where count <= size (the inflated value), realloc is skipped. - The caller then writes count * bpp bytes of attacker-controlled pixel data into - the undersized buffer, causing a heap buffer overflow. This issue has been patched - in version 3.24.2. + description: 'blackbox_exporter v0.23.0 was discovered to contain an access control + issue in its probe interface. This vulnerability allows attackers to detect intranet + ports and services, as well as download resources. NOTE: this is disputed by third + parties because authentication can be configured.' detection: payload: null verify: null @@ -23235,30 +19309,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33984 - - https://github.com/FreeRDP/FreeRDP/commit/dc7fdb165095139be779a4000199bc1706b06ad5 - - https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8469-2xcx-frf6 - - https://access.redhat.com/errata/RHSA-2026:10709 - - https://access.redhat.com/errata/RHSA-2026:11332 + - https://nvd.nist.gov/vuln/detail/CVE-2023-26735 + - https://github.com/prometheus/blackbox_exporter#tls-and-basic-authentication + - https://github.com/prometheus/blackbox_exporter/issues/1024 + - https://github.com/prometheus/blackbox_exporter/issues/1025 + - https://github.com/prometheus/blackbox_exporter/issues/1026 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33986-CANDIDATE - cve_id: CVE-2026-33986 - name: Candidate detection for CVE-2026-33986 - severity: high - cvss: 7.5 + id: CVE-2023-30404-CANDIDATE + cve_id: CVE-2023-30404 + name: Candidate detection for CVE-2023-30404 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior - to version 3.24.2, in yuv_ensure_buffer() in libfreerdp/codec/h264.c, h264->width - and h264->height are updated before the reallocation loop. If any winpr_aligned_recalloc() - call fails, the function returns FALSE but width/height are already inflated. - This issue has been patched in version 3.24.2. + description: Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to + contain a remote code execution (RCE) vulnerability via the sysCmd parameter in + the formSysCmd function. This vulnerability is exploited via a crafted HTTP request. detection: payload: null verify: null @@ -23266,32 +19338,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33986 - - https://github.com/FreeRDP/FreeRDP/commit/f6e43e208958140074ae9bb93cd0c9045a371c77 - - https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h6qw-wxvm-hf97 - - https://access.redhat.com/security/cve/CVE-2026-33986 - - https://bugzilla.redhat.com/show_bug.cgi?id=2453221 + - https://nvd.nist.gov/vuln/detail/CVE-2023-30404 + - https://mandomat.github.io/2023-04-13-testing-a-cheap-wifi-repeater/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33997-CANDIDATE - cve_id: CVE-2026-33997 - name: Candidate detection for CVE-2026-33997 - severity: medium - cvss: 6.8 + id: CVE-2022-27978-CANDIDATE + cve_id: CVE-2022-27978 + name: Candidate detection for CVE-2022-27978 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Moby is an open source container framework. Prior to version 29.3.1, - a security vulnerability has been detected that allows plugins privilege validation - to be bypassed during docker plugin install. Due to an error in the daemon's privilege - comparison logic, the daemon may incorrectly accept a privilege set that differs - from the one approved by the user. Plugins that request exactly one privilege - are also affected, because no comparison is performed at all. This issue has been - patched in version 29.3.1. + description: Tooljet v1.6 does not properly handle missing values in the API, allowing + attackers to arbitrarily reset passwords via a crafted HTTP request. detection: payload: null verify: null @@ -23299,33 +19363,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33997 - - https://github.com/moby/moby/releases/tag/docker-v29.3.1 - - https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 - - https://access.redhat.com/errata/RHSA-2026:21769 - - https://access.redhat.com/errata/RHSA-2026:22347 + - https://nvd.nist.gov/vuln/detail/CVE-2022-27978 + - https://github.com/fourcube/security-advisories/blob/main/security-advisories/20220320-tooljet.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34070-CANDIDATE - cve_id: CVE-2026-34070 - name: Candidate detection for CVE-2026-34070 - severity: high - cvss: 7.5 + id: CVE-2022-27979-CANDIDATE + cve_id: CVE-2022-27979 + name: Candidate detection for CVE-2022-27979 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: LangChain is a framework for building agents and LLM-powered applications. - Prior to version 1.2.22, multiple functions in langchain_core.prompts.loading - read files from paths embedded in deserialized config dicts without validating - against directory traversal or absolute path injection. When an application passes - user-influenced prompt configurations to load_prompt() or load_prompt_from_config(), - an attacker can read arbitrary files on the host filesystem, constrained only - by file-extension checks (.txt for templates, .json/.yaml for examples). This - issue has been patched in version 1.2.22. + description: A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows + attackers to execute arbitrary web scripts or HTML via a crafted payload injected + into the Comment Body component. detection: payload: null verify: null @@ -23333,31 +19389,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34070 - - https://github.com/langchain-ai/langchain/commit/27add913474e01e33bededf4096151130ba0d47c - - https://github.com/langchain-ai/langchain/releases/tag/langchain-core==1.2.22 - - https://github.com/langchain-ai/langchain/security/advisories/GHSA-qh6h-p6c9-ff54 - - https://access.redhat.com/errata/RHSA-2026:24766 + - https://nvd.nist.gov/vuln/detail/CVE-2022-27979 + - https://github.com/fourcube/security-advisories/blob/main/security-advisories/20220321-tooljet-xss.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34881-CANDIDATE - cve_id: CVE-2026-34881 - name: Candidate detection for CVE-2026-34881 + id: CVE-2023-25292-CANDIDATE + cve_id: CVE-2023-25292 + name: Candidate detection for CVE-2023-25292 severity: medium - cvss: 5.0 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected - by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated - user can bypass URL validation checks and redirect to internal services. Only - glance image import functionality is affected. In particular, the web-download - and glance-download import methods are subject to this vulnerability, as is the - optional (not enabled by default) ovf_process image import plugin. + description: Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version + 6.6.145, allows attackers to gain escalated privileges and gain sensitive information + via the GO_LANGUAGE cookie. detection: payload: null verify: null @@ -23365,31 +19415,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34881 - - https://bugs.launchpad.net/glance/+bug/2138602 - - https://security.openstack.org/ossa/OSSA-2026-004.html - - https://access.redhat.com/security/cve/CVE-2026-34881 - - https://bugzilla.redhat.com/show_bug.cgi?id=2440368 + - https://nvd.nist.gov/vuln/detail/CVE-2023-25292 + - https://github.com/brainkok/CVE-2023-25292 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-5201-CANDIDATE - cve_id: CVE-2026-5201 - name: Candidate detection for CVE-2026-5201 - severity: high - cvss: 7.5 + id: CVE-2022-47758-CANDIDATE + cve_id: CVE-2022-47758 + name: Candidate detection for CVE-2022-47758 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the gdk-pixbuf library. This heap-based buffer - overflow vulnerability occurs in the JPEG image loader due to improper validation - of color component counts when processing a specially crafted JPEG image. A remote - attacker can exploit this flaw without user interaction, for example, via thumbnail - generation. Successful exploitation leads to application crashes and denial of - service (DoS) conditions. + description: Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing + attackers to execute arbitrary code via a DNS hijacking attack. detection: payload: null verify: null @@ -23397,56 +19440,32 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-5201 - - https://access.redhat.com/errata/RHSA-2026:10707 - - https://access.redhat.com/errata/RHSA-2026:10708 - - https://access.redhat.com/errata/RHSA-2026:10741 - - https://access.redhat.com/errata/RHSA-2026:11325 + - https://nvd.nist.gov/vuln/detail/CVE-2022-47758 + - https://pwning.tech/cve-2022-47758 + - https://pwning.tech/cve-2022-47758/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4800-CANDIDATE - cve_id: CVE-2026-4800 - name: Candidate detection for CVE-2026-4800 + id: CVE-2022-38583-CANDIDATE + cve_id: CVE-2022-38583 + name: Candidate detection for CVE-2022-38583 severity: high - cvss: 8.1 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Impact: - - - The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) - added validation for the variable option in _.template but did not apply the same - validation to options.imports key names. Both paths flow into the same Function() - constructor sink. - - - When an application passes untrusted input as options.imports key names, an attacker - can inject default-parameter expressions that execute arbitrary code at template - compilation time. - - - Additionally, _.template uses assignInWith to merge imports, which enumerates - inherited properties via for..in. If Object.prototype has been polluted by any - other vector, the polluted keys are copied into the imports object and passed - to Function(). - - - Patches: - - - Users should upgrade to version 4.18.0. - - - Workarounds: - - - Do not pass untrusted input as key names in options.imports. Only use developer-controlled, - static key names.' + description: On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup + in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, + a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" + folder on the connected Sage 300 server to view and/or modify the credentials + associated with Sage 300 users and SQL accounts to impersonate users and/or access + the SQL database as a system administrator. With system administrator-level access + to the Sage 300 MS SQL database it would be possible to create, update, and delete + all records associated with the program and, depending on the configuration, execute + code on the underlying database server. detection: payload: null verify: null @@ -23454,45 +19473,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4800 - - https://cna.openjsf.org/security-advisories.html - - https://github.com/advisories/GHSA-35jh-r3h4-6jhm - - https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c - - https://access.redhat.com/errata/RHSA-2026:10131 + - https://nvd.nist.gov/vuln/detail/CVE-2022-38583 + - https://www.controlgap.com/blog/sage-300-case-study generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23401-CANDIDATE - cve_id: CVE-2026-23401 - name: Candidate detection for CVE-2026-23401 - severity: medium - cvss: 5.5 + id: CVE-2023-29778-CANDIDATE + cve_id: CVE-2023-29778 + name: Candidate detection for CVE-2023-29778 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "In the Linux kernel, the following vulnerability has been resolved:\n\ - \nKVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE\n\ - \nWhen installing an emulated MMIO SPTE, do so *after* dropping/zapping the\n\ - existing SPTE (if it's shadow-present). While commit a54aa15c6bda3 was\nright\ - \ about it being impossible to convert a shadow-present SPTE to an\nMMIO SPTE\ - \ due to a _guest_ write, it failed to account for writes to guest\nmemory that\ - \ are outside the scope of KVM.\n\nE.g. if host userspace modifies a shadowed\ - \ gPTE to switch from a memslot\nto emulted MMIO and then the guest hits a relevant\ - \ page fault, KVM will\ninstall the MMIO SPTE without first zapping the shadow-present\ - \ SPTE.\n\n ------------[ cut here ]------------\n is_shadow_present_pte(*sptep)\n\ - \ WARNING: arch/x86/kvm/mmu/mmu.c:484 at mark_mmio_spte+0xb2/0xc0 [kvm], CPU#0:\ - \ vmx_ept_stale_r/4292\n Modules linked in: kvm_intel kvm irqbypass\n CPU: 0\ - \ UID: 1000 PID: 4292 Comm: vmx_ept_stale_r Not tainted 7.0.0-rc2-eafebd2d2ab0-sink-vm\ - \ #319 PREEMPT\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0\ - \ 02/06/2015\n RIP: 0010:mark_mmio_spte+0xb2/0xc0 [kvm]\n Call Trace:\n \n\ - \ mmu_set_spte+0x237/0x440 [kvm]\n ept_page_fault+0x535/0x7f0 [kvm]\n kvm_mmu_do_page_fault+0xee/0x1f0\ - \ [kvm]\n kvm_mmu_page_fault+0x8d/0x620 [kvm]\n vmx_handle_exit+0x18c/0x5a0\ - \ [kvm_intel]\n kvm_arch_vcpu_ioctl_run+0xc55/0x1c20 [kvm]\n kvm_vcpu_ioctl+0x2d5/0x980\ - \ [kvm]\n __x64_sys_ioctl+0x8a/0xd0\n do_syscall_64+0xb5/0x730\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\ - \ RIP: 0033:0x47fa3f\n \n ---[ end trace 0000000000000000 ]---" + description: GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection + via /usr/lib/oui-httpd/rpc/logread. detection: payload: null verify: null @@ -23500,31 +19498,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23401 - - https://git.kernel.org/stable/c/20656cd1f243d3a154aac5dd1b823110b6906fe1 - - https://git.kernel.org/stable/c/459158151a158a6703b49f3c9de0e536d8bd553f - - https://git.kernel.org/stable/c/695320de6eadb75aaed8be1787c4ce4c189e4c7b - - https://git.kernel.org/stable/c/aad885e774966e97b675dfe928da164214a71605 + - https://nvd.nist.gov/vuln/detail/CVE-2023-29778 + - https://github.com/OlivierLaflamme/cve/blob/main/GL.iNET/MT3000/get_nginx_log_RCE.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-35093-CANDIDATE - cve_id: CVE-2026-35093 - name: Candidate detection for CVE-2026-35093 - severity: high - cvss: 8.8 + id: CVE-2023-23059-CANDIDATE + cve_id: CVE-2023-23059 + name: Candidate detection for CVE-2023-23059 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libinput. A local attacker who can place a specially - crafted Lua bytecode file in certain system or user configuration directories - can bypass security restrictions. This allows the attacker to run unauthorized - code with the same permissions as the program using libinput, such as a graphical - compositor. This could lead to the attacker monitoring keyboard input and sending - that information to an external location. + description: An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 + for windows, which contains improper permissions within the default installation + and allows attackers to execute arbitrary code and gain escalated privileges. detection: payload: null verify: null @@ -23532,29 +19524,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-35093 - - https://access.redhat.com/security/cve/CVE-2026-35093 - - https://bugzilla.redhat.com/show_bug.cgi?id=2453839 - - https://gitlab.freedesktop.org/libinput/libinput/-/work_items/1271 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35093.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-23059 + - https://packetstormsecurity.com/files/172141/GV-Edge-Recording-Manager-2.2.3.0-Privilege-Escalation.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27489-CANDIDATE - cve_id: CVE-2026-27489 - name: Candidate detection for CVE-2026-27489 - severity: high - cvss: 7.5 + id: CVE-2023-30242-CANDIDATE + cve_id: CVE-2023-30242 + name: Candidate detection for CVE-2023-30242 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Open Neural Network Exchange (ONNX) is an open standard for machine - learning interoperability. Prior to version 1.21.0, a path traversal vulnerability - via symlink allows to read arbitrary files outside model or user-provided directory. - This issue has been patched in version 1.21.0. + description: NS-ASG v6.3 was discovered to contain a SQL injection vulnerability + via the component /admin/add_ikev2.php. detection: payload: null verify: null @@ -23562,34 +19549,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27489 - - https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb - - https://github.com/onnx/onnx/security/advisories/GHSA-3r9x-f23j-gc73 - - https://access.redhat.com/errata/RHSA-2026:24977 - - https://access.redhat.com/security/cve/CVE-2026-27489 + - https://nvd.nist.gov/vuln/detail/CVE-2023-30242 + - https://gist.github.com/nsvizp/ccbc51253a47d79d2bc1ea72e01bdaf6 + - https://www.netentsec.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34545-CANDIDATE - cve_id: CVE-2026-34545 - name: Candidate detection for CVE-2026-34545 + id: CVE-2023-30243-CANDIDATE + cve_id: CVE-2023-30243 + name: Candidate detection for CVE-2023-30243 severity: high - cvss: 7.3 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: OpenEXR provides the specification and reference implementation of - the EXR file format, an image storage format for the motion picture industry. - From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr - file with HTJ2K compression and a channel width of 32768 can write controlled - data beyond the output heap buffer in any application that decodes EXR images. - The write primitive is 2 bytes per overflow iteration or 4 bytes (by another path), - repeating for each additional pixel past the overflow point. In this context, - a heap write overflow can lead to remote code execution on systems. This issue - has been patched in version 3.4.7. + description: Beijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable + to SQL Injection via TunnelId that allows access to sensitive information. detection: payload: null verify: null @@ -23597,29 +19575,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34545 - - https://github.com/AcademySoftwareFoundation/openexr/commit/3827998f5c041d6a94c6af24bbb363daa669e4b3 - - https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.7 - - https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-ghfj-fx47-wg97 - - https://access.redhat.com/security/cve/CVE-2026-34545 + - https://nvd.nist.gov/vuln/detail/CVE-2023-30243 + - https://www.netentsec.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3872-CANDIDATE - cve_id: CVE-2026-3872 - name: Candidate detection for CVE-2026-3872 - severity: high - cvss: 7.3 + id: CVE-2023-30185-CANDIDATE + cve_id: CVE-2023-30185 + name: Candidate detection for CVE-2023-30185 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Keycloak. This issue allows an attacker, who controls - another path on the same web server, to bypass the allowed path in redirect Uniform - Resource Identifiers (URIs) that use a wildcard. A successful attack may lead - to the theft of an access token, resulting in information disclosure. + description: CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload + vulnerability via the component \attachment\SystemAttachmentServices.php. detection: payload: null verify: null @@ -23627,30 +19600,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3872 - - https://access.redhat.com/errata/RHSA-2026:6475 - - https://access.redhat.com/errata/RHSA-2026:6476 - - https://access.redhat.com/errata/RHSA-2026:6477 - - https://access.redhat.com/errata/RHSA-2026:6478 + - https://nvd.nist.gov/vuln/detail/CVE-2023-30185 + - https://github.com/c7w1n/CVE-2023-30185/blob/main/CVE-2023-30185.md + - https://www.crmeb.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4282-CANDIDATE - cve_id: CVE-2026-4282 - name: Candidate detection for CVE-2026-4282 + id: CVE-2021-44283-CANDIDATE + cve_id: CVE-2021-44283 + name: Candidate detection for CVE-2021-44283 severity: high - cvss: 7.4 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Keycloak. The SingleUseObjectProvider, a global - key-value store, lacks proper type and namespace isolation. This vulnerability - allows an unauthenticated attacker to forge authorization codes. Successful exploitation - can lead to the creation of admin-capable access tokens, resulting in privilege - escalation. + description: A buffer overflow in the component /Enclave.cpp of Electronics and + Telecommunications Research Institute ShieldStore commit 58d455617f99705f0ffd8a27616abdf77bdc1bdc + allows attackers to cause an information leak via a crafted structure from an + untrusted operating system. detection: payload: null verify: null @@ -23658,30 +19628,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4282 - - https://access.redhat.com/errata/RHSA-2026:6475 - - https://access.redhat.com/errata/RHSA-2026:6476 - - https://access.redhat.com/errata/RHSA-2026:6477 - - https://access.redhat.com/errata/RHSA-2026:6478 + - https://nvd.nist.gov/vuln/detail/CVE-2021-44283 + - https://github.com/cocoppang/ShieldStore/blob/master/Enclave/Enclave.cpp + - https://github.com/cocoppang/ShieldStore/issues/19 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4634-CANDIDATE - cve_id: CVE-2026-4634 - name: Candidate detection for CVE-2026-4634 + id: CVE-2023-30237-CANDIDATE + cve_id: CVE-2023-30237 + name: Candidate detection for CVE-2023-30237 severity: high - cvss: 7.5 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Keycloak. An unauthenticated attacker can exploit - this vulnerability by sending a specially crafted POST request with an excessively - long scope parameter to the OpenID Connect (OIDC) token endpoint. This leads to - high resource consumption and prolonged processing times, ultimately resulting - in a Denial of Service (DoS) for the Keycloak server. + description: CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to + contain a DLL injection vulnerability via the component Dashboard.exe. detection: payload: null verify: null @@ -23689,32 +19654,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4634 - - https://access.redhat.com/errata/RHSA-2026:6475 - - https://access.redhat.com/errata/RHSA-2026:6476 - - https://access.redhat.com/errata/RHSA-2026:6477 - - https://access.redhat.com/errata/RHSA-2026:6478 + - https://nvd.nist.gov/vuln/detail/CVE-2023-30237 + - https://cwe.mitre.org/data/definitions/77.html + - https://www.pentestpartners.com/security-blog/bullied-by-bugcrowd-over-kape-cyberghost-disclosure/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4636-CANDIDATE - cve_id: CVE-2026-4636 - name: Candidate detection for CVE-2026-4636 - severity: high - cvss: 8.1 + id: CVE-2023-30086-CANDIDATE + cve_id: CVE-2023-30086 + name: Candidate detection for CVE-2023-30086 + severity: medium + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Keycloak. An authenticated user with the uma_protection - role can bypass User-Managed Access (UMA) policy validation. This allows the attacker - to include resource identifiers owned by other users in a policy creation request, - even if the URL path specifies an attacker-owned resource. Consequently, the attacker - gains unauthorized permissions to victim-owned resources, enabling them to obtain - a Requesting Party Token (RPT) and access sensitive information or perform unauthorized - actions. + description: Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local + attacker to cause a denial of service via the tiffcp function in tiffcp.c. detection: payload: null verify: null @@ -23722,38 +19680,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4636 - - https://access.redhat.com/errata/RHSA-2026:6475 - - https://access.redhat.com/errata/RHSA-2026:6476 - - https://access.redhat.com/errata/RHSA-2026:6477 - - https://access.redhat.com/errata/RHSA-2026:6478 + - https://nvd.nist.gov/vuln/detail/CVE-2023-30086 + - https://gitlab.com/libtiff/libtiff/-/issues/538 + - https://security.netapp.com/advisory/ntap-20230616-0003/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32871-CANDIDATE - cve_id: CVE-2026-32871 - name: Candidate detection for CVE-2026-32871 - severity: critical - cvss: 10.0 + id: CVE-2023-31799-CANDIDATE + cve_id: CVE-2023-31799 + name: Candidate detection for CVE-2023-31799 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: FastMCP is a Pythonic way to build MCP servers and clients. Prior to - version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients - by parsing OpenAPI specifications. The RequestDirector class is responsible for - constructing HTTP requests to the backend service. A vulnerability exists in the - _build_url() method. When an OpenAPI operation defines path parameters (e.g., - /api/v1/users/{user_id}), the system directly substitutes parameter values into - the URL template string without URL-encoding. Subsequently, urllib.parse.urljoin() - resolves the final URL. Since urljoin() interprets ../ sequences as directory - traversal, an attacker controlling a path parameter can perform path traversal - attacks to escape the intended API prefix and access arbitrary backend endpoints. - This results in authenticated SSRF, as requests are sent with the authorization - headers configured in the MCP provider. This issue has been patched in version - 3.2.0. + description: Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows + a local attacker to execute arbitrary code via the system annnouncements parameter. detection: payload: null verify: null @@ -23761,33 +19706,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32871 - - https://github.com/PrefectHQ/fastmcp/commit/40bdfb6b1de0ce30609ee9ba5bb95ecd04a9fb71 - - https://github.com/PrefectHQ/fastmcp/pull/3507 - - https://github.com/PrefectHQ/fastmcp/releases/tag/v3.2.0 - - https://github.com/PrefectHQ/fastmcp/security/advisories/GHSA-vv7q-7jx5-f767 + - https://nvd.nist.gov/vuln/detail/CVE-2023-31799 + - https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-99-2023-04-11-Low-impact-Low-risk-XSS-in-system-announcements generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34785-CANDIDATE - cve_id: CVE-2026-34785 - name: Candidate detection for CVE-2026-34785 - severity: high - cvss: 7.5 + id: CVE-2023-31800-CANDIDATE + cve_id: CVE-2023-31800 + name: Candidate detection for CVE-2023-31800 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Rack is a modular Ruby web server interface. Prior to versions 2.2.23, - 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served - as a static file using a simple string prefix check. When configured with URL - prefixes such as "/css", it matches any request path that begins with that string, - including unrelated paths such as "/css-config.env" or "/css-backup.sql". As a - result, files under the static root whose names merely share the configured prefix - may be served unintentionally, leading to information disclosure. This issue has - been patched in versions 2.2.23, 3.1.21, and 3.2.6. + description: Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows + a local attacker to execute arbitrary code via the forum title parameter. detection: payload: null verify: null @@ -23795,36 +19731,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34785 - - https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq - - https://access.redhat.com/security/cve/CVE-2026-34785 - - https://bugzilla.redhat.com/show_bug.cgi?id=2454486 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34785.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-31800 + - https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-102-2023-04-11-Low-impact-Moderate-risk-XSS-in-forum-titles generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34829-CANDIDATE - cve_id: CVE-2026-34829 - name: Candidate detection for CVE-2026-34829 - severity: high - cvss: 7.5 + id: CVE-2023-31801-CANDIDATE + cve_id: CVE-2023-31801 + name: Candidate detection for CVE-2023-31801 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Rack is a modular Ruby web server interface. Prior to versions 2.2.23, - 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO - when CONTENT_LENGTH is present. When a multipart/form-data request is sent without - a Content-Length header, such as with HTTP chunked transfer encoding, multipart - parsing continues until end-of-stream with no total size limit. For file parts, - the uploaded body is written directly to a temporary file on disk rather than - being constrained by the buffered in-memory upload limit. An unauthenticated attacker - can therefore stream an arbitrarily large multipart file upload and consume unbounded - disk space. This results in a denial of service condition for Rack applications - that accept multipart form data. This issue has been patched in versions 2.2.23, - 3.1.21, and 3.2.6. + description: Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows + a local attacker to execute arbitrary code via the skills wheel parameter. detection: payload: null verify: null @@ -23832,28 +19756,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34829 - - https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw - - https://access.redhat.com/security/cve/CVE-2026-34829 - - https://bugzilla.redhat.com/show_bug.cgi?id=2454488 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34829.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-31801 + - https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-97-2023-04-11-Low-impact-High-risk-XSS-in-skills-wheel generated_from: - nvd - status: candidate executable: false - id: CVE-2026-35385-CANDIDATE - cve_id: CVE-2026-35385 - name: Candidate detection for CVE-2026-35385 - severity: high - cvss: 7.5 + id: CVE-2023-31802-CANDIDATE + cve_id: CVE-2023-31802 + name: Candidate detection for CVE-2023-31802 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: In OpenSSH before 10.3, a file downloaded by scp may be installed setuid - or setgid, an outcome contrary to some users' expectations, if the download is - performed as root with -O (legacy scp protocol) and without -p (preserve mode). + description: Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows + a local attacker to execute arbitrary code via the skype and linedin_url parameters. detection: payload: null verify: null @@ -23861,34 +19781,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-35385 - - https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2 - - https://www.openssh.org/releasenotes.html#10.3p1 - - https://www.openwall.com/lists/oss-security/2026/04/02/3 - - https://access.redhat.com/errata/RHSA-2026:12389 + - https://nvd.nist.gov/vuln/detail/CVE-2023-31802 + - https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-104-2023-04-11-Moderate-impact-High-risk-XSS-in-personal-profile generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34601-CANDIDATE - cve_id: CVE-2026-34601 - name: Candidate detection for CVE-2026-34601 - severity: high - cvss: 7.5 + id: CVE-2023-31803-CANDIDATE + cve_id: CVE-2023-31803 + name: Candidate detection for CVE-2023-31803 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) - `DOMParser` and `XMLSerializer` module. In xmldom versions 0.6.0 and prior and - @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled - strings containing the CDATA terminator ]]> to be inserted into a CDATASection - node. During serialization, XMLSerializer emitted the CDATA content verbatim without - rejecting or safely splitting the terminator. As a result, data intended to remain - text-only became active XML markup in the serialized output, enabling XML structure - injection and downstream business-logic manipulation. This issue has been patched - in xmldom version 0.6.0 and @xmldom/xmldom versions 0.8.12 and 0.9.9. + description: Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows + a local attacker to execute arbitrary code via the resource sequencing parameters. detection: payload: null verify: null @@ -23896,35 +19806,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34601 - - https://github.com/xmldom/xmldom/commit/2b852e836ab86dbbd6cbaf0537f584dd0b5ac184 - - https://github.com/xmldom/xmldom/releases/tag/0.8.12 - - https://github.com/xmldom/xmldom/releases/tag/0.9.9 - - https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp + - https://nvd.nist.gov/vuln/detail/CVE-2023-31803 + - https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-100-2023-04-11-Low-impact-Low-risk-XSS-in-resources-sequencing generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34827-CANDIDATE - cve_id: CVE-2026-34827 - name: Candidate detection for CVE-2026-34827 - severity: high - cvss: 7.5 + id: CVE-2023-31804-CANDIDATE + cve_id: CVE-2023-31804 + name: Candidate detection for CVE-2023-31804 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 - to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Multipart::Parser#handle_mime_head - parses quoted multipart parameters such as Content-Disposition: form-data; name="..." - using repeated String#index searches combined with String#slice! prefix deletion. - For escape-heavy quoted values, this causes super-linear processing. An unauthenticated - attacker can send a crafted multipart/form-data request containing many parts - with long backslash-escaped parameter values to trigger excessive CPU usage during - multipart parsing. This results in a denial of service condition in Rack applications - that accept multipart form data. This issue has been patched in versions 3.1.21 - and 3.2.6.' + description: Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows + a local attacker to execute arbitrary code via the course category parameters. detection: payload: null verify: null @@ -23932,33 +19831,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34827 - - https://github.com/rack/rack/security/advisories/GHSA-v6x5-cg8r-vv6x - - https://access.redhat.com/security/cve/CVE-2026-34827 - - https://bugzilla.redhat.com/show_bug.cgi?id=2454501 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34827.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-31804 + - https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-96-2023-04-06-Low-impact-Moderate-risk-XSS-in-course-categories generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34742-CANDIDATE - cve_id: CVE-2026-34742 - name: Candidate detection for CVE-2026-34742 - severity: high - cvss: 8.1 + id: CVE-2023-31805-CANDIDATE + cve_id: CVE-2023-31805 + name: Candidate detection for CVE-2023-31805 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, - the Model Context Protocol (MCP) Go SDK does not enable DNS rebinding protection - by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost - without authentication with StreamableHTTPHandler or SSEHandler, a malicious website - could exploit DNS rebinding to bypass same-origin policy restrictions and send - requests to the local MCP server. This could allow an attacker to invoke tools - or access resources exposed by the MCP server on behalf of the user in those limited - circumstances. This issue has been patched in version 1.4.0. + description: Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows + a local authenticated attacker to execute arbitrary code via the homepage function. detection: payload: null verify: null @@ -23966,28 +19856,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34742 - - https://github.com/modelcontextprotocol/go-sdk/commit/67bd3f2e2b53ce11a16db8d976cdb8ff1e986b6d - - https://github.com/modelcontextprotocol/go-sdk/pull/760 - - https://github.com/modelcontextprotocol/go-sdk/releases/tag/v1.4.0 - - https://github.com/modelcontextprotocol/go-sdk/security/advisories/GHSA-xw59-hvm2-8pj6 + - https://nvd.nist.gov/vuln/detail/CVE-2023-31805 + - https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-98-2023-04-11-Low-impact-Low-risk-XSS-in-homepage-edition generated_from: - nvd - status: candidate executable: false - id: CVE-2026-35535-CANDIDATE - cve_id: CVE-2026-35535 - name: Candidate detection for CVE-2026-35535 - severity: high - cvss: 7.4 + id: CVE-2023-31806-CANDIDATE + cve_id: CVE-2023-31806 + name: Candidate detection for CVE-2023-31806 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, - or setgroups call, during a privilege drop before running the mailer, is not a - fatal error and can lead to privilege escalation. + description: Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows + a local attacker to execute arbitrary code via a crafted payload to the My Progress + function. detection: payload: null verify: null @@ -23995,76 +19882,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-35535 - - https://bugs.debian.org/1130593 - - https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2143042 - - https://github.com/sudo-project/sudo/commit/3e474c2f201484be83d994ae10a4e20e8c81bb69 - - https://www.qualys.com/2026/03/10/crack-armor.txt + - https://nvd.nist.gov/vuln/detail/CVE-2023-31806 + - https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-103-2023-04-11-Low-impact-Moderate-risk-XSS-in-My-progress-tab generated_from: - nvd - status: candidate executable: false - id: CVE-2026-31402-CANDIDATE - cve_id: CVE-2026-31402 - name: Candidate detection for CVE-2026-31402 - severity: critical - cvss: 9.8 + id: CVE-2023-31807-CANDIDATE + cve_id: CVE-2023-31807 + name: Candidate detection for CVE-2023-31807 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'In the Linux kernel, the following vulnerability has been resolved: - - - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache - - - The NFSv4.0 replay cache uses a fixed 112-byte inline buffer - - (rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses. - - This size was calculated based on OPEN responses and does not account - - for LOCK denied responses, which include the conflicting lock owner as - - a variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT). - - - When a LOCK operation is denied due to a conflict with an existing lock - - that has a large owner, nfsd4_encode_operation() copies the full encoded - - response into the undersized replay buffer via read_bytes_from_xdr_buf() - - with no bounds check. This results in a slab-out-of-bounds write of up - - to 944 bytes past the end of the buffer, corrupting adjacent heap memory. - - - This can be triggered remotely by an unauthenticated attacker with two - - cooperating NFSv4.0 clients: one sets a lock with a large owner string, - - then the other requests a conflicting lock to provoke the denial. - - - We could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full - - opaque, but that would increase the size of every stateowner, when most - - lockowners are not that large. - - - Instead, fix this by checking the encoded response length against - - NFSD4_REPLAY_ISIZE before copying into the replay buffer. If the - - response is too large, set rp_buflen to 0 to skip caching the replay - - payload. The status is still cached, and the client already received the - - correct response on the original request.' + description: Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows + a local attacker to execute arbitrary code via a crafted payload to the personal + notes function. detection: payload: null verify: null @@ -24072,35 +19908,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-31402 - - https://git.kernel.org/stable/c/0f0e2a54a31a7f9ad2915db99156114872317388 - - https://git.kernel.org/stable/c/2665887a69437a8a4f552f69509eecfb73d4aa19 - - https://git.kernel.org/stable/c/5133b61aaf437e5f25b1b396b14242a6bb0508e2 - - https://git.kernel.org/stable/c/8afb437ea1f70cacb4bbdf11771fb5c4d720b965 + - https://nvd.nist.gov/vuln/detail/CVE-2023-31807 + - https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-101-2023-04-11-Low-impact-Low-risk-XSS-in-personal-notes-and-teacher-notes generated_from: - nvd - status: candidate executable: false - id: CVE-2026-0545-CANDIDATE - cve_id: CVE-2026-0545 - name: Candidate detection for CVE-2026-0545 - severity: critical - cvss: 9.8 + id: CVE-2023-30056-CANDIDATE + cve_id: CVE-2023-30056 + name: Candidate detection for CVE-2023-30056 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` - are not protected by authentication or authorization when the `basic-auth` app - is enabled. This vulnerability affects the latest version of the repository. If - job execution is enabled (`MLFLOW_SERVER_ENABLE_JOB_EXECUTION=true`) and any job - function is allowlisted, any network client can submit, read, search, and cancel - jobs without credentials, bypassing basic-auth entirely. This can lead to unauthenticated - remote code execution if allowed jobs perform privileged actions such as shell - execution or filesystem changes. Even if jobs are deemed safe, this still constitutes - an authentication bypass, potentially resulting in job spam, denial of service - (DoS), or data exposure in job results. + description: A session takeover vulnerability exists in FICO Origination Manager + Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie. detection: payload: null verify: null @@ -24108,35 +19933,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-0545 - - https://huntr.com/bounties/b2e5b028-9541-4d29-8703-a76f1a3734d8 - - https://access.redhat.com/security/cve/CVE-2026-0545 - - https://bugzilla.redhat.com/show_bug.cgi?id=2454889 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0545.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-30056 + - https://packetstormsecurity.com/files/172192/FICO-Origination-Manager-Decision-Module-4.8.1-XSS-Session-Hijacking.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34769-CANDIDATE - cve_id: CVE-2026-34769 - name: Candidate detection for CVE-2026-34769 - severity: high - cvss: 7.7 + id: CVE-2023-30057-CANDIDATE + cve_id: CVE-2023-30057 + name: Candidate detection for CVE-2023-30057 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Electron is a framework for writing cross-platform desktop applications - using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and - 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary - switches to be appended to the renderer process command line. Apps that construct - webPreferences by spreading untrusted configuration objects may inadvertently - allow an attacker to inject switches that disable renderer sandboxing or web security - controls. Apps are only affected if they construct webPreferences from external - or untrusted input without an allowlist. Apps that use a fixed, hardcoded webPreferences - object are not affected. This issue has been patched in versions 38.8.6, 39.8.0, - 40.7.0, and 41.0.0-beta.8. + description: Multiple stored cross-site scripting (XSS) vulnerabilities in FICO + Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary + web scripts or HTML via a crafted payload. detection: payload: null verify: null @@ -24144,35 +19959,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34769 - - https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f - - https://access.redhat.com/security/cve/CVE-2026-34769 - - https://bugzilla.redhat.com/show_bug.cgi?id=2455004 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34769.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-30057 + - https://packetstormsecurity.com/files/172192/FICO-Origination-Manager-Decision-Module-4.8.1-XSS-Session-Hijacking.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34771-CANDIDATE - cve_id: CVE-2026-34771 - name: Candidate detection for CVE-2026-34771 - severity: high - cvss: 7.5 + id: CVE-2023-29863-CANDIDATE + cve_id: CVE-2023-29863 + name: Candidate detection for CVE-2023-29863 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Electron is a framework for writing cross-platform desktop applications - using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and - 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler() - may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, - or keyboard-lock permission requests. If the requesting frame navigates or the - window closes while the permission handler is pending, invoking the stored callback - dereferences freed memory, which may lead to a crash or memory corruption. Apps - that do not set a permission request handler, or whose handler responds synchronously, - are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, - and 41.0.0-beta.8. + description: Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered + to contain a SQL injection vulnerability via the tem:statement parameter in the + WSDL files. detection: payload: null verify: null @@ -24180,35 +19985,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34771 - - https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4 - - https://access.redhat.com/security/cve/CVE-2026-34771 - - https://bugzilla.redhat.com/show_bug.cgi?id=2454995 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34771.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-29863 + - https://medium.com/@waadalbyalii5/sql-injection-in-wsdl-file-c66fa00042f5 + - https://medium.com/%40waadalbyalii5/sql-injection-in-wsdl-file-c66fa00042f5 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34774-CANDIDATE - cve_id: CVE-2026-34774 - name: Candidate detection for CVE-2026-34774 - severity: high - cvss: 8.1 + id: CVE-2023-25309-CANDIDATE + cve_id: CVE-2023-25309 + name: Candidate detection for CVE-2023-25309 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Electron is a framework for writing cross-platform desktop applications - using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, - apps that use offscreen rendering and allow child windows via window.open() may - be vulnerable to a use-after-free. If the parent offscreen WebContents is destroyed - while a child window remains open, subsequent paint frames on the child dereference - freed memory, which may lead to a crash or memory corruption. Apps are only affected - if they use offscreen rendering (webPreferences.offscreen: true) and their setWindowOpenHandler - permits child windows. Apps that do not use offscreen rendering, or that deny - child windows, are not affected. This issue has been patched in versions 39.8.1, - 40.7.0, and 41.0.0.' + description: Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version + 0.5, allows attackers to execute arbitrary code via a crafted url to the delete + a feature functionality. detection: payload: null verify: null @@ -24216,36 +20012,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34774 - - https://github.com/electron/electron/security/advisories/GHSA-532v-xpq5-8h95 - - https://access.redhat.com/security/cve/CVE-2026-34774 - - https://bugzilla.redhat.com/show_bug.cgi?id=2455026 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34774.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-25309 + - https://cxsecurity.com/issue/WLB-2023050012 + - https://packetstormsecurity.com/files/172185/Rollout-UI-0.5-Cross-Site-Scripting.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34780-CANDIDATE - cve_id: CVE-2026-34780 - name: Candidate detection for CVE-2026-34780 - severity: high - cvss: 8.3 + id: CVE-2023-27237-CANDIDATE + cve_id: CVE-2023-27237 + name: Candidate detection for CVE-2023-27237 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Electron is a framework for writing cross-platform desktop applications - using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, - 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alpha.1 to before 41.0.0-beta.8, apps - that pass VideoFrame objects (from the WebCodecs API) across the contextBridge - are vulnerable to a context isolation bypass. An attacker who can execute JavaScript - in the main world (for example, via XSS) can use a bridged VideoFrame to gain - access to the isolated world, including any Node.js APIs exposed to the preload - script. Apps are only affected if a preload script returns, resolves, or passes - a VideoFrame object to the main world via contextBridge.exposeInMainWorld(). Apps - that do not bridge VideoFrame objects are not affected. This issue has been patched - in versions 39.8.0, 40.7.0, and 41.0.0-beta.8. + description: LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header + injection attack. detection: payload: null verify: null @@ -24253,34 +20038,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34780 - - https://github.com/electron/electron/security/advisories/GHSA-jfqg-hf23-qpw2 - - https://access.redhat.com/security/cve/CVE-2026-34780 - - https://bugzilla.redhat.com/show_bug.cgi?id=2455020 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34780.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-27237 + - https://github.com/M19O/Security-Advisories/tree/main/CVE-2023-27237 + - https://i.ibb.co/34DSW7B/1.png + - https://i.ibb.co/kSkqPhQ/3.png + - https://i.ibb.co/mJq9CH8/2.png generated_from: - nvd - status: candidate executable: false - id: CVE-2026-37977-CANDIDATE - cve_id: CVE-2026-37977 - name: Candidate detection for CVE-2026-37977 - severity: low - cvss: 3.7 + id: CVE-2023-29818-CANDIDATE + cve_id: CVE-2023-29818 + name: Candidate detection for CVE-2023-29818 + severity: medium + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin - Resource Sharing (CORS) header injection vulnerability in Keycloak''s User-Managed - Access (UMA) token endpoint. This flaw occurs because the `azp` claim from a client-supplied - JSON Web Token (JWT) is used to set the `Access-Control-Allow-Origin` header before - the JWT signature is validated. When a specially crafted JWT with an attacker-controlled - `azp` value is processed, this value is reflected as the CORS origin, even if - the grant is later rejected. This can lead to the exposure of low-sensitivity - information from authorization server error responses, weakening origin isolation, - but only when a target client is misconfigured with `webOrigins: ["*"]`.' + description: An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 + v.9.0.33.39 and before allows a local attacker to bypass protections via the default + allowlist feature being stored as non-admin. detection: payload: null verify: null @@ -24288,37 +20067,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-37977 - - https://access.redhat.com/errata/RHSA-2026:25097 - - https://access.redhat.com/errata/RHSA-2026:25098 - - https://access.redhat.com/errata/RHSA-2026:30049 - - https://access.redhat.com/errata/RHSA-2026:30050 + - https://nvd.nist.gov/vuln/detail/CVE-2023-29818 + - https://www.spenceralessi.com/CVEs/2023-05-10-Webroot-SecureAnywhere/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34379-CANDIDATE - cve_id: CVE-2026-34379 - name: Candidate detection for CVE-2026-34379 - severity: high - cvss: 7.1 + id: CVE-2023-29819-CANDIDATE + cve_id: CVE-2023-29819 + name: Candidate detection for CVE-2023-29819 + severity: medium + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "OpenEXR provides the specification and reference implementation of\ - \ the EXR file format, an image storage format for the motion picture industry.\ - \ From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability\ - \ exists in LossyDctDecoder_execute() in src/lib/OpenEXRCore/internal_dwa_decoder.h:749.\ - \ When decoding a DWA or DWAB-compressed EXR file containing a FLOAT-type channel,\ - \ the decoder performs an in-place HALF\u2192FLOAT conversion by casting an unaligned\ - \ uint8_t * row pointer to float * and writing through it. Because the row buffer\ - \ may not be 4-byte aligned, this constitutes undefined behavior under the C standard\ - \ and crashes immediately on architectures that enforce alignment (ARM, RISC-V,\ - \ etc.). On x86 it is silently tolerated at runtime but remains exploitable via\ - \ compiler optimizations that assume aligned access. This vulnerability is fixed\ - \ in 3.2.7, 3.3.9, and 3.4.9." + description: An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 + v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted + payload. detection: payload: null verify: null @@ -24326,29 +20093,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34379 - - https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7 - - https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9 - - https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9 - - https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-w88v-vqhq-5p24 + - https://nvd.nist.gov/vuln/detail/CVE-2023-29819 + - https://www.spenceralessi.com/CVEs/2023-05-10-Webroot-SecureAnywhere/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34444-CANDIDATE - cve_id: CVE-2026-34444 - name: Candidate detection for CVE-2026-34444 - severity: critical - cvss: 10.0 + id: CVE-2023-29820-CANDIDATE + cve_id: CVE-2023-29820 + name: Candidate detection for CVE-2023-29820 + severity: medium + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 - and earlier, attribute_filter is not consistently applied when attributes are - accessed through built-in functions like getattr and setattr. This allows an attacker - to bypass the intended restrictions and eventually achieve arbitrary code execution. + description: 'An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 + v.9.0.33.39 and before allows a local attacker to access sensitive information + via the EXE installer. NOTE: the vendor''s perspective is that this is not a separate + vulnerability relative to CVE-2023-29818 and CVE-2023-29819.' detection: payload: null verify: null @@ -24356,33 +20120,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34444 - - https://github.com/scoder/lupa/security/advisories/GHSA-69v7-xpr6-6gjm - - https://access.redhat.com/errata/RHSA-2026:22993 - - https://access.redhat.com/security/cve/CVE-2026-34444 - - https://bugzilla.redhat.com/show_bug.cgi?id=2455413 + - https://nvd.nist.gov/vuln/detail/CVE-2023-29820 + - https://www.spenceralessi.com/CVEs/2023-05-10-Webroot-SecureAnywhere/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34588-CANDIDATE - cve_id: CVE-2026-34588 - name: Candidate detection for CVE-2026-34588 + id: CVE-2022-47879-CANDIDATE + cve_id: CVE-2022-47879 + name: Candidate detection for CVE-2022-47879 severity: high - cvss: 7.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: OpenEXR provides the specification and reference implementation of - the EXR file format, an image storage format for the motion picture industry. - From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internal_exr_undo_piz() advances - the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and - wcount are int, a crafted EXR file can make this product overflow and wrap. The - next channel then decodes from an incorrect address. The wavelet decode path operates - in place, so this yields both out-of-bounds reads and out-of-bounds writes. This - vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9. + exploitdb_reference: true + description: 'A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox + 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from + the ''rtn'' directory and execute its methods. NOTE: The vendor states that the + vulnerability affects installations running version 22.5 or earlier. The issue + was resolved with version 23.2 and later versions are not affected.' detection: payload: null verify: null @@ -24390,32 +20148,30 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34588 - - https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7 - - https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9 - - https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9 - - https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-588r-cr5c-w6hf + - https://nvd.nist.gov/vuln/detail/CVE-2022-47879 + - https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf + - https://jedox.mantishub.io/app/issues/57236 + - https://jedox.mantishub.io/app/issues/57237 + - https://jedox.mantishub.io/app/issues/57238 generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2026-34589-CANDIDATE - cve_id: CVE-2026-34589 - name: Candidate detection for CVE-2026-34589 + id: CVE-2022-47880-CANDIDATE + cve_id: CVE-2022-47880 + name: Candidate detection for CVE-2022-47880 severity: medium - cvss: 5.0 + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: OpenEXR provides the specification and reference implementation of - the EXR file format, an image storage format for the motion picture industry. - From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs - temporary per-component block pointers using signed 32-bit arithmetic. For a large - enough width, the calculation overflows and later decoder stores operate on a - wrapped pointer outside the allocated rowBlock backing store. This vulnerability - is fixed in 3.2.7, 3.3.9, and 3.4.9. + exploitdb_reference: true + description: An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH + Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database + connections to disclose a connections' cleartext password via the 'test connection' + function. detection: payload: null verify: null @@ -24423,34 +20179,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34589 - - https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.7 - - https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.9 - - https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.9 - - https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-p8xc-w3q4-h64x + - https://nvd.nist.gov/vuln/detail/CVE-2022-47880 + - https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2026-34755-CANDIDATE - cve_id: CVE-2026-34755 - name: Candidate detection for CVE-2026-34755 - severity: medium - cvss: 6.5 + id: CVE-2023-27823-CANDIDATE + cve_id: CVE-2023-27823 + name: Candidate detection for CVE-2023-27823 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: 'vLLM is an inference and serving engine for large language models - (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_base64() method at - vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract - individual JPEG frames, but does not enforce a frame count limit. The num_frames - parameter (default: 32), which is enforced by the load_bytes() code path, is completely - bypassed in the video/jpeg base64 path. An attacker can send a single API request - containing thousands of comma-separated base64-encoded JPEG frames, causing the - server to decode all frames into memory and crash with OOM. This vulnerability - is fixed in 0.19.0.' + exploitdb_reference: true + description: An authentication bypass in Optoma 1080PSTX C02 allows an attacker + to access the administration console without valid credentials. detection: payload: null verify: null @@ -24458,34 +20205,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34755 - - https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p - - https://access.redhat.com/security/cve/CVE-2026-34755 - - https://bugzilla.redhat.com/show_bug.cgi?id=2455403 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34755.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-27823 + - https://packetstormsecurity.com/files/172276/Optoma-1080PSTX-Firmware-C02-Authentication-Bypass.html generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2026-34756-CANDIDATE - cve_id: CVE-2026-34756 - name: Candidate detection for CVE-2026-34756 - severity: medium - cvss: 6.5 + id: CVE-2023-31729-CANDIDATE + cve_id: CVE-2023-31729 + name: Candidate detection for CVE-2023-31729 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: vLLM is an inference and serving engine for large language models (LLMs). - From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM - OpenAI-compatible API server. Due to the lack of an upper bound validation on - the n parameter in the ChatCompletionRequest and CompletionRequest Pydantic models, - an unauthenticated attacker can send a single HTTP request with an astronomically - large n value. This completely blocks the Python asyncio event loop and causes - immediate Out-Of-Memory crashes by allocating millions of request object copies - in the heap before the request even reaches the scheduling queue. This vulnerability - is fixed in 0.19.0. + description: TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via + /cgi-bin/cstecgi.cgi. detection: payload: null verify: null @@ -24493,31 +20231,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34756 - - https://github.com/vllm-project/vllm/commit/b111f8a61f100fdca08706f41f29ef3548de7380 - - https://github.com/vllm-project/vllm/pull/37952 - - https://github.com/vllm-project/vllm/security/advisories/GHSA-3mwp-wvh9-7528 - - https://access.redhat.com/security/cve/CVE-2026-34756 + - https://nvd.nist.gov/vuln/detail/CVE-2023-31729 + - https://github.com/D2y6p/CVE/blob/2bac2c96e24229fa99e0254eaac1b8809e424b4b/Totolink/CVE-2023-31729/CVE-2023-31729.md + - https://github.com/D2y6p/CVE/blob/main/Totolink/CVE-2023-31729/CVE-2023-31729.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34982-CANDIDATE - cve_id: CVE-2026-34982 - name: Candidate detection for CVE-2026-34982 - severity: high - cvss: 8.2 + id: CVE-2023-26818-CANDIDATE + cve_id: CVE-2023-26818 + name: Candidate detection for CVE-2023-26818 + severity: medium + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Vim is an open source, command line text editor. Prior to version 9.2.0276, - a modeline sandbox bypass in Vim allows arbitrary OS command execution when a - user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options - are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, - the `mapset()` function lacks a `check_secure()` call, allowing it to be abused - from sandboxed expressions. Commit 9.2.0276 fixes the issue. + description: Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, + microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag. detection: payload: null verify: null @@ -24525,41 +20257,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34982 - - https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615 - - https://github.com/vim/vim/releases/tag/v9.2.0276 - - https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9 - - https://access.redhat.com/errata/RHSA-2026:11389 + - https://nvd.nist.gov/vuln/detail/CVE-2023-26818 + - https://danrevah.github.io/2023/05/15/CVE-2023-26818-Bypass-TCC-with-Telegram/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34986-CANDIDATE - cve_id: CVE-2026-34986 - name: Candidate detection for CVE-2026-34986 + id: CVE-2023-31742-CANDIDATE + cve_id: CVE-2023-31742 + name: Candidate detection for CVE-2023-31742 severity: high - cvss: 7.5 + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Go JOSE provides an implementation of the Javascript Object Signing - and Encryption set of standards in Go, including support for JSON Web Encryption - (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to - 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the - alg field indicates a key wrapping algorithm (one ending in KW, with the exception - of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. - The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate - a slice with a zero or negative length based on the length of the encrypted_key. - This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() - followed by Decrypt() on the resulting object. Note that the parse functions take - a list of accepted key algorithms. If the accepted key algorithms do not include - any key wrapping algorithms, parsing will fail and the application will be unaffected. - This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext - parameter less than 16 bytes long, but calling this function directly is less - common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 - and 3.0.5. + description: There is a command injection vulnerability in the Linksys WRT54GL router + with firmware version 4.30.18.006. If an attacker gains web management privileges, + they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, + ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell + privileges. detection: payload: null verify: null @@ -24567,33 +20285,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34986 - - https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8 - - https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants - - https://access.redhat.com/errata/RHSA-2026:10125 - - https://access.redhat.com/errata/RHSA-2026:10130 + - https://nvd.nist.gov/vuln/detail/CVE-2023-31742 + - https://github.com/D2y6p/CVE/blob/main/Linksys/CVE-2023-31742/Linksys_WRT54GL_RCE.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2026-35029-CANDIDATE - cve_id: CVE-2026-35029 - name: Candidate detection for CVE-2026-35029 + id: CVE-2023-31740-CANDIDATE + cve_id: CVE-2023-31740 + name: Candidate detection for CVE-2023-31740 severity: high - cvss: 8.8 + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or - native) format. Prior to 1.83.0, the /config/update endpoint does not enforce - admin role authorization. A user who is already authenticated into the platform - can then use this endpoint to modify proxy configuration and environment variables, - register custom pass-through endpoint handlers pointing to attacker-controlled - Python code, achieving remote code execution, read arbitrary server files by setting - UI_LOGO_PATH and fetching via /get_image, and take over other privileged accounts - by overwriting UI_USERNAME and UI_PASSWORD environment variables. Fixed in v1.83.0. + description: There is a command injection vulnerability in the Linksys E2000 router + with firmware version 1.0.06. If an attacker gains web management privileges, + they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, + and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges. detection: payload: null verify: null @@ -24601,34 +20312,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-35029 - - https://github.com/BerriAI/litellm/security/advisories/GHSA-53mr-6c8q-9789 - - https://access.redhat.com/errata/RHSA-2026:13545 - - https://access.redhat.com/errata/RHSA-2026:28960 - - https://access.redhat.com/errata/RHSA-2026:30056 + - https://nvd.nist.gov/vuln/detail/CVE-2023-31740 + - https://github.com/D2y6p/CVE/blob/main/Linksys/CVE-2023-31740/Linksys_E2000_RCE.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2026-35030-CANDIDATE - cve_id: CVE-2026-35030 - name: Candidate detection for CVE-2026-35030 - severity: critical - cvss: 9.1 + id: CVE-2023-31741-CANDIDATE + cve_id: CVE-2023-31741 + name: Candidate detection for CVE-2023-31741 + severity: high + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI - (or native) format. Prior to 1.83.0, when JWT authentication is enabled (enable_jwt_auth: - true), the OIDC userinfo cache uses token[:20] as the cache key. JWT headers produced - by the same signing algorithm generate identical first 20 characters. This configuration - option is not enabled by default. Most instances are not affected. An unauthenticated - attacker can craft a token whose first 20 characters match a legitimate user''s - cached token. On cache hit, the attacker inherits the legitimate user''s identity - and permissions. This affects deployments with JWT/OIDC authentication enabled. - Fixed in v1.83.0.' + description: There is a command injection vulnerability in the Linksys E2000 router + with firmware version 1.0.06. If an attacker gains web management privileges, + they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, + WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby + gaining shell privileges. detection: payload: null verify: null @@ -24636,18 +20340,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-35030 - - https://github.com/BerriAI/litellm/security/advisories/GHSA-jjhc-v7c2-5hh6 - - https://access.redhat.com/errata/RHSA-2026:13545 - - https://access.redhat.com/errata/RHSA-2026:28960 - - https://access.redhat.com/errata/RHSA-2026:30056 + - https://nvd.nist.gov/vuln/detail/CVE-2023-31741 + - https://github.com/D2y6p/CVE/blob/main/Linksys/CVE-2023-31741/Linksys_E2000_RCE_2.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2026-35172-CANDIDATE - cve_id: CVE-2026-35172 - name: Candidate detection for CVE-2026-35172 + id: CVE-2023-31517-CANDIDATE + cve_id: CVE-2023-31517 + name: Candidate detection for CVE-2023-31517 severity: high cvss: 7.5 risk_level: unknown @@ -24655,13 +20356,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'Distribution is a toolkit to pack, ship, store, and deliver container - content. Prior to 3.1.0, distribution can restore read access in repo a after - an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: - true are both enabled. The delete path clears the shared digest descriptor but - leaves stale repo-scoped membership behind, so a later Stat or Get from repo b - repopulates the shared descriptor and makes the deleted blob readable from repo - a again. This vulnerability is fixed in 3.1.0.' + description: A memory leak in the component CConsole::Chain of Teeworlds v0.7.5 + allows attackers to cause a Denial of Service (DoS) via opening a crafted file. detection: payload: null verify: null @@ -24669,55 +20365,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-35172 - - https://github.com/distribution/distribution/security/advisories/GHSA-f2g3-hh2r-cwgc - - https://access.redhat.com/errata/RHSA-2026:23234 - - https://access.redhat.com/errata/RHSA-2026:25045 - - https://access.redhat.com/errata/RHSA-2026:26529 + - https://nvd.nist.gov/vuln/detail/CVE-2023-31517 + - https://gist.github.com/manba-bryant/9ca95d69c65f4d2c55946932c946fb9b + - https://www.redpacketsecurity.com/teeworlds-denial-of-service-cve-2023-31517/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34197-CANDIDATE - cve_id: CVE-2026-34197 - name: Candidate detection for CVE-2026-34197 + id: CVE-2023-31747-CANDIDATE + cve_id: CVE-2023-31747 + name: Candidate detection for CVE-2023-31747 severity: high - cvss: 8.8 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: - cisa_kev: true - exploitdb_reference: false - description: 'Improper Input Validation, Improper Control of Generation of Code - (''Code Injection'') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. - - - Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on - the web console. The default Jolokia access policy permits exec operations on - all ActiveMQ MBeans (org.apache.activemq:*), including - - BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String). - - - An authenticated attacker can invoke these operations with a crafted discovery - URI that triggers the VM transport''s brokerConfig parameter to load a remote - Spring XML application context using ResourceXmlApplicationContext. - - Because Spring''s ResourceXmlApplicationContext instantiates all singleton beans - before the BrokerService validates the configuration, arbitrary code execution - occurs on the broker''s JVM through bean factory methods such as Runtime.exec(). - - - - - This issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; - Apache ActiveMQ All: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: - before 5.19.4, from 6.0.0 before 6.2.3. - - - - - Users are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue' + cisa_kev: false + exploitdb_reference: true + description: Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain + an unquoted service path vulnerability via the component NativePushService. This + vulnerability allows attackers to launch processes with elevated privileges. detection: payload: null verify: null @@ -24725,45 +20392,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34197 - - https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt - - https://access.redhat.com/security/cve/CVE-2026-34197 - - https://bugzilla.redhat.com/show_bug.cgi?id=2455869 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34197.json - - https://www.cisa.gov/known-exploited-vulnerabilities-catalog + - https://nvd.nist.gov/vuln/detail/CVE-2023-31747 + - https://packetstormsecurity.com/files/172464/Filmora-12-Build-1.0.0.7-Unquoted-Service-Path.html generated_from: - nvd - - cisa_kev + - exploit_db - status: candidate executable: false - id: CVE-2026-28808-CANDIDATE - cve_id: CVE-2026-28808 - name: Candidate detection for CVE-2026-28808 - severity: critical - cvss: 9.8 + id: CVE-2023-31748-CANDIDATE + cve_id: CVE-2023-31748 + name: Candidate detection for CVE-2023-31748 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: 'Incorrect Authorization vulnerability in Erlang OTP (inets modules) - allows unauthenticated access to CGI scripts protected by directory rules when - served via script_alias. - - - When script_alias maps a URL prefix to a directory outside DocumentRoot, mod_auth - evaluates directory-based access controls against the DocumentRoot-relative path - while mod_cgi executes the script at the ScriptAlias-resolved path. This path - mismatch allows unauthenticated access to CGI scripts that directory rules were - meant to protect. - - - This vulnerability is associated with program files lib/inets/src/http_server/mod_alias.erl, - lib/inets/src/http_server/mod_auth.erl, and lib/inets/src/http_server/mod_cgi.erl. - - - This issue affects OTP from OTP 17.0 until OTP 28.4.2, 27.3.4.10 and 26.2.5.19 - corresponding to inets from 5.10 until 9.6.2, 9.3.2.4 and 9.1.0.6.' + exploitdb_reference: true + description: Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate + privileges to local admin via replacing the executable file. detection: payload: null verify: null @@ -24771,52 +20418,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28808 - - https://cna.erlef.org/cves/CVE-2026-28808.html - - https://github.com/erlang/otp/commit/8fc71ac6af4fbcc54103bec2983ef22e82942688 - - https://github.com/erlang/otp/commit/9dfa0c51eac97866078e808dec2183cb7871ff7c - - https://github.com/erlang/otp/security/advisories/GHSA-3vhp-h532-mc3f + - https://nvd.nist.gov/vuln/detail/CVE-2023-31748 + - https://packetstormsecurity.com/files/172466/MobileTrans-4.0.11-Weak-Service-Permissions.html generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2026-32144-CANDIDATE - cve_id: CVE-2026-32144 - name: Candidate detection for CVE-2026-32144 + id: CVE-2023-31595-CANDIDATE + cve_id: CVE-2023-31595 + name: Candidate detection for CVE-2023-31595 severity: high - cvss: 7.4 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Improper Certificate Validation vulnerability in Erlang OTP public_key - (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via - missing signature verification. - - - The OCSP response validation in public_key:pkix_ocsp_validate/5 does not verify - that a CA-designated responder certificate was cryptographically signed by the - issuing CA. Instead, it only checks that the responder certificate''s issuer name - matches the CA''s subject name and that the certificate has the OCSPSigning extended - key usage. An attacker who can intercept or control OCSP responses can create - a self-signed certificate with a matching issuer name and the OCSPSigning EKU, - and use it to forge OCSP responses that mark revoked certificates as valid. - - - This affects SSL/TLS clients using OCSP stapling, which may accept connections - to servers with revoked certificates, potentially transmitting sensitive data - to compromised servers. Applications using the public_key:pkix_ocsp_validate/5 - API directly are also affected, with impact depending on usage context. - - - This vulnerability is associated with program files lib/public_key/src/pubkey_ocsp.erl - and program routines pubkey_ocsp:is_authorized_responder/3. - - - This issue affects OTP from OTP 27.0 until OTP 28.4.2 and 27.3.4.10 corresponding - to public_key from 1.16 until 1.20.3 and 1.17.1.2, and ssl from 11.2 until 11.5.4 - and 11.2.12.7.' + description: IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control + via unauthenticated port access. detection: payload: null verify: null @@ -24824,31 +20444,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32144 - - https://cna.erlef.org/cves/CVE-2026-32144.html - - https://github.com/erlang/otp/commit/49033a6d93a5be0ee0dce04e1fb8b4ae7de1e0c0 - - https://github.com/erlang/otp/commit/ac7ff528be857c5d35eb29c7f24106e3a16d4891 - - https://github.com/erlang/otp/security/advisories/GHSA-gxrm-pf64-99xm + - https://nvd.nist.gov/vuln/detail/CVE-2023-31595 + - https://github.com/Yozarseef95/CVE-2023-31595 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-5731-CANDIDATE - cve_id: CVE-2026-5731 - name: Candidate detection for CVE-2026-5731 - severity: critical - cvss: 9.8 + id: CVE-2023-31594-CANDIDATE + cve_id: CVE-2023-31594 + name: Candidate detection for CVE-2023-31594 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, - Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these - bugs showed evidence of memory corruption and we presume that with enough effort - some of these could have been exploited to run arbitrary code. This vulnerability - was fixed in Firefox 149.0.2, Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird - 149.0.2, and Thunderbird 140.9.1. + description: IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control + via an exposed HTTP channel using VLC network. detection: payload: null verify: null @@ -24856,18 +20469,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-5731 - - https://bugzilla.mozilla.org/buglist.cgi?bug_id=2021894%2C2022225%2C2022252%2C2022294%2C2023007%2C2023130%2C2023191%2C2023364%2C2023829%2C2024074%2C2024417%2C2024433%2C2024436%2C2024437%2C2024453%2C2024461%2C2024462%2C2024472%2C2024474%2C2024477%2C2025364%2C2025401%2C2025402%2C2025472%2C2026287%2C2026299%2C2026305%2C2026426 - - https://www.mozilla.org/security/advisories/mfsa2026-25/ - - https://www.mozilla.org/security/advisories/mfsa2026-26/ - - https://www.mozilla.org/security/advisories/mfsa2026-27/ + - https://nvd.nist.gov/vuln/detail/CVE-2023-31594 + - https://github.com/Yozarseef95/CVE-2023-31594 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-5732-CANDIDATE - cve_id: CVE-2026-5732 - name: Candidate detection for CVE-2026-5732 + id: CVE-2023-33779-CANDIDATE + cve_id: CVE-2023-33779 + name: Candidate detection for CVE-2023-33779 severity: high cvss: 8.8 risk_level: unknown @@ -24875,9 +20485,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'Incorrect boundary conditions, integer overflow in the Graphics: Text - component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, - Thunderbird 149.0.2, and Thunderbird 140.9.1.' + description: A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows + users to execute arbitrary commands on another user's account via a crafted POST + request to the component /jobinfo/. detection: payload: null verify: null @@ -24885,27 +20495,29 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-5732 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2017867 - - https://www.mozilla.org/security/advisories/mfsa2026-25/ - - https://www.mozilla.org/security/advisories/mfsa2026-27/ - - https://www.mozilla.org/security/advisories/mfsa2026-28/ + - https://nvd.nist.gov/vuln/detail/CVE-2023-33779 + - https://github.com/silence-silence/xxl-job-lateral-privilege-escalation-vulnerability-/blob/main/README.md + - https://github.com/xuxueli/xxl-job generated_from: - nvd - status: candidate executable: false - id: CVE-2026-5733-CANDIDATE - cve_id: CVE-2026-5733 - name: Candidate detection for CVE-2026-5733 + id: CVE-2023-33234-CANDIDATE + cve_id: CVE-2023-33234 + name: Candidate detection for CVE-2023-33234 severity: high - cvss: 8.8 + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Incorrect boundary conditions in the Graphics: WebGPU component. This - vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2.' + description: "Arbitrary code execution in Apache Airflow CNCF Kubernetes provider\ + \ version 5.0.0 allows user to change xcom sidecar image and resources via Airflow\ + \ connection.\n\nIn order to exploit this weakness, a user would already need\ + \ elevated permissions (Op or Admin) to change the connection object in this manner.\_\ + \ Operators should upgrade to provider version 7.0.0 which has removed the vulnerability.\n\ + \n" detection: payload: null verify: null @@ -24913,30 +20525,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-5733 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2022554 - - https://www.mozilla.org/security/advisories/mfsa2026-25/ - - https://www.mozilla.org/security/advisories/mfsa2026-28/ - - https://access.redhat.com/security/cve/CVE-2026-5733 + - https://nvd.nist.gov/vuln/detail/CVE-2023-33234 + - https://lists.apache.org/thread/n1vpgl6h2qsdm52o9m2tx1oo86tl4gnq generated_from: - nvd - status: candidate executable: false - id: CVE-2026-5734-CANDIDATE - cve_id: CVE-2026-5734 - name: Candidate detection for CVE-2026-5734 - severity: critical - cvss: 9.8 + id: CVE-2023-30285-CANDIDATE + cve_id: CVE-2023-30285 + name: Candidate detection for CVE-2023-30285 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR - 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence - of memory corruption and we presume that with enough effort some of these could - have been exploited to run arbitrary code. This vulnerability was fixed in Firefox - 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1. + description: An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows + attackers to obtain the login credentials of a user via a crafted request sent + to /rest/synchronizer/1.0/technicalUser. detection: payload: null verify: null @@ -24944,29 +20551,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-5734 - - https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505 - - https://www.mozilla.org/security/advisories/mfsa2026-25/ - - https://www.mozilla.org/security/advisories/mfsa2026-27/ - - https://www.mozilla.org/security/advisories/mfsa2026-28/ + - https://nvd.nist.gov/vuln/detail/CVE-2023-30285 + - https://github.com/D23K4N/CVE/blob/main/CVE-2023-30285.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-5735-CANDIDATE - cve_id: CVE-2026-5735 - name: Candidate detection for CVE-2026-5735 - severity: critical - cvss: 9.8 + id: CVE-2023-29724-CANDIDATE + cve_id: CVE-2023-29724 + name: Candidate detection for CVE-2023-29724 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. - Some of these bugs showed evidence of memory corruption and we presume that with - enough effort some of these could have been exploited to run arbitrary code. This - vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2. + description: The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps + to actively request permission to modify data in the database that records information + about a user's personal preferences and will be loaded into memory to be read + and used when the app is opened. An attacker could tamper with this data to cause + an escalation of privilege attack. detection: payload: null verify: null @@ -24974,29 +20579,30 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-5735 - - https://bugzilla.mozilla.org/buglist.cgi?bug_id=2025475%2C2025477 - - https://www.mozilla.org/security/advisories/mfsa2026-25/ - - https://www.mozilla.org/security/advisories/mfsa2026-28/ - - https://access.redhat.com/security/cve/CVE-2026-5735 + - https://nvd.nist.gov/vuln/detail/CVE-2023-29724 + - https://apkpure.com/cn/bt21-x-bts-wallpaper-hd-4k/com.bungaakp007.bt21wallpaperoffline130920/download/12-APK + - https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29724/CVE%20detail.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-20889-CANDIDATE - cve_id: CVE-2026-20889 - name: Candidate detection for CVE-2026-20889 - severity: critical - cvss: 9.8 + id: CVE-2023-29725-CANDIDATE + cve_id: CVE-2023-29725 + name: Candidate detection for CVE-2023-29725 + severity: medium + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader - functionality of LibRaw Commit d20315b. A specially crafted malicious file can - lead to a heap buffer overflow. An attacker can provide a malicious file to trigger - this vulnerability. + description: The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications + to actively request permission to insert data into the database that records information + about a user's personal preferences and will be loaded into memory to be read + and used when the application is opened. By injecting data, the attacker can force + the application to load malicious image URLs and display them in the UI. As the + amount of data increases, it will eventually cause the application to trigger + an OOM error and crash, resulting in a persistent denial of service attack. detection: payload: null verify: null @@ -25004,29 +20610,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-20889 - - https://talosintelligence.com/vulnerability_reports/TALOS-2026-2358 - - https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2358 - - https://access.redhat.com/errata/RHSA-2026:13284 - - https://access.redhat.com/errata/RHSA-2026:14224 + - https://nvd.nist.gov/vuln/detail/CVE-2023-29725 + - https://apkpure.com/cn/bt21-x-bts-wallpaper-hd-4k/com.bungaakp007.bt21wallpaperoffline130920/download/12-APK + - https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29725/CVE%20detail.md + - https://play.google.com/store/apps/details?id=com.cuiet.blockCalls generated_from: - nvd - status: candidate executable: false - id: CVE-2026-20911-CANDIDATE - cve_id: CVE-2026-20911 - name: Candidate detection for CVE-2026-20911 - severity: critical - cvss: 9.8 + id: CVE-2023-33381-CANDIDATE + cve_id: CVE-2023-33381 + name: Candidate detection for CVE-2023-33381 + severity: high + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A heap-based buffer overflow vulnerability exists in the HuffTable::initval - functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted - malicious file can lead to a heap buffer overflow. An attacker can provide a malicious - file to trigger this vulnerability. + description: A command injection vulnerability was found in the ping functionality + of the MitraStar GPT-2741GNAC router (firmware version AR_g5.8_110WVN0b7_2). The + vulnerability allows an authenticated user to execute arbitrary OS commands by + sending specially crafted input to the router via the ping function. detection: payload: null verify: null @@ -25034,29 +20639,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-20911 - - https://talosintelligence.com/vulnerability_reports/TALOS-2026-2330 - - https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2330 - - https://access.redhat.com/security/cve/CVE-2026-20911 - - https://bugzilla.redhat.com/show_bug.cgi?id=2455959 + - https://nvd.nist.gov/vuln/detail/CVE-2023-33381 + - https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC/blob/main/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-21413-CANDIDATE - cve_id: CVE-2026-21413 - name: Candidate detection for CVE-2026-21413 - severity: critical - cvss: 9.8 + id: CVE-2023-33530-CANDIDATE + cve_id: CVE-2023-33530 + name: Candidate detection for CVE-2023-33530 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw - functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted - malicious file can lead to a heap buffer overflow. An attacker can provide a malicious - file to trigger this vulnerability. + description: There is a command injection vulnerability in the Tenda G103 Gigabit + GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management + privileges, they can inject commands gaining shell privileges. detection: payload: null verify: null @@ -25064,29 +20665,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-21413 - - https://talosintelligence.com/vulnerability_reports/TALOS-2026-2331 - - https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2331 - - https://access.redhat.com/errata/RHSA-2026:11360 - - https://access.redhat.com/errata/RHSA-2026:13284 + - https://nvd.nist.gov/vuln/detail/CVE-2023-33530 + - https://github.com/D2y6p/CVE/blob/main/tenda/CVE-2023-33530/RCE2/tenda_G103_RCE_2.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24660-CANDIDATE - cve_id: CVE-2026-24660 - name: Candidate detection for CVE-2026-24660 - severity: high - cvss: 8.1 + id: CVE-2023-31569-CANDIDATE + cve_id: CVE-2023-31569 + name: Candidate detection for CVE-2023-31569 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A heap-based buffer overflow vulnerability exists in the x3f_load_huffman - functionality of LibRaw Commit d20315b. A specially crafted malicious file can - lead to a heap buffer overflow. An attacker can provide a malicious file to trigger - this vulnerability. + description: TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a + command injection via the setWanCfg function. detection: payload: null verify: null @@ -25094,31 +20690,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24660 - - https://talosintelligence.com/vulnerability_reports/TALOS-2026-2359 - - https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2359 - - https://access.redhat.com/errata/RHSA-2026:13284 - - https://access.redhat.com/errata/RHSA-2026:15924 + - https://nvd.nist.gov/vuln/detail/CVE-2023-31569 + - https://github.com/JeeseenSec/Report/tree/main/TOTOLINK%2CThanks + - https://github.com/JeeseenSec/Report/tree/main/TOTOLINK/CVE-2023-31569 + - https://www.totolink.net/home/menu/newstpl/menu_newstpl/products/id/218.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4740-CANDIDATE - cve_id: CVE-2026-4740 - name: Candidate detection for CVE-2026-4740 - severity: high - cvss: 8.2 + id: CVE-2023-33532-CANDIDATE + cve_id: CVE-2023-33532 + name: Candidate detection for CVE-2023-33532 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Open Cluster Management (OCM), the technology underlying - Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client - certificate renewal allows a managed cluster administrator to forge a client certificate - that can be approved by the OCM controller. This enables cross-cluster privilege - escalation and may allow an attacker to gain control over other managed clusters, - including the hub cluster. + description: There is a command injection vulnerability in the Netgear R6250 router + with Firmware Version 1.0.4.48. If an attacker gains web management privileges, + they can inject commands into the post request parameters, thereby gaining shell + privileges. detection: payload: null verify: null @@ -25126,26 +20719,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4740 - - https://access.redhat.com/security/cve/CVE-2026-4740 - - https://blog.arfevrier.fr/open-cluster-management-cross-cluster-escape/ - - https://bugzilla.redhat.com/show_bug.cgi?id=2450590 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4740.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-33532 + - https://github.com/D2y6p/CVE/blob/main/Netgear/CVE-2023-33532/Netgear_R6250_RCE.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33815-CANDIDATE - cve_id: CVE-2026-33815 - name: Candidate detection for CVE-2026-33815 - severity: critical - cvss: 9.8 + id: CVE-2023-27126-CANDIDATE + cve_id: CVE-2023-27126 + name: Candidate detection for CVE-2023-27126 + severity: medium + cvss: 4.6 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Memory-safety vulnerability in github.com/jackc/pgx/v5. + description: The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on + firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker + with physical access to a camera is able to extract and decrypt sensitive data + containing the Wifi password and the TP-LINK account credential of the victim. detection: payload: null verify: null @@ -25153,26 +20746,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33815 - - https://pkg.go.dev/vuln/GO-2026-4771 - - https://access.redhat.com/errata/RHSA-2026:11070 - - https://access.redhat.com/errata/RHSA-2026:11217 - - https://access.redhat.com/errata/RHSA-2026:13791 + - https://nvd.nist.gov/vuln/detail/CVE-2023-27126 + - https://www.claranet.fr/blog/dans-les-entrailles-dune-camera-connectee-tp-link-14 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33816-CANDIDATE - cve_id: CVE-2026-33816 - name: Candidate detection for CVE-2026-33816 - severity: critical - cvss: 9.8 + id: CVE-2023-33781-CANDIDATE + cve_id: CVE-2023-33781 + name: Candidate detection for CVE-2023-33781 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Memory-safety vulnerability in github.com/jackc/pgx/v5. + description: An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary + commands via importing a crafted file. detection: payload: null verify: null @@ -25180,32 +20771,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33816 - - https://pkg.go.dev/vuln/GO-2026-4772 - - https://access.redhat.com/errata/RHSA-2026:11070 - - https://access.redhat.com/errata/RHSA-2026:11217 - - https://access.redhat.com/errata/RHSA-2026:13791 + - https://nvd.nist.gov/vuln/detail/CVE-2023-33781 + - https://github.com/s0tr/CVE-2023-33781 + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-14821-CANDIDATE - cve_id: CVE-2025-14821 - name: Candidate detection for CVE-2025-14821 + id: CVE-2023-33782-CANDIDATE + cve_id: CVE-2023-33782 + name: Candidate detection for CVE-2023-33782 severity: high - cvss: 7.8 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libssh. This vulnerability allows local man-in-the-middle - attacks, security downgrades of SSH (Secure Shell) connections, and manipulation - of trusted host information, posing a significant risk to the confidentiality, - integrity, and availability of SSH communications via an insecure default configuration - on Windows systems where the library automatically loads configuration files from - the C:\etc directory, which can be created and modified by unprivileged local - users. + description: D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection + vulnerability via the iperf3 diagnostics function. detection: payload: null verify: null @@ -25213,32 +20797,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-14821 - - https://access.redhat.com/errata/RHSA-2026:7067 - - https://access.redhat.com/security/cve/CVE-2025-14821 - - https://bugzilla.redhat.com/show_bug.cgi?id=2423148 - - https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/ + - https://nvd.nist.gov/vuln/detail/CVE-2023-33782 + - https://github.com/s0tr/CVE-2023-33782 + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4631-CANDIDATE - cve_id: CVE-2026-4631 - name: Candidate detection for CVE-2026-4631 - severity: critical - cvss: 9.8 + id: CVE-2023-33621-CANDIDATE + cve_id: CVE-2023-33621 + name: Candidate detection for CVE-2023-33621 + severity: medium + cvss: 5.9 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: true - description: Cockpit's remote login feature passes user-supplied hostnames and usernames - from the web interface to the SSH client without validation or sanitization. An - attacker with network access to the Cockpit web service can craft a single HTTP - request to the login endpoint that injects malicious SSH options or shell commands, - achieving code execution on the Cockpit host without valid credentials. The injection - occurs during the authentication flow before any credential verification takes - place, meaning no login is required to exploit the vulnerability. + exploitdb_reference: false + description: GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication + token into a GET request when the OpenVPN Server config file is downloaded. The + token is then left in the browser history or access logs, potentially allowing + attackers to bypass authentication via session replay. detection: payload: null verify: null @@ -25246,34 +20825,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4631 - - https://access.redhat.com/errata/RHSA-2026:7381 - - https://access.redhat.com/errata/RHSA-2026:7382 - - https://access.redhat.com/errata/RHSA-2026:7383 - - https://access.redhat.com/errata/RHSA-2026:7384 + - https://nvd.nist.gov/vuln/detail/CVE-2023-33621 + - https://justinapplegate.me/2023/glinet-CVE-2023-33621/ generated_from: - nvd - - exploit_db - status: candidate executable: false - id: CVE-2026-39363-CANDIDATE - cve_id: CVE-2026-39363 - name: Candidate detection for CVE-2026-39363 - severity: high - cvss: 7.5 + id: CVE-2023-31541-CANDIDATE + cve_id: CVE-2023-31541 + name: Candidate detection for CVE-2023-31541 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Vite is a frontend tooling framework for JavaScript. From 6.0.0 to\ - \ before 6.4.2, 7.3.2, and 8.0.5, if it is possible to connect to the Vite dev\ - \ server\u2019s WebSocket without an Origin header, an attacker can invoke fetchModule\ - \ via the custom WebSocket event vite:invoke and combine file://... with ?raw\ - \ (or ?inline) to retrieve the contents of arbitrary files on the server as a\ - \ JavaScript string (e.g., export default \"...\"). The access control enforced\ - \ in the HTTP request path (such as server.fs.allow) is not applied to this WebSocket-based\ - \ execution path. This vulnerability is fixed in 6.4.2, 7.3.2, and 8.0.5." + description: "A unrestricted file upload vulnerability was discovered in the \u2018\ + Browse and upload images\u2019 feature of the CKEditor v1.2.3 plugin for Redmine,\ + \ which allows arbitrary files to be uploaded to the server." detection: payload: null verify: null @@ -25281,30 +20851,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-39363 - - https://github.com/vitejs/vite/security/advisories/GHSA-p9ff-h696-f583 - - https://access.redhat.com/errata/RHSA-2026:24761 - - https://access.redhat.com/errata/RHSA-2026:24762 - - https://access.redhat.com/errata/RHSA-2026:24866 + - https://nvd.nist.gov/vuln/detail/CVE-2023-31541 + - https://github.com/DreamD2v/CVE-2023-31541/blob/main/CVE-2023-31541.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-39364-CANDIDATE - cve_id: CVE-2026-39364 - name: Candidate detection for CVE-2026-39364 - severity: high - cvss: 7.5 + id: CVE-2023-33620-CANDIDATE + cve_id: CVE-2023-33620 + name: Candidate detection for CVE-2023-33620 + severity: medium + cvss: 5.9 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Vite is a frontend tooling framework for JavaScript. From 7.1.0 to - before 7.3.2 and 8.0.5, on the Vite dev server, files that should be blocked by - server.fs.deny (e.g., .env, *.crt) can be retrieved with HTTP 200 responses when - query parameters such as ?raw, ?import&raw, or ?import&url&inline are appended. - This vulnerability is fixed in 7.3.2 and 8.0.5. + description: GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in + its communications which allows attackers to eavesdrop via a man-in-the-middle + attack. detection: payload: null verify: null @@ -25312,31 +20877,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-39364 - - https://github.com/vitejs/vite/security/advisories/GHSA-v2wj-q39q-566r - - https://access.redhat.com/errata/RHSA-2026:24866 - - https://access.redhat.com/security/cve/CVE-2026-39364 - - https://bugzilla.redhat.com/show_bug.cgi?id=2456181 + - https://nvd.nist.gov/vuln/detail/CVE-2023-33620 + - https://justinapplegate.me/2023/glinet-CVE-2023-33620/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-29181-CANDIDATE - cve_id: CVE-2026-29181 - name: Candidate detection for CVE-2026-29181 - severity: high - cvss: 7.5 + id: CVE-2023-34944-CANDIDATE + cve_id: CVE-2023-34944 + name: Candidate detection for CVE-2023-34944 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 - to 1.40.0, multi-value baggage: header extraction parses each header field-value - independently and aggregates members across values. This allows an attacker to - amplify cpu and allocations by sending many baggage: header lines, even when each - individual value is within the 8192-byte per-value parse limit. This vulnerability - is fixed in 1.41.0.' + description: An arbitrary file upload vulnerability in the /fileUpload.lib.php component + of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via + uploading a crafted SVG file. detection: payload: null verify: null @@ -25344,34 +20903,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-29181 - - https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-mh2q-q3fh-2475 - - https://access.redhat.com/errata/RHSA-2026:25271 - - https://access.redhat.com/security/cve/CVE-2026-29181 - - https://bugzilla.redhat.com/show_bug.cgi?id=2456252 + - https://nvd.nist.gov/vuln/detail/CVE-2023-34944 + - https://github.com/chamilo/chamilo-lms/commit/0d0c88c4806280ac9b70a299d6e3099269c9bc54 + - https://github.com/chamilo/chamilo-lms/commit/f6e83550c2d17fc93a65ec4be602a78312289f37 + - https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-113-2023-05-31-Low-impact-Low-risk-XSS-through-SVG generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34045-CANDIDATE - cve_id: CVE-2026-34045 - name: Candidate detection for CVE-2026-34045 - severity: high - cvss: 8.2 + id: CVE-2023-34752-CANDIDATE + cve_id: CVE-2023-34752 + name: Candidate detection for CVE-2023-34752 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Podman Desktop is a graphical tool for developing on containers and - Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman - Desktop allows any network attacker to remotely trigger denial-of-service conditions - and extract sensitive information. By abusing missing connection limits and timeouts, - an attacker can exhaust file descriptors and kernel memory, leading to application - crash or full host freeze. Additionally, verbose error responses disclose internal - paths and system details (including usernames on Windows), aiding further exploitation. - The issue requires no authentication or user interaction and is exploitable over - the network. This vulnerability is fixed in 1.26.2. + description: bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability + via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. detection: payload: null verify: null @@ -25379,31 +20930,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34045 - - https://github.com/podman-desktop/podman-desktop/security/advisories/GHSA-2q88-39rh-gxvv - - https://access.redhat.com/errata/RHSA-2026:13867 - - https://access.redhat.com/security/cve/CVE-2026-34045 - - https://bugzilla.redhat.com/show_bug.cgi?id=2456283 + - https://nvd.nist.gov/vuln/detail/CVE-2023-34752 + - https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability + - https://www.bloofox.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34078-CANDIDATE - cve_id: CVE-2026-34078 - name: Candidate detection for CVE-2026-34078 + id: CVE-2023-34832-CANDIDATE + cve_id: CVE-2023-34832 + name: Candidate detection for CVE-2023-34832 severity: critical - cvss: 10.0 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Flatpak is a Linux application sandboxing and distribution framework. - Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options - which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run - mounts the resolved host path in the sandbox. This gives apps access to all host - files and can be used as a primitive to gain code execution in the host context. - This vulnerability is fixed in 1.16.4. + description: TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer + overflow via the function FUN_131e8 - 0x132B4. detection: payload: null verify: null @@ -25411,35 +20956,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34078 - - https://github.com/flatpak/flatpak/security/advisories/GHSA-cc2q-qc34-jprg - - https://access.redhat.com/errata/RHSA-2026:21755 - - https://access.redhat.com/errata/RHSA-2026:21756 - - https://access.redhat.com/errata/RHSA-2026:21757 + - https://nvd.nist.gov/vuln/detail/CVE-2023-34832 + - https://gist.github.com/jhacker91/2026e080a42514255e758d64b465d1d5 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34580-CANDIDATE - cve_id: CVE-2026-34580 - name: Candidate detection for CVE-2026-34580 - severity: high - cvss: 7.5 + id: CVE-2023-33438-CANDIDATE + cve_id: CVE-2023-33438 + name: Candidate detection for CVE-2023-33438 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known - had a misleading name; it would return true if any certificate in the store had - a DN (and subject key identifier, if set) matching that of the argument. It did - not check that the cert it found and the cert it was passed were actually the - same certificate. In 3.11.0 an extension of path validation logic was made which - assumed that certificate_known only returned true if the certificates were in - fact identical. The impact is that if an end entity certificate is presented, - and its DN (and subject key identifier, if set) match that of any trusted root, - the end entity certificate is accepted immediately as if it itself were a trusted - root. , This vulnerability is fixed in 3.11.1. + description: A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer + TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or + HTML. detection: payload: null verify: null @@ -25447,31 +20982,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34580 - - https://github.com/randombit/botan/security/advisories/GHSA-v782-6fq4-q827 - - https://access.redhat.com/security/cve/CVE-2026-34580 - - https://bugzilla.redhat.com/show_bug.cgi?id=2456288 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34580.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-33438 + - https://github.com/justas-dee/CVEs/blob/main/CVE-2023-33438/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34582-CANDIDATE - cve_id: CVE-2026-34582 - name: Candidate detection for CVE-2026-34582 - severity: critical - cvss: 9.1 + id: CVE-2022-45287-CANDIDATE + cve_id: CVE-2022-45287 + name: Candidate detection for CVE-2022-45287 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS - 1.3 implementation allowed ApplicationData records to be processed prior to the - Finished message being received. A server which is attempting to enforce client - authentication via certificates can by bypassed by a client which entirely omits - Certificate, CertificateVerify, and the Finished message and instead sends application - data records. This vulnerability is fixed in 3.11.1. + description: An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows + authenticated attackers to escalate privileges and perform arbitrary Administrative + commands. detection: payload: null verify: null @@ -25479,28 +21008,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34582 - - https://github.com/randombit/botan/security/advisories/GHSA-pxcj-9ppx-g86g - - https://access.redhat.com/security/cve/CVE-2026-34582 - - https://bugzilla.redhat.com/show_bug.cgi?id=2456285 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34582.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-45287 + - https://github.com/WhiteBearVN/CWX-Registration-Broken-Access-Control/blob/main/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27140-CANDIDATE - cve_id: CVE-2026-27140 - name: Candidate detection for CVE-2026-27140 + id: CVE-2023-27243-CANDIDATE + cve_id: CVE-2023-27243 + name: Candidate detection for CVE-2023-27243 severity: high - cvss: 8.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: SWIG file names containing 'cgo' and well-crafted payloads could lead - to code smuggling and arbitrary code execution at build time due to trust layer - bypass. + description: An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated + attackers to obtain cleartext credentials via a crafted web request to the product + API. detection: payload: null verify: null @@ -25508,29 +21034,23 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27140 - - https://go.dev/cl/763768 - - https://go.dev/issue/78335 - - https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU - - https://pkg.go.dev/vuln/GO-2026-4871 + - https://nvd.nist.gov/vuln/detail/CVE-2023-27243 + - https://pastebin.com/L5BkBeEE generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32280-CANDIDATE - cve_id: CVE-2026-32280 - name: Candidate detection for CVE-2026-32280 + id: CVE-2023-31867-CANDIDATE + cve_id: CVE-2023-31867 + name: Candidate detection for CVE-2023-31867 severity: high - cvss: 7.5 + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: During chain building, the amount of work that is done is not correctly - limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, - which can lead to a denial of service. This affects both direct users of crypto/x509 - and users of crypto/tls. + description: Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection. detection: payload: null verify: null @@ -25538,29 +21058,32 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32280 - - https://go.dev/cl/758320 - - https://go.dev/issue/78282 - - https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU - - https://pkg.go.dev/vuln/GO-2026-4947 + - https://nvd.nist.gov/vuln/detail/CVE-2023-31867 + - https://github.com/Digitemis/Advisory/blob/main/CVE-2023-31867.txt generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32283-CANDIDATE - cve_id: CVE-2026-32283 - name: Candidate detection for CVE-2026-32283 - severity: high - cvss: 7.5 + id: CVE-2023-31868-CANDIDATE + cve_id: CVE-2023-31868 + name: Candidate detection for CVE-2023-31868 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: If one side of the TLS connection sends multiple key update messages - post-handshake in a single record, the connection can deadlock, causing uncontrolled - consumption of resources. This can lead to a denial of service. This only affects - TLS 1.3. + description: Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting + (XSS). Some parts of the Web application are dynamically built using user's inputs. + Yet, those inputs are not verified nor filtered by the application, so they mathed + the expected format. Therefore, when HTML/JavaScript code is injected into those + fields, this code will be saved by the application and executed by the web browser + of the user viewing the web page. Several injection points have been identified + on the application. The major one requires the user to be authenticated with a + common account, he can then target an Administrator. All others endpoints need + the malicious user to be authenticated as an Administrator. Therefore, the impact + is diminished. detection: payload: null verify: null @@ -25568,30 +21091,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32283 - - https://go.dev/cl/763767 - - https://go.dev/issue/78334 - - https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU - - https://pkg.go.dev/vuln/GO-2026-4870 + - https://nvd.nist.gov/vuln/detail/CVE-2023-31868 + - https://github.com/Digitemis/Advisory/blob/main/CVE-2023-31868.txt generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33810-CANDIDATE - cve_id: CVE-2026-33810 - name: Candidate detection for CVE-2026-33810 + id: CVE-2023-34671-CANDIDATE + cve_id: CVE-2023-34671 + name: Candidate detection for CVE-2023-34671 severity: high - cvss: 8.2 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: When verifying a certificate chain containing excluded DNS constraints, - these constraints are not correctly applied to wildcard DNS SANs which use a different - case than the constraint. This only affects validation of otherwise trusted certificate - chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system - certificate pool. + description: Improper Access Control leads to privilege escalation affecting Elenos + ETG150 FM transmitter running on version 3.12 by exploiting user's role in the + user profile. An attack could occur over the public Internet in some cases. detection: payload: null verify: null @@ -25599,37 +21117,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33810 - - https://go.dev/cl/763763 - - https://go.dev/issue/78332 - - https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU - - https://pkg.go.dev/vuln/GO-2026-4866 + - https://nvd.nist.gov/vuln/detail/CVE-2023-34671 + - https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-34671 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-5795-CANDIDATE - cve_id: CVE-2026-5795 - name: Candidate detection for CVE-2026-5795 + id: CVE-2023-34672-CANDIDATE + cve_id: CVE-2023-34672 + name: Candidate detection for CVE-2023-34672 severity: high - cvss: 7.4 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication - checks, which set two ThreadLocal variable. - - - - Upon returning from the initial checks, there are conditions that cause an early - return from the JASPIAuthenticator code without clearing those ThreadLocals. - - - - A subsequent request using the same thread inherits the ThreadLocal values, leading - to a broken access control and privilege escalation.' + description: Improper Access Control leads to adding a high-privilege user affecting + Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role + within the admin profile. An attack could occur over the public Internet in some + cases. detection: payload: null verify: null @@ -25637,18 +21144,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-5795 - - https://github.com/jetty/jetty.project/security/advisories/GHSA-r7p8-xq5m-436chttps:// - - https://gitlab.eclipse.org/security/cve-assignment/-/issues/92 - - https://access.redhat.com/errata/RHSA-2026:17668 - - https://access.redhat.com/errata/RHSA-2026:25089 + - https://nvd.nist.gov/vuln/detail/CVE-2023-34672 + - https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-34672 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2377-CANDIDATE - cve_id: CVE-2026-2377 - name: Candidate detection for CVE-2026-2377 + id: CVE-2023-34673-CANDIDATE + cve_id: CVE-2023-34673 + name: Candidate detection for CVE-2023-34673 severity: medium cvss: 6.5 risk_level: unknown @@ -25656,12 +21160,10 @@ priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. - The log export feature in these products allows an authenticated user to specify - an arbitrary callback URL. A backend process then makes server-side HTTP requests - to this provided URL. This vulnerability, known as Server-Side Request Forgery - (SSRF), could allow an attacker to send requests from the application's internal - network, potentially leading to the disclosure of sensitive information. + description: Elenos ETG150 FM transmitter running on version 3.12 was discovered + to be leaking SMTP credentials and other sensitive information by exploiting the + publicly accessible Memcached service. The attack can occur over the public Internet + in some cases. detection: payload: null verify: null @@ -25669,30 +21171,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2377 - - https://access.redhat.com/errata/RHSA-2026:19375 - - https://access.redhat.com/errata/RHSA-2026:21017 - - https://access.redhat.com/errata/RHSA-2026:22629 - - https://access.redhat.com/errata/RHSA-2026:22840 + - https://nvd.nist.gov/vuln/detail/CVE-2023-34673 + - https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-34673 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32589-CANDIDATE - cve_id: CVE-2026-32589 - name: Candidate detection for CVE-2026-32589 + id: CVE-2023-36143-CANDIDATE + cve_id: CVE-2023-36143 + name: Candidate detection for CVE-2023-36143 severity: high - cvss: 7.4 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Red Hat Quay's container image upload process. - An authenticated user with push access to any repository on the registry can interfere - with image uploads in progress by other users, including those in repositories - they do not have access to. This could allow the attacker to read, modify, or - cancel another user's in-progress image upload. + description: Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability + in the "Diagnostic tool" functionality of the device. detection: payload: null verify: null @@ -25700,29 +21196,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32589 - - https://access.redhat.com/errata/RHSA-2026:19375 - - https://access.redhat.com/errata/RHSA-2026:21017 - - https://access.redhat.com/errata/RHSA-2026:22465 - - https://access.redhat.com/errata/RHSA-2026:22629 + - https://nvd.nist.gov/vuln/detail/CVE-2023-36143 + - https://github.com/leonardobg/CVE-2023-36143 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32590-CANDIDATE - cve_id: CVE-2026-32590 - name: Candidate detection for CVE-2026-32590 - severity: high - cvss: 7.1 + id: CVE-2023-36146-CANDIDATE + cve_id: CVE-2023-36146 + name: Candidate detection for CVE-2023-36146 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Red Hat Quay's handling of resumable container - image layer uploads. The upload process stores intermediate data in the database - using a format that, if tampered with, could allow an attacker to execute arbitrary - code on the Quay server. + description: A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser + RE 170 using firmware 2.2.6733. detection: payload: null verify: null @@ -25730,32 +21221,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32590 - - https://access.redhat.com/errata/RHSA-2026:19375 - - https://access.redhat.com/errata/RHSA-2026:21017 - - https://access.redhat.com/errata/RHSA-2026:22465 - - https://access.redhat.com/errata/RHSA-2026:22629 + - https://nvd.nist.gov/vuln/detail/CVE-2023-36146 + - https://github.com/leonardobg/CVE-2023-36146/#readme generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32591-CANDIDATE - cve_id: CVE-2026-32591 - name: Candidate detection for CVE-2026-32591 + id: CVE-2023-34840-CANDIDATE + cve_id: CVE-2023-34840 + name: Candidate detection for CVE-2023-34840 severity: medium - cvss: 5.2 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Red Hat Quay's Proxy Cache configuration feature. - When an organization administrator configures an upstream registry for proxy caching, - Quay makes a network connection to the specified registry hostname without verifying - that it points to a legitimate external service. An attacker with organization - administrator privileges could supply a crafted hostname to force the Quay server - to make requests to internal network services, cloud infrastructure endpoints, - or other resources that should not be accessible from the Quay application. + description: angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to + contain a cross-site scripting (XSS) vulnerability. detection: payload: null verify: null @@ -25763,18 +21246,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32591 - - https://access.redhat.com/errata/RHSA-2026:24833 - - https://access.redhat.com/security/cve/CVE-2026-32591 - - https://bugzilla.redhat.com/show_bug.cgi?id=2446965 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32591.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-34840 + - https://github.com/Xh4H/CVE-2023-34840 + - https://github.com/alexcrack/angular-ui-notification generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23869-CANDIDATE - cve_id: CVE-2026-23869 - name: Candidate detection for CVE-2026-23869 + id: CVE-2023-36144-CANDIDATE + cve_id: CVE-2023-36144 + name: Candidate detection for CVE-2023-36144 severity: high cvss: 7.5 risk_level: unknown @@ -25782,13 +21263,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'A denial of service vulnerability exists in React Server Components, - affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack - and react-server-dom-webpack (versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, - and 19.2.0 through 19.2.4). The vulnerability is triggered by sending specially - crafted HTTP requests to Server Function endpoints.The payload of the HTTP request - causes excessive CPU usage for up to a minute ending in a thrown error that is - catchable.' + description: An authentication bypass in Intelbras Switch SG 2404 MR in firmware + 1.00.54 allows an unauthenticated attacker to download the backup file of the + device, exposing critical information about the device configuration. detection: payload: null verify: null @@ -25796,30 +21273,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23869 - - https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg - - https://access.redhat.com/security/cve/CVE-2026-23869 - - https://bugzilla.redhat.com/show_bug.cgi?id=2456663 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23869.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-36144 + - https://github.com/leonardobg/CVE-2023-36144 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-39883-CANDIDATE - cve_id: CVE-2026-39883 - name: Candidate detection for CVE-2026-39883 - severity: high - cvss: 7.0 + id: CVE-2023-36222-CANDIDATE + cve_id: CVE-2023-36222 + name: Candidate detection for CVE-2023-36222 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 - to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use - an absolute path but left the BSD kenv command using a bare name, allowing the - same PATH hijacking attack on BSD and Solaris platforms. This vulnerability is - fixed in 1.43.0. + description: Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and + before allows a remote attacker to execute arbitrary code via a crafted payload + to the comment parameter in the article function. detection: payload: null verify: null @@ -25827,29 +21299,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-39883 - - https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-hfvc-g4fc-pqhx - - https://access.redhat.com/errata/RHSA-2026:26254 - - https://access.redhat.com/errata/RHSA-2026:26257 - - https://access.redhat.com/security/cve/CVE-2026-39883 + - https://nvd.nist.gov/vuln/detail/CVE-2023-36222 + - https://github.com/mlogclub/bbs-go + - https://github.com/mlogclub/bbs-go/issues/206 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-39892-CANDIDATE - cve_id: CVE-2026-39892 - name: Candidate detection for CVE-2026-39892 - severity: critical - cvss: 9.8 + id: CVE-2023-36223-CANDIDATE + cve_id: CVE-2023-36223 + name: Candidate detection for CVE-2023-36223 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: cryptography is a package designed to expose cryptographic primitives - and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous - buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), - this could lead to buffer overflows. This vulnerability is fixed in 46.0.7. + description: Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and + before allows a remote attacker to execute arbitrary code via a crafted payload + to the announcements parameter in the settings function. detection: payload: null verify: null @@ -25857,29 +21326,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-39892 - - https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq - - https://access.redhat.com/errata/RHSA-2026:19375 - - https://access.redhat.com/errata/RHSA-2026:20338 - - https://access.redhat.com/errata/RHSA-2026:21017 + - https://nvd.nist.gov/vuln/detail/CVE-2023-36223 + - https://github.com/mlogclub/bbs-go + - https://github.com/mlogclub/bbs-go/issues/208 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4660-CANDIDATE - cve_id: CVE-2026-4660 - name: Candidate detection for CVE-2026-4660 + id: CVE-2022-42175-CANDIDATE + cve_id: CVE-2022-42175 + name: Candidate detection for CVE-2022-42175 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "HashiCorp\u2019s go-getter library up to v1.8.5 may allow arbitrary\ - \ file reads on the file system during certain git operations through a maliciously\ - \ crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6.\ - \ This vulnerability does not affect the go-getter/v2 branch and package." + description: Insecure Direct Object Reference vulnerability in WHMCS module SolusVM + 1 4.1.2 allows an attacker to change the password and hostname of other customer + servers without authorization. detection: payload: null verify: null @@ -25887,35 +21353,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4660 - - https://discuss.hashicorp.com/t/hcsec-2026-04-go-getter-may-allow-to-arbitrary-filesystem-reads-through-git-operations/77311 - - https://access.redhat.com/errata/RHSA-2026:24478 - - https://access.redhat.com/security/cve/CVE-2026-4660 - - https://bugzilla.redhat.com/show_bug.cgi?id=2456909 + - https://nvd.nist.gov/vuln/detail/CVE-2022-42175 + - https://gist.github.com/mr404ntf/9c8728ee8f35d9744feec3828df1085d generated_from: - nvd - status: candidate executable: false - id: CVE-2025-62718-CANDIDATE - cve_id: CVE-2025-62718 - name: Candidate detection for CVE-2025-62718 - severity: critical - cvss: 9.9 + id: CVE-2020-20118-CANDIDATE + cve_id: CVE-2020-20118 + name: Candidate detection for CVE-2020-20118 + severity: medium + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Axios is a promise based HTTP client for the browser and Node.js. Prior - to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when - checking NO_PROXY rules. Requests to loopback addresses like localhost. (with - a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through - the configured proxy. This goes against what developers expect and lets attackers - force requests through a proxy, even if NO_PROXY is set up to protect loopback - or internal services. This issue leads to the possibility of proxy bypass and - SSRF vulnerabilities allowing attackers to reach sensitive loopback or internal - services despite the configured protections. This vulnerability is fixed in 1.15.0 - and 0.31.0. + description: Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows + a local attacker to cause a denial of service via a crafted request to the aswSnx.sys + driver. detection: payload: null verify: null @@ -25923,31 +21379,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-62718 - - https://datatracker.ietf.org/doc/html/rfc1034#section-3.1 - - https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2 - - https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c - - https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df + - https://nvd.nist.gov/vuln/detail/CVE-2020-20118 + - https://gitlab.com/yongchuank/avast-aswsnx-ioctl-82ac0060-oob-write generated_from: - nvd - status: candidate executable: false - id: CVE-2026-35204-CANDIDATE - cve_id: CVE-2026-35204 - name: Candidate detection for CVE-2026-35204 + id: CVE-2023-31818-CANDIDATE + cve_id: CVE-2023-31818 + name: Candidate detection for CVE-2023-31818 severity: high - cvss: 8.6 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Helm is a package manager for Charts for Kubernetes. From 4.0.0 to - 4.1.3, a specially crafted Helm plugin, when installed or updated, will cause - Helm to write the contents of the plugin to an arbitrary filesystem location. - To prevent this, validate that the plugin.yaml of the Helm plugin does not include - a version: field containing POSIX dot-dot path separators ie. "/../". This vulnerability - is fixed in 4.1.4.' + description: An issue found in Marukyu Line v.13.4.1 allows a remote attacker to + gain access to sensitive information via the channel access token in the miniapp + function. detection: payload: null verify: null @@ -25955,28 +21405,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-35204 - - https://github.com/helm/helm/commit/36c8539e99bc42d7aef9b87d136254662d04f027 - - https://github.com/helm/helm/releases/tag/v4.1.4 - - https://github.com/helm/helm/security/advisories/GHSA-vmx8-mqv2-9gmg - - https://access.redhat.com/errata/RHSA-2026:26441 + - https://nvd.nist.gov/vuln/detail/CVE-2023-31818 + - https://github.com/syz913/CVE-reports/blob/main/CVE-2023-31818.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-35205-CANDIDATE - cve_id: CVE-2026-35205 - name: Candidate detection for CVE-2026-35205 + id: CVE-2020-20021-CANDIDATE + cve_id: CVE-2020-20021 + name: Candidate detection for CVE-2020-20021 severity: high - cvss: 7.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Helm is a package manager for Charts for Kubernetes. From 4.0.0 to - 4.1.3, Helm will install plugins missing provenance (.prov file) when signature - verification is required. This vulnerability is fixed in 4.1.4. + description: An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker + to cause denial of service via misconfiguration in the SSH daemon. detection: payload: null verify: null @@ -25984,31 +21430,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-35205 - - https://github.com/helm/helm/commit/05fa37973dc9e42b76e1d2883494c87174b6074f - - https://github.com/helm/helm/releases/tag/v4.1.4 - - https://github.com/helm/helm/security/advisories/GHSA-q5jf-9vfq-h4h7 - - https://helm.sh/docs/topics/provenance/#the-provenance-file + - https://nvd.nist.gov/vuln/detail/CVE-2020-20021 + - https://www.exploit-db.com/exploits/48228 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4878-CANDIDATE - cve_id: CVE-2026-4878 - name: Candidate detection for CVE-2026-4878 - severity: medium - cvss: 6.7 + id: CVE-2023-33668-CANDIDATE + cve_id: CVE-2023-33668 + name: Candidate detection for CVE-2023-33668 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libcap. A local unprivileged user can exploit a - Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. - This allows an attacker with write access to a parent directory to redirect file - capability updates to an attacker-controlled file. By doing so, capabilities can - be injected into or stripped from unintended executables, leading to privilege - escalation. + description: DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing + attackers to access PII and takeover accounts on shared computers. detection: payload: null verify: null @@ -26016,18 +21455,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4878 - - https://access.redhat.com/errata/RHSA-2026:12423 - - https://access.redhat.com/errata/RHSA-2026:12441 - - https://access.redhat.com/errata/RHSA-2026:13285 - - https://access.redhat.com/errata/RHSA-2026:14162 + - https://nvd.nist.gov/vuln/detail/CVE-2023-33668 + - https://github.com/lodi-g/CVE-2023-33668 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-1584-CANDIDATE - cve_id: CVE-2026-1584 - name: Candidate detection for CVE-2026-1584 + id: CVE-2023-31819-CANDIDATE + cve_id: CVE-2023-31819 + name: Candidate detection for CVE-2023-31819 severity: high cvss: 7.5 risk_level: unknown @@ -26035,11 +21471,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in gnutls. A remote, unauthenticated attacker can - exploit this vulnerability by sending a specially crafted ClientHello message - with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This - can lead to a NULL pointer dereference, causing the server to crash and resulting - in a remote Denial of Service (DoS) condition. + description: An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows + a remote attacker to gain access to sensitive information via the channel access + token in the miniapp function. detection: payload: null verify: null @@ -26047,33 +21481,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1584 - - https://access.redhat.com/errata/RHSA-2026:7477 - - https://access.redhat.com/security/cve/CVE-2026-1584 - - https://bugzilla.redhat.com/show_bug.cgi?id=2435258 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1584.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-31819 + - https://github.com/syz913/CVE-reports/blob/main/CVE-2023-31819.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-39983-CANDIDATE - cve_id: CVE-2026-39983 - name: Candidate detection for CVE-2026-39983 + id: CVE-2023-31820-CANDIDATE + cve_id: CVE-2023-31820 + name: Candidate detection for CVE-2023-31820 severity: high - cvss: 8.6 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows - FTP command injection via CRLF sequences (\r\n) in file path parameters passed - to high-level path APIs such as cd(), remove(), rename(), uploadFrom(), downloadTo(), - list(), and removeDir(). The library's protectWhitespace() helper only handles - leading spaces and returns other paths unchanged, while FtpContext.send() writes - the resulting command string directly to the control socket with \r\n appended. - This lets attacker-controlled path strings split one intended FTP command into - multiple commands. This vulnerability is fixed in 5.2.1. + description: An issue found in Shizutetsu Store v.13.6.1 allows a remote attacker + to gain access to sensitive information via the channel access token in the miniapp + function. detection: payload: null verify: null @@ -26081,50 +21507,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-39983 - - https://github.com/patrickjuchli/basic-ftp/commit/2ecc8e2c500c5234115f06fd1dbde1aa03d70f4b - - https://github.com/patrickjuchli/basic-ftp/releases/tag/v5.2.1 - - https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q - - https://access.redhat.com/errata/RHSA-2026:13826 + - https://nvd.nist.gov/vuln/detail/CVE-2023-31820 + - https://github.com/syz913/CVE-reports/blob/main/CVE-2023-31820.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34971-CANDIDATE - cve_id: CVE-2026-34971 - name: Candidate detection for CVE-2026-34971 + id: CVE-2023-31822-CANDIDATE + cve_id: CVE-2023-31822 + name: Candidate detection for CVE-2023-31822 severity: high - cvss: 7.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, - 42.0.2, and 43.0.1, Wasmtime''s Cranelift compilation backend contains a bug on - aarch64 when performing a certain shape of heap accesses which means that the - wrong address is accessed. When combined with explicit bounds checks a guest WebAssembly - module this can create a situation where there are two diverging computations - for the same address: one for the address to bounds-check and one for the address - to load. This difference in address being operated on means that a guest module - can pass a bounds check but then load a different address. Combined together this - enables an arbitrary read/write primitive for guest WebAssembly when accesssing - host memory. This is a sandbox escape as guests are able to read/write arbitrary - host memory. This vulnerability has a few ingredients, all of which must be met, - for this situation to occur and bypass the sandbox restrictions. This miscompiled - shape of load only occurs on 64-bit WebAssembly linear memories, or when Config::wasm_memory64 - is enabled. 32-bit WebAssembly is not affected. Spectre mitigations or signals-based-traps - must be disabled. When spectre mitigations are enabled then the offending shape - of load is not generated. When signals-based-traps are disabled then spectre mitigations - are also automatically disabled. The specific bug in Cranelift is a miscompile - of a load of the shape load(iadd(base, ishl(index, amt))) where amt is a constant. - The amt value is masked incorrectly to test if it''s a certain value, and this - incorrect mask means that Cranelift can pattern-match this lowering rule during - instruction selection erroneously, diverging from WebAssembly''s and Cranelift''s - semantics. This incorrect lowering would, for example, load an address much further - away than intended as the correct address''s computation would have wrapped around - to a smaller value insetad. This vulnerability is fixed in 36.0.7, 42.0.2, and - 43.0.1.' + description: An issue found in Entetsu Store v.13.4.1 allows a remote attacker to + gain access to sensitive information via the channel access token in the miniapp + Entetsu Store function. detection: payload: null verify: null @@ -26132,18 +21533,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34971 - - https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-jhxm-h53p-jm7w - - https://access.redhat.com/security/cve/CVE-2026-34971 - - https://bugzilla.redhat.com/show_bug.cgi?id=2457008 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34971.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-31822 + - https://github.com/syz913/CVE-reports/blob/main/CVE-2023-31822.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-29146-CANDIDATE - cve_id: CVE-2026-29146 - name: Candidate detection for CVE-2026-29146 + id: CVE-2023-31825-CANDIDATE + cve_id: CVE-2023-31825 + name: Candidate detection for CVE-2023-31825 severity: high cvss: 7.5 risk_level: unknown @@ -26151,17 +21549,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'Padding Oracle vulnerability in Apache Tomcat''s EncryptInterceptor - with default configuration. - - - This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 - through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from - 7.0.100 through 7.0.109. - - - Users are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which - fixes the issue.' + description: An issue found in Inageya v.13.4.1 allows a remote attacker to gain + access to sensitive information via the channel access token in the miniapp Inageya + function. detection: payload: null verify: null @@ -26169,18 +21559,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-29146 - - https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w - - https://access.redhat.com/errata/RHSA-2026:20405 - - https://access.redhat.com/errata/RHSA-2026:20406 - - https://access.redhat.com/security/cve/CVE-2026-29146 + - https://nvd.nist.gov/vuln/detail/CVE-2023-31825 + - https://github.com/syz913/CVE-reports/blob/main/CVE-2023-31825.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34486-CANDIDATE - cve_id: CVE-2026-34486 - name: Candidate detection for CVE-2026-34486 + id: CVE-2023-31821-CANDIDATE + cve_id: CVE-2023-31821 + name: Candidate detection for CVE-2023-31821 severity: high cvss: 7.5 risk_level: unknown @@ -26188,10 +21575,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: "Missing Encryption of Sensitive Data vulnerability in Apache Tomcat\ - \ due to the\_fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor.\n\ - \nThis issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116.\n\nUsers are recommended\ - \ to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue." + description: An issue found in ALBIS Co. ALBIS v.13.6.1 allows a remote attacker + to gain access to sensitive information via the channel access token in the miniapp + ALBIS function. detection: payload: null verify: null @@ -26199,30 +21585,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34486 - - https://lists.apache.org/thread/9510k5p5zdvt9pkkgtyp85mvwxo2qrly - - https://www.vicarius.io/vsociety/posts/cve-2026-34486-detection-script-rce-on-apache-tomcat - - https://www.vicarius.io/vsociety/posts/cve-2026-34486-mitigation-script-rce-on-apache-tomcat - - https://access.redhat.com/security/cve/CVE-2026-34486 + - https://nvd.nist.gov/vuln/detail/CVE-2023-31821 + - https://github.com/syz913/CVE-reports/blob/main/CVE-2023-31821.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34734-CANDIDATE - cve_id: CVE-2026-34734 - name: Candidate detection for CVE-2026-34734 + id: CVE-2023-31823-CANDIDATE + cve_id: CVE-2023-31823 + name: Candidate detection for CVE-2023-31823 severity: high - cvss: 7.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free - was found in the h5dump helper utility. An attacker who can supply a malicious - h5 file can trigger a heap use-after-free. The freed object is referenced in a - memmove call from H5T__conv_struct. The original object was allocated by H5D__typeinfo_init_phase3 - and freed by H5D__typeinfo_term. + description: An issue found in Marui Co Marui Official app v.13.6.1 allows a remote + attacker to gain access to sensitive information via the channel access token + in the miniapp Marui Official Store function. detection: payload: null verify: null @@ -26230,18 +21611,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34734 - - https://github.com/HDFGroup/hdf5/security/advisories/GHSA-w7v2-9cmr-pwwj - - https://access.redhat.com/security/cve/CVE-2026-34734 - - https://bugzilla.redhat.com/show_bug.cgi?id=2457034 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34734.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-31823 + - https://github.com/syz913/CVE-reports/blob/main/CVE-2023-31823.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-39304-CANDIDATE - cve_id: CVE-2026-39304 - name: Candidate detection for CVE-2026-39304 + id: CVE-2023-31824-CANDIDATE + cve_id: CVE-2023-31824 + name: Candidate detection for CVE-2023-31824 severity: high cvss: 7.5 risk_level: unknown @@ -26249,26 +21627,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'Denial of Service via Out of Memory vulnerability in Apache ActiveMQ - Client, Apache ActiveMQ Broker, Apache ActiveMQ. - - - ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates - triggered by clients. This makes it possible for a client to rapidly trigger updates - which causes the broker to exhaust all its memory in the SSL engine leading to - DoS. - - - Note: TLS versions before TLSv1.3 (such as TLSv1.2) are broken but are not vulnerable - to OOM. Previous TLS versions require a full handshake renegotiation which causes - a connection to hang but not OOM. This is fixed as well. - - This issue affects Apache ActiveMQ Client: before 5.19.4, from 6.0.0 before 6.2.4; - Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.4; Apache ActiveMQ: - before 5.19.4, from 6.0.0 before 6.2.4. - - - Users are recommended to upgrade to version 6.2.4 or 5.19.5, which fixes the issue.' + description: An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote + attacker to gain access to sensitive information via the channel access token + in the miniapp DELICIA function. detection: payload: null verify: null @@ -26276,55 +21637,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-39304 - - https://activemq.apache.org/security-advisories.data/CVE-2026-39304-announcement.txt - - https://access.redhat.com/security/cve/CVE-2026-39304 - - https://bugzilla.redhat.com/show_bug.cgi?id=2457275 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39304.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-31824 + - https://github.com/syz913/CVE-reports/blob/main/CVE-2023-31824.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40217-CANDIDATE - cve_id: CVE-2026-40217 - name: Candidate detection for CVE-2026-40217 + id: CVE-2023-30383-CANDIDATE + cve_id: CVE-2023-30383 + name: Candidate detection for CVE-2023-30383 severity: high - cvss: 8.8 - risk_level: unknown - requires_confirmation: true - priority: - cisa_kev: false - exploitdb_reference: false - description: LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary - code via bytecode rewriting at the /guardrails/test_custom_code URI. - detection: - payload: null - verify: null - review_required: Define a read-only matcher and classify execution risk before - promotion. - remediation: Apply the vendor remediation or patched version documented in the advisory. - references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40217 - - https://www.x41-dsec.de/lab/advisories/x41-2026-001-litellm/ - - https://access.redhat.com/errata/RHSA-2026:24866 - - https://access.redhat.com/errata/RHSA-2026:30056 - - https://access.redhat.com/security/cve/CVE-2026-40217 - generated_from: - - nvd -- status: candidate - executable: false - id: CVE-2026-1502-CANDIDATE - cve_id: CVE-2026-1502 - name: Candidate detection for CVE-2026-1502 - severity: unknown - cvss: 0.0 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: CR/LF bytes were not rejected by HTTP client proxy tunnel headers or - host. + description: TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 + Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered + to contain a buffer overflow which may lead to a Denial of Service (DoS) when + parsing crafted data. detection: payload: null verify: null @@ -26332,29 +21664,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1502 - - https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69 - - https://github.com/python/cpython/commit/56b7100b04e44ea27989242b176beb8f016b2c53 - - https://github.com/python/cpython/commit/58703ec1bdd1eb075e8b01a0c427683ce594dd3e - - https://github.com/python/cpython/commit/9e071c9b28c17f347f81b388a003d4eeb3c7a8dd + - https://nvd.nist.gov/vuln/detail/CVE-2023-30383 + - https://gist.github.com/a2ure123/a4eda2813d85d8b414bb87e855ab4bf8 + - https://www.tp-link.com/us/support/download/archer-c2/v1/#Firmware + - https://www.tp-link.com/us/support/download/archer-c50/v2/#Firmware + - https://www.tp-link.com/us/support/download/archer-c50/v2/#Firmware%29%2CTPLINK generated_from: - nvd - status: candidate executable: false - id: CVE-2026-5483-CANDIDATE - cve_id: CVE-2026-5483 - name: Candidate detection for CVE-2026-5483 - severity: high - cvss: 8.5 + id: CVE-2023-37733-CANDIDATE + cve_id: CVE-2023-37733 + name: Candidate detection for CVE-2023-37733 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability - in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the - disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This - could enable an attacker to gain unauthorized access to Kubernetes resources. + description: An arbitrary file upload vulnerability in tduck-platform v4.0 allows + attackers to execute arbitrary code via a crafted HTML file. detection: payload: null verify: null @@ -26362,30 +21692,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-5483 - - https://access.redhat.com/errata/RHSA-2026:7397 - - https://access.redhat.com/errata/RHSA-2026:7398 - - https://access.redhat.com/errata/RHSA-2026:7403 - - https://access.redhat.com/errata/RHSA-2026:7404 + - https://nvd.nist.gov/vuln/detail/CVE-2023-37733 + - https://github.com/TDuckCloud/tduck-platform + - https://github.com/TDuckCloud/tduck-platform/issues/17 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40175-CANDIDATE - cve_id: CVE-2026-40175 - name: Candidate detection for CVE-2026-40175 + id: CVE-2023-37728-CANDIDATE + cve_id: CVE-2023-37728 + name: Candidate detection for CVE-2023-37728 severity: medium - cvss: 4.8 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Axios is a promise based HTTP client for the browser and Node.js. Versions - prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain - in which prototype pollution in a third-party dependency may be leveraged to inject - unsanitized header values into outbound requests. This vulnerability is fixed - in 1.15.0 and 0.3.1. + description: IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) + vulnerability via the color parameter. detection: payload: null verify: null @@ -26393,35 +21718,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40175 - - https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c - - https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1 - - https://github.com/axios/axios/pull/10660 - - https://github.com/axios/axios/pull/10688 + - https://nvd.nist.gov/vuln/detail/CVE-2023-37728 + - https://medium.com/@ayush.engr29/cve-2023-37728-6dfb7586311 + - https://medium.com/%40ayush.engr29/cve-2023-37728-6dfb7586311 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4150-CANDIDATE - cve_id: CVE-2026-4150 - name: Candidate detection for CVE-2026-4150 + id: CVE-2021-35391-CANDIDATE + cve_id: CVE-2021-35391 + name: Candidate detection for CVE-2021-35391 severity: high - cvss: 7.8 + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. - This vulnerability allows remote attackers to execute arbitrary code on affected - installations of GIMP. User interaction is required to exploit this vulnerability - in that the target must visit a malicious page or open a malicious file. - - - The specific flaw exists within the parsing of PSD files. The issue results from - the lack of proper validation of user-supplied data, which can result in an integer - overflow before allocating a buffer. An attacker can leverage this vulnerability - to execute code in the context of the current process. Was ZDI-CAN-28807.' + description: Server Side Request Forgery vulnerability found in Deskpro Support + Desk v2021.21.6 allows attackers to execute arbitrary code via a crafted URL. detection: payload: null verify: null @@ -26429,18 +21744,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4150 - - https://gitlab.gnome.org/GNOME/gimp/-/commit/00afdabdadeb5457fd897878b1e5aebc3780af10 - - https://www.zerodayinitiative.com/advisories/ZDI-26-217/ - - https://access.redhat.com/errata/RHSA-2026:16484 - - https://access.redhat.com/errata/RHSA-2026:17533 + - https://nvd.nist.gov/vuln/detail/CVE-2021-35391 + - https://sayaanalam.github.io/CVE-2021-35391.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4151-CANDIDATE - cve_id: CVE-2026-4151 - name: Candidate detection for CVE-2026-4151 + id: CVE-2023-26911-CANDIDATE + cve_id: CVE-2023-26911 + name: Candidate detection for CVE-2023-26911 severity: high cvss: 7.8 risk_level: unknown @@ -26448,16 +21760,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. - This vulnerability allows remote attackers to execute arbitrary code on affected - installations of GIMP. User interaction is required to exploit this vulnerability - in that the target must visit a malicious page or open a malicious file. - - - The specific flaw exists within the parsing of ANI files. The issue results from - the lack of proper validation of user-supplied data, which can result in an integer - overflow before allocating a buffer. An attacker can leverage this vulnerability - to execute code in the context of the current process. Was ZDI-CAN-28813.' + description: ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains + an unquoted service path vulnerability which allows local users to launch processes + with elevated privileges. detection: payload: null verify: null @@ -26465,36 +21770,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4151 - - https://gitlab.gnome.org/GNOME/gimp/-/commit/09e5459de913172fc51da3bd6b6adc533acd368e - - https://www.zerodayinitiative.com/advisories/ZDI-26-218/ - - https://access.redhat.com/errata/RHSA-2026:16484 - - https://access.redhat.com/errata/RHSA-2026:19362 + - https://nvd.nist.gov/vuln/detail/CVE-2023-26911 + - https://irradiate.com.au/blog/CVE-2023-26911 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4152-CANDIDATE - cve_id: CVE-2026-4152 - name: Candidate detection for CVE-2026-4152 - severity: high - cvss: 7.8 + id: CVE-2021-36580-CANDIDATE + cve_id: CVE-2021-36580 + name: Candidate detection for CVE-2021-36580 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution - Vulnerability. This vulnerability allows remote attackers to execute arbitrary - code on affected installations of GIMP. User interaction is required to exploit - this vulnerability in that the target must visit a malicious page or open a malicious - file. - - - The specific flaw exists within the parsing of JP2 files. The issue results from - the lack of proper validation of the length of user-supplied data prior to copying - it to a heap-based buffer. An attacker can leverage this vulnerability to execute - code in the context of the current process. Was ZDI-CAN-28863.' + description: Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server + Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. detection: payload: null verify: null @@ -26502,36 +21795,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4152 - - https://gitlab.gnome.org/GNOME/gimp/-/commit/f64c9c23ba3c37dc7b875a9fb477c23953b4666e - - https://www.zerodayinitiative.com/advisories/ZDI-26-219/ - - https://access.redhat.com/errata/RHSA-2026:16484 - - https://access.redhat.com/errata/RHSA-2026:19362 + - https://nvd.nist.gov/vuln/detail/CVE-2021-36580 + - https://medium.com/@rohitgautam26/cve-2021-36580-69219798231c + - https://medium.com/%40rohitgautam26/cve-2021-36580-69219798231c generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4153-CANDIDATE - cve_id: CVE-2026-4153 - name: Candidate detection for CVE-2026-4153 + id: CVE-2020-22623-CANDIDATE + cve_id: CVE-2020-22623 + name: Candidate detection for CVE-2020-22623 severity: high - cvss: 7.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution - Vulnerability. This vulnerability allows remote attackers to execute arbitrary - code on affected installations of GIMP. User interaction is required to exploit - this vulnerability in that the target must visit a malicious page or open a malicious - file. - - - The specific flaw exists within the parsing of PSP files. The issue results from - the lack of proper validation of the length of user-supplied data prior to copying - it to a heap-based buffer. An attacker can leverage this vulnerability to execute - code in the context of the current process. Was ZDI-CAN-28874.' + description: Directory traversal vulnerability in Jinfornet Jreport 15.6 allows + unauthenticated attackers to gain sensitive information. detection: payload: null verify: null @@ -26539,35 +21821,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4153 - - https://gitlab.gnome.org/GNOME/gimp/-/commit/98cb1371fd4e22cca75017ea3252dc32fc218712 - - https://www.zerodayinitiative.com/advisories/ZDI-26-220/ - - https://access.redhat.com/errata/RHSA-2026:16484 - - https://access.redhat.com/errata/RHSA-2026:17533 + - https://nvd.nist.gov/vuln/detail/CVE-2020-22623 + - https://medium.com/@nguyenhongphu/cve-2020-22623-jinfornet-jreport-unauthenticated-path-traversal-arbitrary-file-download-83224cef32c8 + - https://medium.com/%40nguyenhongphu/cve-2020-22623-jinfornet-jreport-unauthenticated-path-traversal-arbitrary-file-download-83224cef32c8 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4154-CANDIDATE - cve_id: CVE-2026-4154 - name: Candidate detection for CVE-2026-4154 - severity: high - cvss: 7.8 + id: CVE-2023-37647-CANDIDATE + cve_id: CVE-2023-37647 + name: Candidate detection for CVE-2023-37647 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. - This vulnerability allows remote attackers to execute arbitrary code on affected - installations of GIMP. User interaction is required to exploit this vulnerability - in that the target must visit a malicious page or open a malicious file. - - - The specific flaw exists within the parsing of XPM files. The issue results from - the lack of proper validation of user-supplied data, which can result in an integer - overflow before allocating a buffer. An attacker can leverage this vulnerability - to execute code in the context of the current process. Was ZDI-CAN-28901.' + description: SEMCMS v1.5 was discovered to contain a SQL injection vulnerability + via the id parameter at /Ant_Suxin.php. detection: payload: null verify: null @@ -26575,48 +21847,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4154 - - https://gitlab.gnome.org/GNOME/gimp/-/commit/2e7ed91793792d9e980b2df4c829e9aa60459253 - - https://www.zerodayinitiative.com/advisories/ZDI-26-221/ - - https://access.redhat.com/errata/RHSA-2026:16484 - - https://access.redhat.com/errata/RHSA-2026:17533 + - https://nvd.nist.gov/vuln/detail/CVE-2023-37647 + - https://gitee.com/ants12/sem-cms_-shop_210918_v1.5-sql-injection-exists-s/tree/master/ + - https://www.sem-cms.cn/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32146-CANDIDATE - cve_id: CVE-2026-32146 - name: Candidate detection for CVE-2026-32146 - severity: high - cvss: 7.8 + id: CVE-2023-34842-CANDIDATE + cve_id: CVE-2023-34842 + name: Candidate detection for CVE-2023-34842 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Improper path validation vulnerability in the Gleam compiler''s handling - of git dependencies allows arbitrary file system modification during dependency - download. - - - Dependency names from gleam.toml and manifest.toml are incorporated into filesystem - paths without sufficient validation or confinement to the intended dependency - directory, allowing attacker-controlled paths (via relative traversal such as - ../ or absolute paths) to target filesystem locations outside that directory. - When resolving git dependencies (e.g. via gleam deps download), the computed path - is used for filesystem operations including directory deletion and creation. - - - This vulnerability occurs during the dependency resolution and download phase, - which is generally expected to be limited to fetching and preparing dependencies - within a confined directory. A malicious direct or transitive git dependency can - exploit this issue to delete and overwrite arbitrary directories outside the intended - dependency directory, including attacker-chosen absolute paths, potentially causing - data loss. In some environments, this may be further leveraged to achieve code - execution, for example by overwriting git hooks or shell configuration files. - - - This issue affects Gleam from 1.9.0-rc1 until 1.15.4.' + description: Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows + remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php. detection: payload: null verify: null @@ -26624,30 +21873,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32146 - - https://cna.erlef.org/cves/CVE-2026-32146.html - - https://github.com/gleam-lang/gleam/commit/1aa5d8e594b0aa240bb213fce6ee19c65e6d5bcf - - https://github.com/gleam-lang/gleam/commit/2dc0467f822c75de94697a912755d172928ee40a - - https://github.com/gleam-lang/gleam/security/advisories/GHSA-vq5j-55vx-wq8j + - https://nvd.nist.gov/vuln/detail/CVE-2023-34842 + - https://www.dedecms.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2019-25695-CANDIDATE - cve_id: CVE-2019-25695 - name: Candidate detection for CVE-2019-25695 - severity: high - cvss: 8.4 + id: CVE-2023-34960-CANDIDATE + cve_id: CVE-2023-34960 + name: Candidate detection for CVE-2023-34960 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: R 3.4.4 contains a local buffer overflow vulnerability that allows - attackers to execute arbitrary code by injecting malicious input into the GUI - Preferences language field. Attackers can craft a payload with a 292-byte offset - and JMP ESP instruction to execute commands like calc.exe when the payload is - pasted into the Language for menus and messages field. + description: A command injection vulnerability in the wsConvertPpt component of + Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands + via a SOAP API call with a crafted PowerPoint name. detection: payload: null verify: null @@ -26655,127 +21899,34 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2019-25695 - - https://cloud.r-project.org/bin/windows/ - - https://www.exploit-db.com/exploits/46265 - - https://www.vulncheck.com/advisories/r-local-buffer-overflow-windows-xp-sp3 - - https://access.redhat.com/security/cve/CVE-2019-25695 + - https://nvd.nist.gov/vuln/detail/CVE-2023-34960 + - https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-112-2023-04-20-Critical-impact-High-risk-Remote-Code-Execution generated_from: - nvd - status: candidate executable: false - id: CVE-2026-31419-CANDIDATE - cve_id: CVE-2026-31419 - name: Candidate detection for CVE-2026-31419 - severity: high - cvss: 7.8 - risk_level: unknown - requires_confirmation: true - priority: - cisa_kev: false - exploitdb_reference: false - description: "In the Linux kernel, the following vulnerability has been resolved:\n\ - \nnet: bonding: fix use-after-free in bond_xmit_broadcast()\n\nbond_xmit_broadcast()\ - \ reuses the original skb for the last slave\n(determined by bond_is_last_slave())\ - \ and clones it for others.\nConcurrent slave enslave/release can mutate the slave\ - \ list during\nRCU-protected iteration, changing which slave is \"last\" mid-loop.\n\ - This causes the original skb to be double-consumed (double-freed).\n\nReplace\ - \ the racy bond_is_last_slave() check with a simple index\ncomparison (i + 1 ==\ - \ slaves_count) against the pre-snapshot slave\ncount taken via READ_ONCE() before\ - \ the loop. This preserves the\nzero-copy optimization for the last slave while\ - \ making the \"last\"\ndetermination stable against concurrent list mutations.\n\ - \nThe UAF can trigger the following crash:\n\n==================================================================\n\ - BUG: KASAN: slab-use-after-free in skb_clone\nRead of size 8 at addr ffff888100ef8d40\ - \ by task exploit/147\n\nCPU: 1 UID: 0 PID: 147 Comm: exploit Not tainted 7.0.0-rc3+\ - \ #4 PREEMPTLAZY\nCall Trace:\n \n dump_stack_lvl (lib/dump_stack.c:123)\n\ - \ print_report (mm/kasan/report.c:379 mm/kasan/report.c:482)\n kasan_report (mm/kasan/report.c:597)\n\ - \ skb_clone (include/linux/skbuff.h:1724 include/linux/skbuff.h:1792 include/linux/skbuff.h:3396\ - \ net/core/skbuff.c:2108)\n bond_xmit_broadcast (drivers/net/bonding/bond_main.c:5334)\n\ - \ bond_start_xmit (drivers/net/bonding/bond_main.c:5567 drivers/net/bonding/bond_main.c:5593)\n\ - \ dev_hard_start_xmit (include/linux/netdevice.h:5325 include/linux/netdevice.h:5334\ - \ net/core/dev.c:3871 net/core/dev.c:3887)\n __dev_queue_xmit (include/linux/netdevice.h:3601\ - \ net/core/dev.c:4838)\n ip6_finish_output2 (include/net/neighbour.h:540 include/net/neighbour.h:554\ - \ net/ipv6/ip6_output.c:136)\n ip6_finish_output (net/ipv6/ip6_output.c:208 net/ipv6/ip6_output.c:219)\n\ - \ ip6_output (net/ipv6/ip6_output.c:250)\n ip6_send_skb (net/ipv6/ip6_output.c:1985)\n\ - \ udp_v6_send_skb (net/ipv6/udp.c:1442)\n udpv6_sendmsg (net/ipv6/udp.c:1733)\n\ - \ __sys_sendto (net/socket.c:730 net/socket.c:742 net/socket.c:2206)\n __x64_sys_sendto\ - \ (net/socket.c:2209)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\n\ - \ entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n \n\n\ - Allocated by task 147:\n\nFreed by task 147:\n\nThe buggy address belongs to the\ - \ object at ffff888100ef8c80\n which belongs to the cache skbuff_head_cache of\ - \ size 224\nThe buggy address is located 192 bytes inside of\n freed 224-byte\ - \ region [ffff888100ef8c80, ffff888100ef8d60)\n\nMemory state around the buggy\ - \ address:\n ffff888100ef8c00: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc\n\ - \ ffff888100ef8c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n>ffff888100ef8d00:\ - \ fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n \ - \ ^\n ffff888100ef8d80: fc fc fc fc fc fc fc fc fa fb\ - \ fb fb fb fb fb fb\n ffff888100ef8e00: fb fb fb fb fb fb fb fb fb fb fb fb fb\ - \ fb fb fb\n==================================================================" - detection: - payload: null - verify: null - review_required: Define a read-only matcher and classify execution risk before - promotion. - remediation: Apply the vendor remediation or patched version documented in the advisory. - references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-31419 - - https://git.kernel.org/stable/c/2884bf72fb8f03409e423397319205de48adca16 - - https://git.kernel.org/stable/c/2de5c8eea0a9db99dae7c36f4b541b74b41d3a04 - - https://git.kernel.org/stable/c/3453882f36c40d2339267093676585a89808a73d - - https://git.kernel.org/stable/c/d4cc7e4c80b1634c7b1497574a2fdb18df6c026c - generated_from: - - nvd -- status: candidate - executable: false - id: CVE-2026-1462-CANDIDATE - cve_id: CVE-2026-1462 - name: Candidate detection for CVE-2026-1462 + id: CVE-2023-34551-CANDIDATE + cve_id: CVE-2023-34551 + name: Candidate detection for CVE-2023-34551 severity: high - cvss: 7.8 - risk_level: unknown - requires_confirmation: true - priority: - cisa_kev: false - exploitdb_reference: false - description: A vulnerability in the `TFSMLayer` class of the `keras` package, version - 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during - deserialization of `.keras` models, even when `safe_mode=True`. This bypasses - the security guarantees of `safe_mode` and enables arbitrary attacker-controlled - code execution during model inference under the victim's privileges. The issue - arises due to the unconditional loading of external SavedModels, serialization - of attacker-controlled file paths, and the lack of validation in the `from_config()` - method. - detection: - payload: null - verify: null - review_required: Define a read-only matcher and classify execution risk before - promotion. - remediation: Apply the vendor remediation or patched version documented in the advisory. - references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-1462 - - https://github.com/keras-team/keras/commit/b6773d3decaef1b05d8e794458e148cb362f163f - - https://huntr.com/bounties/7e78d6f1-6977-4300-b595-e81bdbda331c - - https://access.redhat.com/errata/RHSA-2026:24977 - - https://access.redhat.com/security/cve/CVE-2026-1462 - generated_from: - - nvd -- status: candidate - executable: false - id: CVE-2026-33555-CANDIDATE - cve_id: CVE-2026-33555 - name: Candidate detection for CVE-2026-33555 - severity: medium - cvss: 4.0 + cvss: 8.0 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser - does not check that the received body length matches a previously announced content-length - when the stream is closed via a frame with an empty payload. This can cause desynchronization - issues with the backend server and could be used for request smuggling. The earliest - affected version is 2.6. + description: 'In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg + function of the EZVIZ SDK command server can allow an authenticated attacker present + on the same local network as the camera to achieve remote code execution. This + affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF + Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions + before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 + build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 + and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and + CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build + 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and + EZVIZ LC1C Firmware versions before V5.3.4 build 230214. The impact is: execute + arbitrary code (remote).' detection: payload: null verify: null @@ -26783,35 +21934,34 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33555 - - https://github.com/haproxy/haproxy/commit/05a295441c621089ffa4318daf0dbca2dd756a84 - - https://r3verii.github.io/cve/2026/04/14/haproxy-h3-standalone-fin-smuggling.html - - https://www.haproxy.com/documentation/haproxy-aloha/changelog/ - - https://www.haproxy.org + - https://nvd.nist.gov/vuln/detail/CVE-2023-34551 + - https://www.ezviz.com/data-security/security-notice/detail/827 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28291-CANDIDATE - cve_id: CVE-2026-28291 - name: Candidate detection for CVE-2026-28291 + id: CVE-2023-34552-CANDIDATE + cve_id: CVE-2023-34552 + name: Candidate detection for CVE-2023-34552 severity: high - cvss: 8.1 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: simple-git enables running native Git commands from JavaScript. Versions - up to and including 3.31.1 allow execution of arbitrary commands through Git option - manipulation, bypassing safety checks meant to block dangerous options like -u - and --upload-pack. The flaw stems from an incomplete fix for CVE-2022-25860, as - Git's flexible option parsing allows numerous character combinations (e.g., -vu, - -4u, -nu) to circumvent the regular-expression-based blocklist in the unsafe operations - plugin. Due to the virtually infinite number of valid option variants that Git - accepts, a complete blocklist-based mitigation may be infeasible without fully - emulating Git's option parsing behavior. This issue has been fixed in version - 3.32.0. + description: In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet + and mulicast_get_pack_type functions of the SADP multicast protocol can allow + an unauthenticated attacker present on the same local network as the camera to + achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions + before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 + build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 + and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL + Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware + versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p + Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions + before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build + 230214. detection: payload: null verify: null @@ -26819,39 +21969,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28291 - - https://github.com/steveukx/git-js/blob/789c13ebabcf18ebe0b3a0c88ebb4037dede42e3/simple-git/src/lib/plugins/block-unsafe-operations-plugin.ts#L26 - - https://github.com/steveukx/git-js/commit/1effd8e5012a5da05a9776512fac3e39b11f2d2d - - https://github.com/steveukx/git-js/releases/tag/simple-git%403.32.0 - - https://github.com/steveukx/git-js/security/advisories/GHSA-jcxm-m3jx-f287 + - https://nvd.nist.gov/vuln/detail/CVE-2023-34552 + - https://www.ezviz.com/data-security/security-notice/detail/827 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6100-CANDIDATE - cve_id: CVE-2026-6100 - name: Candidate detection for CVE-2026-6100 - severity: high - cvss: 8.1 + id: CVE-2023-36081-CANDIDATE + cve_id: CVE-2023-36081 + name: Candidate detection for CVE-2023-36081 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, - `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with - a `MemoryError` and the decompression instance is re-used. This scenario can be - triggered if the process is under memory pressure. The fix cleans up the dangling - pointer in this specific error condition. - - - The vulnerability is only present if the program re-uses decompressor instances - across multiple decompression calls even after a `MemoryError` is raised during - decompression. Using the helper functions to one-shot decompress data such as - `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` - are not affected as a new decompressor instance is used per call. If the decompressor - instance is not re-used after an error condition, this usage is similarly not - vulnerable.' + description: Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter + v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script + to the web application dashboard. detection: payload: null verify: null @@ -26859,29 +21995,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6100 - - https://github.com/python/cpython/commit/47128e64f98c3a20271138a98c2922bea2a3ee0e - - https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d - - https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2 - - https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20 + - https://nvd.nist.gov/vuln/detail/CVE-2023-36081 + - https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-36081 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33901-CANDIDATE - cve_id: CVE-2026-33901 - name: Candidate detection for CVE-2026-33901 - severity: high - cvss: 7.5 + id: CVE-2023-36082-CANDIDATE + cve_id: CVE-2023-36082 + name: Candidate detection for CVE-2023-36082 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: ImageMagick is free and open-source software used for editing and manipulating - digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow - occurs in the MVG decoder that could result in an out of bounds write when processing - a crafted image. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19. + description: An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows + a remote attacker to gain privileges via the LDAP and SMTP credentials. detection: payload: null verify: null @@ -26889,32 +22020,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33901 - - https://github.com/ImageMagick/ImageMagick/commit/4c72003e9e54a4ebaa938d239e75f5d285527ebe - - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x9h5-r9v2-vcww - - https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0 - - https://access.redhat.com/security/cve/CVE-2026-33901 + - https://nvd.nist.gov/vuln/detail/CVE-2023-36082 + - https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-36082 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33908-CANDIDATE - cve_id: CVE-2026-33908 - name: Candidate detection for CVE-2026-33908 - severity: high - cvss: 7.5 + id: CVE-2023-26979-CANDIDATE + cve_id: CVE-2023-26979 + name: Candidate detection for CVE-2023-26979 + severity: low + cvss: 3.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: ImageMagick is free and open-source software used for editing and manipulating - digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the - memory of the XML tree via the `DestroyXMLTree()` function; however, this process - is executed recursively with no depth limit imposed. When Magick processes an - XML file with deeply nested structures, it will exhaust the stack memory, resulting - in a Denial of Service (DoS) attack. This issue has been fixed in versions 6.9.13-44 - and 7.1.2-19. + description: Bluetens Electrostimulation Device BluetensQ device app version 4.3.15 + is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers + to decrease or increase the intensity of the stimulator by hijacking the BLE communication. detection: payload: null verify: null @@ -26922,29 +22046,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33908 - - https://github.com/ImageMagick/ImageMagick/commit/ccdc01180276aa2cb3d4a32a611aa4f417061cd8 - - https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19 - - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwvm-ggf6-2p4x - - https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0 + - https://nvd.nist.gov/vuln/detail/CVE-2023-26979 + - https://www.secura.com/blog/serious-safety-impact-found-in-bluetooth-low-energy-based-medical-devices generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4786-CANDIDATE - cve_id: CVE-2026-4786 - name: Candidate detection for CVE-2026-4786 + id: CVE-2023-36255-CANDIDATE + cve_id: CVE-2023-36255 + name: Candidate detection for CVE-2023-36255 severity: high - cvss: 7.1 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Mitgation of\_CVE-2026-4519 was incomplete. If the URL contained \"\ - %action\" the mitigation could be bypassed for certain browser types the \"webbrowser.open()\"\ - \ API could have commands injected into the underlying shell. See\_CVE-2026-4519\ - \ for details." + description: An issue in Eramba Limited Eramba Enterprise and Community edition + v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter + in the URL. detection: payload: null verify: null @@ -26952,34 +22072,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4786 - - https://github.com/python/cpython/commit/28b4ad38067bbdad34edfcd03ad2de5f06387e53 - - https://github.com/python/cpython/commit/c5767a72838a8dda9d6dc5d3558075b055c56bca - - https://github.com/python/cpython/commit/d22922c8a7958353689dc4763dd72da2dea03fff - - https://github.com/python/cpython/commit/d6d68494be70bdbda20f89f83801ba52ec37daa4 + - https://nvd.nist.gov/vuln/detail/CVE-2023-36255 + - https://trovent.github.io/security-advisories/TRSA-2303-01/TRSA-2303-01.txt + - https://trovent.io/security-advisory-2303-01/ + - https://www.eramba.org generated_from: - nvd - status: candidate executable: false - id: CVE-2026-39979-CANDIDATE - cve_id: CVE-2026-39979 - name: Candidate detection for CVE-2026-39979 - severity: medium - cvss: 6.5 + id: CVE-2023-38954-CANDIDATE + cve_id: CVE-2023-38954 + name: Candidate detection for CVE-2023-38954 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, - the jv_parse_sized() API in libjq accepts a counted buffer with an explicit length - parameter, but its error-handling path formats the input buffer using %s in jv_string_fmt(), - which reads until a NUL terminator is found rather than respecting the caller-supplied - length. This means that when malformed JSON is passed in a non-NUL-terminated - buffer, the error construction logic performs an out-of-bounds read past the end - of the buffer. The vulnerability is reachable by any libjq consumer calling jv_parse_sized() - with untrusted input, and depending on memory layout, can result in memory disclosure - or process termination. The issue has been patched in commit 2f09060afab23fe9390cce7cb860b10416e1bf5f. + description: ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection + vulnerability. detection: payload: null verify: null @@ -26987,18 +22099,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-39979 - - https://github.com/jqlang/jq/commit/2f09060afab23fe9390cce7cb860b10416e1bf5f - - https://github.com/jqlang/jq/security/advisories/GHSA-2hhh-px8h-355p - - https://access.redhat.com/errata/RHSA-2026:16252 - - https://access.redhat.com/errata/RHSA-2026:16692 + - https://nvd.nist.gov/vuln/detail/CVE-2023-38954 + - https://claroty.com/team82/disclosure-dashboard/cve-2023-38954 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40164-CANDIDATE - cve_id: CVE-2026-40164 - name: Candidate detection for CVE-2026-40164 + id: CVE-2023-38955-CANDIDATE + cve_id: CVE-2023-38955 + name: Candidate detection for CVE-2023-38955 severity: high cvss: 7.5 risk_level: unknown @@ -27006,16 +22115,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: "jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784,\ - \ jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for\ - \ all JSON object hash table operations, which allowed an attacker to precompute\ - \ key collisions offline. By supplying a crafted JSON object (~100 KB) where all\ - \ keys hashed to the same bucket, hash table lookups degraded from O(1) to O(n),\ - \ turning any jq expression into an O(n\xB2) operation and causing significant\ - \ CPU exhaustion. This affected common jq use cases such as CI/CD pipelines, web\ - \ services, and data processing scripts, and was far more practical to exploit\ - \ than existing heap overflow issues since it required only a small payload. This\ - \ issue has been patched in commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784." + description: ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain + sensitive information about all managed devices, including their IP addresses + and device names. detection: payload: null verify: null @@ -27023,64 +22125,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40164 - - https://github.com/jqlang/jq/commit/0c7d133c3c7e37c00b6d46b658a02244fdd3c784 - - https://github.com/jqlang/jq/security/advisories/GHSA-wwj8-gxm6-jc29 - - https://access.redhat.com/errata/RHSA-2026:16252 - - https://access.redhat.com/errata/RHSA-2026:16692 + - https://nvd.nist.gov/vuln/detail/CVE-2023-38955 + - https://claroty.com/team82/disclosure-dashboard/cve-2023-38955 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-40745-CANDIDATE - cve_id: CVE-2025-40745 - name: Candidate detection for CVE-2025-40745 - severity: low - cvss: 3.7 - risk_level: unknown - requires_confirmation: true - priority: - cisa_kev: false - exploitdb_reference: false - description: A vulnerability has been identified in Siemens Software Center (All - versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap - (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid - Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions - < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). - Affected applications do not properly validate client certificates to connect - to Analytics Service endpoint. This could allow an unauthenticated remote attacker - to perform man in the middle attacks. - detection: - payload: null - verify: null - review_required: Define a read-only matcher and classify execution risk before - promotion. - remediation: Apply the vendor remediation or patched version documented in the advisory. - references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-40745 - - https://cert-portal.siemens.com/productcert/html/ssa-981622.html - generated_from: - - nvd -- status: candidate - executable: false - id: CVE-2026-2332-CANDIDATE - cve_id: CVE-2026-2332 - name: Candidate detection for CVE-2026-2332 + id: CVE-2023-38956-CANDIDATE + cve_id: CVE-2023-38956 + name: Candidate detection for CVE-2023-38956 severity: high - cvss: 7.4 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling\ - \ when chunk extensions are used, similar to the \"funky chunks\" techniques outlined\ - \ here:\n * https://w4ke.info/2025/06/18/funky-chunks.html\n\n * https://w4ke.info/2025/10/29/funky-chunks-2.html\n\ - \n\nJetty terminates chunk extension parsing at\_\\r\\n\_inside quoted strings\ - \ instead of treating this as an error.\n\n\nPOST / HTTP/1.1\nHost: localhost\n\ - Transfer-Encoding: chunked\n\n1;ext=\"val\nX\n0\n\nGET /smuggled HTTP/1.1\n...\n\ - \n\n\n\n\nNote how the chunk extension does not close the double quotes, and it\ - \ is able to inject a smuggled request." + description: A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows + unauthenticated attackers to read arbitrary files via supplying a crafted payload. detection: payload: null verify: null @@ -27088,27 +22150,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2332 - - https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf - - https://gitlab.eclipse.org/security/cve-assignment/-/issues/89 - - https://access.redhat.com/errata/RHSA-2026:10175 - - https://access.redhat.com/errata/RHSA-2026:14272 + - https://nvd.nist.gov/vuln/detail/CVE-2023-38956 + - https://claroty.com/team82/disclosure-dashboard/cve-2023-38956 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23666-CANDIDATE - cve_id: CVE-2026-23666 - name: Candidate detection for CVE-2026-23666 - severity: high - cvss: 7.5 + id: CVE-2023-38958-CANDIDATE + cve_id: CVE-2023-38958 + name: Candidate detection for CVE-2023-38958 + severity: medium + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Improper input validation in .NET Framework allows an unauthorized - attacker to deny service over a network. + description: An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated + attackers to arbitrarily close and open the doors managed by the platform remotely + via sending a crafted web request. detection: payload: null verify: null @@ -27116,27 +22176,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23666 - - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23666 - - https://access.redhat.com/security/cve/CVE-2026-23666 - - https://bugzilla.redhat.com/show_bug.cgi?id=2458271 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23666.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-38958 + - https://claroty.com/team82/disclosure-dashboard/cve-2023-38958 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-26171-CANDIDATE - cve_id: CVE-2026-26171 - name: Candidate detection for CVE-2026-26171 - severity: high - cvss: 7.5 + id: CVE-2023-37679-CANDIDATE + cve_id: CVE-2023-37679 + name: Candidate detection for CVE-2023-37679 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Uncontrolled resource consumption in .NET allows an unauthorized attacker - to deny service over a network. + description: A remote command execution (RCE) vulnerability in NextGen Mirth Connect + v4.3.0 allows attackers to execute arbitrary commands on the hosting server. detection: payload: null verify: null @@ -27144,18 +22201,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-26171 - - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26171 - - https://access.redhat.com/errata/RHSA-2026:13280 - - https://access.redhat.com/errata/RHSA-2026:13281 - - https://access.redhat.com/errata/RHSA-2026:13282 + - https://nvd.nist.gov/vuln/detail/CVE-2023-37679 + - https://www.ihteam.net/advisory/mirth-connect generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32178-CANDIDATE - cve_id: CVE-2026-32178 - name: Candidate detection for CVE-2026-32178 + id: CVE-2023-38949-CANDIDATE + cve_id: CVE-2023-38949 + name: Candidate detection for CVE-2023-38949 severity: high cvss: 7.5 risk_level: unknown @@ -27163,8 +22217,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: Improper neutralization of special elements in .NET allows an unauthorized - attacker to perform spoofing over a network. + description: An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated + attackers to arbitrarily reset the Administrator password via a crafted web request. detection: payload: null verify: null @@ -27172,27 +22226,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32178 - - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178 - - https://access.redhat.com/errata/RHSA-2026:13280 - - https://access.redhat.com/errata/RHSA-2026:13281 - - https://access.redhat.com/errata/RHSA-2026:13282 + - https://nvd.nist.gov/vuln/detail/CVE-2023-38949 + - https://claroty.com/team82/disclosure-dashboard/cve-2023-38949 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-32203-CANDIDATE - cve_id: CVE-2026-32203 - name: Candidate detection for CVE-2026-32203 + id: CVE-2023-38950-CANDIDATE + cve_id: CVE-2023-38950 + name: Candidate detection for CVE-2023-38950 severity: high cvss: 7.5 risk_level: unknown requires_confirmation: true priority: - cisa_kev: false + cisa_kev: true exploitdb_reference: false - description: Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized - attacker to deny service over a network. + description: A path traversal vulnerability in the iclock API of ZKTeco BioTime + v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying + a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 + of ZKBioTime. detection: payload: null verify: null @@ -27200,18 +22253,20 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-32203 - - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32203 - - https://access.redhat.com/errata/RHSA-2026:13280 - - https://access.redhat.com/errata/RHSA-2026:13281 - - https://access.redhat.com/errata/RHSA-2026:13282 + - https://nvd.nist.gov/vuln/detail/CVE-2023-38950 + - https://claroty.com/team82/disclosure-dashboard/cve-2023-38950 + - https://sploitus.com/exploit?id=PACKETSTORM:177859 + - https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38950 + - https://www.fortinet.com/content/dam/fortinet/assets/reports/report-incident-response-middle-east.pdf + - https://www.cisa.gov/known-exploited-vulnerabilities-catalog generated_from: - nvd + - cisa_kev - status: candidate executable: false - id: CVE-2026-33116-CANDIDATE - cve_id: CVE-2026-33116 - name: Candidate detection for CVE-2026-33116 + id: CVE-2023-38952-CANDIDATE + cve_id: CVE-2023-38952 + name: Candidate detection for CVE-2023-38952 severity: high cvss: 7.5 risk_level: unknown @@ -27219,9 +22274,12 @@ priority: cisa_kev: false exploitdb_reference: false - description: Loop with unreachable exit condition ('infinite loop') in .NET, .NET - Framework, Visual Studio allows an unauthorized attacker to deny service over - a network. + description: Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated + attackers to escalate their privileges due to the fact that session ids are not + validated for the type of user accessing the application by default. Privilege + restrictions between non-admin and admin users are not enforced and any authenticated + user can leverage admin functions without restriction by making direct requests + to administrative endpoints. detection: payload: null verify: null @@ -27229,35 +22287,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33116 - - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33116 - - https://access.redhat.com/errata/RHSA-2026:13280 - - https://access.redhat.com/errata/RHSA-2026:13281 - - https://access.redhat.com/errata/RHSA-2026:13282 + - https://nvd.nist.gov/vuln/detail/CVE-2023-38952 + - https://claroty.com/team82/disclosure-dashboard/cve-2023-38952 + - https://github.com/omair2084/biotime-rce-8.5.5/blob/main/biotime_enum.py + - https://krashconsulting.com/fury-of-fingers-biotime-rce/ + - https://sploitus.com/exploit?id=PACKETSTORM:177859 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33414-CANDIDATE - cve_id: CVE-2026-33414 - name: Candidate detection for CVE-2026-33414 - severity: high - cvss: 7.8 + id: CVE-2023-36158-CANDIDATE + cve_id: CVE-2023-36158 + name: Candidate detection for CVE-2023-36158 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Podman is a tool for managing OCI containers and pods. Versions 4.8.0 - through 5.8.1 contain a command injection vulnerability in the HyperV machine - backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted - into a PowerShell double-quoted string without sanitization, allowing $() subexpression - injection. Because PowerShell evaluates subexpressions inside double-quoted strings - before executing the outer command, an attacker who can control the VM image path - through a crafted machine name or image directory can execute arbitrary PowerShell - commands with the privileges of the Podman process. On typical Windows installations - this means SYSTEM-level code execution, and only Windows is affected as the code - is exclusive to the HyperV backend. This issue has been patched in version 5.8.2. + description: Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax + Management System 1.0 allows remote attackers to run arbitrary code via the First + Name and Last Name fields on the My Account page. detection: payload: null verify: null @@ -27265,46 +22316,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33414 - - https://github.com/containers/podman/commit/571c842bd357ee626019ea97d030fb772fc654ed - - https://github.com/containers/podman/security/advisories/GHSA-hc8w-h2mf-hp59 - - https://access.redhat.com/errata/RHSA-2026:8211 - - https://access.redhat.com/security/cve/CVE-2026-33414 + - https://nvd.nist.gov/vuln/detail/CVE-2023-36158 + - https://cyberredteam.tech/posts/cve-2023-36158/ + - https://github.com/unknown00759/CVE-2023-36158/blob/main/CVE-2023-36158.md + - https://www.sourcecodester.com/php/15304/toll-tax-management-system-phpoop-free-source-code.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33806-CANDIDATE - cve_id: CVE-2026-33806 - name: Candidate detection for CVE-2026-33806 - severity: high - cvss: 7.5 + id: CVE-2023-36159-CANDIDATE + cve_id: CVE-2023-36159 + name: Candidate detection for CVE-2023-36159 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Impact: - - - Fastify applications using schema.body.content for per-content-type body validation - can have validation bypassed entirely by prepending a space to the Content-Type - header. The body is still parsed correctly but schema validation is skipped. - - - This is a regression introduced in fastify >= 5.3.2 by the fix for CVE-2025-32442 - - - Patches: - - - Upgrade to fastify v5.8.5 or later. - - - Workarounds: - - - None. Upgrade to the patched version.' + description: Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and + Found Information System 1.0 allows remote attackers to run arbitrary code via + the First Name, Middle Name and Last Name fields on the Create User page. detection: payload: null verify: null @@ -27312,30 +22344,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33806 - - https://cna.openjsf.org/security-advisories.html - - https://github.com/fastify/fastify/security/advisories/GHSA-mg2h-6x62-wpwc - - https://access.redhat.com/security/cve/CVE-2026-33806 - - https://bugzilla.redhat.com/show_bug.cgi?id=2458596 + - https://nvd.nist.gov/vuln/detail/CVE-2023-36159 + - https://cyberredteam.tech/posts/cve-2023-36159/ + - https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html generated_from: - nvd - status: candidate executable: false - id: CVE-2025-14813-CANDIDATE - cve_id: CVE-2025-14813 - name: Candidate detection for CVE-2025-14813 - severity: high - cvss: 7.5 + id: CVE-2023-36095-CANDIDATE + cve_id: CVE-2023-36095 + name: Candidate detection for CVE-2023-36095 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: ": Use of a Broken or Risky Cryptographic Algorithm vulnerability in\ - \ Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules).\n\n This\ - \ vulnerability is associated with program files G3413CTRBlockCipher.\n\n\n\n\ - This issue affects BC-JAVA: from 1.59 before 1.80.2, from 1.81 before 1.81.1,\ - \ from 1.82 before 1.84." + description: An issue in Harrison Chase langchain v.0.0.194 allows an attacker to + execute arbitrary code via the python exec calls in the PALChain, affected functions + include from_math_prompt and from_colored_object_prompt. detection: payload: null verify: null @@ -27343,30 +22371,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-14813 - - https://github.com/bcgit/bc-java/commit/701686cb0184cd9ae103c801b3581fdf95c6d4f3 - - https://github.com/bcgit/bc-java/commit/b42574345414e4b7c8051b16fa1fafe01c29871f - - https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%9014813 - - https://access.redhat.com/errata/RHSA-2026:11720 + - https://nvd.nist.gov/vuln/detail/CVE-2023-36095 + - https://github.com/hwchase17/langchain + - https://github.com/langchain-ai/langchain/issues/5872 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-0636-CANDIDATE - cve_id: CVE-2026-0636 - name: Candidate detection for CVE-2026-0636 + id: CVE-2023-37683-CANDIDATE + cve_id: CVE-2023-37683 + name: Candidate detection for CVE-2023-37683 severity: medium - cvss: 6.5 + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Improper neutralization of special elements used in an LDAP query\ - \ ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA\ - \ bcprov on all (prov modules).\n\n This vulnerability is associated with program\ - \ files LDAPStoreHelper.\n\n\n\nThis issue affects BC-JAVA: from 1.74 before 1.80.2,\ - \ from 1.81 before 1.81.1, from 1.82 before 1.84." + description: Online Nurse Hiring System v1.0 was discovered to contain a cross-site + scripting (XSS) vulnerability in the Profile Page of the Admin. detection: payload: null verify: null @@ -27374,31 +22397,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-0636 - - https://github.com/bcgit/bc-java/commit/d20cdb8430e09224114fec0179a71859929fcbde - - https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%900636 - - https://access.redhat.com/errata/RHSA-2026:11720 - - https://access.redhat.com/errata/RHSA-2026:11721 + - https://nvd.nist.gov/vuln/detail/CVE-2023-37683 + - https://github.com/rt122001/CVES/blob/main/CVE-2023-37683.txt generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3505-CANDIDATE - cve_id: CVE-2026-3505 - name: Candidate detection for CVE-2026-3505 - severity: high - cvss: 7.5 + id: CVE-2023-37684-CANDIDATE + cve_id: CVE-2023-37684 + name: Candidate detection for CVE-2023-37684 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Allocation of resources without limits or throttling, Uncontrolled\ - \ Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA\ - \ bcpg on all (pg modules).\n\n This vulnerability is associated with program\ - \ files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java, OperatorHelper.Java.\n\ - \n\n\nThis issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1,\ - \ from 1.82 before 1.84." + description: Online Nurse Hiring System v1.0 was discovered to contain a cross-site + scripting (XSS) vulnerability in the Search Report Details of the Admin portal. detection: payload: null verify: null @@ -27406,33 +22422,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3505 - - https://github.com/bcgit/bc-java/commit/dc7530939ffb6cdb57636f3609d98e23b94e71c1 - - https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%903505 - - https://access.redhat.com/errata/RHSA-2026:13631 - - https://access.redhat.com/errata/RHSA-2026:17668 + - https://nvd.nist.gov/vuln/detail/CVE-2023-37684 + - https://github.com/rt122001/CVES/blob/main/CVE-2023-37684.txt + - https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-5588-CANDIDATE - cve_id: CVE-2026-5588 - name: Candidate detection for CVE-2026-5588 - severity: high - cvss: 7.5 + id: CVE-2023-37685-CANDIDATE + cve_id: CVE-2023-37685 + name: Candidate detection for CVE-2023-37685 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Use of a Broken or Risky Cryptographic Algorithm vulnerability in\ - \ Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion\ - \ of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules), Legion of\ - \ the Bouncy Castle Inc. BCPIX-LTS bcpkix on All (pkix modules).\n\n This vulnerability\ - \ is associated with program files JcaContentVerifierProviderBuilder.Java, JcaContentVerfierProviderBuilder.Java.\n\ - \n\n\nThis issue affects BC-JAVA: from 1.67 before 1.80.2, from 1.81 before 1.81.1,\ - \ from 1.82 before 1.84; BCPKIX-FIPS: from 2.0.6 before 2.0.11, from 2.1.7 before\ - \ 2.1.11; BCPIX-LTS: from 2.73.7 before 2.73.11." + description: Online Nurse Hiring System v1.0 was discovered to contain a cross-site + scripting (XSS) vulnerability in the Search Report Page of the Admin portal. detection: payload: null verify: null @@ -27440,29 +22448,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-5588 - - https://github.com/bcgit/bc-java/commit/656bae0dbd9b1521f840521ff786e78749fe3057 - - https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905588 - - https://access.redhat.com/errata/RHSA-2026:11720 - - https://access.redhat.com/errata/RHSA-2026:11721 + - https://nvd.nist.gov/vuln/detail/CVE-2023-37685 + - https://github.com/rt122001/CVES/blob/main/CVE-2023-37685.txt + - https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-5598-CANDIDATE - cve_id: CVE-2026-5598 - name: Candidate detection for CVE-2026-5598 - severity: high - cvss: 7.5 + id: CVE-2023-37686-CANDIDATE + cve_id: CVE-2023-37686 + name: Candidate detection for CVE-2023-37686 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Covert timing channel vulnerability in Legion of the Bouncy Castle\ - \ Inc. BC-JAVA core on all (core modules).\n\n This vulnerability is associated\ - \ with program files FrodoEngine.Java.\n\n\n\nThis issue affects BC-JAVA: from\ - \ 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84." + description: Online Nurse Hiring System v1.0 was discovered to contain a cross-site + scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal. detection: payload: null verify: null @@ -27470,33 +22474,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-5598 - - https://github.com/bcgit/bc-java/commit/8692e6b2b191fc4aafa32545c7a78bdb9bf110c5 - - https://github.com/bcgit/bc-java/commit/94abbd56413dfdac651fd878bc60253871ef5e87 - - https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905598 - - https://access.redhat.com/errata/RHSA-2026:12267 + - https://nvd.nist.gov/vuln/detail/CVE-2023-37686 + - https://github.com/rt122001/CVES/blob/main/CVE-2023-37686.txt + - https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33805-CANDIDATE - cve_id: CVE-2026-33805 - name: Candidate detection for CVE-2026-33805 + id: CVE-2023-37687-CANDIDATE + cve_id: CVE-2023-37687 + name: Candidate detection for CVE-2023-37687 severity: high - cvss: 8.6 + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3\ - \ and earlier process the client's Connection header after the proxy has added\ - \ its own headers via rewriteRequestHeaders. This allows attackers to retroactively\ - \ strip proxy-added headers from upstream requests by listing them in the Connection\ - \ header value. Any header added by the proxy for routing, access control, or\ - \ security purposes can be selectively removed by a client. @fastify/http-proxy\ - \ is also affected as it delegates to @fastify/reply-from. \n\nUpgrade to @fastify/reply-from\ - \ v12.6.2 or @fastify/http-proxy v11.4.4 or later." + description: Online Nurse Hiring System v1.0 was discovered to contain a cross-site + scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal. detection: payload: null verify: null @@ -27504,37 +22500,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33805 - - https://cna.openjsf.org/security-advisories.html - - https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-gwhp-pf74-vj37 - - https://access.redhat.com/errata/RHSA-2026:10175 - - https://access.redhat.com/security/cve/CVE-2026-33805 + - https://nvd.nist.gov/vuln/detail/CVE-2023-37687 + - https://github.com/rt122001/CVES/blob/main/CVE-2023-37687.txt generated_from: - nvd - status: candidate executable: false - id: CVE-2026-20186-CANDIDATE - cve_id: CVE-2026-20186 - name: Candidate detection for CVE-2026-20186 - severity: critical - cvss: 9.9 + id: CVE-2023-37688-CANDIDATE + cve_id: CVE-2023-37688 + name: Candidate detection for CVE-2023-37688 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A vulnerability in Cisco Identity Services Engine (ISE) could allow\ - \ an authenticated, remote attacker to execute arbitrary commands on the underlying\ - \ operating system of an affected device. To exploit this vulnerability, the attacker\ - \ must have at least Read Only Admin credentials.\r\n\r\nThis vulnerability is\ - \ due to insufficient validation of user-supplied input. An attacker could exploit\ - \ this vulnerability by sending a crafted HTTP request to an affected device.\ - \ A successful exploit could allow the attacker to obtain user-level access to\ - \ the underlying operating system and then elevate privileges to root. In\ - \ single-node ISE deployments, successful exploitation of these vulnerabilities\ - \ could cause the affected ISE node to become unavailable, resulting in a denial\ - \ of service (DoS) condition. In that condition, endpoints that have not already\ - \ authenticated would be unable to access the network until the node is restored." + description: Maid Hiring Management System v1.0 was discovered to contain a SQL + injection vulnerability in the Admin page. detection: payload: null verify: null @@ -27542,33 +22525,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-20186 - - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv + - https://nvd.nist.gov/vuln/detail/CVE-2023-37688 + - https://github.com/rt122001/CVES/blob/main/CVE-2023-37688.txt + - https://phpgurukul.com/maid-hiring-management-system-using-php-and-mysql/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-41118-CANDIDATE - cve_id: CVE-2025-41118 - name: Candidate detection for CVE-2025-41118 - severity: critical - cvss: 9.1 + id: CVE-2023-37689-CANDIDATE + cve_id: CVE-2023-37689 + name: Candidate detection for CVE-2023-37689 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Pyroscope is an open-source continuous profiling database. The database\ - \ supports various storage backends, including Tencent Cloud Object Storage (COS).\n\ - \nIf the database is configured to use Tencent COS as the storage backend, an\ - \ attacker could extract the secret_key configuration value from the Pyroscope\ - \ API.\n\nTo exploit this vulnerability, an attacker needs direct access to the\ - \ Pyroscope API. We highly recommend limiting the public internet exposure of\ - \ all our databases, such that they are only accessible by trusted users or internal\ - \ systems.\n\nThis vulnerability is fixed in versions:\n\n1.15.x: 1.15.2 and above.\n\ - 1.16.x: 1.16.1 and above.\n1.17.x: 1.17.0 and above (i.e. all versions).\n\nThanks\ - \ to Th\xE9o Cusnir for reporting this vulnerability to us via our bug bounty\ - \ program." + description: Maid Hiring Management System v1.0 was discovered to contain a SQL + injection vulnerability in the Booking Request page. detection: payload: null verify: null @@ -27576,29 +22551,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-41118 - - https://grafana.com/security/security-advisories/cve-2025-41118 - - https://access.redhat.com/errata/RHSA-2026:24503 - - https://access.redhat.com/security/cve/CVE-2025-41118 - - https://bugzilla.redhat.com/show_bug.cgi?id=2458796 + - https://nvd.nist.gov/vuln/detail/CVE-2023-37689 + - https://github.com/rt122001/CVES/blob/main/CVE-2023-37689.txt + - https://phpgurukul.com/maid-hiring-management-system-using-php-and-mysql/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6384-CANDIDATE - cve_id: CVE-2026-6384 - name: Candidate detection for CVE-2026-6384 - severity: high - cvss: 7.3 + id: CVE-2023-37690-CANDIDATE + cve_id: CVE-2023-37690 + name: Candidate detection for CVE-2023-37690 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in gimp. This buffer overflow vulnerability in the - GIF image loading component's `ReadJeffsImage` function allows an attacker to - write beyond an allocated buffer by processing a specially crafted GIF file. This - can lead to a denial of service or potentially arbitrary code execution. + description: Maid Hiring Management System v1.0 was discovered to contain a SQL + injection vulnerability in the Search Maid page. detection: payload: null verify: null @@ -27606,17 +22577,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6384 - - https://access.redhat.com/security/cve/CVE-2026-6384 - - https://bugzilla.redhat.com/show_bug.cgi?id=2458749 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6384.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-37690 + - https://github.com/rt122001/CVES/blob/main/CVE-2023-37690.txt + - https://phpgurukul.com/maid-hiring-management-system-using-php-and-mysql/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40176-CANDIDATE - cve_id: CVE-2026-40176 - name: Candidate detection for CVE-2026-40176 + id: CVE-2023-37646-CANDIDATE + cve_id: CVE-2023-37646 + name: Candidate detection for CVE-2023-37646 severity: high cvss: 7.8 risk_level: unknown @@ -27624,61 +22594,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 - and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command() - method, which constructs shell commands by interpolating user-supplied Perforce - connection parameters (port, user, client) without proper escaping. An attacker - can inject arbitrary commands through these values in a malicious composer.json - declaring a Perforce VCS repository, leading to command execution in the context - of the user running Composer, even if Perforce is not installed. VCS repositories - are only loaded from the root composer.json or the composer config directory, - so this cannot be exploited through composer.json files of packages installed - as dependencies. Users are at risk if they run Composer commands on untrusted - projects with attacker-supplied composer.json files. This issue has been fixed - in Composer 2.2.27 (2.2 LTS) and 2.9.6 (mainline). - detection: - payload: null - verify: null - review_required: Define a read-only matcher and classify execution risk before - promotion. - remediation: Apply the vendor remediation or patched version documented in the advisory. - references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40176 - - https://github.com/composer/composer/releases/tag/2.9.6 - - https://github.com/composer/composer/security/advisories/GHSA-wg36-wvj6-r67p - - https://access.redhat.com/errata/RHSA-2026:8165 - - https://access.redhat.com/security/cve/CVE-2026-40176 - generated_from: - - nvd -- status: candidate - executable: false - id: CVE-2026-40261-CANDIDATE - cve_id: CVE-2026-40261 - name: Candidate detection for CVE-2026-40261 - severity: high - cvss: 8.8 - risk_level: unknown - requires_confirmation: true - priority: - cisa_kev: false - exploitdb_reference: false - description: 'Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 - and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase() - method, which appends the $sourceReference parameter to a shell command without - proper escaping, and additionally in the Perforce::generateP4Command() method - as in GHSA-wg36-wvj6-r67p / CVE-2026-40176, which interpolates user-supplied Perforce - connection parameters (port, user, client) from the source url field without proper - escaping. An attacker can inject arbitrary commands through crafted source reference - or source url values containing shell metacharacters, even if Perforce is not - installed. Unlike CVE-2026-40176, the source reference and url are provided as - part of package metadata, meaning any compromised or malicious Composer repository - can serve package metadata declaring perforce as a source type with malicious - values. This vulnerability is exploitable when installing or updating dependencies - from source, including the default behavior when installing dev-prefixed versions. - This issue has been fixed in Composer 2.2.27 (2.2 LTS) and 2.9.6 (mainline). If - developers are unable to immediately update, they can avoid installing dependencies - from source by using --prefer-dist or the preferred-install: dist config setting, - and only use trusted Composer repositories as a workaround.' + description: An issue in the CAB file extraction function of Bitberry File Opener + v23.0 allows attackers to execute a directory traversal. detection: payload: null verify: null @@ -27686,31 +22603,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40261 - - https://github.com/composer/composer/releases/tag/2.9.6 - - https://github.com/composer/composer/security/advisories/GHSA-gqw4-4w2p-838q - - https://access.redhat.com/errata/RHSA-2026:8165 - - https://access.redhat.com/security/cve/CVE-2026-40261 + - https://nvd.nist.gov/vuln/detail/CVE-2023-37646 + - https://gist.github.com/Decamark/868e88aa6aae6b8f4a1dc1991efb83ca generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6388-CANDIDATE - cve_id: CVE-2026-6388 - name: Candidate detection for CVE-2026-6388 - severity: critical - cvss: 9.1 + id: CVE-2023-26961-CANDIDATE + cve_id: CVE-2023-26961 + name: Candidate detection for CVE-2023-26961 + severity: medium + cvss: 4.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in ArgoCD Image Updater. This vulnerability allows - an attacker, with permissions to create or modify an ImageUpdater resource in - a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient - validation, the attacker can trigger unauthorized image updates on applications - managed by other tenants. This leads to cross-namespace privilege escalation, - impacting application integrity through unauthorized application updates. + description: Alteryx Server 2022.1.1.42590 does not employ file type verification + for uploaded files. This vulnerability allows attackers to upload arbitrary files + (e.g., JavaScript content for stored XSS) via the type field in a JSON document + within a PUT /gallery/api/media request. detection: payload: null verify: null @@ -27718,17 +22630,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6388 - - https://access.redhat.com/security/cve/CVE-2026-6388 - - https://bugzilla.redhat.com/show_bug.cgi?id=2458766 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6388.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-26961 + - https://gist.github.com/DylanGrl/4269ae834c5d0ec77c9b928ad35d3be3 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40192-CANDIDATE - cve_id: CVE-2026-40192 - name: Candidate detection for CVE-2026-40192 + id: CVE-2023-39086-CANDIDATE + cve_id: CVE-2023-39086 + name: Candidate detection for CVE-2023-39086 severity: high cvss: 7.5 risk_level: unknown @@ -27736,70 +22646,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 - did not limit the amount of GZIP-compressed data read when decoding a FITS image, - making them vulnerable to decompression bomb attacks. A specially crafted FITS - file could cause unbounded memory consumption, leading to denial of service (OOM - crash or severe performance degradation). If users are unable to immediately upgrade, - they should only open specific image formats, excluding FITS, as a workaround. - detection: - payload: null - verify: null - review_required: Define a read-only matcher and classify execution risk before - promotion. - remediation: Apply the vendor remediation or patched version documented in the advisory. - references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40192 - - https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628 - - https://github.com/python-pillow/Pillow/pull/9521 - - https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j - - https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb - generated_from: - - nvd -- status: candidate - executable: false - id: CVE-2026-41035-CANDIDATE - cve_id: CVE-2026-41035 - name: Candidate detection for CVE-2026-41035 - severity: high - cvss: 7.4 - risk_level: unknown - requires_confirmation: true - priority: - cisa_kev: false - exploitdb_reference: false - description: In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted - length value during a qsort call, leading to a receiver use-after-free. The victim - must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations - are vulnerable. Non-Linux platforms are more widely vulnerable. - detection: - payload: null - verify: null - review_required: Define a read-only matcher and classify execution risk before - promotion. - remediation: Apply the vendor remediation or patched version documented in the advisory. - references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41035 - - https://github.com/RsyncProject/rsync/issues/871 - - https://github.com/RsyncProject/rsync/releases - - https://www.openwall.com/lists/oss-security/2026/04/16/2 - - https://access.redhat.com/errata/RHSA-2026:17481 - generated_from: - - nvd -- status: candidate - executable: false - id: CVE-2026-41082-CANDIDATE - cve_id: CVE-2026-41082 - name: Candidate detection for CVE-2026-41082 - severity: high - cvss: 7.3 - risk_level: unknown - requires_confirmation: true - priority: - cisa_kev: false - exploitdb_reference: false - description: In OCaml opam before 2.5.1, a .install field containing a destination - filepath can use ../ to reach a parent directory. + description: ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive + information in cleartext. detection: payload: null verify: null @@ -27807,18 +22655,14 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41082 - - https://github.com/ocaml/opam/pull/6897 - - https://github.com/ocaml/opam/releases/tag/2.5.1 - - https://osv.dev/vulnerability/OSEC-2026-03 - - https://lists.debian.org/debian-lts-announce/2026/04/msg00021.html + - https://nvd.nist.gov/vuln/detail/CVE-2023-39086 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-54502-CANDIDATE - cve_id: CVE-2025-54502 - name: Candidate detection for CVE-2025-54502 + id: CVE-2023-39003-CANDIDATE + cve_id: CVE-2023-39003 + name: Candidate detection for CVE-2023-39003 severity: high cvss: 7.5 risk_level: unknown @@ -27826,45 +22670,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: Incorrect use of boot service in the AMD Platform Configuration Blob - (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) - to achieve privilege escalation potentially resulting in arbitrary code execution. - detection: - payload: null - verify: null - review_required: Define a read-only matcher and classify execution risk before - promotion. - remediation: Apply the vendor remediation or patched version documented in the advisory. - references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-54502 - - https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7054.html - - https://access.redhat.com/security/cve/CVE-2025-54502 - - https://bugzilla.redhat.com/show_bug.cgi?id=2459023 - - https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-54502.json - generated_from: - - nvd -- status: candidate - executable: false - id: CVE-2026-35469-CANDIDATE - cve_id: CVE-2026-35469 - name: Candidate detection for CVE-2026-35469 - severity: medium - cvss: 6.5 - risk_level: unknown - requires_confirmation: true - priority: - cisa_kev: false - exploitdb_reference: false - description: "spdystream is a Go library for multiplexing streams over SPDY connections.\ - \ In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled\ - \ counts and lengths before allocating memory. Three allocation paths are affected:\ - \ the SETTINGS frame entry count, the header count in parseHeaderValueBlock, and\ - \ individual header field sizes \u2014 all read as 32-bit integers and used directly\ - \ as allocation sizes with no bounds checking. Because SPDY header blocks are\ - \ zlib-compressed, a small on-the-wire payload can decompress into large attacker-controlled\ - \ values. A remote peer that can send SPDY frames to a service using spdystream\ - \ can exhaust process memory and cause an out-of-memory crash with a single crafted\ - \ control frame. This issue has been fixed in version 0.5.1." + description: OPNsense Community Edition before 23.7 and Business Edition before + 23.4.2 was discovered to contain insecure permissions in the directory /tmp. detection: payload: null verify: null @@ -27872,34 +22679,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-35469 - - https://github.com/moby/spdystream/releases/tag/v0.5.1 - - https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2 - - https://access.redhat.com/errata/RHSA-2026:11070 - - https://access.redhat.com/errata/RHSA-2026:11217 + - https://nvd.nist.gov/vuln/detail/CVE-2023-39003 + - https://logicaltrust.net/blog/2023/08/opnsense.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40170-CANDIDATE - cve_id: CVE-2026-40170 - name: Candidate detection for CVE-2026-40170 - severity: high - cvss: 7.5 + id: CVE-2023-39004-CANDIDATE + cve_id: CVE-2023-39004 + name: Candidate detection for CVE-2023-39004 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: ngtcp2 is a C implementation of the IETF QUIC protocol. In versions - prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer - transport parameters into a fixed 1024-byte stack buffer without bounds checking. - When qlog is enabled, a remote peer can send sufficiently large transport parameters - during the QUIC handshake to cause writes beyond the buffer boundary, resulting - in a stack buffer overflow. This affects deployments that enable the qlog callback - and process untrusted peer transport parameters. This issue has been fixed in - version 1.22.1. If developers are unable to immediately upgrade, they can disable - the qlog on client. + description: Insecure permissions in the configuration directory (/conf/) of OPNsense + Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers + to access sensitive information (e.g., hashed root password) which could lead + to privilege escalation. detection: payload: null verify: null @@ -27907,30 +22706,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40170 - - https://github.com/ngtcp2/ngtcp2/commit/708a7640c1f48fb8ffb540c4b8ea5b4c1dfb8ee5 - - https://github.com/ngtcp2/ngtcp2/security/advisories/GHSA-f523-465f-8c8f - - https://access.redhat.com/errata/RHSA-2026:22963 - - https://access.redhat.com/errata/RHSA-2026:25049 + - https://nvd.nist.gov/vuln/detail/CVE-2023-39004 + - https://logicaltrust.net/blog/2023/08/opnsense.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3605-CANDIDATE - cve_id: CVE-2026-3605 - name: Candidate detection for CVE-2026-3605 - severity: high - cvss: 8.1 + id: CVE-2023-33468-CANDIDATE + cve_id: CVE-2023-33468 + name: Candidate detection for CVE-2023-33468 + severity: critical + cvss: 9.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: An authenticated user with access to a kvv2 path through a policy containing - a glob may be able to delete secrets they were not authorized to read or write, - resulting in denial-of-service. This vulnerability did not allow a malicious user - to delete secrets across namespaces, nor read any secret data. Fxed in Vault Community - Edition 2.0.0 and Vault Enterprise 2.0.0, 1.21.5, 1.20.10, and 1.19.16. + description: KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior + to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the + device. This vulnerability involves extracting the connection confirmation code + remotely, bypassing the need to obtain it directly from the physical screen. detection: payload: null verify: null @@ -27938,29 +22733,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3605 - - https://discuss.hashicorp.com/t/hcsec-2026-05-vault-kvv2-metadata-and-secret-deletion-policy-bypass-denial-of-service/77342 - - https://access.redhat.com/security/cve/CVE-2026-3605 - - https://bugzilla.redhat.com/show_bug.cgi?id=2459105 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3605.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-33468 + - https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33468 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4525-CANDIDATE - cve_id: CVE-2026-4525 - name: Candidate detection for CVE-2026-4525 + id: CVE-2023-33469-CANDIDATE + cve_id: CVE-2023-33469 + name: Candidate detection for CVE-2023-33469 severity: high - cvss: 7.5 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: If a Vault auth mount is configured to pass through the "Authorization" - header, and the "Authorization" header is used to authenticate to Vault, Vault - forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, - 1.20.10, and 1.19.16. + description: In instances where the screen is visible and remote mouse connection + is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior + to 4.0.1.1326 can be exploited to achieve local code execution at the root level. detection: payload: null verify: null @@ -27968,30 +22759,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4525 - - https://discuss.hashicorp.com/t/hcsec-2026-07-vault-may-expose-tokens-to-auth-plugins-due-to-incorrect-header-sanitization/77344 - - https://access.redhat.com/security/cve/CVE-2026-4525 - - https://bugzilla.redhat.com/show_bug.cgi?id=2459107 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4525.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-33469 + - https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33469 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-5807-CANDIDATE - cve_id: CVE-2026-5807 - name: Candidate detection for CVE-2026-5807 - severity: high - cvss: 7.5 + id: CVE-2023-39805-CANDIDATE + cve_id: CVE-2023-39805 + name: Candidate detection for CVE-2023-39805 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Vault is vulnerable to a denial-of-service condition where an unauthenticated - attacker can repeatedly initiate or cancel root token generation or rekey operations, - occupying the single in-progress operation slot. This prevents legitimate operators - from completing these workflows. This vulnerability, CVE-2026-5807, is fixed in - Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0. + description: iCMS v7.0.16 was discovered to contain a SQL injection vulnerability + via the where parameter at admincp.php. detection: payload: null verify: null @@ -27999,33 +22784,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-5807 - - https://discuss.hashicorp.com/t/hcsec-2026-08-vault-vulnerable-to-denial-of-service-via-unauthenticated-root-token-generation-rekey-operations/77345 - - https://access.redhat.com/security/cve/CVE-2026-5807 - - https://bugzilla.redhat.com/show_bug.cgi?id=2459109 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5807.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-39805 + - https://gist.github.com/ChubbyZ/3ad434bd5fc2ab1242dd32500384cfb5 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-21733-CANDIDATE - cve_id: CVE-2026-21733 - name: Candidate detection for CVE-2026-21733 - severity: high - cvss: 7.3 + id: CVE-2023-39806-CANDIDATE + cve_id: CVE-2023-39806 + name: Candidate detection for CVE-2023-39806 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Software installed and run as a non-privileged user may conduct improper - GPU system calls to gain write permission to read-only wrapped user-mode memory - and files. - - - - - This is caused by improper handling of GPU memory reservation protections.' + description: iCMS v7.0.16 was discovered to contain a SQL injection vulnerability + via the bakupdata function. detection: payload: null verify: null @@ -28033,67 +22809,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-21733 - - https://www.imaginationtech.com/gpu-driver-vulnerabilities/ + - https://nvd.nist.gov/vuln/detail/CVE-2023-39806 + - https://gist.github.com/ChubbyZ/27fa6f43699c9964ddfa701614fc4d5e generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40293-CANDIDATE - cve_id: CVE-2026-40293 - name: Candidate detection for CVE-2026-40293 + id: CVE-2020-35990-CANDIDATE + cve_id: CVE-2020-35990 + name: Candidate detection for CVE-2020-35990 severity: medium - cvss: 6.5 - risk_level: unknown - requires_confirmation: true - priority: - cisa_kev: false - exploitdb_reference: false - description: OpenFGA is an authorization/permission engine built for developers. - In versions 0.1.4 through 1.13.1, when OpenFGA is configured to use preshared-key - authentication with the built-in playground enabled, the local server includes - the preshared API key in the HTML response of the /playground endpoint. The /playground - endpoint is enabled by default and does not require authentication. It is intended - for local development and debugging and is not designed to be exposed to production - environments. Only those who run OpenFGA with `--authn-method` preshared, with - the playground enabled, and with the playground endpoint accessible beyond localhost - or trusted networks are vulnerable. To remediate the issue, users should upgrade - to OpenFGA v1.14.0, or disable the playground by running `./openfga run --playground-enabled=false.` - detection: - payload: null - verify: null - review_required: Define a read-only matcher and classify execution risk before - promotion. - remediation: Apply the vendor remediation or patched version documented in the advisory. - references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40293 - - https://github.com/openfga/openfga/releases/tag/v1.14.0 - - https://github.com/openfga/openfga/security/advisories/GHSA-68m9-983m-f3v5 - - https://access.redhat.com/errata/RHSA-2026:24503 - - https://access.redhat.com/errata/RHSA-2026:24539 - generated_from: - - nvd -- status: candidate - executable: false - id: CVE-2026-40477-CANDIDATE - cve_id: CVE-2026-40477 - name: Candidate detection for CVE-2026-40477 - severity: critical - cvss: 9.0 + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Thymeleaf is a server-side Java template engine for web and standalone - environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability - in the expression execution mechanisms. Although the library provides mechanisms - to prevent expression injection, it fails to properly restrict the scope of accessible - objects, allowing specific potentially sensitive objects to be reached from within - a template. If an application developer passes unvalidated user input directly - to the template engine, an unauthenticated remote attacker can bypass the library's - protections to achieve Server-Side Template Injection (SSTI). This issue has ben - fixed in version 3.1.4.RELEASE. + description: Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc + function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local + attackers to cause a denial of service (DoS) via crafted .pdf file. detection: payload: null verify: null @@ -28101,33 +22835,23 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40477 - - https://github.com/thymeleaf/thymeleaf/security/advisories/GHSA-r4v4-5mwr-2fwr - - https://access.redhat.com/errata/RHSA-2026:21772 - - https://access.redhat.com/security/cve/CVE-2026-40477 - - https://bugzilla.redhat.com/show_bug.cgi?id=2459344 + - https://nvd.nist.gov/vuln/detail/CVE-2020-35990 + - https://www.foxitsoftware.com/support/security-bulletins.php generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40478-CANDIDATE - cve_id: CVE-2026-40478 - name: Candidate detection for CVE-2026-40478 + id: CVE-2023-37847-CANDIDATE + cve_id: CVE-2023-37847 + name: Candidate detection for CVE-2023-37847 severity: critical - cvss: 9.0 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Thymeleaf is a server-side Java template engine for web and standalone - environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability - in the the expression execution mechanisms. Although the library provides mechanisms - to prevent expression injection, it fails to properly neutralize specific syntax - patterns that allow for the execution of unauthorized expressions. If an application - developer passes unvalidated user input directly to the template engine, an unauthenticated - remote attacker can bypass the library's protections to achieve Server-Side Template - Injection (SSTI). This issue has ben fixed in version 3.1.4.RELEASE. + description: novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability. detection: payload: null verify: null @@ -28135,32 +22859,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40478 - - https://github.com/thymeleaf/thymeleaf/security/advisories/GHSA-xjw8-8c5c-9r79 - - https://access.redhat.com/errata/RHSA-2026:21772 - - https://access.redhat.com/security/cve/CVE-2026-40478 - - https://bugzilla.redhat.com/show_bug.cgi?id=2459349 + - https://nvd.nist.gov/vuln/detail/CVE-2023-37847 + - https://github.com/KingBangQ/CVE-2023-37847/blob/main/README.md + - https://novel.xxyopen.com/index.htm generated_from: - nvd - status: candidate executable: false - id: CVE-2026-5720-CANDIDATE - cve_id: CVE-2026-5720 - name: Candidate detection for CVE-2026-5720 + id: CVE-2023-30186-CANDIDATE + cve_id: CVE-2023-30186 + name: Candidate detection for CVE-2023-30186 severity: critical - cvss: 9.1 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: miniupnpd contains an integer underflow vulnerability in SOAPAction - header parsing that allows remote attackers to cause a denial of service or information - disclosure by sending a malformed SOAPAction header with a single quote. Attackers - can trigger an out-of-bounds memory read by exploiting improper length validation - in ParseHttpHeaders(), where the parsed length underflows to a large unsigned - value when passed to memchr(), causing the process to scan memory far beyond the - allocated HTTP request buffer. + description: A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 + through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript + file. detection: payload: null verify: null @@ -28168,17 +22886,18 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-5720 - - https://github.com/miniupnp/miniupnp/ - - https://github.com/miniupnp/miniupnp/commit/f56bd09b2f2650126b832c5f30a65a09e28167fa - - https://www.vulncheck.com/advisories/miniupnpd-integer-underflow-soapaction-header-parsing + - https://nvd.nist.gov/vuln/detail/CVE-2023-30186 + - https://gist.github.com/merrychap/25eba8c4dd97c9e545edad1b8f0eadc2 + - https://github.com/ONLYOFFICE/DocumentServer + - https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/ + - https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/embed/NativeControlEmbed.cpp#L110 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41242-CANDIDATE - cve_id: CVE-2026-41242 - name: Candidate detection for CVE-2026-41242 + id: CVE-2023-30187-CANDIDATE + cve_id: CVE-2023-30187 + name: Candidate detection for CVE-2023-30187 severity: critical cvss: 9.8 risk_level: unknown @@ -28186,10 +22905,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: protobufjs compiles protobuf definitions into JavaScript (JS) functions. - In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the - "type" fields of protobuf definitions, which will then execute during object decoding - using that definition. Versions 8.0.1 and 7.5.5 patch the issue. + description: An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer + 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted + JavaScript file. detection: payload: null verify: null @@ -28197,33 +22915,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41242 - - https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75 - - https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956 - - https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.5 - - https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.1 + - https://nvd.nist.gov/vuln/detail/CVE-2023-30187 + - https://gist.github.com/merrychap/25eba8c4dd97c9e545edad1b8f0eadc2 + - https://github.com/ONLYOFFICE/DocumentServer + - https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/ + - https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/embed/NativeControlEmbed.cpp#L110 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6587-CANDIDATE - cve_id: CVE-2026-6587 - name: Candidate detection for CVE-2026-6587 - severity: medium - cvss: 6.3 + id: CVE-2023-30188-CANDIDATE + cve_id: CVE-2023-30188 + name: Candidate detection for CVE-2023-30188 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. - The affected element is the function _try_process_local_file/_try_process_url - of the file src/ragas/metrics/collections/multi_modal_faithfulness/util.py of - the component Collections Module. Performing a manipulation of the argument retrieved_contexts - results in server-side request forgery. The attack can be initiated remotely. - The exploit has been released to the public and may be used for attacks. The security - patch for CVE-2025-45691 was applied to a different module only. The vendor was - contacted early about this disclosure but did not respond in any way. + description: Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 + through 7.3.2 allows remote attackers to cause a denial of service via crafted + JavaScript file. detection: payload: null verify: null @@ -28231,28 +22944,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6587 - - https://adithyanak.com/ragas-v0214-arbitrary-file-read-vulnerability - - https://vuldb.com/submit/791088 - - https://vuldb.com/vuln/358222 - - https://vuldb.com/vuln/358222/cti + - https://nvd.nist.gov/vuln/detail/CVE-2023-30188 + - https://gist.github.com/merrychap/25eba8c4dd97c9e545edad1b8f0eadc2 + - https://github.com/ONLYOFFICE/DocumentServer + - https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/ + - https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/embed/NativeControlEmbed.cpp#L110 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6654-CANDIDATE - cve_id: CVE-2026-6654 - name: Candidate detection for CVE-2026-6654 - severity: medium - cvss: 5.1 + id: CVE-2020-26037-CANDIDATE + cve_id: CVE-2020-26037 + name: Candidate detection for CVE-2020-26037 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` - functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting - the length to zero. + description: Directory Traversal vulnerability in Server functionalty in Even Balance + Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary + code. detection: payload: null verify: null @@ -28260,35 +22973,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6654 - - https://github.com/mozilla/thin-vec/security/advisories/GHSA-xphw-cqx3-667j - - https://access.redhat.com/security/cve/CVE-2026-6654 - - https://bugzilla.redhat.com/show_bug.cgi?id=2459689 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6654.json + - https://nvd.nist.gov/vuln/detail/CVE-2020-26037 + - https://medium.com/@prizmant/hacking-punkbuster-e22e6cf2f36e + - https://medium.com/%40prizmant/hacking-punkbuster-e22e6cf2f36e generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33557-CANDIDATE - cve_id: CVE-2026-33557 - name: Candidate detection for CVE-2026-33557 + id: CVE-2023-38894-CANDIDATE + cve_id: CVE-2023-38894 + name: Candidate detection for CVE-2023-38894 severity: critical - cvss: 9.1 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A possible security vulnerability has been identified in Apache Kafka.\n\ - \nBy default, the broker property `sasl.oauthbearer.jwt.validator.class` is\_\ - set to `org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator`. It\ - \ accepts any JWT token without validating its\_signature, issuer, or audience.\ - \ An attacker can generate a JWT\_token from any issuer with the `preferred_username`\ - \ set to any user, and the broker will accept it.\n\nWe advise the Kafka users\ - \ using kafka v4.1.0 or v4.1.1 to set the config `sasl.oauthbearer.jwt.validator.class`\ - \ to `org.apache.kafka.common.security.oauthbearer.BrokerJwtValidator` explicitly\ - \ to avoid this vulnerability. Since Kafka v4.1.2 and v4.2.0 and later, the issue\ - \ is fixed and will correctly validate the JWT token." + description: A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before + allows a remote attacker to execute arbitrary code via the extend function. detection: payload: null verify: null @@ -28296,29 +22999,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33557 - - https://kafka.apache.org/cve-list - - https://lists.apache.org/thread/v57o00hm6yszdpdnvqx2ss4561yh953h - - https://access.redhat.com/security/cve/CVE-2026-33557 - - https://bugzilla.redhat.com/show_bug.cgi?id=2459739 + - https://nvd.nist.gov/vuln/detail/CVE-2023-38894 + - https://github.com/cronvel/tree-kit + - https://www.code-intelligence.com/blog/treekit-prototype-pollution-cve-2023-38894 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41245-CANDIDATE - cve_id: CVE-2026-41245 - name: Candidate detection for CVE-2026-41245 - severity: medium - cvss: 5.9 + id: CVE-2023-38838-CANDIDATE + cve_id: CVE-2023-38838 + name: Candidate detection for CVE-2023-38838 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Junrar is an open source java RAR archive library. Prior to version - 7.5.10, a path traversal vulnerability in `LocalFolderExtractor` allows an attacker - to write arbitrary files with attacker-controlled content into sibling directories - when a crafted RAR archive is extracted. Version 7.5.10 fixes the issue. + description: SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote + attacker to obtain sensitive information via the edit.php component. detection: payload: null verify: null @@ -28326,32 +23025,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41245 - - https://github.com/junrar/junrar/commit/d77e9a83eb721cd51f9c23d7869d0e6ad7f952d7 - - https://github.com/junrar/junrar/releases/tag/v7.5.10 - - https://github.com/junrar/junrar/security/advisories/GHSA-hf5p-q87m-crj7 - - https://access.redhat.com/security/cve/CVE-2026-41245 + - https://nvd.nist.gov/vuln/detail/CVE-2023-38838 + - https://github.com/kiduswb/minimati/issues/1 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40244-CANDIDATE - cve_id: CVE-2026-40244 - name: Candidate detection for CVE-2026-40244 + id: CVE-2023-39784-CANDIDATE + cve_id: CVE-2023-39784 + name: Candidate detection for CVE-2023-39784 severity: high - cvss: 7.1 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: OpenEXR provides the specification and reference implementation of - the EXR file format, an image storage format for the motion picture industry. - In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, - `internal_dwa_compressor.h:1722` performs `curc->width * curc->height` in `int32` - arithmetic without a `(size_t)` cast. This is the same overflow pattern fixed - in other locations by the recent CVE-2026-34589 batch, but this line was missed. - Versions 3.4.10, 3.3.10, and 3.2.8 contain a fix that addresses `internal_dwa_compressor.h:1722`. + description: Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow + via the list parameter in the save_virtualser_data function. detection: payload: null verify: null @@ -28359,18 +23050,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40244 - - https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.8 - - https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.10 - - https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.10 - - https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-j526-66f6-fxhx + - https://nvd.nist.gov/vuln/detail/CVE-2023-39784 + - https://github.com/Xunflash/IOT/tree/main/Tenda_AC8_V4 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6746-CANDIDATE - cve_id: CVE-2026-6746 - name: Candidate detection for CVE-2026-6746 + id: CVE-2023-39785-CANDIDATE + cve_id: CVE-2023-39785 + name: Candidate detection for CVE-2023-39785 severity: high cvss: 7.5 risk_level: unknown @@ -28378,9 +23066,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'Use-after-free in the DOM: Core & HTML component. This vulnerability - was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird - 150, and Thunderbird 140.10.' + description: Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow + via the list parameter in the set_qosMib_list function. detection: payload: null verify: null @@ -28388,18 +23075,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6746 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2014596 - - https://www.mozilla.org/security/advisories/mfsa2026-30/ - - https://www.mozilla.org/security/advisories/mfsa2026-31/ - - https://www.mozilla.org/security/advisories/mfsa2026-32/ + - https://nvd.nist.gov/vuln/detail/CVE-2023-39785 + - https://github.com/Xunflash/IOT/tree/main/Tenda_AC8_V4/2 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6747-CANDIDATE - cve_id: CVE-2026-6747 - name: Candidate detection for CVE-2026-6747 + id: CVE-2023-39786-CANDIDATE + cve_id: CVE-2023-39786 + name: Candidate detection for CVE-2023-39786 severity: high cvss: 7.5 risk_level: unknown @@ -28407,8 +23091,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: Use-after-free in the WebRTC component. This vulnerability was fixed - in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. + description: Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow + via the time parameter in the sscanf function. detection: payload: null verify: null @@ -28416,18 +23100,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6747 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2021769 - - https://www.mozilla.org/security/advisories/mfsa2026-30/ - - https://www.mozilla.org/security/advisories/mfsa2026-32/ - - https://www.mozilla.org/security/advisories/mfsa2026-33/ + - https://nvd.nist.gov/vuln/detail/CVE-2023-39786 + - https://github.com/Xunflash/IOT/tree/main/Tenda_AC8_V4/3 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6748-CANDIDATE - cve_id: CVE-2026-6748 - name: Candidate detection for CVE-2026-6748 + id: CVE-2023-39807-CANDIDATE + cve_id: CVE-2023-39807 + name: Candidate detection for CVE-2023-39807 severity: critical cvss: 9.8 risk_level: unknown @@ -28435,38 +23116,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'Uninitialized memory in the Audio/Video: Web Codecs component. This - vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and - Thunderbird 140.10.' - detection: - payload: null - verify: null - review_required: Define a read-only matcher and classify execution risk before - promotion. - remediation: Apply the vendor remediation or patched version documented in the advisory. - references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6748 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2022604 - - https://www.mozilla.org/security/advisories/mfsa2026-30/ - - https://www.mozilla.org/security/advisories/mfsa2026-32/ - - https://www.mozilla.org/security/advisories/mfsa2026-33/ - generated_from: - - nvd -- status: candidate - executable: false - id: CVE-2026-6749-CANDIDATE - cve_id: CVE-2026-6749 - name: Candidate detection for CVE-2026-6749 - severity: high - cvss: 7.5 - risk_level: unknown - requires_confirmation: true - priority: - cisa_kev: false - exploitdb_reference: false - description: 'Information disclosure due to uninitialized memory in the Graphics: - Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, - Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.' + description: N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL + injection vulnerability via the a_passwd parameter at /portal/user-register.php. detection: payload: null verify: null @@ -28474,28 +23125,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6749 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2022610 - - https://www.mozilla.org/security/advisories/mfsa2026-30/ - - https://www.mozilla.org/security/advisories/mfsa2026-31/ - - https://www.mozilla.org/security/advisories/mfsa2026-32/ + - https://nvd.nist.gov/vuln/detail/CVE-2023-39807 + - https://github.com/maride + - https://sec.maride.cc/posts/ibsg/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6750-CANDIDATE - cve_id: CVE-2026-6750 - name: Candidate detection for CVE-2026-6750 - severity: high - cvss: 8.8 + id: CVE-2023-39808-CANDIDATE + cve_id: CVE-2023-39808 + name: Candidate detection for CVE-2023-39808 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Privilege escalation in the Graphics: WebRender component. This vulnerability - was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird - 150, and Thunderbird 140.10.' + description: N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded + root password that allows attackers to login with root privileges via the SSH + service. The cleartext password corresponding to the $1$4Tmm01jl$7HRvcW.bz7uGmX9hiQWvR + hash was not determined by the vulnerability discoverer. detection: payload: null verify: null @@ -28503,28 +23153,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6750 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2023407 - - https://www.mozilla.org/security/advisories/mfsa2026-30/ - - https://www.mozilla.org/security/advisories/mfsa2026-31/ - - https://www.mozilla.org/security/advisories/mfsa2026-32/ + - https://nvd.nist.gov/vuln/detail/CVE-2023-39808 + - https://github.com/maride + - https://sec.maride.cc/posts/ibsg/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6751-CANDIDATE - cve_id: CVE-2026-6751 - name: Candidate detection for CVE-2026-6751 - severity: high - cvss: 7.3 + id: CVE-2023-39809-CANDIDATE + cve_id: CVE-2023-39809 + name: Candidate detection for CVE-2023-39809 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Uninitialized memory in the Audio/Video: Web Codecs component. This - vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and - Thunderbird 140.10.' + description: N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain an + OS command injection vulnerability via shell metacharacters in the system_hostname + parameter at /manage/network-basic.php. detection: payload: null verify: null @@ -28532,28 +23180,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6751 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2025883 - - https://www.mozilla.org/security/advisories/mfsa2026-30/ - - https://www.mozilla.org/security/advisories/mfsa2026-32/ - - https://www.mozilla.org/security/advisories/mfsa2026-33/ + - https://nvd.nist.gov/vuln/detail/CVE-2023-39809 + - https://github.com/maride + - https://sec.maride.cc/posts/ibsg/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6752-CANDIDATE - cve_id: CVE-2026-6752 - name: Candidate detection for CVE-2026-6752 - severity: high - cvss: 7.3 + id: CVE-2020-28715-CANDIDATE + cve_id: CVE-2020-28715 + name: Candidate detection for CVE-2020-28715 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Incorrect boundary conditions in the WebRTC component. This vulnerability - was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird - 150, and Thunderbird 140.10. + description: An issue was discovered in kdmserver service in LeEco LeTV X43 version + V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate + privileges, and cause a denial of service (DoS). detection: payload: null verify: null @@ -28561,28 +23207,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6752 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2027499 - - https://www.mozilla.org/security/advisories/mfsa2026-30/ - - https://www.mozilla.org/security/advisories/mfsa2026-31/ - - https://www.mozilla.org/security/advisories/mfsa2026-32/ + - https://nvd.nist.gov/vuln/detail/CVE-2020-28715 + - https://www.cnvd.org.cn/flaw/show/2602948 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6753-CANDIDATE - cve_id: CVE-2026-6753 - name: Candidate detection for CVE-2026-6753 + id: CVE-2023-38899-CANDIDATE + cve_id: CVE-2023-38899 + name: Candidate detection for CVE-2023-38899 severity: high - cvss: 7.3 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Incorrect boundary conditions in the WebRTC component. This vulnerability - was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird - 140.10. + description: SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local + attacker to escalate privileges via the secure_file_priv component. detection: payload: null verify: null @@ -28590,28 +23232,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6753 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2027501 - - https://www.mozilla.org/security/advisories/mfsa2026-30/ - - https://www.mozilla.org/security/advisories/mfsa2026-32/ - - https://www.mozilla.org/security/advisories/mfsa2026-33/ + - https://nvd.nist.gov/vuln/detail/CVE-2023-38899 + - https://github.com/berkaygediz/O_Blog + - https://github.com/berkaygediz/O_Blog/issues + - https://github.com/berkaygediz/O_Blog/issues/2 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6754-CANDIDATE - cve_id: CVE-2026-6754 - name: Candidate detection for CVE-2026-6754 + id: CVE-2023-38836-CANDIDATE + cve_id: CVE-2023-38836 + name: Candidate detection for CVE-2023-38836 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: Use-after-free in the JavaScript Engine component. This vulnerability - was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird - 150, and Thunderbird 140.10. + exploitdb_reference: true + description: File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker + to execute arbitrary code by adding a GIF header to bypass MIME type checks. detection: payload: null verify: null @@ -28619,29 +23259,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6754 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2027541 - - https://www.mozilla.org/security/advisories/mfsa2026-30/ - - https://www.mozilla.org/security/advisories/mfsa2026-31/ - - https://www.mozilla.org/security/advisories/mfsa2026-32/ + - https://nvd.nist.gov/vuln/detail/CVE-2023-38836 + - https://github.com/BoidCMS/BoidCMS/issues/27 generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2026-6784-CANDIDATE - cve_id: CVE-2026-6784 - name: Candidate detection for CVE-2026-6784 - severity: high - cvss: 7.5 + id: CVE-2023-39061-CANDIDATE + cve_id: CVE-2023-39061 + name: Candidate detection for CVE-2023-39061 + severity: low + cvss: 3.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Memory safety bugs present in Firefox 149 and Thunderbird 149. Some - of these bugs showed evidence of memory corruption and we presume that with enough - effort some of these could have been exploited to run arbitrary code. This vulnerability - was fixed in Firefox 150 and Thunderbird 150. + description: Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru + v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary + code. detection: payload: null verify: null @@ -28649,31 +23286,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6784 - - https://bugzilla.mozilla.org/buglist.cgi?bug_id=1536243%2C1745382%2C1851073%2C1893400%2C1963301%2C2001319%2C2002899%2C2012436%2C2014435%2C2016901%2C2019916%2C2020486%2C2020612%2C2020817%2C2021788%2C2022051%2C2022367%2C2022431%2C2023302%2C2023670%2C2024225%2C2024238%2C2024240%2C2024265%2C2024367%2C2024369%2C2024424%2C2024760%2C2025281%2C2025361%2C2025387%2C2025466%2C2025954%2C2025958%2C2026278%2C2026292%2C2026297%2C2026378%2C2027148%2C2027287%2C2027341%2C2027384%2C2027427%2C2027694%2C2027993%2C2028009%2C2028270%2C2028416%2C2028524%2C2029295%2C2029699%2C2029800%2C2029801 - - https://www.mozilla.org/security/advisories/mfsa2026-30/ - - https://www.mozilla.org/security/advisories/mfsa2026-33/ - - https://access.redhat.com/security/cve/CVE-2026-6784 + - https://nvd.nist.gov/vuln/detail/CVE-2023-39061 + - https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-123-2023-07-08-Moderate-impact-Moderate-risk-CSRF-through-admin-account-forum-posts generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40611-CANDIDATE - cve_id: CVE-2026-40611 - name: Candidate detection for CVE-2026-40611 - severity: high - cvss: 8.8 + id: CVE-2020-27418-CANDIDATE + cve_id: CVE-2020-27418 + name: Candidate detection for CVE-2020-27418 + severity: medium + cvss: 4.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Let's Encrypt client and ACME library written in Go (Lego). Prior to - 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary - file write and deletion via path traversal. A malicious ACME server can supply - a crafted challenge token containing ../ sequences, causing lego to write attacker-influenced - content to any path writable by the lego process. This vulnerability is fixed - in 4.34.0. + description: A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows + attackers to obatin sensitive information via vgacon_invert_region() function. detection: payload: null verify: null @@ -28681,26 +23311,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40611 - - https://github.com/go-acme/lego/security/advisories/GHSA-qqx8-2xmm-jrv8 - - https://access.redhat.com/errata/RHSA-2026:21772 - - https://access.redhat.com/security/cve/CVE-2026-40611 - - https://bugzilla.redhat.com/show_bug.cgi?id=2460233 + - https://nvd.nist.gov/vuln/detail/CVE-2020-27418 + - https://patchwork.freedesktop.org/patch/356372/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33813-CANDIDATE - cve_id: CVE-2026-33813 - name: Candidate detection for CVE-2026-33813 + id: CVE-2023-39810-CANDIDATE + cve_id: CVE-2023-39810 + name: Candidate detection for CVE-2023-39810 severity: high - cvss: 7.5 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Parsing a WEBP image with an invalid, large size panics on 32-bit platforms. + description: An issue in the CPIO command of Busybox v1.33.2 allows attackers to + execute a directory traversal. detection: payload: null verify: null @@ -28708,27 +23336,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33813 - - https://go.dev/cl/759860 - - https://go.dev/cl/780860 - - https://go.dev/issue/78407 - - https://pkg.go.dev/vuln/GO-2026-4961 + - https://nvd.nist.gov/vuln/detail/CVE-2023-39810 + - https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40372-CANDIDATE - cve_id: CVE-2026-40372 - name: Candidate detection for CVE-2026-40372 + id: CVE-2021-3262-CANDIDATE + cve_id: CVE-2021-3262 + name: Candidate detection for CVE-2021-3262 severity: critical - cvss: 9.1 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Improper verification of cryptographic signature in ASP.NET Core allows - an unauthorized attacker to elevate privileges over a network. + description: TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 + allows unsafe data inputs in POST body parameters from end users without sanitizing + using server-side logic. It was possible to inject custom SQL commands into the + "Student Busing Information" search queries. detection: payload: null verify: null @@ -28736,18 +23363,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40372 - - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40372 - - https://access.redhat.com/security/cve/CVE-2026-40372 - - https://bugzilla.redhat.com/show_bug.cgi?id=2460224 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40372.json + - https://nvd.nist.gov/vuln/detail/CVE-2021-3262 + - https://susos.co/blog/f/cve-disclosureuncovered-sql-injection-in-tripspark-veo-transport generated_from: - nvd - status: candidate executable: false - id: CVE-2026-22016-CANDIDATE - cve_id: CVE-2026-22016 - name: Candidate detection for CVE-2026-22016 + id: CVE-2023-36088-CANDIDATE + cve_id: CVE-2023-36088 + name: Candidate detection for CVE-2023-36088 severity: high cvss: 7.5 risk_level: unknown @@ -28755,22 +23379,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle - GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported - versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, - 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle - GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated - attacker with network access via multiple protocols to compromise Oracle Java - SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks - of this vulnerability can result in unauthorized access to critical data or complete - access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise - Edition accessible data. Note: This vulnerability can be exploited by using APIs - in the specified Component, e.g., through a web service which supplies data to - the APIs. This vulnerability also applies to Java deployments, typically in clients - running sandboxed Java Web Start applications or sandboxed Java applets, that - load and run untrusted code (e.g., code that comes from the internet) and rely - on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS - Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).' + description: Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio + version 3.7.0, allows remote attackers to gain sensitive information. detection: payload: null verify: null @@ -28778,41 +23388,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-22016 - - https://www.oracle.com/security-alerts/cpuapr2026.html - - https://access.redhat.com/errata/RHSA-2026:11403 - - https://access.redhat.com/errata/RHSA-2026:11655 - - https://access.redhat.com/errata/RHSA-2026:11822 + - https://nvd.nist.gov/vuln/detail/CVE-2023-36088 + - https://github.com/vesoft-inc/nebula-studio + - https://github.com/vesoft-inc/nebula-studio/issues/571 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34282-CANDIDATE - cve_id: CVE-2026-34282 - name: Candidate detection for CVE-2026-34282 - severity: high - cvss: 7.5 + id: CVE-2023-36361-CANDIDATE + cve_id: CVE-2023-36361 + name: Candidate detection for CVE-2023-36361 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle - GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported - versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, - 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise - Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker - with network access via multiple protocols to compromise Oracle Java SE, Oracle - GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this - vulnerability can result in unauthorized ability to cause a hang or frequently - repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle - GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using - APIs in the specified Component, e.g., through a web service which supplies data - to the APIs. This vulnerability also applies to Java deployments, typically in - clients running sandboxed Java Web Start applications or sandboxed Java applets, - that load and run untrusted code (e.g., code that comes from the internet) and - rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS - Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).' + description: Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability + via the p_table_name parameter. detection: payload: null verify: null @@ -28820,32 +23414,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34282 - - https://www.oracle.com/security-alerts/cpuapr2026.html - - https://access.redhat.com/errata/RHSA-2026:11403 - - https://access.redhat.com/errata/RHSA-2026:11655 - - https://access.redhat.com/errata/RHSA-2026:11822 + - https://nvd.nist.gov/vuln/detail/CVE-2023-36361 + - https://gist.github.com/Cameleon037/40b3b6f6729d1d0984d6ce5b6837c46b + - https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2023-36361 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40895-CANDIDATE - cve_id: CVE-2026-40895 - name: Candidate detection for CVE-2026-40895 - severity: high - cvss: 7.5 + id: CVE-2023-41009-CANDIDATE + cve_id: CVE-2023-41009 + name: Candidate detection for CVE-2023-41009 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: follow-redirects is an open source, drop-in replacement for Node's - `http` and `https` modules that automatically follows redirects. Prior to 1.16.0, - when an HTTP request follows a cross-domain redirect (301/302/307/308), follow-redirects - only strips authorization, proxy-authorization, and cookie headers (matched by - regex at index.js). Any custom authentication header (e.g., X-API-Key, X-Auth-Token, - Api-Key, Token) is forwarded verbatim to the redirect target. This vulnerability - is fixed in 1.16.0. + description: File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote + attacker to execute arbitrary code via a crafted script to the authorization field + in the header. detection: payload: null verify: null @@ -28853,30 +23441,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40895 - - https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653 - - https://access.redhat.com/errata/RHSA-2026:13826 - - https://access.redhat.com/errata/RHSA-2026:14937 - - https://access.redhat.com/errata/RHSA-2026:16476 + - https://nvd.nist.gov/vuln/detail/CVE-2023-41009 + - https://github.com/Rabb1tQ/HillstoneCVEs/blob/main/CVE-2023-41009/CVE-2023-41009.md + - https://github.com/adlered/bolo-solo generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40906-CANDIDATE - cve_id: CVE-2026-40906 - name: Candidate detection for CVE-2026-40906 - severity: critical - cvss: 9.9 + id: CVE-2023-37798-CANDIDATE + cve_id: CVE-2023-37798 + name: Candidate detection for CVE-2023-37798 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the - order_by parameter in the ElectricSQL /v1/shape API is vulnerable to error-based - SQL injection, allowing any authenticated user to read, write, and destroy the - full contents of the underlying PostgreSQL database through crafted ORDER BY expressions. - This vulnerability is fixed in 1.5.0. + description: A stored cross-site scripting (XSS) vulnerability in the new REDCap + project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute + arbitrary web scripts or HTML via injecting a crafted payload into the project + title parameter. detection: payload: null verify: null @@ -28884,37 +23469,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40906 - - https://github.com/electric-sql/electric/pull/4081 - - https://github.com/electric-sql/electric/security/advisories/GHSA-h5rg-pxx7-r2hj - - https://access.redhat.com/security/cve/CVE-2026-40906 - - https://bugzilla.redhat.com/show_bug.cgi?id=2460291 + - https://nvd.nist.gov/vuln/detail/CVE-2023-37798 + - https://www.cyderes.com/blog/cve-2023-37798-stored-cross-site-scripting-in-vanderbilt-redcap/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40938-CANDIDATE - cve_id: CVE-2026-40938 - name: Candidate detection for CVE-2026-40938 - severity: high - cvss: 7.5 + id: CVE-2021-45811-CANDIDATE + cve_id: CVE-2021-45811 + name: Candidate detection for CVE-2021-45811 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Tekton Pipelines project provides k8s-style resources for declaring - CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, - 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed - directly as a positional argument to git fetch without any validation that it - does not begin with a - character. Because git parses flags from mixed positional - arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=. - Combined with the validateRepoURL function explicitly permitting URLs that begin - with / (local filesystem paths), a tenant who can submit ResolutionRequest objects - can chain these two behaviors to execute an arbitrary binary on the resolver pod. - The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch - on all Secrets, so code execution on the resolver pod enables full cluster-wide - secret exfiltration. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue. + description: A SQL injection vulnerability in the "Search" functionality of "tickets.php" + page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL + commands via the "keywords" and "topic_id" URL parameters combination. detection: payload: null verify: null @@ -28922,42 +23495,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40938 - - https://github.com/tektoncd/pipeline/releases/tag/v1.11.1 - - https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq - - https://access.redhat.com/errata/RHSA-2026:17546 - - https://access.redhat.com/errata/RHSA-2026:24359 + - https://nvd.nist.gov/vuln/detail/CVE-2021-45811 + - https://members.backbox.org/osticket-sql-injection/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40575-CANDIDATE - cve_id: CVE-2026-40575 - name: Candidate detection for CVE-2026-40575 + id: CVE-2021-27715-CANDIDATE + cve_id: CVE-2021-27715 + name: Candidate detection for CVE-2021-27715 severity: critical - cvss: 9.1 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: OAuth2 Proxy is a reverse proxy that provides authentication using - OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied `X-Forwarded-Uri` - header when `--reverse-proxy` is enabled and `--skip-auth-regex` or `--skip-auth-route` - is configured. An attacker can spoof this header so OAuth2 Proxy evaluates authentication - and skip-auth rules against a different path than the one actually sent to the - upstream application. This can result in an unauthenticated remote attacker bypassing - authentication and accessing protected routes without a valid session. Impacted - users are deployments that run oauth2-proxy with `--reverse-proxy` enabled and - configure at least one `--skip-auth-regex` or `--skip-auth-route` rule. This issue - is patched in `v7.15.2`. Some workarounds are available for those who cannot upgrade - immediately. Strip any client-provided `X-Forwarded-Uri` header at the reverse - proxy or load balancer level; explicitly overwrite `X-Forwarded-Uri` with the - actual request URI before forwarding requests to OAuth2 Proxy; restrict direct - client access to OAuth2 Proxy so it can only be reached through a trusted reverse - proxy; and/or remove or narrow `--skip-auth-regex` / `--skip-auth-route` rules - where possible. For nginx-based deployments, ensure `X-Forwarded-Uri` is set by - nginx and not passed through from the client. + description: An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 + allows attackers to bypass the authentication and execute arbitrary code via crafted + HTTP request. detection: payload: null verify: null @@ -28965,30 +23521,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40575 - - https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-7x63-xv5r-3p2x - - https://access.redhat.com/security/cve/CVE-2026-40575 - - https://bugzilla.redhat.com/show_bug.cgi?id=2460449 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40575.json + - https://nvd.nist.gov/vuln/detail/CVE-2021-27715 + - https://www.nagarro.com/services/security/mofi-cve-security-advisory generated_from: - nvd - status: candidate executable: false - id: CVE-2026-22747-CANDIDATE - cve_id: CVE-2026-22747 - name: Candidate detection for CVE-2026-22747 - severity: medium - cvss: 6.8 + id: CVE-2023-39637-CANDIDATE + cve_id: CVE-2023-39637 + name: Candidate detection for CVE-2023-39637 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Vulnerability in Spring Spring Security.\_SubjectX500PrincipalExtractor\_\ - does not correctly handle certain malformed X.509 certificate\_CN\_values, which\ - \ can lead to reading the wrong value for the username. In a carefully crafted\ - \ certificate, this can lead to an attacker impersonating another user.\nThis\ - \ issue affects Spring Security: from 7.0.0 through 7.0.4." + description: D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection + vulnerability via the component /goform/Diagnosis. detection: payload: null verify: null @@ -28996,31 +23546,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-22747 - - https://spring.io/security/cve-2026-22747 - - https://access.redhat.com/security/cve/CVE-2026-22747 - - https://bugzilla.redhat.com/show_bug.cgi?id=2460487 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22747.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-39637 + - https://github.com/mmmmmx1/dlink/blob/main/DIR-816/readme.md + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-22754-CANDIDATE - cve_id: CVE-2026-22754 - name: Candidate detection for CVE-2026-22754 - severity: high - cvss: 7.5 + id: CVE-2023-41013-CANDIDATE + cve_id: CVE-2023-41013 + name: Candidate detection for CVE-2023-41013 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Vulnerability in Spring Spring Security. If an application uses\_\ - \_\ - to define the servlet path for computing a path matcher, then the servlet path\ - \ is not included and the related authorization rules are not exercised. This\ - \ can lead to an authorization bypass.This issue affects Spring Security: from\ - \ 7.0.0 through 7.0.4." + description: Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows + remote attackers to inject arbitrary web script or HTML via the "p4" field. detection: payload: null verify: null @@ -29028,29 +23572,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-22754 - - https://spring.io/security/cve-2026-22754 - - https://access.redhat.com/security/cve/CVE-2026-22754 - - https://bugzilla.redhat.com/show_bug.cgi?id=2460489 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22754.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-41013 + - https://medium.com/@katikitala.sushmitha078/cve-2023-41013-789841dcad91 + - https://medium.com/%40katikitala.sushmitha078/cve-2023-41013-789841dcad91 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40542-CANDIDATE - cve_id: CVE-2026-40542 - name: Candidate detection for CVE-2026-40542 - severity: high - cvss: 7.3 + id: CVE-2023-40984-CANDIDATE + cve_id: CVE-2023-40984 + name: Candidate detection for CVE-2023-40984 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Missing critical step in authentication in Apache HttpClient 5.6 allows - an attacker to cause the client to accept SCRAM-SHA-256 authentication without - proper mutual authentication verification. Users are recommended to upgrade to - version 5.6.1, which fixes this issue. + description: A reflected cross-site scripting (XSS) vulnerability in the File Manager + function of Webmin v2.100 allows attackers to execute malicious scripts via injecting + a crafted payload into the Replace in Results file. detection: payload: null verify: null @@ -29058,43 +23599,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40542 - - https://lists.apache.org/thread/tfmgv86xr0z1y096vs3z0y315t1v3o97 - - https://access.redhat.com/security/cve/CVE-2026-40542 - - https://bugzilla.redhat.com/show_bug.cgi?id=2460518 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40542.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-40984 + - https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40984 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-31431-CANDIDATE - cve_id: CVE-2026-31431 - name: Candidate detection for CVE-2026-31431 - severity: high - cvss: 7.8 + id: CVE-2023-40985-CANDIDATE + cve_id: CVE-2023-40985 + name: Candidate detection for CVE-2023-40985 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: - cisa_kev: true + cisa_kev: false exploitdb_reference: false - description: 'In the Linux kernel, the following vulnerability has been resolved: - - - crypto: algif_aead - Revert to operating out-of-place - - - This mostly reverts commit 72548b093ee3 except for the copying of - - the associated data. - - - There is no benefit in operating in-place in algif_aead since the - - source and destination come from different mappings. Get rid of - - all the complexity added for in-place operation and just copy the - - AD directly.' + description: An issue was discovered in Webmin 2.100. The File Manager functionality + allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing + a malicious payload, an attacker can inject arbitrary code, which is then executed + within the context of the victim's browser when any file is searched/replaced. detection: payload: null verify: null @@ -29102,33 +23626,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-31431 - - https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c - - https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc - - https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667 - - https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82 - - https://www.cisa.gov/known-exploited-vulnerabilities-catalog + - https://nvd.nist.gov/vuln/detail/CVE-2023-40985 + - https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40985 generated_from: - nvd - - cisa_kev - status: candidate executable: false - id: CVE-2026-6846-CANDIDATE - cve_id: CVE-2026-6846 - name: Candidate detection for CVE-2026-6846 - severity: high - cvss: 7.8 + id: CVE-2023-40986-CANDIDATE + cve_id: CVE-2023-40986 + name: Candidate detection for CVE-2023-40986 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in binutils. A heap-buffer-overflow vulnerability - exists when processing a specially crafted XCOFF (Extended Common Object File - Format) object file during linking. A local attacker could trick a user into processing - this malicious file, which could lead to arbitrary code execution, allowing the - attacker to run unauthorized commands, or cause a denial of service, making the - system unavailable. + description: A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration + function of Webmin v2.100 allows attackers to execute arbitrary web sripts or + HTML via a crafted payload injected into the Custom field. detection: payload: null verify: null @@ -29136,30 +23652,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6846 - - https://access.redhat.com/errata/RHSA-2026:33527 - - https://access.redhat.com/security/cve/CVE-2026-6846 - - https://bugzilla.redhat.com/show_bug.cgi?id=2460006 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6846.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-40986 + - https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40986 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6857-CANDIDATE - cve_id: CVE-2026-6857 - name: Candidate detection for CVE-2026-6857 - severity: high - cvss: 7.5 + id: CVE-2023-40982-CANDIDATE + cve_id: CVE-2023-40982 + name: Candidate detection for CVE-2023-40982 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in camel-infinispan. This vulnerability involves unsafe - deserialization in the ProtoStream remote aggregation repository. A remote attacker - with low privileges could exploit this by sending specially crafted data, leading - to arbitrary code execution. This allows the attacker to gain full control over - the affected system, impacting its confidentiality, integrity, and availability. + description: A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 + allows attackers to execute arbitrary web scripts or HTML via a crafted payload + injected into the cloned module name parameter. detection: payload: null verify: null @@ -29167,54 +23678,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6857 - - https://access.redhat.com/errata/RHSA-2026:17668 - - https://access.redhat.com/errata/RHSA-2026:22453 - - https://access.redhat.com/security/cve/CVE-2026-6857 - - https://bugzilla.redhat.com/show_bug.cgi?id=2460003 + - https://nvd.nist.gov/vuln/detail/CVE-2023-40982 + - https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40982 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-31474-CANDIDATE - cve_id: CVE-2026-31474 - name: Candidate detection for CVE-2026-31474 - severity: high - cvss: 7.8 + id: CVE-2023-40983-CANDIDATE + cve_id: CVE-2023-40983 + name: Candidate detection for CVE-2023-40983 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'In the Linux kernel, the following vulnerability has been resolved: - - - can: isotp: fix tx.buf use-after-free in isotp_sendmsg() - - - isotp_sendmsg() uses only cmpxchg() on so->tx.state to serialize access - - to so->tx.buf. isotp_release() waits for ISOTP_IDLE via - - wait_event_interruptible() and then calls kfree(so->tx.buf). - - - If a signal interrupts the wait_event_interruptible() inside close() - - while tx.state is ISOTP_SENDING, the loop exits early and release - - proceeds to force ISOTP_SHUTDOWN and continues to kfree(so->tx.buf) - - while sendmsg may still be reading so->tx.buf for the final CAN frame - - in isotp_fill_dataframe(). - - - The so->tx.buf can be allocated once when the standard tx.buf length needs - - to be extended. Move the kfree() of this potentially extended tx.buf to - - sk_destruct time when either isotp_sendmsg() and isotp_release() are done.' + description: A reflected cross-site scripting (XSS) vulnerability in the File Manager + function of Webmin v2.100 allows attackers to execute malicious scripts via injecting + a crafted payload into the Find in Results file. detection: payload: null verify: null @@ -29222,57 +23704,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-31474 - - https://git.kernel.org/stable/c/2e62e7051eca75a7f2e3d52d62ec10d7d7aa358c - - https://git.kernel.org/stable/c/424e95d62110cdbc8fd12b40918f37e408e35a92 - - https://git.kernel.org/stable/c/9649d051e54413049c009638ec1dc23962c884a4 - - https://git.kernel.org/stable/c/cb3d6efa78460e6d50bf68806d0db66265709f64 + - https://nvd.nist.gov/vuln/detail/CVE-2023-40983 + - https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40983 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-31488-CANDIDATE - cve_id: CVE-2026-31488 - name: Candidate detection for CVE-2026-31488 + id: CVE-2023-41595-CANDIDATE + cve_id: CVE-2023-41595 + name: Candidate detection for CVE-2023-41595 severity: high - cvss: 7.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "In the Linux kernel, the following vulnerability has been resolved:\n\ - \ndrm/amd/display: Do not skip unrelated mode changes in DSC validation\n\nStarting\ - \ with commit 17ce8a6907f7 (\"drm/amd/display: Add dsc pre-validation in\natomic\ - \ check\"), amdgpu resets the CRTC state mode_changed flag to false when\nrecomputing\ - \ the DSC configuration results in no timing change for a particular\nstream.\n\ - \nHowever, this is incorrect in scenarios where a change in MST/DSC configuration\n\ - happens in the same KMS commit as another (unrelated) mode change. For example,\n\ - the integrated panel of a laptop may be configured differently (e.g., HDR\nenabled/disabled)\ - \ depending on whether external screens are attached. In this\ncase, plugging\ - \ in external DP-MST screens may result in the mode_changed flag\nbeing dropped\ - \ incorrectly for the integrated panel if its DSC configuration\ndid not change\ - \ during precomputation in pre_validate_dsc().\n\nAt this point, however, dm_update_crtc_state()\ - \ has already created new streams\nfor CRTCs with DSC-independent mode changes.\ - \ In turn,\namdgpu_dm_commit_streams() will never release the old stream, resulting\ - \ in a\nmemory leak. amdgpu_dm_atomic_commit_tail() will never acquire a reference\ - \ to\nthe new stream either, which manifests as a use-after-free when the stream\ - \ gets\ndisabled later on:\n\nBUG: KASAN: use-after-free in dc_stream_release+0x25/0x90\ - \ [amdgpu]\nWrite of size 4 at addr ffff88813d836524 by task kworker/9:9/29977\n\ - \nWorkqueue: events drm_mode_rmfb_work_fn\nCall Trace:\n \n dump_stack_lvl+0x6e/0xa0\n\ - \ print_address_description.constprop.0+0x88/0x320\n ? dc_stream_release+0x25/0x90\ - \ [amdgpu]\n print_report+0xfc/0x1ff\n ? srso_alias_return_thunk+0x5/0xfbef5\n\ - \ ? __virt_addr_valid+0x225/0x4e0\n ? dc_stream_release+0x25/0x90 [amdgpu]\n kasan_report+0xe1/0x180\n\ - \ ? dc_stream_release+0x25/0x90 [amdgpu]\n kasan_check_range+0x125/0x200\n dc_stream_release+0x25/0x90\ - \ [amdgpu]\n dc_state_destruct+0x14d/0x5c0 [amdgpu]\n dc_state_release.part.0+0x4e/0x130\ - \ [amdgpu]\n dm_atomic_destroy_state+0x3f/0x70 [amdgpu]\n drm_atomic_state_default_clear+0x8ee/0xf30\n\ - \ ? drm_mode_object_put.part.0+0xb1/0x130\n __drm_atomic_state_free+0x15c/0x2d0\n\ - \ atomic_remove_fb+0x67e/0x980\n\nSince there is no reliable way of figuring out\ - \ whether a CRTC has unrelated\nmode changes pending at the time of DSC validation,\ - \ remember the value of the\nmode_changed flag from before the point where a CRTC\ - \ was marked as potentially\naffected by a change in DSC configuration. Reset\ - \ the mode_changed flag to this\nearlier value instead in pre_validate_dsc().\n\ - \n(cherry picked from commit cc7c7121ae082b7b82891baa7280f1ff2608f22b)" + description: An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information + via default password. detection: payload: null verify: null @@ -29280,46 +23729,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-31488 - - https://git.kernel.org/stable/c/10862e344b4d6434642a48c87d765813fc0b0ba7 - - https://git.kernel.org/stable/c/111208b5b7ebcdadb3f922cc52d8425f0fa91b33 - - https://git.kernel.org/stable/c/21159d8b335a6b9f44cbb506733013a902ae2da4 - - https://git.kernel.org/stable/c/8a5edc97fd9c6415ff2eff872748439a97e3c3d8 + - https://nvd.nist.gov/vuln/detail/CVE-2023-41595 + - https://github.com/dubin12345/xui-xary/blob/main/README.md + - https://github.com/vaxilu/x-ui generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41651-CANDIDATE - cve_id: CVE-2026-41651 - name: Candidate detection for CVE-2026-41651 - severity: high - cvss: 8.8 + id: CVE-2023-39039-CANDIDATE + cve_id: CVE-2023-39039 + name: Candidate detection for CVE-2023-39039 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "PackageKit is a a D-Bus abstraction layer that allows the user to\ - \ manage packages in a secure way using a cross-distro, cross-architecture API.\ - \ PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a\ - \ time-of-check time-of-use (TOCTOU) race condition on transaction flags that\ - \ allows unprivileged users to install packages as root and thus leads to a local\ - \ privilege escalation. This is patched in version 1.3.5.\n\nA local unprivileged\ - \ user can install arbitrary RPM packages as root, including executing RPM scriptlets,\ - \ without authentication. The vulnerability is a TOCTOU race condition on `transaction->cached_transaction_flags`\ - \ combined with a silent state-machine guard that discards illegal backward transitions\ - \ while leaving corrupted flags in place. Three bugs exist in `src/pk-transaction.c`:\n\ - 1. Unconditional flag overwrite (line 4036): `InstallFiles()` writes caller-supplied\ - \ flags to `transaction->cached_transaction_flags` without checking whether the\ - \ transaction has already been authorized/started. A second call blindly overwrites\ - \ the flags even while the transaction is RUNNING.\n2. Silent state-transition\ - \ rejection (lines 873\u2013882): `pk_transaction_set_state()` silently discards\ - \ backward state transitions (e.g. `RUNNING` \u2192 `WAITING_FOR_AUTH`) but the\ - \ flag overwrite at step 1 already happened. The transaction continues running\ - \ with corrupted flags.\n3. Late flag read at execution time (lines 2273\u2013\ - 2277): The scheduler's idle callback reads cached_transaction_flags at dispatch\ - \ time, not at authorization time. If flags were overwritten between authorization\ - \ and execution, the backend sees the attacker's flags." + description: An information leak in Camp Style Project Line v13.6.1 allows attackers + to obtain the channel access token and send crafted messages. detection: payload: null verify: null @@ -29327,30 +23755,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41651 - - https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L2273-L2277 - - https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L4036 - - https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L873-L882 - - https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv + - https://nvd.nist.gov/vuln/detail/CVE-2023-39039 + - https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39039.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6859-CANDIDATE - cve_id: CVE-2026-6859 - name: Candidate detection for CVE-2026-6859 - severity: high - cvss: 8.8 + id: CVE-2023-39040-CANDIDATE + cve_id: CVE-2023-39040 + name: Candidate detection for CVE-2023-39040 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in InstructLab. The `linux_train.py` script hardcodes - `trust_remote_code=True` when loading models from HuggingFace. This allows a remote - attacker to achieve arbitrary Python code execution by convincing a user to run - `ilab train/download/generate` with a specially crafted malicious model from the - HuggingFace Hub. This vulnerability can lead to complete system compromise. + description: An information leak in Cheese Cafe Line v13.6.1 allows attackers to + obtain the channel access token and send crafted messages. detection: payload: null verify: null @@ -29358,33 +23780,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6859 - - https://access.redhat.com/security/cve/CVE-2026-6859 - - https://bugzilla.redhat.com/show_bug.cgi?id=2459998 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6859.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-39040 + - https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39040.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41176-CANDIDATE - cve_id: CVE-2026-41176 - name: Candidate detection for CVE-2026-41176 - severity: critical - cvss: 9.8 + id: CVE-2023-39043-CANDIDATE + cve_id: CVE-2023-39043 + name: Candidate detection for CVE-2023-39043 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Rclone is a command-line program to sync files and directories to - and from different cloud storage providers. The RC endpoint `options/set` is exposed - without `AuthRequired: true`, but it can mutate global runtime configuration, - including the RC option block itself. Starting in version 1.45.0 and prior to - version 1.73.5, an unauthenticated attacker can set `rc.NoAuth=true`, which disables - the authorization gate for many RC methods registered with `AuthRequired: true` - on reachable RC servers that are started without global HTTP authentication. This - can lead to unauthorized access to sensitive administrative functionality, including - configuration and operational RC methods. Version 1.73.5 patches the issue.' + description: An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows + attackers to obtain the channel access token and send crafted messages. detection: payload: null verify: null @@ -29392,34 +23805,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41176 - - https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/config.go - - https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/rcserver/rcserver.go - - https://github.com/rclone/rclone/security/advisories/GHSA-25qr-6mpr-f7qx - - https://access.redhat.com/security/cve/CVE-2026-41176 + - https://nvd.nist.gov/vuln/detail/CVE-2023-39043 + - https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39043.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41179-CANDIDATE - cve_id: CVE-2026-41179 - name: Candidate detection for CVE-2026-41179 - severity: critical - cvss: 9.8 + id: CVE-2023-39058-CANDIDATE + cve_id: CVE-2023-39058 + name: Candidate detection for CVE-2023-39058 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Rclone is a command-line program to sync files and directories to - and from different cloud storage providers. Starting in version 1.48.0 and prior - to version 1.73.5, the RC endpoint `operations/fsinfo` is exposed without `AuthRequired: - true` and accepts attacker-controlled `fs` input. Because `rc.GetFs(...)` supports - inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled - backend on demand. For the WebDAV backend, `bearer_token_command` is executed - during backend initialization, making single-request unauthenticated local command - execution possible on reachable RC deployments without global HTTP authentication. - Version 1.73.5 patches the issue.' + description: An information leak in THE_B_members card v13.6.1 allows attackers + to obtain the channel access token and send crafted messages. detection: payload: null verify: null @@ -29427,29 +23830,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41179 - - https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/backend/webdav/webdav.go - - https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/operations/rc.go - - https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/cache.go - - https://github.com/rclone/rclone/commit/2a9e952b38e03a96bf40c9eb6e8e22199865ee3b + - https://nvd.nist.gov/vuln/detail/CVE-2023-39058 + - https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39058.md generated_from: - nvd - status: candidate executable: false - id: CVE-2025-13763-CANDIDATE - cve_id: CVE-2025-13763 - name: Candidate detection for CVE-2025-13763 + id: CVE-2023-39046-CANDIDATE + cve_id: CVE-2023-39046 + name: Candidate detection for CVE-2023-39046 severity: medium - cvss: 5.7 + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Multiple uses of uninitialized variables were found in libopensc that - may lead to information disclosure or application crash. An attack requires a - crafted USB device or smart card that would present the system with specially - crafted responses to the APDUs + description: An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers + to obtain the channel access token and send crafted messages. detection: payload: null verify: null @@ -29457,30 +23855,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-13763 - - https://access.redhat.com/security/cve/CVE-2025-13763 - - https://bugzilla.redhat.com/show_bug.cgi?id=2417581 - - https://github.com/OpenSC/OpenSC/security/advisories/GHSA-2v44-fq35-98vv - - https://github.com/OpenSC/OpenSC/wiki/CVE-2025-13763 + - https://nvd.nist.gov/vuln/detail/CVE-2023-39046 + - https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39046.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33999-CANDIDATE - cve_id: CVE-2026-33999 - name: Candidate detection for CVE-2026-33999 - severity: high - cvss: 7.8 + id: CVE-2023-39049-CANDIDATE + cve_id: CVE-2023-39049 + name: Candidate detection for CVE-2023-39049 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the X.Org X server. This integer underflow vulnerability, - specifically in the XKB compatibility map handling, allows an attacker with local - or remote X11 server access to trigger a buffer read overrun. This can lead to - memory-safety violations and potentially a denial of service (DoS) or other severe - impacts. + description: An information leak in youmart-tokunaga v13.6.1 allows attackers to + obtain the channel access token and send crafted messages. detection: payload: null verify: null @@ -29488,30 +23880,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33999 - - https://access.redhat.com/errata/RHSA-2026:10739 - - https://access.redhat.com/errata/RHSA-2026:11352 - - https://access.redhat.com/errata/RHSA-2026:11369 - - https://access.redhat.com/errata/RHSA-2026:11388 + - https://nvd.nist.gov/vuln/detail/CVE-2023-39049 + - https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39049.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34001-CANDIDATE - cve_id: CVE-2026-34001 - name: Candidate detection for CVE-2026-34001 - severity: high - cvss: 7.8 + id: CVE-2023-39056-CANDIDATE + cve_id: CVE-2023-39056 + name: Candidate detection for CVE-2023-39056 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the X.Org X server. This use-after-free vulnerability - occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() - function. An attacker with access to the X11 server can exploit this without user - interaction, leading to a server crash and potentially enabling memory corruption. - This could result in a denial of service or further compromise of the system. + description: An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain + the channel access token and send crafted messages. detection: payload: null verify: null @@ -29519,30 +23905,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34001 - - https://access.redhat.com/errata/RHSA-2026:10739 - - https://access.redhat.com/errata/RHSA-2026:11352 - - https://access.redhat.com/errata/RHSA-2026:11369 - - https://access.redhat.com/errata/RHSA-2026:11388 + - https://nvd.nist.gov/vuln/detail/CVE-2023-39056 + - https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39056.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-34003-CANDIDATE - cve_id: CVE-2026-34003 - name: Candidate detection for CVE-2026-34003 - severity: high - cvss: 7.8 + id: CVE-2023-42399-CANDIDATE + cve_id: CVE-2023-42399 + name: Candidate detection for CVE-2023-42399 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the X.Org X server's XKB key types request validation. - A local attacker could send a specially crafted request to the X server, leading - to an out-of-bounds memory access vulnerability. This could result in the disclosure - of sensitive information or cause the server to crash, leading to a Denial of - Service (DoS). In certain configurations, higher impact outcomes may be possible. + description: Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 + allows a remote attacker to obtain sensitive information via the rich text editor + component. detection: payload: null verify: null @@ -29550,33 +23931,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-34003 - - https://access.redhat.com/errata/RHSA-2026:10739 - - https://access.redhat.com/errata/RHSA-2026:11352 - - https://access.redhat.com/errata/RHSA-2026:11369 - - https://access.redhat.com/errata/RHSA-2026:11388 + - https://nvd.nist.gov/vuln/detail/CVE-2023-42399 + - https://github.com/xdan/jodit/issues/1017 + - https://xdsoft.net generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40886-CANDIDATE - cve_id: CVE-2026-40886 - name: Candidate detection for CVE-2026-40886 - severity: high - cvss: 7.7 + id: CVE-2023-40931-CANDIDATE + cve_id: CVE-2023-40931 + name: Candidate detection for CVE-2023-40931 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Argo Workflows is an open source container-native workflow engine for - orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array - index in the pod informer's podGCFromPod() function causes a controller-wide panic - when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy - annotation. Because the panic occurs inside an informer goroutine (outside the - controller's recover() scope), it crashes the entire controller process. The poisoned - pod persists across restarts, causing a crash loop that halts all workflow processing - until the pod is manually deleted. This vulnerability is fixed in 4.0.5 and 3.7.14. + description: A SQL injection vulnerability in Nagios XI from version 5.11.0 up to + and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands + via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php detection: payload: null verify: null @@ -29584,38 +23958,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40886 - - https://github.com/argoproj/argo-workflows/security/advisories/GHSA-5jv8-h7qh-rf5p - - https://access.redhat.com/security/cve/CVE-2026-40886 - - https://bugzilla.redhat.com/show_bug.cgi?id=2461236 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40886.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-40931 + - https://outpost24.com/blog/nagios-xi-vulnerabilities/ + - https://www.nagios.com/products/security/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41246-CANDIDATE - cve_id: CVE-2026-41246 - name: Candidate detection for CVE-2026-41246 - severity: high - cvss: 8.1 + id: CVE-2023-40932-CANDIDATE + cve_id: CVE-2023-40932 + name: Candidate detection for CVE-2023-40932 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Contour is a Kubernetes ingress controller using Envoy proxy. From - v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature - is vulnerable to Lua code injection. An attacker with RBAC permissions to create - or modify HTTPProxy resources can craft a malicious value in spec.routes[].cookieRewritePolicies[].pathRewrite.value - or spec.routes[].services[].cookieRewritePolicies[].pathRewrite.value that results - in arbitrary code execution in the Envoy proxy. The cookie rewriting feature is - internally implemented using Envoy's HTTP Lua filter. User-controlled values are - interpolated into Lua source code using Go text/template without sufficient sanitization. - The injected code only executes when processing traffic on the attacker's own - route, which they already control. However, since Envoy runs as shared infrastructure, - the injected code can also read Envoy's xDS client credentials from the filesystem - or cause denial of service for other tenants sharing the Envoy instance. This - vulnerability is fixed in v1.33.4, v1.32.5, and v1.31.6. + description: A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 + and below allows authenticated attackers with access to the custom logo component + to inject arbitrary javascript or HTML via the alt-text field. This affects all + pages containing the navbar including the login page which means the attacker + is able to to steal plaintext credentials. detection: payload: null verify: null @@ -29623,31 +23987,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41246 - - https://github.com/projectcontour/contour/releases/tag/v1.31.6 - - https://github.com/projectcontour/contour/releases/tag/v1.32.5 - - https://github.com/projectcontour/contour/releases/tag/v1.33.4 - - https://github.com/projectcontour/contour/security/advisories/GHSA-x4mj-7f9g-29h4 + - https://nvd.nist.gov/vuln/detail/CVE-2023-40932 + - https://outpost24.com/blog/nagios-xi-vulnerabilities/ + - https://www.nagios.com/products/security/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6732-CANDIDATE - cve_id: CVE-2026-6732 - name: Candidate detection for CVE-2026-6732 - severity: medium - cvss: 6.5 + id: CVE-2023-40933-CANDIDATE + cve_id: CVE-2023-40933 + name: Candidate detection for CVE-2023-40933 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in libxml2. This vulnerability occurs when the library - processes a specially crafted XML Schema Definition (XSD) validated document that - includes an internal entity reference. An attacker could exploit this by providing - a malicious document, leading to a type confusion error that causes the application - to crash. This results in a denial of service (DoS), making the affected system - or application unavailable. + description: A SQL injection vulnerability in Nagios XI v5.11.1 and below allows + authenticated attackers with announcement banner configuration privileges to execute + arbitrary SQL commands via the ID parameter sent to the update_banner_message() + function. detection: payload: null verify: null @@ -29655,35 +24015,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6732 - - https://access.redhat.com/errata/RHSA-2026:11503 - - https://access.redhat.com/security/cve/CVE-2026-6732 - - https://bugzilla.redhat.com/show_bug.cgi?id=2461300 - - https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097 + - https://nvd.nist.gov/vuln/detail/CVE-2023-40933 + - https://outpost24.com/blog/nagios-xi-vulnerabilities/ + - https://www.nagios.com/products/security/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41316-CANDIDATE - cve_id: CVE-2026-41316 - name: Candidate detection for CVE-2026-41316 + id: CVE-2023-40934-CANDIDATE + cve_id: CVE-2023-40934 + name: Candidate detection for CVE-2023-40934 severity: high - cvss: 8.1 + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 - was published on rubygems.org) introduced an `@_init` instance variable guard - in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is - reconstructed via `Marshal.load` (deserialization). However, three other public - methods that also evaluate `@src` via `eval()` were not given the same guard: - `ERB#def_method`, `ERB#def_module`, and `ERB#def_class`. An attacker who can trigger - `Marshal.load` on untrusted data in a Ruby application that has `erb` loaded can - use `ERB#def_module` (zero-arg, default parameters) as a code execution sink, - bypassing the `@_init` protection entirely. ERB 4.0.3.1, 4.0.4.1, 6.0.1.1, and - 6.0.4 patch the issue.' + description: A SQL injection vulnerability in Nagios XI 5.11.1 and below allows + authenticated attackers with privileges to manage host escalations in the Core + Configuration Manager to execute arbitrary SQL commands via the host escalation + notification settings. detection: payload: null verify: null @@ -29691,32 +24043,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41316 - - https://github.com/ruby/erb/security/advisories/GHSA-q339-8rmv-2mhv - - https://access.redhat.com/errata/RHSA-2026:18030 - - https://access.redhat.com/errata/RHSA-2026:18039 - - https://access.redhat.com/errata/RHSA-2026:18065 + - https://nvd.nist.gov/vuln/detail/CVE-2023-40934 + - https://outpost24.com/blog/nagios-xi-vulnerabilities/ + - https://www.nagios.com/products/security/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-21728-CANDIDATE - cve_id: CVE-2026-21728 - name: Candidate detection for CVE-2026-21728 + id: CVE-2023-38886-CANDIDATE + cve_id: CVE-2023-38886 + name: Candidate detection for CVE-2023-38886 severity: high - cvss: 7.5 + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Tempo queries with large limits can cause large memory allocations - which can impact the availability of the service, depending on its deployment - strategy. - - - Mitigation can be done by setting max_result_limit in the search config, e.g. - to 262144 (2^18).' + description: An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged + attacker to execute arbitrary code via a crafted command/script. detection: payload: null verify: null @@ -29724,18 +24069,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-21728 - - https://grafana.com/security/security-advisories/cve-2026-21728 - - https://access.redhat.com/errata/RHSA-2026:21769 - - https://access.redhat.com/errata/RHSA-2026:22347 - - https://access.redhat.com/errata/RHSA-2026:22423 + - https://nvd.nist.gov/vuln/detail/CVE-2023-38886 + - https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38886_Dolibarr_RCE-1.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40466-CANDIDATE - cve_id: CVE-2026-40466 - name: Candidate detection for CVE-2026-40466 + id: CVE-2023-38887-CANDIDATE + cve_id: CVE-2023-38887 + name: Candidate detection for CVE-2023-38887 severity: high cvss: 8.8 risk_level: unknown @@ -29743,22 +24085,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: "Improper Input Validation, Improper Control of Generation of Code\ - \ ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ\ - \ All, Apache ActiveMQ.\n\n\n\nAn authenticated attacker may bypass the fix in\ - \ CVE-2026-34197 by adding a connector using an HTTP Discovery transport via\_\ - BrokerView.addNetworkConnector or\_BrokerView.addConnector through\_Jolokia if\ - \ the activemq-http module is on the classpath.\nA malicious HTTP endpoint can\ - \ return a VM transport through the HTTP URI which will bypass the validation\ - \ added in CVE-2026-34197. The attacker can then use the VM transport's brokerConfig\ - \ parameter to load a remote Spring XML application context using ResourceXmlApplicationContext.\n\ - Because Spring's ResourceXmlApplicationContext instantiates all singleton beans\ - \ before the BrokerService validates the configuration, arbitrary code execution\ - \ occurs on the broker's JVM through bean factory methods such as Runtime.exec().\n\ - \n\nThis issue affects Apache ActiveMQ Broker: before 5.19.6, from 6.0.0 before\ - \ 6.2.5; Apache ActiveMQ All: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ:\ - \ before 5.19.6, from 6.0.0 before 6.2.5.\n\nUsers are recommended to upgrade\ - \ to version 5.19.6 or 6.2.5, which fixes the issue." + description: File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows + a remote attacker to execute arbitrary code and obtain sensitive information via + the extension filtering and renaming functions. detection: payload: null verify: null @@ -29766,51 +24095,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40466 - - https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt - - https://access.redhat.com/security/cve/CVE-2026-40466 - - https://bugzilla.redhat.com/show_bug.cgi?id=2461410 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40466.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-38887 + - https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38887_Dolibarr_AFU.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41044-CANDIDATE - cve_id: CVE-2026-41044 - name: Candidate detection for CVE-2026-41044 - severity: high - cvss: 8.8 + id: CVE-2023-38888-CANDIDATE + cve_id: CVE-2023-38888 + name: Candidate detection for CVE-2023-38888 + severity: critical + cvss: 9.6 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Improper Input Validation, Improper Control of Generation of Code - (''Code Injection'') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, - Apache ActiveMQ All. - - - An authenticated attacker can use the admin web console page to construct a malicious - broker name that bypasses name validation to include an xbean binding that can - be later used by a VM transport to load a remote Spring XML application. - - The attacker can then use the DestinationView mbean to send a message to trigger - a VM transport creation that will reference this malicious broker name which can - lead to loading the malicious Spring XML context file. - - - - Because Spring''s ResourceXmlApplicationContext instantiates all singleton beans - before the BrokerService validates the configuration, arbitrary code execution - occurs on the broker''s JVM through bean factory methods such as Runtime.exec(). - - - This issue affects Apache ActiveMQ: before 5.19.6, from 6.0.0 before 6.2.5; Apache - ActiveMQ Broker: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ All: - before 5.19.6, from 6.0.0 before 6.2.5. - - - Users are recommended to upgrade to version 6.2.5 or 5.19.6, which fixes the issue.' + description: Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and + before allows a remote attacker to obtain sensitive information and execute arbitrary + code via the REST API module, related to analyseVarsForSqlAndScriptsInjection + and testSqlAndScriptInject. detection: payload: null verify: null @@ -29818,31 +24122,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41044 - - https://activemq.apache.org/security-advisories.data/CVE-2026-41044-announcement.txt - - https://access.redhat.com/security/cve/CVE-2026-41044 - - https://bugzilla.redhat.com/show_bug.cgi?id=2461409 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41044.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-38888 + - https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38888_Dolibarr_XSS.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2026-5367-CANDIDATE - cve_id: CVE-2026-5367 - name: Candidate detection for CVE-2026-5367 - severity: high - cvss: 8.6 + id: CVE-2023-43141-CANDIDATE + cve_id: CVE-2023-43141 + name: Candidate detection for CVE-2023-43141 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in OVN (Open Virtual Network). A remote attacker, - by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT - packets with an inflated Client ID length, could cause the ovn-controller to read - beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure - of sensitive information stored in heap memory, which is then returned to the - attacker's virtual machine port. + description: TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable + to Incorrect Access Control. detection: payload: null verify: null @@ -29850,55 +24147,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-5367 - - https://access.redhat.com/errata/RHSA-2026:11694 - - https://access.redhat.com/errata/RHSA-2026:11695 - - https://access.redhat.com/errata/RHSA-2026:11696 - - https://access.redhat.com/errata/RHSA-2026:11698 + - https://nvd.nist.gov/vuln/detail/CVE-2023-43141 + - https://github.com/Blue-And-White/vul/blob/main/Iot/TOTOLINK/1/readme.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-31607-CANDIDATE - cve_id: CVE-2026-31607 - name: Candidate detection for CVE-2026-31607 - severity: critical - cvss: 9.8 + id: CVE-2023-42426-CANDIDATE + cve_id: CVE-2023-42426 + name: Candidate detection for CVE-2023-42426 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "In the Linux kernel, the following vulnerability has been resolved:\n\ - \nusbip: validate number_of_packets in usbip_pack_ret_submit()\n\nWhen a USB/IP\ - \ client receives a RET_SUBMIT response,\nusbip_pack_ret_submit() unconditionally\ - \ overwrites\nurb->number_of_packets from the network PDU. This value is\nsubsequently\ - \ used as the loop bound in usbip_recv_iso() and\nusbip_pad_iso() to iterate over\ - \ urb->iso_frame_desc[], a flexible\narray whose size was fixed at URB allocation\ - \ time based on the\n*original* number_of_packets from the CMD_SUBMIT.\n\nA malicious\ - \ USB/IP server can set number_of_packets in the response\nto a value larger than\ - \ what was originally submitted, causing a heap\nout-of-bounds write when usbip_recv_iso()\ - \ writes to\nurb->iso_frame_desc[i] beyond the allocated region.\n\nKASAN confirmed\ - \ this with kernel 7.0.0-rc5:\n\n BUG: KASAN: slab-out-of-bounds in usbip_recv_iso+0x46a/0x640\n\ - \ Write of size 4 at addr ffff888106351d40 by task vhci_rx/69\n\n The buggy\ - \ address is located 0 bytes to the right of\n allocated 320-byte region [ffff888106351c00,\ - \ ffff888106351d40)\n\nThe server side (stub_rx.c) and gadget side (vudc_rx.c)\ - \ already\nvalidate number_of_packets in the CMD_SUBMIT path since commits\nc6688ef9f297\ - \ (\"usbip: fix stub_rx: harden CMD_SUBMIT path to handle\nmalicious input\")\ - \ and b78d830f0049 (\"usbip: fix vudc_rx: harden\nCMD_SUBMIT path to handle malicious\ - \ input\"). The server side validates\nagainst USBIP_MAX_ISO_PACKETS because no\ - \ URB exists yet at that point.\nOn the client side we have the original URB,\ - \ so we can use the tighter\nbound: the response must not exceed the original\ - \ number_of_packets.\n\nThis mirrors the existing validation of actual_length\ - \ against\ntransfer_buffer_length in usbip_recv_xbuff(), which checks the\nresponse\ - \ value against the original allocation size.\n\nKelvin Mbogo's series (\"usb:\ - \ usbip: fix integer overflow in\nusbip_recv_iso()\", v2) hardens the receive-side\ - \ functions themselves;\nthis patch complements that work by catching the bad\ - \ value at its\nsource -- in usbip_pack_ret_submit() before the overwrite -- and\n\ - using the tighter per-URB allocation bound rather than the global\nUSBIP_MAX_ISO_PACKETS\ - \ limit.\n\nFix this by checking rpdu->number_of_packets against\nurb->number_of_packets\ - \ in usbip_pack_ret_submit() before the\noverwrite. On violation, clamp to zero\ - \ so that usbip_recv_iso() and\nusbip_pad_iso() safely return early." + description: Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 + allows remote attackers to execute arbitrary code via the 'Insert link' parameter + in the 'Insert Image' component. detection: payload: null verify: null @@ -29906,39 +24173,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-31607 - - https://git.kernel.org/stable/c/2ab833a16a825373aad2ba7d54b572b277e95b71 - - https://git.kernel.org/stable/c/324262c38438255bf6bdbf6342ca47c0badaab76 - - https://git.kernel.org/stable/c/5e1c4ece08ccdc197177631f111845a2c68eede3 - - https://git.kernel.org/stable/c/885c8591784da6314f9aa82fa460ac69f9f79e5f + - https://nvd.nist.gov/vuln/detail/CVE-2023-42426 + - https://github.com/b0marek/CVE-2023-42426 + - https://www.youtube.com/watch?v=Me33Dx1_XqQ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-31617-CANDIDATE - cve_id: CVE-2026-31617 - name: Candidate detection for CVE-2026-31617 - severity: medium - cvss: 5.5 + id: CVE-2023-43278-CANDIDATE + cve_id: CVE-2023-43278 + name: Candidate detection for CVE-2023-43278 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "In the Linux kernel, the following vulnerability has been resolved:\n\ - \nusb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()\n\nThe block_len\ - \ read from the host-supplied NTB header is checked against\nntb_max but has no\ - \ lower bound. When block_len is smaller than\nopts->ndp_size, the bounds check\ - \ of:\n\tndp_index > (block_len - opts->ndp_size)\nwill underflow producing a\ - \ huge unsigned value that ndp_index can never\nexceed, defeating the check entirely.\n\ - \nThe same underflow occurs in the datagram index checks against block_len\n-\ - \ opts->dpe_size. With those checks neutered, a malicious USB host can\nchoose\ - \ ndp_index and datagram offsets that point past the actual\ntransfer, and the\ - \ skb_put_data() copies adjacent kernel memory into the\nnetwork skb.\n\nFix this\ - \ by rejecting block lengths that cannot hold at least the NTB\nheader plus one\ - \ NDP. This will make block_len - opts->ndp_size and\nblock_len - opts->dpe_size\ - \ both well-defined.\n\nCommit 8d2b1a1ec9f5 (\"CDC-NCM: avoid overflow in sanity\ - \ checking\") fixed\na related class of issues on the host side of NCM." + description: A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms + up to v12.8 allows attackers to arbitrarily add an admin account. detection: payload: null verify: null @@ -29946,41 +24199,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-31617 - - https://git.kernel.org/stable/c/068a7f2749fff6462a0a908ec415b885fe430f50 - - https://git.kernel.org/stable/c/0f156bb5334e588034ca68ac2ee92b23f66e56e7 - - https://git.kernel.org/stable/c/1425655c2870054c3ab4712e2b6dbdd331597ada - - https://git.kernel.org/stable/c/6762f8a95772265dd0c2ffe7f400493f3115b135 + - https://nvd.nist.gov/vuln/detail/CVE-2023-43278 + - https://blog.csdn.net/sugaryzheng/article/details/133283101?spm=1001.2014.3001.5501 + - https://www.seacms.net/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-31641-CANDIDATE - cve_id: CVE-2026-31641 - name: Candidate detection for CVE-2026-31641 - severity: high - cvss: 7.8 + id: CVE-2023-43232-CANDIDATE + cve_id: CVE-2023-43232 + name: Candidate detection for CVE-2023-43232 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "In the Linux kernel, the following vulnerability has been resolved:\n\ - \nrxrpc: Fix RxGK token loading to check bounds\n\nrxrpc_preparse_xdr_yfs_rxgk()\ - \ reads the raw key length and ticket length\nfrom the XDR token as u32 values\ - \ and passes each through round_up(x, 4)\nbefore using the rounded value for validation\ - \ and allocation. When the raw\nlength is >= 0xfffffffd, round_up() wraps to\ - \ 0, so the bounds check and\nkzalloc both use 0 while the subsequent memcpy still\ - \ copies the original\n~4 GiB value, producing a heap buffer overflow reachable\ - \ from an\nunprivileged add_key() call.\n\nFix this by:\n\n (1) Rejecting raw\ - \ key lengths above AFSTOKEN_GK_KEY_MAX and raw ticket\n lengths above AFSTOKEN_GK_TOKEN_MAX\ - \ before rounding, consistent with\n the caps that the RxKAD path already\ - \ enforces via AFSTOKEN_RK_TIX_MAX.\n\n (2) Sizing the flexible-array allocation\ - \ from the validated raw key\n length via struct_size_t() instead of the rounded\ - \ value.\n\n (3) Caching the raw lengths so that the later field assignments and\n\ - \ memcpy calls do not re-read from the token, eliminating a class of\n \ - \ TOCTOU re-parse.\n\nThe control path (valid token with lengths within bounds)\ - \ is unaffected." + description: A stored cross-site scripting (XSS) vulnerability in the Website column + management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web + scripts or HTML via a crafted payload injected into the title parameter. detection: payload: null verify: null @@ -29988,56 +24226,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-31641 - - https://git.kernel.org/stable/c/3e04596cba8a86cbff9c3f4bf0a524a3a488773c - - https://git.kernel.org/stable/c/49875b360c2b83a3c226e189c502e501d83e6445 - - https://git.kernel.org/stable/c/d179a868dd755b0cfcf7582e00943d702b9943b8 - - https://access.redhat.com/errata/RHSA-2026:27288 + - https://nvd.nist.gov/vuln/detail/CVE-2023-43232 + - https://github.com/yux1azhengye/mycve/blob/main/dedebiz_6.2.11_xss.pdf + - https://www.dedebiz.com/download generated_from: - nvd - status: candidate executable: false - id: CVE-2026-31663-CANDIDATE - cve_id: CVE-2026-31663 - name: Candidate detection for CVE-2026-31663 - severity: high - cvss: 7.8 + id: CVE-2023-43234-CANDIDATE + cve_id: CVE-2023-43234 + name: Candidate detection for CVE-2023-43234 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'In the Linux kernel, the following vulnerability has been resolved: - - - xfrm: hold dev ref until after transport_finish NF_HOOK - - - After async crypto completes, xfrm_input_resume() calls dev_put() - - immediately on re-entry before the skb reaches transport_finish. - - The skb->dev pointer is then used inside NF_HOOK and its okfn, - - which can race with device teardown. - - - Remove the dev_put from the async resumption entry and instead - - drop the reference after the NF_HOOK call in transport_finish, - - using a saved device pointer since NF_HOOK may consume the skb. - - This covers NF_DROP, NF_QUEUE and NF_STOLEN paths that skip - - the okfn. - - - For non-transport exits (decaps, gro, drop) and secondary - - async return points, release the reference inline when - - async is set.' + description: DedeBIZ v6.2.11 was discovered to contain multiple remote code execution + (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and + $filename parameters. detection: payload: null verify: null @@ -30045,30 +24253,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-31663 - - https://git.kernel.org/stable/c/0f451b43c88bf2b9c038b414be580efee42e031b - - https://git.kernel.org/stable/c/1c428b03840094410c5fb6a5db30640486bbbfcb - - https://git.kernel.org/stable/c/4236c30b437b80f673b9e08c8fae38b8d471ac9e - - https://git.kernel.org/stable/c/5002beda5cac69d522dc54da0d5d463ed9c963d2 + - https://nvd.nist.gov/vuln/detail/CVE-2023-43234 + - https://github.com/yux1azhengye + - https://github.com/yux1azhengye/mycve/blob/main/DedeBIZ_v6.2.11_RCE.pdf + - https://www.dedebiz.com generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40897-CANDIDATE - cve_id: CVE-2026-40897 - name: Candidate detection for CVE-2026-40897 + id: CVE-2023-43856-CANDIDATE + cve_id: CVE-2023-43856 + name: Candidate detection for CVE-2023-43856 severity: high - cvss: 8.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Math.js is an extensive math library for JavaScript and Node.js. From - 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript - via the expression parser of mathjs. You can be affected when you have an application - where users can evaluate arbitrary expressions using the mathjs expression parser. - This vulnerability is fixed in 15.2.0. + description: Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read + vulnerability via the component /admin/TemplateController.java. detection: payload: null verify: null @@ -30076,30 +24280,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40897 - - https://github.com/josdejong/mathjs/commit/513ab2a0e01004af91b31aada68fae8a821326ad - - https://github.com/josdejong/mathjs/pull/3656 - - https://github.com/josdejong/mathjs/security/advisories/GHSA-29qv-4j9f-fjw5 - - https://access.redhat.com/security/cve/CVE-2026-40897 + - https://nvd.nist.gov/vuln/detail/CVE-2023-43856 + - https://github.com/yux1azhengye + - https://github.com/yux1azhengye/mycve/blob/main/DreamerCMS%20arbitrary%20file%20reading.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41140-CANDIDATE - cve_id: CVE-2026-41140 - name: Candidate detection for CVE-2026-41140 - severity: high - cvss: 8.7 + id: CVE-2023-41445-CANDIDATE + cve_id: CVE-2023-41445 + name: Candidate detection for CVE-2023-41445 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall() - function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without - path traversal protection on Python versions where tarfile.data_filter is unavailable. - Considering only Python versions which are still supported by Poetry, these are - 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4. This vulnerability is fixed in 2.3.4. + description: Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 + allows a remote attacker to execute arbitrary code via a crafted payload to the + index.php component. detection: payload: null verify: null @@ -30107,33 +24307,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41140 - - https://github.com/python-poetry/poetry/security/advisories/GHSA-73h3-mf4w-8647 - - https://access.redhat.com/errata/RHSA-2026:24866 - - https://access.redhat.com/security/cve/CVE-2026-41140 - - https://bugzilla.redhat.com/show_bug.cgi?id=2461604 + - https://nvd.nist.gov/vuln/detail/CVE-2023-41445 + - https://gist.github.com/RNPG/84cac1b949bab0e4c587a668385b052d generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42033-CANDIDATE - cve_id: CVE-2026-42033 - name: Candidate detection for CVE-2026-42033 - severity: high - cvss: 7.4 + id: CVE-2023-41448-CANDIDATE + cve_id: CVE-2023-41448 + name: Candidate detection for CVE-2023-41448 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Axios is a promise based HTTP client for the browser and Node.js. Prior - to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency - with keys that axios reads without a hasOwnProperty guard, an attacker can (a) - silently intercept and modify every JSON response before the application sees - it, or (b) fully hijack the underlying HTTP transport, gaining access to request - credentials, headers, and body. The precondition is prototype pollution from a - separate source in the same process. This vulnerability is fixed in 1.15.1 and - 0.31.1. + description: Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 + allows a remote attacker to execute arbitrary code via a crafted payload to the + ID parameter in the index.php component. detection: payload: null verify: null @@ -30141,29 +24333,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42033 - - https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf - - https://access.redhat.com/errata/RHSA-2026:14937 - - https://access.redhat.com/errata/RHSA-2026:16476 - - https://access.redhat.com/errata/RHSA-2026:16532 + - https://nvd.nist.gov/vuln/detail/CVE-2023-41448 + - https://gist.github.com/RNPG/458e17f24ebf7d8af3c5c4d7073347a0 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42039-CANDIDATE - cve_id: CVE-2026-42039 - name: Candidate detection for CVE-2026-42039 - severity: high - cvss: 7.5 + id: CVE-2023-41449-CANDIDATE + cve_id: CVE-2023-41449 + name: Candidate detection for CVE-2023-41449 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Axios is a promise based HTTP client for the browser and Node.js. Prior - to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth - limit, so a deeply nested value passed as request data crashes the Node.js process - with a RangeError. This vulnerability is fixed in 1.15.1 and 0.31.1. + description: An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker + to execute arbitrary code via a crafted payload to the reque parameter. detection: payload: null verify: null @@ -30171,35 +24358,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42039 - - https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9 - - https://access.redhat.com/errata/RHSA-2026:14937 - - https://access.redhat.com/errata/RHSA-2026:16476 - - https://access.redhat.com/errata/RHSA-2026:16532 + - https://nvd.nist.gov/vuln/detail/CVE-2023-41449 + - https://gist.github.com/RNPG/c1ae240f2acec138132aa64ce3faa2e0 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42041-CANDIDATE - cve_id: CVE-2026-42041 - name: Candidate detection for CVE-2026-42041 + id: CVE-2023-41451-CANDIDATE + cve_id: CVE-2023-41451 + name: Candidate detection for CVE-2023-41451 severity: medium - cvss: 4.8 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Axios is a promise based HTTP client for the browser and Node.js.\ - \ Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution\ - \ \"Gadget\" attack that allows any Object.prototype pollution to silently suppress\ - \ all HTTP error responses (401, 403, 500, etc.), causing them to be treated as\ - \ successful responses. This completely bypasses application-level authentication\ - \ and error handling. The root cause is that validateStatus is the only config\ - \ property using the mergeDirectKeys merge strategy, which uses JavaScript's in\ - \ operator \u2014 an operator that inherently traverses the prototype chain. When\ - \ Object.prototype.validateStatus is polluted with () => true, all HTTP status\ - \ codes are accepted as success. This vulnerability is fixed in 1.15.1 and 0.31.1." + description: Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 + allows a remote attacker to execute arbitrary code via a crafted payload to the + txt parameter in the index.php component. detection: payload: null verify: null @@ -30207,30 +24384,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42041 - - https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63 - - https://access.redhat.com/errata/RHSA-2026:14937 - - https://access.redhat.com/errata/RHSA-2026:16476 - - https://access.redhat.com/errata/RHSA-2026:16532 + - https://nvd.nist.gov/vuln/detail/CVE-2023-41451 + - https://gist.github.com/RNPG/062cfca2e293a0e7d24f5d55f8db3fde generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42043-CANDIDATE - cve_id: CVE-2026-42043 - name: Candidate detection for CVE-2026-42043 + id: CVE-2023-41452-CANDIDATE + cve_id: CVE-2023-41452 + name: Candidate detection for CVE-2023-41452 severity: high - cvss: 7.2 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Axios is a promise based HTTP client for the browser and Node.js. Prior - to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios - request can use any address in the 127.0.0.0/8 range (other than 127.0.0.1) to - completely bypass the NO_PROXY protection. This vulnerability is due to an incomplete - for CVE-2025-62718, This vulnerability is fixed in 1.15.1 and 0.31.1. + description: Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 + allows a remote attacker to execute arbitrary code via a crafted payload to the + txt parameter in the index.php component. detection: payload: null verify: null @@ -30238,37 +24410,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42043 - - https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7 - - https://access.redhat.com/errata/RHSA-2026:14937 - - https://access.redhat.com/errata/RHSA-2026:16476 - - https://access.redhat.com/errata/RHSA-2026:16532 + - https://nvd.nist.gov/vuln/detail/CVE-2023-41452 + - https://gist.github.com/RNPG/32be1c4bae6f9378d4f382ba0c92b367 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42044-CANDIDATE - cve_id: CVE-2026-42044 - name: Candidate detection for CVE-2026-42044 + id: CVE-2023-41453-CANDIDATE + cve_id: CVE-2023-41453 + name: Candidate detection for CVE-2023-41453 severity: medium - cvss: 6.5 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Axios is a promise based HTTP client for the browser and Node.js.\ - \ From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution\ - \ \"Gadget\" attack that allows any Object.prototype pollution in the application's\ - \ dependency tree to be escalated into surgical, invisible modification of all\ - \ JSON API responses \u2014 including privilege escalation, balance manipulation,\ - \ and authorization bypass. The default transformResponse function at lib/defaults/index.js:124\ - \ calls JSON.parse(data, this.parseReviver), where this is the merged config object.\ - \ Because parseReviver is not present in Axios defaults, not validated by assertOptions,\ - \ and not subject to any constraints, a polluted Object.prototype.parseReviver\ - \ function is called for every key-value pair in every JSON response, allowing\ - \ the attacker to selectively modify individual values while leaving the rest\ - \ of the response intact. This vulnerability is fixed in 1.15.2." + description: Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 + allows a remote attacker to execute arbitrary code via a crafted payload to the + cmd parameter in the index.php component. detection: payload: null verify: null @@ -30276,32 +24436,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42044 - - https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23 - - https://access.redhat.com/errata/RHSA-2026:16532 - - https://access.redhat.com/errata/RHSA-2026:16534 - - https://access.redhat.com/errata/RHSA-2026:16535 + - https://nvd.nist.gov/vuln/detail/CVE-2023-41453 + - https://gist.github.com/RNPG/be2ca92cb1f943d4c340c75fbfc9b783 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41326-CANDIDATE - cve_id: CVE-2026-41326 - name: Candidate detection for CVE-2026-41326 - severity: high - cvss: 8.2 + id: CVE-2023-41446-CANDIDATE + cve_id: CVE-2023-41446 + name: Candidate detection for CVE-2023-41446 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Kata Containers is an open source project focusing on a standard implementation - of lightweight Virtual Machines (VMs) that perform like containers. From v3.4.0 - to v3.28.0, an oversight in the CopyFile policy (and perhaps the CopyFile handler) - allows untrusted hosts to write to arbitrary locations inside the guest workload - image. This can be used to overwrite binaries inside the guest and exfiltrate - data from containers; even those running inside CVMs. This vulnerability is fixed - in v3.29.0. + description: Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 + allows a remote attacker to execute arbitrary code via a crafted script to the + title parameter in the index.php component. detection: payload: null verify: null @@ -30309,38 +24462,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41326 - - https://github.com/kata-containers/kata-containers/commit/1b9e49eb2763aa6ea6a99b276d3ff5e2c7f658f2 - - https://github.com/kata-containers/kata-containers/security/advisories/GHSA-q49m-57vm-c8cc - - https://access.redhat.com/errata/RHSA-2026:25200 - - https://access.redhat.com/security/cve/CVE-2026-41326 + - https://nvd.nist.gov/vuln/detail/CVE-2023-41446 + - https://gist.github.com/RNPG/4bb91170f8ee50b395427f26bc96a1f2 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41481-CANDIDATE - cve_id: CVE-2026-41481 - name: Candidate detection for CVE-2026-41481 + id: CVE-2023-41447-CANDIDATE + cve_id: CVE-2023-41447 + name: Candidate detection for CVE-2023-41447 severity: medium - cvss: 6.5 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "LangChain is a framework for building agents and LLM-powered applications.\ - \ Prior to langchain-text-splitters\n 1.1.2, HTMLHeaderTextSplitter.split_text_from_url()\ - \ validated the initial URL using validate_safe_url() but then performed the fetch\ - \ with requests.get() with redirects enabled (the default). Because redirect targets\ - \ were not revalidated, a URL pointing to an attacker-controlled server could\ - \ redirect to internal, localhost, or cloud metadata endpoints, bypassing SSRF\ - \ protections. The response body is parsed and returned as Document objects to\ - \ the calling application code. Whether this constitutes a data exfiltration path\ - \ depends on the application: if it exposes Document contents (or derivatives)\ - \ back to the requester who supplied the URL, sensitive data from internal endpoints\ - \ could be leaked. Applications that store or process Documents internally without\ - \ returning raw content to the requester are not directly exposed to data exfiltration\ - \ through this issue. This vulnerability is fixed in 1.1.2." + description: Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 + allows a remote attacker to execute arbitrary code via a crafted payload to the + subcmd parameter in the index.php component. detection: payload: null verify: null @@ -30348,31 +24488,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41481 - - https://github.com/langchain-ai/langchain/security/advisories/GHSA-fv5p-p927-qmxr - - https://access.redhat.com/security/cve/CVE-2026-41481 - - https://bugzilla.redhat.com/show_bug.cgi?id=2461733 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41481.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-41447 + - https://gist.github.com/RNPG/56b9fe4dcc3a248d4288bde5ffb3a5b3 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6951-CANDIDATE - cve_id: CVE-2026-6951 - name: Candidate detection for CVE-2026-6951 - severity: critical - cvss: 9.8 + id: CVE-2023-41450-CANDIDATE + cve_id: CVE-2023-41450 + name: Candidate detection for CVE-2023-41450 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Versions of the package simple-git before 3.36.0 are vulnerable to - Remote Code Execution (RCE) due to an incomplete fix for [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221) - that blocks the -c option but not the equivalent --config form. If untrusted input - can reach the options argument passed to simple-git, an attacker may still achieve - remote code execution by enabling protocol.ext.allow=always and using an ext:: - clone source.' + description: An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker + to execute arbitrary code via a crafted payload to the reque parameter. detection: payload: null verify: null @@ -30380,31 +24513,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6951 - - https://gist.github.com/KKC73/02d1d97f3410756095b501fda0ac8ca6 - - https://github.com/steveukx/git-js/commit/89a2294febed5dfe737c4c735d936bb6018746a8 - - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-16300211 - - https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-15456078 + - https://nvd.nist.gov/vuln/detail/CVE-2023-41450 + - https://gist.github.com/RNPG/e11af10e1bd3606de8b568033d932589 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6785-CANDIDATE - cve_id: CVE-2026-6785 - name: Candidate detection for CVE-2026-6785 + id: CVE-2023-43176-CANDIDATE + cve_id: CVE-2023-43176 + name: Candidate detection for CVE-2023-43176 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, - Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed - evidence of memory corruption and we presume that with enough effort some of these - could have been exploited to run arbitrary code. This vulnerability was fixed - in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird - 140.10. + description: A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows + attackers to execute arbitrary code via supplying a crafted .sabredav file. detection: payload: null verify: null @@ -30412,18 +24538,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6785 - - https://bugzilla.mozilla.org/buglist.cgi?bug_id=1935995%2C1999158%2C2015952%2C2021909%2C2022026%2C2022041%2C2022088%2C2022276%2C2022335%2C2022338%2C2022373%2C2022597%2C2022874%2C2023276%2C2023544%2C2023551%2C2023599%2C2023608%2C2023814%2C2024233%2C2024239%2C2024241%2C2024242%2C2024250%2C2024251%2C2024343%2C2024422%2C2024425%2C2024440%2C2024442%2C2024446%2C2024458%2C2024463%2C2024478%2C2024650%2C2024653%2C2024654%2C2024655%2C2024656%2C2024661%2C2024662%2C2024668%2C2024919%2C2025278%2C2025349%2C2025350%2C2025354%2C2025360%2C2025363%2C2025370%2C2025379%2C2025381%2C2025399%2C2025400%2C2025403%2C2025407%2C2025415%2C2025420%2C2025427%2C2025429%2C2025430%2C2025479%2C2025489%2C2025493%2C2025497%2C2025502%2C2025515%2C2025517%2C2025526%2C2025609%2C2025948%2C2025949%2C2025951%2C2025953%2C2025955%2C2025962%2C2025969%2C2025970%2C2025971%2C2025973%2C2025976%2C2025977%2C2026280%2C2026285%2C2026293%2C2026296%2C2026310%2C2027237%2C2027260%2C2027268%2C2027277%2C2027284%2C2027291%2C2027293%2C2027298%2C2027330%2C2027342%2C2027345%2C2027359%2C2027365%2C2027378%2C2027754%2C2027959%2C2027962%2C2027964%2C2027971%2C2027974%2C2027979%2C2027982%2C2027995%2C2028001%2C2028267%2C2028268%2C2028275%2C2028288%2C2028290%2C2028291%2C2028528%2C2028551%2C2028627%2C2028879%2C2028889%2C2029061%2C2029071%2C2029283%2C2029296%2C2029314%2C2029323%2C2029411%2C2029423%2C2029424%2C2029425%2C2029427%2C2029436%2C2029440%2C2029449%2C2029450%2C2029458%2C2029462%2C2029468%2C2029472%2C2029690%2C2029707%2C2029708%2C2029728%2C2029802%2C2029896%2C2029906%2C2030106%2C2030118%2C2030123%2C2030135%2C2030230%2C2030320 - - https://www.mozilla.org/security/advisories/mfsa2026-30/ - - https://www.mozilla.org/security/advisories/mfsa2026-31/ - - https://www.mozilla.org/security/advisories/mfsa2026-32/ + - https://nvd.nist.gov/vuln/detail/CVE-2023-43176 + - https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H&version=3.1 + - https://sec.leonardini.dev/blog/cve-2023-43176-rce_aurora_files/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6786-CANDIDATE - cve_id: CVE-2026-6786 - name: Candidate detection for CVE-2026-6786 + id: CVE-2023-43261-CANDIDATE + cve_id: CVE-2023-43261 + name: Candidate detection for CVE-2023-43261 severity: high cvss: 7.5 risk_level: unknown @@ -30431,11 +24555,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, - Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory - corruption and we presume that with enough effort some of these could have been - exploited to run arbitrary code. This vulnerability was fixed in Firefox 150, - Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. + description: An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 + before v35.3.0.7 allows attackers to access sensitive router components. detection: payload: null verify: null @@ -30443,31 +24564,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6786 - - https://bugzilla.mozilla.org/buglist.cgi?bug_id=2010727%2C2019004%2C2019224%2C2019547%2C2020378%2C2022381%2C2022608%2C2022785%2C2023120%2C2023128%2C2023140%2C2023279%2C2023836%2C2023882%2C2023925%2C2023950%2C2023959%2C2023965%2C2024243%2C2024245%2C2024247%2C2024253%2C2024346%2C2024357%2C2024416%2C2024420%2C2024429%2C2024432%2C2024455%2C2024466%2C2024468%2C2024476%2C2024664%2C2024666%2C2024669%2C2024670%2C2024671%2C2024761%2C2024918%2C2025292%2C2025332%2C2025348%2C2025384%2C2025395%2C2025458%2C2025461%2C2025463%2C2025481%2C2025483%2C2025485%2C2025494%2C2025506%2C2025511%2C2025513%2C2025520%2C2026277%2C2026282%2C2026288%2C2026289%2C2026311%2C2026312%2C2026869%2C2027152%2C2027161%2C2027238%2C2027261%2C2027269%2C2027274%2C2027280%2C2027281%2C2027300%2C2027302%2C2027331%2C2027339%2C2027340%2C2027738%2C2027975%2C2028000%2C2028011%2C2028289%2C2028525%2C2028728%2C2028887%2C2028888%2C2028896%2C2029063%2C2029064%2C2029290%2C2029291%2C2029294%2C2029300%2C2029304%2C2029316%2C2029317%2C2029401%2C2029415%2C2029430%2C2029457%2C2029727%2C2029735%2C2029743%2C2029752%2C2029754%2C2029776%2C2029809%2C2030324%2C2030370 - - https://www.mozilla.org/security/advisories/mfsa2026-30/ - - https://www.mozilla.org/security/advisories/mfsa2026-32/ - - https://www.mozilla.org/security/advisories/mfsa2026-33/ + - https://nvd.nist.gov/vuln/detail/CVE-2023-43261 + - https://github.com/win3zz/CVE-2023-43261 + - https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf + - https://support.milesight-iot.com/support/home + - https://medium.com/%40win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3006-CANDIDATE - cve_id: CVE-2026-3006 - name: Candidate detection for CVE-2026-3006 + id: CVE-2023-43896-CANDIDATE + cve_id: CVE-2023-43896 + name: Candidate detection for CVE-2023-43896 severity: high - cvss: 7.0 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Successful exploitation of the race condition vulnerability could - allow - - an attacker to trigger a kernel heap overflow, potentially leading to local privilege - - escalation and granting system-level access to the affected software.' + description: A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers + to escalate privileges or execute arbitrary code. detection: payload: null verify: null @@ -30475,42 +24592,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3006 - - https://github.com/winfsp/winfsp/releases/tag/v2.2B1 - - https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-043 - - https://access.redhat.com/security/cve/CVE-2026-3006 - - https://bugzilla.redhat.com/show_bug.cgi?id=2463150 + - https://nvd.nist.gov/vuln/detail/CVE-2023-43896 + - https://knowledgebase.macrium.com/display/KNOW80/CVE-2023-43896+Advisory + - https://northwave-cybersecurity.com/vulnerability-notice/macrium-reflect-driver-out-of-bounds-write generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40048-CANDIDATE - cve_id: CVE-2026-40048 - name: Candidate detection for CVE-2026-40048 - severity: high - cvss: 7.8 + id: CVE-2022-37830-CANDIDATE + cve_id: CVE-2022-37830 + name: Candidate detection for CVE-2022-37830 + severity: critical + cvss: 9.6 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "The Camel-PQC FileBasedKeyLifecycleManager class deserializes the\ - \ contents of `.key` files in the configured key directory using java.io.ObjectInputStream\ - \ without applying any ObjectInputFilter or class-loading restrictions. The cast\ - \ to `java.security.KeyPair` is evaluated only after `readObject()` has already\ - \ returned, so any `readObject()` side effects in the deserialized object run\ - \ before the type check. An attacker who can write to the key directory used by\ - \ a Camel application \u2014 for example through a path traversal into the directory,\ - \ misconfigured filesystem permissions on the volume where keys are stored, a\ - \ compromised key provisioning pipeline, or a symlink attack \u2014 can place\ - \ a crafted serialized Java object that, when deserialized during normal key lifecycle\ - \ operations, results in arbitrary code execution in the context of the application.\n\ - \nThis issue affects Apache Camel: from 4.19.0 before 4.20.0, from 4.18.0 before\ - \ 4.18.2.\n\nUsers are recommended to upgrade to version 4.20.0, which fixes the\ - \ issue by replacing java.io.ObjectInputStream-based key and metadata storage\ - \ with standard PKCS#8 (private key) / X.509 SubjectPublicKeyInfo (public key)\ - \ Base64 JSON encoding. For users on the 4.18.x LTS releases stream, upgrade to\ - \ 4.18.2." + description: Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting + (XSS). detection: payload: null verify: null @@ -30518,48 +24618,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40048 - - https://camel.apache.org/security/CVE-2026-40048.html - - https://access.redhat.com/security/cve/CVE-2026-40048 - - https://bugzilla.redhat.com/show_bug.cgi?id=2463176 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40048.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-37830 + - https://citadelo.com/download/CVE-2022-37830.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40453-CANDIDATE - cve_id: CVE-2026-40453 - name: Candidate detection for CVE-2026-40453 + id: CVE-2023-45379-CANDIDATE + cve_id: CVE-2023-45379 + name: Candidate detection for CVE-2023-45379 severity: critical - cvss: 9.9 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy - so that case-variant header names such as ''CAmelExecCommandExecutable'' are filtered - out alongside ''CamelExecCommandExecutable''. The same setLowerCase(true) call - was not applied to five non-HTTP HeaderFilterStrategy implementations: JmsHeaderFilterStrategy - and ClassicJmsHeaderFilterStrategy in camel-jms, SjmsHeaderFilterStrategy in camel-sjms, - CoAPHeaderFilterStrategy in camel-coap, and GooglePubsubHeaderFilterStrategy in - camel-google-pubsub. Because those strategies use case-sensitive String.startsWith(''Camel''/''camel'') - filtering while the Camel Exchange stores headers in a case-insensitive map, an - attacker with JMS (or equivalent) producer access to the broker consumed by a - Camel route can inject case-variant Camel internal headers, which are then resolved - by downstream components such as camel-exec and camel-file using their canonical - casing. This enables remote code execution and arbitrary file write on routes - that forward JMS messages to header-driven components. - - - This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before - 4.18.2, from 4.19.0 before 4.20.0. - - - Users are recommended to upgrade to version 4.20.0, which fixes the issue. If - users are on the 4.14.x LTS releases stream, then they are suggested to upgrade - to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested - to upgrade to 4.18.2.' + description: In the module "Rotator Img" (posrotatorimg) in versions at least up + to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection. detection: payload: null verify: null @@ -30567,42 +24643,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40453 - - https://camel.apache.org/security/CVE-2026-40453.html - - https://access.redhat.com/errata/RHSA-2026:17668 - - https://access.redhat.com/errata/RHSA-2026:19835 - - https://access.redhat.com/security/cve/CVE-2026-40453 + - https://nvd.nist.gov/vuln/detail/CVE-2023-45379 + - https://security.friendsofpresta.org/modules/2023/10/17/posrotatorimg.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40473-CANDIDATE - cve_id: CVE-2026-40473 - name: Candidate detection for CVE-2026-40473 - severity: high - cvss: 8.8 + id: CVE-2023-45992-CANDIDATE + cve_id: CVE-2023-45992 + name: Candidate detection for CVE-2023-45992 + severity: critical + cvss: 9.6 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'The camel-mina component''s MinaConverter.toObjectInput(IoBuffer) - type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying - any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina - as a TCP or UDP consumer and requests conversion to ObjectInput (for example via - getBody(ObjectInput.class) or @Body ObjectInput), an attacker sending a crafted - serialized Java object over the network to the MINA consumer port can trigger - arbitrary code execution in the context of the application during readObject(). - - - This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before - 4.18.2, from 4.19.0 before 4.20.0. - - - Users are recommended to upgrade to version 4.20.0, which fixes the issue. If - users are on the 4.14.x LTS releases stream, then they are suggested to upgrade - to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested - to upgrade to 4.18.2.' + description: A vulnerability in the web-based interface of the RUCKUS Cloudpath + product on version 5.12 build 5538 or before to could allow a remote, unauthenticated + attacker to execute persistent XSS and CSRF attacks against a user of the admin + management interface. A successful attack, combined with a certain admin activity, + could allow the attacker to gain full admin privileges on the exploited system. detection: payload: null verify: null @@ -30610,18 +24671,18 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40473 - - https://camel.apache.org/security/CVE-2026-40473.html - - https://access.redhat.com/security/cve/CVE-2026-40473 - - https://bugzilla.redhat.com/show_bug.cgi?id=2463180 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40473.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-45992 + - https://github.com/harry935/CVE-2023-45992 + - https://server.cloudpath/ + - https://server.cloudpath/admin/enrollmentData/ + - https://support.ruckuswireless.com/security_bulletins/322 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40860-CANDIDATE - cve_id: CVE-2026-40860 - name: Candidate detection for CVE-2026-40860 + id: CVE-2023-46010-CANDIDATE + cve_id: CVE-2023-46010 + name: Candidate detection for CVE-2023-46010 severity: critical cvss: 9.8 risk_level: unknown @@ -30629,27 +24690,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding - class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values - via javax.jms.ObjectMessage.getObject() without applying any ObjectInputFilter, - class allowlist or class denylist. Because this code path is reached whenever - the mapJmsMessage option is enabled (the default) and Camel acts as a JMS consumer, - an attacker able to publish a crafted ObjectMessage to a queue or topic consumed - by a Camel application could achieve remote code execution when a deserialization - gadget chain was present on the classpath. The same handling was reached transitively - through camel-sjms2 (whose Sjms2Endpoint extends SjmsEndpoint) and through camel-amqp - (whose AMQPJmsBinding extends JmsBinding), and by other JMS-family components - built on JmsComponent such as camel-activemq and camel-activemq6. - - - This issue affects Apache Camel: from 3.0.0 before 4.14.7, from 4.15.0 before - 4.18.2, from 4.19.0 before 4.20.0. - - - Users are recommended to upgrade to version 4.20.0, which fixes the issue. If - users are on the 4.14.x LTS releases stream, then they are suggested to upgrade - to 4.14.7. If users are on the 4.18.x releases stream, then they are suggested - to upgrade to 4.18.2.' + description: An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands + via the admin_safe.php component. detection: payload: null verify: null @@ -30657,47 +24699,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40860 - - https://camel.apache.org/security/CVE-2026-40860.html - - https://access.redhat.com/errata/RHSA-2026:17668 - - https://access.redhat.com/errata/RHSA-2026:22453 - - https://access.redhat.com/security/cve/CVE-2026-40860 + - https://nvd.nist.gov/vuln/detail/CVE-2023-46010 + - https://blog.csdn.net/DGS666/article/details/133795200?spm=1001.2014.3001.5501 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33454-CANDIDATE - cve_id: CVE-2026-33454 - name: Candidate detection for CVE-2026-33454 + id: CVE-2023-42425-CANDIDATE + cve_id: CVE-2023-42425 + name: Candidate detection for CVE-2023-42425 severity: critical - cvss: 9.4 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'The Camel-Mail component is vulnerable to Camel message header injection. - The custom header filter strategy used by the component (MailHeaderFilterStrategy) - only filters the ''out'' direction via setOutFilterStartsWith, while it does not - configure the ''in'' direction via setInFilterStartsWith. As a result, when a - Camel application consumes mail through camel-mail (for example via from(\"imap://...\") - or from(\"pop3://...\")) the inbound filter check is skipped and Camel-prefixed - MIME headers are mapped unfiltered into the Exchange. An attacker who can deliver - an email to a mailbox monitored by such a consumer can inject Camel-specific headers - that, for some Camel components downstream of the mail consumer (such as camel-bean, - camel-exec, or camel-sql), can alter the behaviour of the route. This is the same - pattern that was previously addressed in camel-undertow (CVE-2025-30177) and the - broader incoming-header filter (CVE-2025-27636 and CVE-2025-29891). - - - This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before - 4.18.1. - - - Users are recommended to upgrade to version 4.19.0, which fixes the issue. If - users are on the 4.18.x LTS releases stream, then they are suggested to upgrade - to 4.18.1. If users are on the 4.14.x LTS releases stream, then they are suggested - to upgrade to 4.14.6.' + description: An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote + attacker to execute arbitrary code and obtain sensitive information via the cloud + connection components. detection: payload: null verify: null @@ -30705,49 +24725,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33454 - - https://camel.apache.org/security/CVE-2026-33454.html - - https://access.redhat.com/errata/RHSA-2026:17668 - - https://access.redhat.com/errata/RHSA-2026:19835 - - https://access.redhat.com/security/cve/CVE-2026-33454 + - https://nvd.nist.gov/vuln/detail/CVE-2023-42425 + - https://gist.github.com/stevenliuturing/306bb689737cec5d3a5760c34d65932c generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40022-CANDIDATE - cve_id: CVE-2026-40022 - name: Candidate detection for CVE-2026-40022 + id: CVE-2023-43336-CANDIDATE + cve_id: CVE-2023-43336 + name: Candidate detection for CVE-2023-43336 severity: high - cvss: 8.2 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'When authentication is enabled on the Apache Camel embedded HTTP server - or embedded management server (camel-platform-http-main) and a non-root context - path such as /api or /admin is configured via camel.server.path or camel.management.path, - the BasicAuthenticationConfigurer and JWTAuthenticationConfigurer classes derive - the authentication path from properties.getPath() when camel.server.authenticationPath - / camel.management.authenticationPath is not explicitly set. Combined with the - Vert.x sub-router mounting model - the sub-router is mounted at _path_* and the - authentication handler is registered inside the sub-router at the resolved path - - this causes the authentication handler to match only the exact configured context - path, not its subpaths. Unauthenticated requests to subpaths such as /api/_route_ - or /admin/observe/info therefore reach protected business routes and management - endpoints without being challenged for credentials. The /observe/info endpoint - can disclose runtime metadata such as the user, working directory, home directory, - process ID, JVM and operating system information. - - - This issue affects Apache Camel: from 4.14.1 before 4.14.6, from 4.18.0 before - 4.18.2. - - - Users are recommended to upgrade to version 4.20.0, which fixes the issue. If - users are on the 4.14.x LTS releases stream, they are suggested to upgrade to - 4.14.6. If users are on the 4.18.x LTS releases stream, they are suggested to - upgrade to 4.18.2.' + description: Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, + and 16.0.17 was discovered to contain an access control issue via a modified parameter + value, e.g., changing extension=self to extension=101. detection: payload: null verify: null @@ -30755,47 +24751,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40022 - - https://camel.apache.org/security/CVE-2026-40022.html - - https://access.redhat.com/errata/RHSA-2026:17668 - - https://access.redhat.com/security/cve/CVE-2026-40022 - - https://bugzilla.redhat.com/show_bug.cgi?id=2463178 + - https://nvd.nist.gov/vuln/detail/CVE-2023-43336 + - https://medium.com/@janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826 + - https://medium.com/%40janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40858-CANDIDATE - cve_id: CVE-2026-40858 - name: Candidate detection for CVE-2026-40858 - severity: high - cvss: 8.8 + id: CVE-2023-46958-CANDIDATE + cve_id: CVE-2023-46958 + name: Candidate detection for CVE-2023-46958 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'The camel-infinispan component''s ProtoStream-based remote aggregation - repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream - without applying any ObjectInputFilter. An attacker who can write to the Infinispan - cache used by a Camel application can inject a crafted serialized Java object - that, when read during normal aggregation repository operations such as get or - recover, results in arbitrary code execution in the context of the application. - - - This issue affects Apache Camel: from 4.0.0 before 4.14.7, from 4.15.0 before - 4.18.2, from 4.19.0 before 4.20.0. - - - Users are recommended to upgrade to version 4.20.0, which fixes the issue. If - users are on the 4.14.x LTS releases stream, then they are suggested to upgrade - to 4.14.7. If users are on the 4.18.x releases stream, then they are suggested - to upgrade to 4.18.2. - - - The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23322 refers to - the various commits that resolved the issue, and have more details. This issue - follows the same class of vulnerability previously addressed in CVE-2024-22369, - CVE-2024-23114 and CVE-2026-25747.' + description: An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary + code via a crafted script to the admin.php file. detection: payload: null verify: null @@ -30803,45 +24777,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40858 - - https://camel.apache.org/security/CVE-2026-40858.html - - https://access.redhat.com/errata/RHSA-2026:17668 - - https://access.redhat.com/errata/RHSA-2026:22453 - - https://access.redhat.com/security/cve/CVE-2026-40858 + - https://nvd.nist.gov/vuln/detail/CVE-2023-46958 + - https://gist.github.com/durian5201314/6507d1057c62f4bf93e740a631617434 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27172-CANDIDATE - cve_id: CVE-2026-27172 - name: Candidate detection for CVE-2026-27172 - severity: high - cvss: 8.8 + id: CVE-2023-41425-CANDIDATE + cve_id: CVE-2023-41425 + name: Candidate detection for CVE-2023-41425 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: 'The ConsulRegistry in the camel-consul component (class org.apache.camel.component.consul.ConsulRegistry - and its inner ConsulRegistryUtils.deserialize method) read Java-serialized values - from the Consul KV store and passed them to ObjectInputStream.readObject() without - configuring an ObjectInputFilter. An attacker who can write to the Consul KV store - backing a Camel ConsulRegistry instance could inject a malicious serialized Java - object that is deserialized the next time Camel performs a lookup against that - registry, leading to arbitrary code execution in the Camel process. The issue - mirrors the class of vulnerability already addressed for other Camel components - in CVE-2024-22369, CVE-2024-23114 and CVE-2026-25747, and was overlooked during - the original remediation of those CVEs. - - - This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before - 4.18.1. - - - Users are recommended to upgrade to version 4.19.0, which fixes the issue. If - users are on the 4.14.x LTS releases stream, then they are suggested to upgrade - to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested - to upgrade to 4.18.1.' + exploitdb_reference: true + description: Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 + allows a remote attacker to execute arbitrary code via a crafted script uploaded + to the installModule component. detection: payload: null verify: null @@ -30849,56 +24803,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27172 - - https://camel.apache.org/security/CVE-2026-27172.html - - https://access.redhat.com/security/cve/CVE-2026-27172 - - https://bugzilla.redhat.com/show_bug.cgi?id=2463183 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27172.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-41425 + - https://gist.github.com/prodigiousMind/fc69a79629c4ba9ee88a7ad526043413 + - https://packetstorm.news/files/id/190575/ + - https://www.exploit-db.com/exploits/52271 generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2026-33453-CANDIDATE - cve_id: CVE-2026-33453 - name: Candidate detection for CVE-2026-33453 - severity: critical - cvss: 10.0 + id: CVE-2023-48056-CANDIDATE + cve_id: CVE-2023-48056 + name: Candidate detection for CVE-2023-48056 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Improperly Controlled Modification of Dynamically-Determined Object\ - \ Attributes vulnerability in Apache Camel Camel-Coap component.\n\nApache Camel's\ - \ camel-coap component is vulnerable to Camel message header injection, leading\ - \ to remote code execution when routes forward CoAP requests to header-sensitive\ - \ producers (e.g. camel-exec)\n\nThe camel-coap component maps incoming CoAP request\ - \ URI query parameters directly into Camel Exchange In message headers without\ - \ applying any HeaderFilterStrategy. \_ \nSpecifically, CamelCoapResource.handleRequest()\ - \ iterates over OptionSet.getUriQuery() and calls camelExchange.getIn().setHeader(...)\ - \ for every query parameter. CoAPEndpoint extends DefaultEndpoint rather than\ - \ DefaultHeaderFilterStrategyEndpoint, and CoAPComponent does not implement HeaderFilterStrategyComponent;\ - \ the component contains no references to HeaderFilterStrategy at all.\n\nAs a\ - \ result, an unauthenticated attacker who can send a single CoAP UDP packet to\ - \ a Camel route consuming from coap:// can inject arbitrary Camel internal headers\ - \ (those prefixed with Camel*) into the Exchange. When the route delivers the\ - \ message to a header-sensitive producer such as camel-exec, camel-sql, camel-bean,\ - \ camel-file, or template components (camel-freemarker, camel-velocity), the injected\ - \ headers can alter the producer's behavior. In the case of camel-exec, the CamelExecCommandExecutable\ - \ and CamelExecCommandArgs headers override the executable and arguments configured\ - \ on the endpoint, resulting in arbitrary OS command execution under the privileges\ - \ of the Camel process.\n\nThe producer's output is written back to the Exchange\ - \ body and returned in the CoAP response payload by CamelCoapResource, giving\ - \ the attacker an interactive RCE channel without any need for out-of-band exfiltration.\n\ - \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_\ - \ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_\ - \ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_ \_\ - \ \_ \_ \_ \_ \_ \_ \nExploitation prerequisites are minimal: a single unauthenticated\ - \ UDP datagram to the CoAP port (default 5683). CoAP (RFC 7252) has no built-in\ - \ authentication, and DTLS is optional and disabled by default. Because the protocol\ - \ is UDP-based, HTTP-layer WAF/IDS controls do not apply.\nThis issue affects\ - \ Apache Camel: from 4.14.0 through 4.14.5, from 4.18.0 before 4.18.1, 4.19.0.\n\ - \nUsers are recommended to upgrade to version 4.18.1 or 4.19.0, fixing the issue." + description: PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining + (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of + information and communications. detection: payload: null verify: null @@ -30906,32 +24832,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33453 - - https://camel.apache.org/security/CVE-2026-33453.html - - https://access.redhat.com/errata/RHSA-2026:17668 - - https://access.redhat.com/security/cve/CVE-2026-33453 - - https://bugzilla.redhat.com/show_bug.cgi?id=2463184 + - https://nvd.nist.gov/vuln/detail/CVE-2023-48056 + - https://gxx777.github.io/PyPinkSign_v0.5.1_Cryptographic_API_Misuse_Vulnerability.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40975-CANDIDATE - cve_id: CVE-2026-40975 - name: Candidate detection for CVE-2026-40975 - severity: medium - cvss: 4.8 + id: CVE-2023-48192-CANDIDATE + cve_id: CVE-2023-48192 + name: Candidate detection for CVE-2023-48192 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Values produced by ${random.value} are not suitable for use as secrets.\ - \ ${random.uuid} is not affected. ${random.int} and ${random.long} should never\ - \ be used for secrets as they are numeric values with a predictable range.\n\n\ - Affected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14),\ - \ 3.4.0\u20133.4.15 (fix 3.4.16), 3.3.0\u20133.3.18 (fix 3.3.19), 2.7.0\u2013\ - 2.7.32 (fix 2.7.33); random value property source / weak PRNG for secrets. Versions\ - \ that are no longer supported are also affected per vendor advisory." + description: An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local + attacker to execute arbitrary code via the setTracerouteCfg function. detection: payload: null verify: null @@ -30939,32 +24857,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40975 - - https://spring.io/security/cve-2026-40975 - - https://access.redhat.com/errata/RHSA-2026:17668 - - https://access.redhat.com/errata/RHSA-2026:21772 - - https://access.redhat.com/errata/RHSA-2026:22619 + - https://nvd.nist.gov/vuln/detail/CVE-2023-48192 + - https://github.com/zxsssd/TotoLink- + - https://www.totolink.net/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40976-CANDIDATE - cve_id: CVE-2026-40976 - name: Candidate detection for CVE-2026-40976 - severity: critical - cvss: 9.1 + id: CVE-2023-48105-CANDIDATE + cve_id: CVE-2023-48105 + name: Candidate detection for CVE-2023-48105 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "In certain circumstances, Spring Boot's default web security is ineffective\ - \ allowing unauthorized access to all endpoints. For an application to be vulnerable,\ - \ it must: be a servlet-based web application; have no Spring Security configuration\ - \ of its own and rely on the default web security filter chain; depend on spring-boot-actuator-autoconfigure;\ - \ not depend on spring-boot-health. If any of the above does not apply, the application\ - \ is not vulnerable.\n\nAffected: Spring Boot 4.0.0\u20134.0.5; upgrade to 4.0.6\ - \ or later per vendor advisory." + description: An heap overflow vulnerability was discovered in Bytecode alliance + wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service + via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c. detection: payload: null verify: null @@ -30972,29 +24884,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40976 - - https://spring.io/security/cve-2026-40976 - - https://access.redhat.com/security/cve/CVE-2026-40976 - - https://bugzilla.redhat.com/show_bug.cgi?id=2463322 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40976.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-48105 + - https://github.com/bytecodealliance/wasm-micro-runtime/issues/2726 + - https://github.com/bytecodealliance/wasm-micro-runtime/pull/2734/commits/4785d91b16dd49c09a96835de2d9c7b077543fa4 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-54011-CANDIDATE - cve_id: CVE-2024-54011 - name: Candidate detection for CVE-2024-54011 - severity: medium - cvss: 6.5 + id: CVE-2023-48193-CANDIDATE + cve_id: CVE-2023-48193 + name: Candidate detection for CVE-2023-48193 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Penetration Testing engineers at Amazon have discovered a flaw where\ - \ the camera system fails to properly handle data supplied in certain requests,\_\ - causing a service disruption. The manufacturer has released patch firmware for\ - \ the flaw, please refer to the manufacturer's report for details and workarounds." + description: 'Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows + a remote attacker to execute arbitrary code via bypassing the command filtering + function. NOTE: this is disputed because command filtering is not intended to + restrict what code can be run by authorized users who are allowed to execute files.' detection: payload: null verify: null @@ -31002,27 +24912,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-54011 - - https://www.hanwhavision.com/wp-content/uploads/2026/04/Camera-Vulnerability-ReportCVE-2024-5401154013.pdf + - https://nvd.nist.gov/vuln/detail/CVE-2023-48193 + - https://blog.fit2cloud.com/?p=8cf83cd9-c23b-4625-9350-38926fb7f88e + - https://github.com/296430468/lcc_test/blob/main/jumpserver_BUG.md + - https://github.com/jumpserver/jumpserver + - https://github.com/jumpserver/jumpserver/issues/13394 generated_from: - nvd - status: candidate executable: false - id: CVE-2024-54012-CANDIDATE - cve_id: CVE-2024-54012 - name: Candidate detection for CVE-2024-54012 - severity: medium - cvss: 5.3 + id: CVE-2023-23324-CANDIDATE + cve_id: CVE-2023-23324 + name: Candidate detection for CVE-2023-23324 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Penetration Testing engineers at Amazon discovered a vulnerability - where the camera system failed to properly validate input, allowing specially - crafted requests containing malicious commands to be executed on the device. The - manufacturer has released patch firmware for the flaw; please refer to the manufacturer's - report for details and workarounds. + description: Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to + contain hardcoded credentials for the Administrator account. detection: payload: null verify: null @@ -31030,27 +24940,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-54012 - - https://www.hanwhavision.com/wp-content/uploads/2026/04/Camera-Vulnerability-ReportCVE-2024-5401154013.pdf + - https://nvd.nist.gov/vuln/detail/CVE-2023-23324 + - https://yoroi.company/en/research/cve-advisory-partial-disclosure-zumtobel-multiple-vulnerabilities/ generated_from: - nvd - status: candidate executable: false - id: CVE-2024-54013-CANDIDATE - cve_id: CVE-2024-54013 - name: Candidate detection for CVE-2024-54013 - severity: high - cvss: 8.8 + id: CVE-2023-23325-CANDIDATE + cve_id: CVE-2023-23325 + name: Candidate detection for CVE-2023-23325 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Penetration Testing engineers at Amazon have identified a security - flaw related to request handling in the web server component that could, under - certain conditions, lead to unintended access to protected functions. The manufacturer - has released patch firmware for the flaw, please refer to the manufacturer's report - for details and workarounds + description: Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to + contain a command injection vulnerability via the NetHostname parameter. detection: payload: null verify: null @@ -31058,15 +24965,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2024-54013 - - https://www.hanwhavision.com/wp-content/uploads/2026/04/Camera-Vulnerability-ReportCVE-2024-5401154013.pdf + - https://nvd.nist.gov/vuln/detail/CVE-2023-23325 + - https://yoroi.company/en/research/cve-advisory-partial-disclosure-zumtobel-multiple-vulnerabilities/ generated_from: - nvd - status: candidate executable: false - id: CVE-2025-48431-CANDIDATE - cve_id: CVE-2025-48431 - name: Candidate detection for CVE-2025-48431 + id: CVE-2023-24294-CANDIDATE + cve_id: CVE-2023-24294 + name: Candidate detection for CVE-2023-24294 severity: high cvss: 7.5 risk_level: unknown @@ -31074,18 +24981,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'Mismatched Memory Management Routines vulnerability in Apache Thrift - c_glib language bindings. - - - This issue affects Apache Thrift: before 0.23.0. - - - Users are recommended to upgrade to version 0.23.0, which fixes the issue. - - - Description: Specially crafted requests can crash an c_glib-based Thrift server - with a clean but fatal "free(): invalid pointer" error message.' + description: Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered + to contain a buffer overflow via the component NetlinkWeb::Information::SetDeviceIdentification. detection: payload: null verify: null @@ -31093,33 +24990,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-48431 - - https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql - - https://access.redhat.com/errata/RHSA-2026:24539 - - https://access.redhat.com/errata/RHSA-2026:25273 - - https://access.redhat.com/errata/RHSA-2026:27126 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24294 + - https://yoroi.company/en/research/cve-advisory-partial-disclosure-zumtobel-multiple-vulnerabilities/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41602-CANDIDATE - cve_id: CVE-2026-41602 - name: Candidate detection for CVE-2026-41602 - severity: high - cvss: 7.5 + id: CVE-2023-48940-CANDIDATE + cve_id: CVE-2023-48940 + name: Candidate detection for CVE-2023-48940 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport - Go language implementation - - - This issue affects Apache Thrift: before 0.23.0. - - - Users are recommended to upgrade to version 0.23.0, which fixes the issue.' + description: A stored cross-site scripting (XSS) vulnerability in /admin.php of + DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a + crafted payload. detection: payload: null verify: null @@ -31127,33 +25016,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41602 - - https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql - - https://access.redhat.com/errata/RHSA-2026:14162 - - https://access.redhat.com/errata/RHSA-2026:14885 - - https://access.redhat.com/errata/RHSA-2026:21769 + - https://nvd.nist.gov/vuln/detail/CVE-2023-48940 + - https://gist.github.com/durian5201314/957af852a42dad9c07ceb3fb2f8359b2 + - https://www.daicuo.net/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41603-CANDIDATE - cve_id: CVE-2026-41603 - name: Candidate detection for CVE-2026-41603 + id: CVE-2023-43303-CANDIDATE + cve_id: CVE-2023-43303 + name: Candidate detection for CVE-2023-43303 severity: high - cvss: 7.4 + cvss: 8.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Improper Validation of Certificate with Host Mismatch vulnerability - in Apache Thrift. - - - This issue affects Apache Thrift: before 0.23.0. - - - Users are recommended to upgrade to version 0.23.0, which fixes the issue.' + description: An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers + to send crafted malicious notifications via leakage of the channel access token + (via captured network traffic). detection: payload: null verify: null @@ -31161,32 +25043,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41603 - - https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql - - https://access.redhat.com/errata/RHSA-2026:14885 - - https://access.redhat.com/errata/RHSA-2026:21769 - - https://access.redhat.com/errata/RHSA-2026:22347 + - https://nvd.nist.gov/vuln/detail/CVE-2023-43303 + - https://www.cve.org/CVERecord?id=CVE-2023-43303 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41604-CANDIDATE - cve_id: CVE-2026-41604 - name: Candidate detection for CVE-2026-41604 + id: CVE-2023-33411-CANDIDATE + cve_id: CVE-2023-33411 + name: Candidate detection for CVE-2023-33411 severity: high - cvss: 8.2 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Out-of-bounds Read vulnerability in Apache Thrift. - - - This issue affects Apache Thrift: before 0.23.0. - - - Users are recommended to upgrade to version 0.23.0, which fixes the issue.' + description: A web server in the Intelligent Platform Management Interface (IPMI) + baseboard management controller (BMC) implementation on Supermicro X11 and M11 + based devices, with firmware versions up to 3.17.02, allows remote unauthenticated + users to perform directory traversal, potentially disclosing sensitive information. detection: payload: null verify: null @@ -31194,32 +25070,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41604 - - https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql - - https://access.redhat.com/errata/RHSA-2026:14885 - - https://access.redhat.com/errata/RHSA-2026:21769 - - https://access.redhat.com/errata/RHSA-2026:22347 + - https://nvd.nist.gov/vuln/detail/CVE-2023-33411 + - https://www.supermicro.com/en/support/security_BMC_Dec_2023 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41605-CANDIDATE - cve_id: CVE-2026-41605 - name: Candidate detection for CVE-2026-41605 + id: CVE-2023-33412-CANDIDATE + cve_id: CVE-2023-33412 + name: Candidate detection for CVE-2023-33412 severity: high - cvss: 7.3 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Integer Overflow or Wraparound vulnerability in Apache Thrift. - - - This issue affects Apache Thrift: before 0.23.0. - - - Users are recommended to upgrade to version 0.23.0, which fixes the issue.' + description: The web interface in the Intelligent Platform Management Interface + (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 + and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated + users to execute arbitrary commands via a crafted request targeting vulnerable + cgi endpoints. detection: payload: null verify: null @@ -31227,32 +25098,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41605 - - https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql - - https://access.redhat.com/errata/RHSA-2026:14885 - - https://access.redhat.com/errata/RHSA-2026:21769 - - https://access.redhat.com/errata/RHSA-2026:22347 + - https://nvd.nist.gov/vuln/detail/CVE-2023-33412 + - https://www.supermicro.com/en/support/security_BMC_Dec_2023 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41606-CANDIDATE - cve_id: CVE-2026-41606 - name: Candidate detection for CVE-2026-41606 - severity: medium - cvss: 5.3 + id: CVE-2023-33413-CANDIDATE + cve_id: CVE-2023-33413 + name: Candidate detection for CVE-2023-33413 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Uncontrolled Recursion vulnerability in Apache Thrift. - - - This issue affects Apache Thrift: before 0.23.0. - - - Users are recommended to upgrade to version 0.23.0, which fixes the issue.' + description: The configuration functionality in the Intelligent Platform Management + Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro + X11 and M11 based devices, with firmware versions through 3.17.02, allows remote + authenticated users to execute arbitrary commands. detection: payload: null verify: null @@ -31260,61 +25125,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41606 - - https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql - - https://access.redhat.com/errata/RHSA-2026:14885 - - https://access.redhat.com/errata/RHSA-2026:21769 - - https://access.redhat.com/errata/RHSA-2026:22347 + - https://nvd.nist.gov/vuln/detail/CVE-2023-33413 + - https://www.supermicro.com/en/support/security_BMC_Dec_2023 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41607-CANDIDATE - cve_id: CVE-2026-41607 - name: Candidate detection for CVE-2026-41607 + id: CVE-2023-49494-CANDIDATE + cve_id: CVE-2023-49494 + name: Candidate detection for CVE-2023-49494 severity: medium - cvss: 6.5 - risk_level: unknown - requires_confirmation: true - priority: - cisa_kev: false - exploitdb_reference: false - description: 'Out-of-bounds Read vulnerability in Apache Thrift. - - - This issue affects Apache Thrift: before 0.23.0. - - - Users are recommended to upgrade to version 0.23.0, which fixes the issue.' - detection: - payload: null - verify: null - review_required: Define a read-only matcher and classify execution risk before - promotion. - remediation: Apply the vendor remediation or patched version documented in the advisory. - references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41607 - - https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql - - https://access.redhat.com/errata/RHSA-2026:14885 - - https://access.redhat.com/errata/RHSA-2026:21769 - - https://access.redhat.com/errata/RHSA-2026:22347 - generated_from: - - nvd -- status: candidate - executable: false - id: CVE-2026-7320-CANDIDATE - cve_id: CVE-2026-7320 - name: Candidate detection for CVE-2026-7320 - severity: high - cvss: 7.5 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Information disclosure due to incorrect boundary conditions in the - Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox - ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1. + description: DedeCMS v5.7.111 was discovered to contain a reflective cross-site + scripting (XSS) vulnerability via the component select_media_post_wangEditor.php. detection: payload: null verify: null @@ -31322,30 +25150,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-7320 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2027433 - - https://www.mozilla.org/security/advisories/mfsa2026-35/ - - https://www.mozilla.org/security/advisories/mfsa2026-36/ - - https://www.mozilla.org/security/advisories/mfsa2026-37/ + - https://nvd.nist.gov/vuln/detail/CVE-2023-49494 + - https://github.com/Hebing123/cve/issues/3 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-7322-CANDIDATE - cve_id: CVE-2026-7322 - name: Candidate detection for CVE-2026-7322 + id: CVE-2023-47320-CANDIDATE + cve_id: CVE-2023-47320 + name: Candidate detection for CVE-2023-47320 severity: high - cvss: 7.3 + cvss: 8.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird - 150.0.0. Some of these bugs showed evidence of memory corruption and we presume - that with enough effort some of these could have been exploited to run arbitrary - code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox - ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1. + description: Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An + attacker with low privileges is able to execute the administrator-only function + of putting the application in "Maintenance Mode" due to broken access control. + This makes the application unavailable to all users. This affects Silverpeas Core + 6.3.1 and below. detection: payload: null verify: null @@ -31353,30 +25178,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-7322 - - https://bugzilla.mozilla.org/buglist.cgi?bug_id=2021904%2C2022731%2C2027158%2C2027733%2C2027973%2C2027976%2C2028231%2C2028731%2C2028886%2C2029067%2C2029700%2C2029724%2C2029806%2C2029814%2C2030108%2C2030111%2C2031524%2C2031921%2C2032040 - - https://www.mozilla.org/security/advisories/mfsa2026-35/ - - https://www.mozilla.org/security/advisories/mfsa2026-36/ - - https://www.mozilla.org/security/advisories/mfsa2026-37/ + - https://nvd.nist.gov/vuln/detail/CVE-2023-47320 + - https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47320 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-7323-CANDIDATE - cve_id: CVE-2026-7323 - name: Candidate detection for CVE-2026-7323 - severity: high - cvss: 7.3 + id: CVE-2023-47321-CANDIDATE + cve_id: CVE-2023-47321 + name: Candidate detection for CVE-2023-47321 + severity: medium + cvss: 4.9 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird - 150.0.0. Some of these bugs showed evidence of memory corruption and we presume - that with enough effort some of these could have been exploited to run arbitrary - code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Thunderbird - 150.0.1, and Thunderbird 140.10.1. + description: Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via + the "Porlet Deployer" which allows administrators to deploy .WAR portlets. detection: payload: null verify: null @@ -31384,29 +25203,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-7323 - - https://bugzilla.mozilla.org/buglist.cgi?bug_id=2028537%2C2029911%2C2031121%2C2033602 - - https://www.mozilla.org/security/advisories/mfsa2026-35/ - - https://www.mozilla.org/security/advisories/mfsa2026-36/ - - https://www.mozilla.org/security/advisories/mfsa2026-38/ + - https://nvd.nist.gov/vuln/detail/CVE-2023-47321 + - https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47321 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-7324-CANDIDATE - cve_id: CVE-2026-7324 - name: Candidate detection for CVE-2026-7324 + id: CVE-2023-47322-CANDIDATE + cve_id: CVE-2023-47322 + name: Candidate detection for CVE-2023-47322 severity: high - cvss: 7.3 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs - showed evidence of memory corruption and we presume that with enough effort some - of these could have been exploited to run arbitrary code. This vulnerability was - fixed in Firefox 150.0.1 and Thunderbird 150.0.1. + description: The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to + Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator + goes to a malicious URL while being authenticated to the Silverpeas application, + the CSRF with execute making the attacker an administrator user in the application. detection: payload: null verify: null @@ -31414,41 +25230,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-7324 - - https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029419%2C2029717%2C2029769%2C2029886 - - https://www.mozilla.org/security/advisories/mfsa2026-35/ - - https://www.mozilla.org/security/advisories/mfsa2026-38/ - - https://access.redhat.com/security/cve/CVE-2026-7324 + - https://nvd.nist.gov/vuln/detail/CVE-2023-47322 + - https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47322 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-7111-CANDIDATE - cve_id: CVE-2026-7111 - name: Candidate detection for CVE-2026-7111 + id: CVE-2023-47323-CANDIDATE + cve_id: CVE-2023-47323 + name: Candidate detection for CVE-2023-47323 severity: high - cvss: 8.4 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Text::CSV_XS versions before 1.62 for Perl have a use-after-free when - registered callbacks extend the Perl argument stack, which may enable type confusion - or memory corruption. - - - The Parse, print, getline, and getline_all methods invoke registered callbacks - (for example after_parse, before_print, or on_error) and cache the Perl argument - stack pointer across the call. If a callback extends the argument stack enough - to trigger a reallocation, the return value is written through the stale pointer - into the freed buffer, and the caller reads the original $self argument as the - return value instead. - - - Calling code that expects parsed data from getline_all receives the Text::CSV_XS - object in its place, leading to logic errors or crashes. Text::CSV_XS objects - used without any registered callbacks are not affected.' + description: The notification/messaging feature of Silverpeas Core 6.3.1 does not + enforce access control on the ID parameter. This allows an attacker to read all + messages sent between other users; including those sent only to administrators. detection: payload: null verify: null @@ -31456,33 +25256,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-7111 - - https://github.com/cpan-authors/Text-CSV_XS/commit/c17f31a5f2bf36674748eb4b6e25672f0571a224.patch - - https://metacpan.org/release/HMBRAND/Text-CSV_XS-1.62/changes - - https://lists.debian.org/debian-lts-announce/2026/06/msg00037.html + - https://nvd.nist.gov/vuln/detail/CVE-2023-47323 + - https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47323 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-37555-CANDIDATE - cve_id: CVE-2026-37555 - name: Candidate detection for CVE-2026-37555 - severity: high - cvss: 7.5 + id: CVE-2023-47324-CANDIDATE + cve_id: CVE-2023-47324 + name: Candidate detection for CVE-2023-47324 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF - code path (line 241) was fixed with (sf_count_t) cast, but the WAV code path (line - 235) and close path (line 167) were not. When samplesperblock (int) * blocks (int) - exceeds INT_MAX, the 32-bit multiplication overflows before being assigned to - sf.frames (sf_count_t/int64). With samplesperblock=50000 and blocks=50000, the - product 2500000000 overflows to -1794967296. This causes incorrect frame count - leading to heap buffer overflow or denial of service. Both values come from the - WAV file header and are attacker-controlled. This issue was discovered after an - incomplete fix for CVE-2022-33065. + description: Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via + the message/notification feature. detection: payload: null verify: null @@ -31490,29 +25281,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-37555 - - https://gist.github.com/sgInnora/a5f5c19e4bf6f4fb74fab7b0ef2bfcc1 - - https://github.com/libsndfile/libsndfile/commit/9a829113c88a51e57c1e46473e90609e4b7df151 - - https://github.com/libsndfile/libsndfile/issues/833 - - https://access.redhat.com/errata/RHSA-2026:19559 + - https://nvd.nist.gov/vuln/detail/CVE-2023-47324 + - https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47324 + - https://github.com/Silverpeas/Silverpeas-Core/pull/1298/commits generated_from: - nvd - status: candidate executable: false - id: CVE-2026-38993-CANDIDATE - cve_id: CVE-2026-38993 - name: Candidate detection for CVE-2026-38993 + id: CVE-2023-47325-CANDIDATE + cve_id: CVE-2023-47325 + name: Candidate detection for CVE-2023-47325 severity: medium - cvss: 6.5 + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Cockpit 2.13.5 and earlier is vulnerable to directory traversal via - the Buckets component. This vulnerability allows authenticated attackers to write - files to arbitrary locations within the uploads directory or overwrite assets - with malicious versions. + description: Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken + access control. A user with low privileges is able to navigate directly to the + bin, revealing all deleted spaces. The user can then restore or permanently delete + the spaces. detection: payload: null verify: null @@ -31520,36 +25309,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-38993 - - https://felsec.com/posts/cockpit-cms-2.13.5-multi-vulns/ - - https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.14.0 - - https://access.redhat.com/security/cve/CVE-2026-38993 - - https://bugzilla.redhat.com/show_bug.cgi?id=2463843 + - https://nvd.nist.gov/vuln/detail/CVE-2023-47325 + - https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47325 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42198-CANDIDATE - cve_id: CVE-2026-42198 - name: Candidate detection for CVE-2026-42198 + id: CVE-2023-47326-CANDIDATE + cve_id: CVE-2023-47326 + name: Candidate detection for CVE-2023-47326 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 - to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service - during SCRAM-SHA-256 authentication. A malicious server can instruct the driver - to perform SCRAM authentication with a very large iteration count. With a large - enough value, the client spends an unbounded amount of CPU time inside PBKDF2 - before authentication can fail. A single attempt ties up a CPU core. Repeated - or concurrent attempts exhaust client CPU and can wedge connection pools. In affected - versions, loginTimeout did not fully mitigate this problem. When loginTimeout - expired, the caller could stop waiting, but the worker thread performing the connection - attempt could continue running and burning CPU inside the SCRAM PBKDF2 computation. - This issue has been patched in version 42.7.11. + description: Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) + via the Domain SQL Create function. detection: payload: null verify: null @@ -31557,27 +25334,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42198 - - https://github.com/pgjdbc/pgjdbc/releases/tag/REL42.7.11 - - https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-98qh-xjc8-98pq - - https://access.redhat.com/errata/RHSA-2026:19098 - - https://access.redhat.com/errata/RHSA-2026:22304 + - https://nvd.nist.gov/vuln/detail/CVE-2023-47326 + - https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47326 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-5402-CANDIDATE - cve_id: CVE-2026-5402 - name: Candidate detection for CVE-2026-5402 - severity: high - cvss: 8.8 + id: CVE-2023-47327-CANDIDATE + cve_id: CVE-2023-47327 + name: Candidate detection for CVE-2023-47327 + severity: medium + cvss: 4.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows - denial of service and possible code execution + description: The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for + use by administrators. This function suffers from broken access control, allowing + any authenticated user to create a space by navigating to the correct URL. detection: payload: null verify: null @@ -31585,30 +25360,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-5402 - - https://gitlab.com/wireshark/wireshark/-/issues/21090 - - https://www.wireshark.org/security/wnpa-sec-2026-14.html - - https://access.redhat.com/security/cve/CVE-2026-5402 - - https://bugzilla.redhat.com/show_bug.cgi?id=2464038 + - https://nvd.nist.gov/vuln/detail/CVE-2023-47327 + - https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47327 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-14576-CANDIDATE - cve_id: CVE-2025-14576 - name: Candidate detection for CVE-2025-14576 - severity: high - cvss: 7.8 + id: CVE-2023-50983-CANDIDATE + cve_id: CVE-2023-50983 + name: Candidate detection for CVE-2023-50983 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Insufficient validation of node IDs in Qt SVG module allows arbitrary - QML/JavaScript code injection when loading malicious SVG files through the VectorImage - component in Qt Quick. While QML execution is typically more restricted than native - code execution, this could still lead to denial of service, information disclosure, - or other impacts depending on the application's privilege level and data access. + description: Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection + vulnerability via the sysScheduleRebootSet function. detection: payload: null verify: null @@ -31616,43 +25385,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-14576 - - https://codereview.qt-project.org/c/qt/qtdeclarative/+/697273 - - https://access.redhat.com/errata/RHSA-2026:20567 - - https://access.redhat.com/errata/RHSA-2026:24987 - - https://access.redhat.com/errata/RHSA-2026:7620 + - https://nvd.nist.gov/vuln/detail/CVE-2023-50983 + - https://github.com/ef4tless/vuln/blob/master/iot/i29/sysScheduleRebootSet-2.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-7163-CANDIDATE - cve_id: CVE-2026-7163 - name: Candidate detection for CVE-2026-7163 - severity: medium - cvss: 6.1 + id: CVE-2023-50984-CANDIDATE + cve_id: CVE-2023-50984 + name: Candidate detection for CVE-2023-50984 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A vulnerability in the assisted-service REST API, an optional Assisted\ - \ Installer (assisted-service) component in the Multicluster Engine (MCE), allows\ - \ an authenticated user with minimal namespace-scoped privileges to obtain administrative\ - \ credentials for arbitrary clusters provisioned through the hub. \n\nThe credentials\ - \ download endpoint (GET /v2/clusters/{cluster_id}/credentials, which returns\ - \ the kubeadmin password) and the kubeconfig download endpoint are operational\ - \ in AUTH_TYPE=local mode, the only authentication mode available in on-premises\ - \ ACM/MCE hub deployments. The local authenticator unconditionally grants full\ - \ administrative access to any request bearing a valid JWT, with no per-endpoint\ - \ restrictions. A valid local JWT is embedded as a plaintext query parameter in\ - \ InfraEnvStatus.ISODownloadURL and is readable by any user who has get rights\ - \ on an InfraEnv object in their own namespace.\n\nThe affected components ship\ - \ as part of Multicluster Engine (MCE). The Red Hat Advanced Cluster Management\ - \ (ACM) deployments that include MCE are equally affected.\nThis issue does not\ - \ affect the hosted SaaS offering (console.redhat.com), which uses a different\ - \ authentication mode.\n\nSuccessful exploitation gives the attacker the kubeadmin\ - \ password and kubeconfig for any OpenShift cluster provisioned through the affected\ - \ hub, granting unrestricted root-level administrative access to those spoke clusters." + description: Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow + via the ip parameter in the spdtstConfigAndStart function. detection: payload: null verify: null @@ -31660,28 +25410,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-7163 - - https://access.redhat.com/errata/RHSA-2026:11511 - - https://access.redhat.com/errata/RHSA-2026:11512 - - https://access.redhat.com/errata/RHSA-2026:12116 - - https://access.redhat.com/errata/RHSA-2026:12337 + - https://nvd.nist.gov/vuln/detail/CVE-2023-50984 + - https://github.com/ef4tless/vuln/blob/master/iot/i29/spdtstConfigAndStart.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-7246-CANDIDATE - cve_id: CVE-2026-7246 - name: Candidate detection for CVE-2026-7246 - severity: high - cvss: 7.2 + id: CVE-2023-50985-CANDIDATE + cve_id: CVE-2023-50985 + name: Candidate detection for CVE-2023-50985 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Pallets Click, versions 8.3.2 and below, contain a command injection - vulnerability in the click.edit() function, allowing attackers to pass arbitrary - OS commands from an unprivileged account. + description: Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow + via the lanGw parameter in the lanCfgSet function. detection: payload: null verify: null @@ -31689,31 +25435,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-7246 - - https://github.com/pallets/click/releases/tag/8.3.3 - - https://github.com/tsigouris007/security-advisories/security/advisories/GHSA-47fr-3ffg-hgmw - - https://access.redhat.com/errata/RHSA-2026:24761 - - https://access.redhat.com/errata/RHSA-2026:24762 + - https://nvd.nist.gov/vuln/detail/CVE-2023-50985 + - https://github.com/ef4tless/vuln/blob/master/iot/i29/lanCfgSet.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-7500-CANDIDATE - cve_id: CVE-2026-7500 - name: Candidate detection for CVE-2026-7500 - severity: medium - cvss: 5.4 + id: CVE-2023-50986-CANDIDATE + cve_id: CVE-2023-50986 + name: Candidate detection for CVE-2023-50986 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "When Keycloak is started with `--features-disabled=account,account-api`,\ - \ the Account REST API is only partially disabled. Five endpoints under the versioned\ - \ path `/account/v1alpha1` remain fully functional \u2014 including both read\ - \ and write operations \u2014 because they lack the `checkAccountApiEnabled()`\ - \ gate that correctly blocks four other endpoints in the same REST service class.\ - \ The user needs to have permissions to use the API." + description: Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow + via the time parameter in the sysLogin function. detection: payload: null verify: null @@ -31721,29 +25460,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-7500 - - https://access.redhat.com/errata/RHSA-2026:25097 - - https://access.redhat.com/errata/RHSA-2026:25098 - - https://access.redhat.com/errata/RHSA-2026:30049 - - https://access.redhat.com/errata/RHSA-2026:30050 + - https://nvd.nist.gov/vuln/detail/CVE-2023-50986 + - https://github.com/ef4tless/vuln/blob/master/iot/i29/sysLogin.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33845-CANDIDATE - cve_id: CVE-2026-33845 - name: Candidate detection for CVE-2026-33845 - severity: high - cvss: 7.5 + id: CVE-2023-50987-CANDIDATE + cve_id: CVE-2023-50987 + name: Candidate detection for CVE-2023-50987 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw in GnuTLS DTLS handshake parsing allows malformed fragments - with zero length and non-zero offset, leading to an integer underflow during reassembly - and resulting in an out-of-bounds read. This issue is remotely exploitable and - may cause information disclosure or denial of service. + description: Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow + via the time parameter in the sysTimeInfoSet function. detection: payload: null verify: null @@ -31751,30 +25485,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33845 - - https://access.redhat.com/errata/RHSA-2026:13274 - - https://access.redhat.com/errata/RHSA-2026:20611 - - https://access.redhat.com/errata/RHSA-2026:20612 - - https://access.redhat.com/errata/RHSA-2026:20613 + - https://nvd.nist.gov/vuln/detail/CVE-2023-50987 + - https://github.com/ef4tless/vuln/blob/master/iot/i29/sysTimeInfoSet.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3832-CANDIDATE - cve_id: CVE-2026-3832 - name: Candidate detection for CVE-2026-3832 - severity: low - cvss: 3.7 + id: CVE-2023-50988-CANDIDATE + cve_id: CVE-2023-50988 + name: Candidate detection for CVE-2023-50988 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in gnutls. A remote attacker could exploit this vulnerability - by presenting a specially crafted Online Certificate Status Protocol (OCSP) response - during a TLS handshake. Due to a logic error in how gnutls processes multi-record - OCSP responses, a client with OCSP verification enabled may incorrectly accept - a revoked server certificate, potentially leading to a compromise of trust. + description: Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow + via the bandwidth parameter in the wifiRadioSetIndoor function. detection: payload: null verify: null @@ -31782,32 +25510,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3832 - - https://access.redhat.com/errata/RHSA-2026:13274 - - https://access.redhat.com/errata/RHSA-2026:20612 - - https://access.redhat.com/errata/RHSA-2026:20613 - - https://access.redhat.com/errata/RHSA-2026:26319 + - https://nvd.nist.gov/vuln/detail/CVE-2023-50988 + - https://github.com/ef4tless/vuln/blob/master/iot/i29/wifiRadioSetIndoor.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-3833-CANDIDATE - cve_id: CVE-2026-3833 - name: Candidate detection for CVE-2026-3833 - severity: medium - cvss: 6.5 + id: CVE-2023-50989-CANDIDATE + cve_id: CVE-2023-50989 + name: Candidate detection for CVE-2023-50989 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in gnutls. This vulnerability occurs because gnutls - performs case-sensitive comparisons of `nameConstraints` labels, specifically - for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` - or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf - certificate with casing differences in the Subject Alternative Name (SAN), leading - to a policy bypass where a certificate that should be rejected is instead accepted. - This could result in unauthorized access or information disclosure. + description: Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection + vulnerability via the pingSet function. detection: payload: null verify: null @@ -31815,30 +25535,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-3833 - - https://access.redhat.com/errata/RHSA-2026:13274 - - https://access.redhat.com/errata/RHSA-2026:20611 - - https://access.redhat.com/errata/RHSA-2026:20612 - - https://access.redhat.com/errata/RHSA-2026:20613 + - https://nvd.nist.gov/vuln/detail/CVE-2023-50989 + - https://github.com/ef4tless/vuln/blob/master/iot/i29/pingSet-2.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-35051-CANDIDATE - cve_id: CVE-2026-35051 - name: Candidate detection for CVE-2026-35051 + id: CVE-2023-50990-CANDIDATE + cve_id: CVE-2023-50990 + name: Candidate detection for CVE-2023-50990 severity: critical - cvss: 10.0 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Traefik is an HTTP reverse proxy and load balancer. Prior to versions - 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability - in Traefik's ForwardAuth middleware when trustForwardHeader=false is configured - and Traefik is deployed behind a trusted upstream proxy. This issue has been patched - in versions 2.11.43, 3.6.14, and 3.7.0-rc.2. + description: Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow + via the rebootTime parameter in the sysScheduleRebootSet function. detection: payload: null verify: null @@ -31846,36 +25560,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-35051 - - https://github.com/traefik/traefik/releases/tag/v2.11.43 - - https://github.com/traefik/traefik/releases/tag/v3.6.14 - - https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2 - - https://github.com/traefik/traefik/security/advisories/GHSA-6384-m2mw-rf54 + - https://nvd.nist.gov/vuln/detail/CVE-2023-50990 + - https://github.com/ef4tless/vuln/blob/master/iot/i29/sysScheduleRebootSet.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-39858-CANDIDATE - cve_id: CVE-2026-39858 - name: Candidate detection for CVE-2026-39858 + id: CVE-2023-50992-CANDIDATE + cve_id: CVE-2023-50992 + name: Candidate detection for CVE-2023-50992 severity: critical - cvss: 10.0 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Traefik is an HTTP reverse proxy and load balancer. Prior to versions\ - \ 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass\ - \ vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware.\ - \ Traefik's forwarded-header sanitization logic targets only canonical header\ - \ names (e.g., X-Forwarded-Proto) and does not strip or normalize alias variants\ - \ that use underscores instead of dashes (e.g., X_Forwarded_Proto). These unsanitized\ - \ alias headers are forwarded intact to the authentication backend. When the backend\ - \ normalizes underscore and dash header forms equivalently, an attacker can inject\ - \ spoofed trust context \u2014 such as a trusted scheme or host \u2014 through\ - \ the alias headers and bypass authentication on protected routes without valid\ - \ credentials. This issue has been patched in versions 2.11.43, 3.6.14, and 3.7.0-rc.2." + description: Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow + via the ip parameter in the setPing function. detection: payload: null verify: null @@ -31883,38 +25585,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-39858 - - https://github.com/traefik/traefik/releases/tag/v2.11.43 - - https://github.com/traefik/traefik/releases/tag/v3.6.14 - - https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2 - - https://github.com/traefik/traefik/security/advisories/GHSA-5m6w-wvh7-57vm + - https://nvd.nist.gov/vuln/detail/CVE-2023-50992 + - https://github.com/ef4tless/vuln/blob/master/iot/i29/setPing.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40912-CANDIDATE - cve_id: CVE-2026-40912 - name: Candidate detection for CVE-2026-40912 + id: CVE-2023-46987-CANDIDATE + cve_id: CVE-2023-46987 + name: Candidate detection for CVE-2023-46987 severity: high - cvss: 8.2 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Traefik is an HTTP reverse proxy and load balancer. Prior to versions - 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass - vulnerability in Traefik's StripPrefixRegex middleware when used in combination - with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches the regex against - the decoded URL path but uses the resulting byte length to slice the percent-encoded - raw path. When a dot (or multiple dots) appears in the prefix portion of the URL, - the raw path after stripping becomes a dot-segment (e.g. /./admin/secret). ForwardAuth - receives this dot-segment path in X-Forwarded-Uri, which does not match the protected - path patterns and therefore allows the request through. The backend then normalizes - the dot-segment to the real path per RFC 3986 and serves the protected content - An unauthenticated attacker can exploit this against any backend that performs - dot-segment normalization. This issue has been patched in versions 2.11.43, 3.6.14, - and 3.7.0-rc.2. + description: SeaCMS v12.9 was discovered to contain a remote code execution (RCE) + vulnerability via the component /augap/adminip.php. detection: payload: null verify: null @@ -31922,27 +25610,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40912 - - https://github.com/traefik/traefik/releases/tag/v2.11.43 - - https://github.com/traefik/traefik/releases/tag/v3.6.14 - - https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2 - - https://github.com/traefik/traefik/security/advisories/GHSA-6jwx-7vp4-9847 + - https://nvd.nist.gov/vuln/detail/CVE-2023-46987 + - https://blog.csdn.net/weixin_72610998/article/details/133420747?spm=1001.2014.3001.5501 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-5403-CANDIDATE - cve_id: CVE-2026-5403 - name: Candidate detection for CVE-2026-5403 - severity: high - cvss: 7.8 + id: CVE-2023-50470-CANDIDATE + cve_id: CVE-2023-50470 + name: Candidate detection for CVE-2023-50470 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows - denial of service and possible code execution + description: A cross-site scripting (XSS) vulnerability in the component admin_ + Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or + HTML via a crafted payload. detection: payload: null verify: null @@ -31950,27 +25636,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-5403 - - https://gitlab.com/wireshark/wireshark/-/issues/21103 - - https://www.wireshark.org/security/wnpa-sec-2026-16.html - - https://access.redhat.com/security/cve/CVE-2026-5403 - - https://bugzilla.redhat.com/show_bug.cgi?id=2464271 + - https://nvd.nist.gov/vuln/detail/CVE-2023-50470 + - https://blog.csdn.net/weixin_72610998/article/details/134784075?spm=1001.2014.3001.5502 + - https://www.seacms.net/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-5405-CANDIDATE - cve_id: CVE-2026-5405 - name: Candidate detection for CVE-2026-5405 - severity: high - cvss: 7.8 + id: CVE-2023-50651-CANDIDATE + cve_id: CVE-2023-50651 + name: Candidate detection for CVE-2023-50651 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 - to 4.4.14 allows denial of service and possible code execution + description: TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a + remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. detection: payload: null verify: null @@ -31978,27 +25662,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-5405 - - https://gitlab.com/wireshark/wireshark/-/issues/21105 - - https://www.wireshark.org/security/wnpa-sec-2026-17.html - - https://access.redhat.com/errata/RHSA-2026:20600 - - https://access.redhat.com/errata/RHSA-2026:26182 + - https://nvd.nist.gov/vuln/detail/CVE-2023-50651 + - https://palm-jump-676.notion.site/X6000R-sub_4119A0-11-b35b4ca36ce84e07afff85c98414d293 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-5656-CANDIDATE - cve_id: CVE-2026-5656 - name: Candidate detection for CVE-2026-5656 - severity: high - cvss: 7.0 + id: CVE-2023-47458-CANDIDATE + cve_id: CVE-2023-47458 + name: Candidate detection for CVE-2023-47458 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 - to 4.4.14 allows denial of service and possible code execution + description: An issue in SpringBlade v.3.7.0 and before allows a remote attacker + to escalate privileges via the lack of permissions control framework. detection: payload: null verify: null @@ -32006,33 +25687,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-5656 - - https://gitlab.com/wireshark/wireshark/-/issues/21115 - - https://www.wireshark.org/security/wnpa-sec-2026-21.html - - https://access.redhat.com/errata/RHSA-2026:20600 - - https://access.redhat.com/errata/RHSA-2026:26182 + - https://nvd.nist.gov/vuln/detail/CVE-2023-47458 + - https://gist.github.com/Mr-F0reigner/b05487f5ca52d17e214fffd6e1e0312a + - https://gitee.com/smallc/SpringBlade generated_from: - nvd - status: candidate executable: false - id: CVE-2026-43001-CANDIDATE - cve_id: CVE-2026-43001 - name: Candidate detection for CVE-2026-43001 - severity: high - cvss: 7.9 + id: CVE-2020-26623-CANDIDATE + cve_id: CVE-2020-26623 + name: Candidate detection for CVE-2020-26623 + severity: low + cvss: 3.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials - did not validate that the caller-supplied project_id for an EC2-type credential - matched the project of the authenticating application credential. This allowed - an attacker holding an unrestricted application credential for project A to create - an EC2 credential targeting project B; a subsequent /v3/ec2tokens exchange would - then issue a Keystone token scoped to project B while still carrying the original - app_cred_id, enabling cross-project lateral movement within the credential owner's - role footprint. + description: SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier + allows a remote attacker to execute arbitrary web scripts via the Area parameter + under the Administration>Widget tab after the login portal. detection: payload: null verify: null @@ -32040,29 +25714,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-43001 - - https://bugs.launchpad.net/keystone/+bug/2149775 - - https://review.opendev.org/c/openstack/keystone/+/985804 - - https://security.openstack.org/ossa/OSSA-2026-015.html - - https://access.redhat.com/security/cve/CVE-2026-43001 + - https://nvd.nist.gov/vuln/detail/CVE-2020-26623 + - https://github.com/GilaCMS/gila + - https://github.com/GilaCMS/gila/security/policy + - https://packetstormsecurity.com/files/176301/GilaCMS-1.15.4-SQL-Injection.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-43003-CANDIDATE - cve_id: CVE-2026-43003 - name: Candidate detection for CVE-2026-43003 - severity: high - cvss: 8.0 + id: CVE-2020-26624-CANDIDATE + cve_id: CVE-2020-26624 + name: Candidate detection for CVE-2020-26624 + severity: low + cvss: 3.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: An issue was discovered in OpenStack ironic-python-agent 1.0.0 through - 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within - a chroot of the deployed partition image, leading to code execution in the case - of a malicious image. + description: A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and + earlier which allows a remote attacker to execute arbitrary web scripts via the + ID parameter after the login portal. detection: payload: null verify: null @@ -32070,44 +25742,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-43003 - - https://bugs.launchpad.net/ironic-python-agent/+bug/2148310 - - https://github.com/openstack/ironic-python-agent/blob/236b33abffe6688afc39c21e351cc3889b3db2dd/ironic_python_agent/efi_utils.py#L134-L139 - - https://access.redhat.com/security/cve/CVE-2026-43003 - - https://bugzilla.redhat.com/show_bug.cgi?id=2464306 + - https://nvd.nist.gov/vuln/detail/CVE-2020-26624 + - https://github.com/GilaCMS/gila + - https://github.com/GilaCMS/gila/security/policy + - https://packetstormsecurity.com/files/176301/GilaCMS-1.15.4-SQL-Injection.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-31703-CANDIDATE - cve_id: CVE-2026-31703 - name: Candidate detection for CVE-2026-31703 - severity: high - cvss: 7.8 + id: CVE-2020-26625-CANDIDATE + cve_id: CVE-2020-26625 + name: Candidate detection for CVE-2020-26625 + severity: low + cvss: 3.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "In the Linux kernel, the following vulnerability has been resolved:\n\ - \nwriteback: Fix use after free in inode_switch_wbs_work_fn()\n\ninode_switch_wbs_work_fn()\ - \ has a loop like:\n\n wb_get(new_wb);\n while (1) {\n list = llist_del_all(&new_wb->switch_wbs_ctxs);\n\ - \ /* Nothing to do? */\n if (!list)\n break;\n ... process the items\ - \ ...\n }\n\nNow adding of items to the list looks like:\n\nwb_queue_isw()\n\ - \ if (llist_add(&isw->list, &wb->switch_wbs_ctxs))\n queue_work(isw_wq, &wb->switch_work);\n\ - \nBecause inode_switch_wbs_work_fn() loops when processing isw items, it\ncan\ - \ happen that wb->switch_work is pending while wb->switch_wbs_ctxs is\nempty.\ - \ This is a problem because in that case wb can get freed (no isw\nitems -> no\ - \ wb reference) while the work is still pending causing\nuse-after-free issues.\n\ - \nWe cannot just fix this by cancelling work when freeing wb because that\ncould\ - \ still trigger problematic 0 -> 1 transitions on wb refcount due to\nwb_get()\ - \ in inode_switch_wbs_work_fn(). It could be all handled with\nmore careful code\ - \ but that seems unnecessarily complex so let's avoid\nthat until it is proven\ - \ that the looping actually brings practical\nbenefit. Just remove the loop from\ - \ inode_switch_wbs_work_fn() instead.\nThat way when wb_queue_isw() queues work,\ - \ we are guaranteed we have\nadded the first item to wb->switch_wbs_ctxs and nobody\ - \ is going to\nremove it (and drop the wb reference it holds) until the queued\ - \ work\nruns." + description: A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and + earlier which allows a remote attacker to execute arbitrary web scripts via the + 'user_id' parameter after the login portal. detection: payload: null verify: null @@ -32115,65 +25770,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-31703 - - https://git.kernel.org/stable/c/028103656b84273c73e9e271cf95c9f3421f4b8a - - https://git.kernel.org/stable/c/156cc63691c1f20905510b1007896e090355e6c2 - - https://git.kernel.org/stable/c/6689f01d6740cf358932b3e97ee968c6099800d9 - - https://git.kernel.org/stable/c/9223e5f30403a9b506d6d0bff4f2e29a2d7d46af + - https://nvd.nist.gov/vuln/detail/CVE-2020-26625 + - https://github.com/GilaCMS/gila + - https://github.com/GilaCMS/gila/security/policy + - https://packetstormsecurity.com/files/176301/GilaCMS-1.15.4-SQL-Injection.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-31709-CANDIDATE - cve_id: CVE-2026-31709 - name: Candidate detection for CVE-2026-31709 + id: CVE-2023-45559-CANDIDATE + cve_id: CVE-2023-45559 + name: Candidate detection for CVE-2023-45559 severity: high - cvss: 8.8 + cvss: 8.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'In the Linux kernel, the following vulnerability has been resolved: - - - smb: client: validate the whole DACL before rewriting it in cifsacl - - - build_sec_desc() and id_mode_to_cifs_acl() derive a DACL pointer from a - - server-supplied dacloffset and then use the incoming ACL to rebuild the - - chmod/chown security descriptor. - - - The original fix only checked that the struct smb_acl header fits before - - reading dacl_ptr->size or dacl_ptr->num_aces. That avoids the immediate - - header-field OOB read, but the rewrite helpers still walk ACEs based on - - pdacl->num_aces with no structural validation of the incoming DACL body. - - - A malicious server can return a truncated DACL that still contains a - - header, claims one or more ACEs, and then drive - - replace_sids_and_copy_aces() or set_chmod_dacl() past the validated - - extent while they compare or copy attacker-controlled ACEs. - - - Factor the DACL structural checks into validate_dacl(), extend them to - - validate each ACE against the DACL bounds, and use the shared validator - - before the chmod/chown rebuild paths. parse_dacl() reuses the same - - validator so the read-side parser and write-side rewrite paths agree on - - what constitutes a well-formed incoming DACL.' + description: An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send + crafted notifications via leakage of the channel access token. detection: payload: null verify: null @@ -32181,55 +25797,23 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-31709 - - https://git.kernel.org/stable/c/0a8cf165566ba55a39fd0f4de172119dd646d39a - - https://git.kernel.org/stable/c/8e47d297e7cf9a6029a0d38e7b22faba7d7aaf12 - - https://git.kernel.org/stable/c/b78db9bddc84136f6a0bb49e8883cf200dfb87a8 - - https://git.kernel.org/stable/c/b8603d9ae6c9087662b098619996bc4a8064319d + - https://nvd.nist.gov/vuln/detail/CVE-2023-45559 + - https://github.com/syz913/CVE-reports/blob/main/CVE-2023-45559.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-43037-CANDIDATE - cve_id: CVE-2026-43037 - name: Candidate detection for CVE-2026-43037 - severity: critical - cvss: 9.8 + id: CVE-2023-47890-CANDIDATE + cve_id: CVE-2023-47890 + name: Candidate detection for CVE-2023-47890 + severity: high + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'In the Linux kernel, the following vulnerability has been resolved: - - - ip6_tunnel: clear skb2->cb[] in ip4ip6_err() - - - Oskar Kjos reported the following problem. - - - ip4ip6_err() calls icmp_send() on a cloned skb whose cb[] was written - - by the IPv6 receive path as struct inet6_skb_parm. icmp_send() passes - - IPCB(skb2) to __ip_options_echo(), which interprets that cb[] region - - as struct inet_skb_parm (IPv4). The layouts differ: inet6_skb_parm.nhoff - - at offset 14 overlaps inet_skb_parm.opt.rr, producing a non-zero rr - - value. __ip_options_echo() then reads optlen from attacker-controlled - - packet data at sptr[rr+1] and copies that many bytes into dopt->__data, - - a fixed 40-byte stack buffer (IP_OPTIONS_DATA_FIXED_SIZE). - - - To fix this we clear skb2->cb[], as suggested by Oskar Kjos. - - - Also add minimal IPv4 header validation (version == 4, ihl >= 5).' + description: pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. detection: payload: null verify: null @@ -32237,18 +25821,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-43037 - - https://git.kernel.org/stable/c/1063515ce15ff31065c4e7f8265f4c2fd3c54876 - - https://git.kernel.org/stable/c/2cc6e3b0fe0f0242d1f530a93a4924f48ab85ba5 - - https://git.kernel.org/stable/c/2edfa31769a4add828a7e604b21cb82aaaa05925 - - https://git.kernel.org/stable/c/4a622658f384b03560834cbe8ffcfe69a278f7c8 + - https://nvd.nist.gov/vuln/detail/CVE-2023-47890 + - https://github.com/pyload/pyload/security/advisories/GHSA-h73m-pcfw-25h2 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-43038-CANDIDATE - cve_id: CVE-2026-43038 - name: Candidate detection for CVE-2026-43038 + id: CVE-2023-50643-CANDIDATE + cve_id: CVE-2023-50643 + name: Candidate detection for CVE-2023-50643 severity: critical cvss: 9.8 risk_level: unknown @@ -32256,24 +25837,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: "In the Linux kernel, the following vulnerability has been resolved:\n\ - \nipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()\n\nSashiko AI-review\ - \ observed:\n\n In ip6_err_gen_icmpv6_unreach(), the skb is an outer IPv4 ICMP\ - \ error packet\n where its cb contains an IPv4 inet_skb_parm. When skb is cloned\ - \ into skb2\n and passed to icmp6_send(), it uses IP6CB(skb2).\n\n IP6CB interprets\ - \ the IPv4 inet_skb_parm as an inet6_skb_parm. The cipso\n offset in inet_skb_parm.opt\ - \ directly overlaps with dsthao in inet6_skb_parm\n at offset 18.\n\n If an\ - \ attacker sends a forged ICMPv4 error with a CIPSO IP option, dsthao\n would\ - \ be a non-zero offset. Inside icmp6_send(), mip6_addr_swap() is called\n and\ - \ uses ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO).\n\n This would scan the\ - \ inner, attacker-controlled IPv6 packet starting at that\n offset, potentially\ - \ returning a fake TLV without checking if the remaining\n packet length can\ - \ hold the full 18-byte struct ipv6_destopt_hao.\n\n Could mip6_addr_swap() then\ - \ perform a 16-byte swap that extends past the end\n of the packet data into\ - \ skb_shared_info?\n\n Should the cb array also be cleared in ip6_err_gen_icmpv6_unreach()\ - \ and\n ip6ip6_err() to prevent this?\n\nThis patch implements the first suggestion.\n\ - \nI am not sure if ip6ip6_err() needs to be changed.\nA separate patch would be\ - \ better anyway." + description: An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker + to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments + components. detection: payload: null verify: null @@ -32281,28 +25847,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-43038 - - https://git.kernel.org/stable/c/0452b6526b2f54b2413b9cb4ff1ea2ac542c99c7 - - https://git.kernel.org/stable/c/1ceeebd5bd6d855b17a5df625109bfe29129d7cf - - https://git.kernel.org/stable/c/3d5127d998de617b130aae96b138dba22ac6a8a7 - - https://git.kernel.org/stable/c/86ab3e55673a7a49a841838776f1ab18d23a67b5 + - https://nvd.nist.gov/vuln/detail/CVE-2023-50643 + - https://github.com/V3x0r/CVE-2023-50643 + - https://www.electronjs.org/blog/statement-run-as-node-cves generated_from: - nvd - status: candidate executable: false - id: CVE-2026-37457-CANDIDATE - cve_id: CVE-2026-37457 - name: Candidate detection for CVE-2026-37457 - severity: high - cvss: 7.5 + id: CVE-2023-26998-CANDIDATE + cve_id: CVE-2023-26998 + name: Candidate detection for CVE-2023-26998 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() - function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers - to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component. + description: Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 + allows a remote attacker to execute arbitrary code via the creator parameter of + the Alert Configuration page. detection: payload: null verify: null @@ -32310,30 +25874,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-37457 - - https://github.com/FRRouting/frr/commit/0e6882bc72c0278988a47b2f0f73b7a91099a25c - - https://access.redhat.com/errata/RHSA-2026:24340 - - https://access.redhat.com/errata/RHSA-2026:24347 - - https://access.redhat.com/errata/RHSA-2026:24370 + - https://nvd.nist.gov/vuln/detail/CVE-2023-26998 + - https://piotrryciak.com/posts/netscout-multiple-vulnerabilities/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-7598-CANDIDATE - cve_id: CVE-2026-7598 - name: Candidate detection for CVE-2026-7598 - severity: high - cvss: 7.3 + id: CVE-2023-26999-CANDIDATE + cve_id: CVE-2023-26999 + name: Candidate detection for CVE-2023-26999 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A security vulnerability has been detected in libssh2 up to 1.11.1. - The impacted element is the function userauth_password of the file src/userauth.c. - Such manipulation of the argument username_len/password_len leads to integer overflow. - The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. - A patch should be applied to remediate this issue. + description: An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker + to execute arbitrary code and cause a denial of service via a crafted file. detection: payload: null verify: null @@ -32341,27 +25899,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-7598 - - https://github.com/libssh2/libssh2/ - - https://github.com/libssh2/libssh2/commit/256d04b60d80bf1190e96b0ad1e91b2174d744b1 - - https://github.com/libssh2/libssh2/pull/1858 - - https://vuldb.com/submit/805564 + - https://nvd.nist.gov/vuln/detail/CVE-2023-26999 + - https://piotrryciak.com/posts/netscout-multiple-vulnerabilities/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-43824-CANDIDATE - cve_id: CVE-2026-43824 - name: Candidate detection for CVE-2026-43824 - severity: high - cvss: 7.7 + id: CVE-2023-27000-CANDIDATE + cve_id: CVE-2023-27000 + name: Candidate detection for CVE-2023-27000 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff - allows reading cleartext Kubernetes Secret data. + description: Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 + allows a remote attacker to execute arbitrary code via the name parameter of the + Profile and Exclusion List page(s). detection: payload: null verify: null @@ -32369,18 +25925,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-43824 - - https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3 - - https://access.redhat.com/security/cve/CVE-2026-43824 - - https://bugzilla.redhat.com/show_bug.cgi?id=2464613 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43824.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-27000 + - https://piotrryciak.com/posts/netscout-multiple-vulnerabilities/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33846-CANDIDATE - cve_id: CVE-2026-33846 - name: Candidate detection for CVE-2026-33846 + id: CVE-2023-27098-CANDIDATE + cve_id: CVE-2023-27098 + name: Candidate detection for CVE-2023-27098 severity: high cvss: 7.5 risk_level: unknown @@ -32388,18 +25941,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: A heap buffer overflow vulnerability exists in the DTLS handshake fragment - reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where - incoming handshake fragments are matched and merged based solely on handshake - type, without validating that the message_length field remains consistent across - all fragments of the same logical message. An attacker can exploit this by sending - crafted DTLS fragments with conflicting message_length values, causing the implementation - to allocate a buffer based on a smaller initial fragment and subsequently write - beyond its bounds using larger, inconsistent fragments. Because the merge operation - does not enforce proper bounds checking against the allocated buffer size, this - results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable - without authentication via the DTLS handshake path and can lead to application - crashes or potential memory corruption. + description: TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access + to the login panel. detection: payload: null verify: null @@ -32407,27 +25950,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33846 - - https://access.redhat.com/errata/RHSA-2026:13274 - - https://access.redhat.com/errata/RHSA-2026:20611 - - https://access.redhat.com/errata/RHSA-2026:20612 - - https://access.redhat.com/errata/RHSA-2026:20613 + - https://nvd.nist.gov/vuln/detail/CVE-2023-27098 + - https://github.com/c0d3x27/CVEs/tree/main/CVE-2023-27098 + - https://www.tp-link.com/support/contact-technical-support/#LiveChat-Support generated_from: - nvd - status: candidate executable: false - id: CVE-2025-70069-CANDIDATE - cve_id: CVE-2025-70069 - name: Candidate detection for CVE-2025-70069 - severity: high - cvss: 7.5 + id: CVE-2022-28975-CANDIDATE + cve_id: CVE-2022-28975 + name: Candidate detection for CVE-2022-28975 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial - of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method + description: A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS + v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a + crafted payload injected into the VLAN View Name field. detection: payload: null verify: null @@ -32435,31 +25977,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-70069 - - https://gist.github.com/GunP4ng/9080ae7f0470c889a59cc3bfca445223 - - https://access.redhat.com/security/cve/CVE-2025-70069 - - https://bugzilla.redhat.com/show_bug.cgi?id=2465306 - - https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-70069.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-28975 + - https://piotrryciak.com/posts/xss-infoblox/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6266-CANDIDATE - cve_id: CVE-2026-6266 - name: Candidate detection for CVE-2026-6266 - severity: high - cvss: 8.3 + id: CVE-2023-50128-CANDIDATE + cve_id: CVE-2023-50128 + name: Candidate detection for CVE-2023-50128 + severity: medium + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in the AAP gateway. The user auto-link strategy, introduced - in AAP 2.6, automatically links an external Identity Provider (IDP) identity to - an existing AAP user account based on email matching without verifying email ownership. - This allows a remote attacker to potentially hijack a victim's account or gain - unauthorized access to other accounts, including administrative accounts, by manipulating - the IDP-provided email. + description: The remote keyless system of the Hozard alarm system (alarmsystemen) + v1.0 sends an identical radio frequency signal for each request, which results + in an attacker being able to conduct replay attacks to bring the alarm system + to a disarmed state. detection: payload: null verify: null @@ -32467,62 +26004,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6266 - - https://access.redhat.com/errata/RHSA-2026:13508 - - https://access.redhat.com/errata/RHSA-2026:13512 - - https://access.redhat.com/errata/RHSA-2026:13545 - - https://access.redhat.com/security/cve/CVE-2026-6266 + - https://nvd.nist.gov/vuln/detail/CVE-2023-50128 + - https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23918-CANDIDATE - cve_id: CVE-2026-23918 - name: Candidate detection for CVE-2026-23918 + id: CVE-2023-46474-CANDIDATE + cve_id: CVE-2023-46474 + name: Candidate detection for CVE-2023-46474 severity: high - cvss: 8.8 - risk_level: unknown - requires_confirmation: true - priority: - cisa_kev: false - exploitdb_reference: true - description: 'Double Free and possible RCE vulnerability in Apache HTTP Server with - the HTTP/2 protocol. - - - This issue affects Apache HTTP Server: 2.4.66. - - - Users are recommended to upgrade to version 2.4.67, which fixes the issue.' - detection: - payload: null - verify: null - review_required: Define a read-only matcher and classify execution risk before - promotion. - remediation: Apply the vendor remediation or patched version documented in the advisory. - references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23918 - - https://httpd.apache.org/security/vulnerabilities_24.html - - https://access.redhat.com/errata/RHSA-2026:13938 - - https://access.redhat.com/security/cve/CVE-2026-23918 - - https://bugzilla.redhat.com/show_bug.cgi?id=2465304 - generated_from: - - nvd - - exploit_db -- status: candidate - executable: false - id: CVE-2025-70071-CANDIDATE - cve_id: CVE-2025-70071 - name: Candidate detection for CVE-2025-70071 - severity: medium - cvss: 5.9 + cvss: 7.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial - of service via the FBXParser.cpp, ParseVectorDataArray() + description: File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute + arbitrary code and escalate privileges via a crafted PHP file uploaded to the + start_import.php file. detection: payload: null verify: null @@ -32530,27 +26030,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-70071 - - https://gist.github.com/GunP4ng/6d80919905037929ce9266ccd207b9ea - - https://access.redhat.com/security/cve/CVE-2025-70071 - - https://bugzilla.redhat.com/show_bug.cgi?id=2465675 - - https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-70071.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-46474 + - https://github.com/Xn2/CVE-2023-46474 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24082-CANDIDATE - cve_id: CVE-2026-24082 - name: Candidate detection for CVE-2026-24082 + id: CVE-2023-51810-CANDIDATE + cve_id: CVE-2023-51810 + name: Candidate detection for CVE-2023-51810 severity: high - cvss: 7.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Memory Corruption when copying data from a freed source while executing - performance counter deselect operation. + description: SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed + in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted + request to the search parameter in the Users module. detection: payload: null verify: null @@ -32558,26 +26056,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24082 - - https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html + - https://nvd.nist.gov/vuln/detail/CVE-2023-51810 + - https://github.com/Pastea/CVE-2023-51810 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24118-CANDIDATE - cve_id: CVE-2026-24118 - name: Candidate detection for CVE-2026-24118 - severity: critical - cvss: 9.8 + id: CVE-2023-46952-CANDIDATE + cve_id: CVE-2023-46952 + name: Candidate detection for CVE-2023-46952 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, - VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write - code which can escape from the VM2 sandbox and execute arbitrary commands on the - host system. This issue has been patched in version 3.11.0. + description: Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker + to execute arbitrary code via a crafted payload to the Referer header. detection: payload: null verify: null @@ -32585,29 +26081,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24118 - - https://github.com/patriksimek/vm2/commit/2b5f3e3a060d9088f5e1cdd585d683d491f990a3 - - https://github.com/patriksimek/vm2/commit/f9b700b1c7d9ef2df416666cb24e0b659140cc74 - - https://github.com/patriksimek/vm2/releases/tag/v3.11.0 - - https://github.com/patriksimek/vm2/security/advisories/GHSA-grj5-jjm8-h35p + - https://nvd.nist.gov/vuln/detail/CVE-2023-46952 + - https://github.com/SadFox/ABO.CMS-Blind-XSS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24120-CANDIDATE - cve_id: CVE-2026-24120 - name: Candidate detection for CVE-2026-24120 - severity: critical - cvss: 9.8 + id: CVE-2023-51946-CANDIDATE + cve_id: CVE-2023-51946 + name: Candidate detection for CVE-2023-51946 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, - the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers - to write code which can escape from the VM2 sandbox and execute arbitrary commands - on the host system. This issue has been patched in version 3.10.5. + description: Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php + in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary + web script or HTML. detection: payload: null verify: null @@ -32615,30 +26107,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24120 - - https://github.com/patriksimek/vm2/releases/tag/v3.10.5 - - https://github.com/patriksimek/vm2/security/advisories/GHSA-qvjj-29qf-hp7p - - https://access.redhat.com/security/cve/CVE-2026-24120 - - https://bugzilla.redhat.com/show_bug.cgi?id=2466529 + - https://nvd.nist.gov/vuln/detail/CVE-2023-51946 + - https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51946/README.md + - https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdx generated_from: - nvd - status: candidate executable: false - id: CVE-2026-24781-CANDIDATE - cve_id: CVE-2026-24781 - name: Candidate detection for CVE-2026-24781 + id: CVE-2023-51947-CANDIDATE + cve_id: CVE-2023-51947 + name: Candidate detection for CVE-2023-51947 severity: critical - cvss: 9.8 + cvss: 9.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, - VM2 suffers from a sandbox breakout vulnerability through the inspect function. - This allows attackers to write code which can escape from the VM2 sandbox and - execute arbitrary commands on the host system. This issue has been patched in - version 3.11.0. + description: Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX + 3.2.03-SP1 allows remote attackers to read and modify different types of data + without authentication. detection: payload: null verify: null @@ -32646,18 +26134,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-24781 - - https://github.com/patriksimek/vm2/commit/8d30d93213c1898b3e035298b89a814970dd1189 - - https://github.com/patriksimek/vm2/commit/bdd3d15e57bc4ec5e70365cd79f7cb0256e5f88c - - https://github.com/patriksimek/vm2/commit/fd266d084e0a3322d0f71ba2a8dc4c96cd030228 - - https://github.com/patriksimek/vm2/releases/tag/v3.11.0 + - https://nvd.nist.gov/vuln/detail/CVE-2023-51947 + - https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51947/README.md + - https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdx generated_from: - nvd - status: candidate executable: false - id: CVE-2026-26332-CANDIDATE - cve_id: CVE-2026-26332 - name: Candidate detection for CVE-2026-26332 + id: CVE-2023-51892-CANDIDATE + cve_id: CVE-2023-51892 + name: Candidate detection for CVE-2023-51892 severity: critical cvss: 9.8 risk_level: unknown @@ -32665,9 +26151,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, - SuppressedError allows attackers to escape the sandbox and run arbitrary code. - This issue has been patched in version 3.11.0. + description: An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker + to execute arbitrary code via a crafted script to the FrameworkShellController + component. detection: payload: null verify: null @@ -32675,29 +26161,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-26332 - - https://github.com/patriksimek/vm2/releases/tag/v3.11.0 - - https://github.com/patriksimek/vm2/security/advisories/GHSA-55hx-c926-fr95 - - https://access.redhat.com/security/cve/CVE-2026-26332 - - https://bugzilla.redhat.com/show_bug.cgi?id=2466508 + - https://nvd.nist.gov/vuln/detail/CVE-2023-51892 + - https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51892.txt + - https://www.weaver.com.cn/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-26956-CANDIDATE - cve_id: CVE-2026-26956 - name: Candidate detection for CVE-2026-26956 - severity: critical - cvss: 9.8 + id: CVE-2023-51926-CANDIDATE + cve_id: CVE-2023-51926 + name: Candidate detection for CVE-2023-51926 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 - is vulnerable to full sandbox escape with arbitrary code execution. Attacker code - inside VM.run() obtains host process object and runs host commands with zero host - cooperation. This issue has been patched in version 3.10.5. + description: YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability + via the nc.bs.framework.comn.serv.CommonServletDispatcher component. detection: payload: null verify: null @@ -32705,46 +26187,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-26956 - - https://github.com/patriksimek/vm2/releases/tag/v3.10.5 - - https://github.com/patriksimek/vm2/security/advisories/GHSA-ffh4-j6h5-pg66 - - https://access.redhat.com/security/cve/CVE-2026-26956 - - https://bugzilla.redhat.com/show_bug.cgi?id=2466548 + - https://nvd.nist.gov/vuln/detail/CVE-2023-51926 + - https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51926.txt + - https://www.yonyou.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40682-CANDIDATE - cve_id: CVE-2026-40682 - name: Candidate detection for CVE-2026-40682 + id: CVE-2023-51927-CANDIDATE + cve_id: CVE-2023-51927 + name: Candidate detection for CVE-2023-51927 severity: critical - cvss: 9.1 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache\ - \ OpenNLP DictionaryEntryPersistor\n\n\nVersions Affected: before 2.5.9, before\ - \ 3.0.0-M3\n\n\nDescription: The DictionaryEntryPersistor class initializes a\ - \ static SAXParserFactory at class-load time without enabling FEATURE_SECURE_PROCESSING\ - \ or disabling DTD processing. When create(InputStream, EntryInserter) is invoked,\ - \ the only feature set on the XMLReader is namespace support \u2014 external entity\ - \ resolution and DOCTYPE declarations remain fully enabled. An attacker who can\ - \ supply a crafted dictionary file (e.g., a stop-word list or domain dictionary)\ - \ containing a malicious DOCTYPE declaration can trigger local file disclosure\ - \ via file:// entity references or server-side request forgery via http:// entity\ - \ references during SAX parsing, before the application processes a single dictionary\ - \ entry. This is inconsistent with the project's own XmlUtil.createSaxParser()\ - \ helper, which correctly sets FEATURE_SECURE_PROCESSING and disallow-doctype-decl\ - \ and is used by all other XML parsing paths in the codebase. The public Dictionary(InputStream)\ - \ constructor delegates directly to this method and is the documented API for\ - \ loading user-supplied dictionaries, making untrusted input a realistic scenario.\n\ - \n\nMitigation: 2.x users should upgrade to 2.5.9. 3.x users should upgrade to\ - \ 3.0.0-M3. Users who cannot upgrade immediately should ensure that all dictionary\ - \ files are sourced from trusted origins and should consider wrapping the Dictionary(InputStream)\ - \ constructor with input validation that rejects any XML containing a DOCTYPE\ - \ declaration before it reaches the parser." + description: YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability + via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method. detection: payload: null verify: null @@ -32752,18 +26213,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40682 - - https://lists.apache.org/thread/r6jpt0qr9nj67gqhppqg7jxf8vsbo0w6 - - https://access.redhat.com/security/cve/CVE-2026-40682 - - https://bugzilla.redhat.com/show_bug.cgi?id=2466484 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40682.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-51927 + - https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51927.txt + - https://www.yonyou.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42027-CANDIDATE - cve_id: CVE-2026-42027 - name: Candidate detection for CVE-2026-42027 + id: CVE-2023-51928-CANDIDATE + cve_id: CVE-2023-51928 + name: Candidate detection for CVE-2023-51928 severity: critical cvss: 9.8 risk_level: unknown @@ -32771,41 +26230,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: "Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP\ - \ ExtensionLoader\n\n\n\n\n\nVersions Affected:\_before 1.9.5, before 2.5.9, before\ - \ 3.0.0-M3\n\n\n\n\n\nDescription:\_\n\nThe ExtensionLoader.instantiateExtension(Class,\ - \ String)\_method loads a class by its fully-qualified name via Class.forName()\_\ - and invokes its no-arg constructor, with the class name sourced from the manifest.properties\_\ - entry of a model archive. The existing isAssignableFrom\_check correctly rejects\ - \ classes that are not subtypes of the expected extension interface (BaseToolFactory\_\ - for factory=, ArtifactSerializer\_for serializer-class-*), but the check runs\ - \ after\_Class.forName()\_has already loaded and initialized the named class.\ - \ \n\nClass.forName()\_with default initialization semantics executes the target\ - \ class's static initializer before returning, so an attacker who can supply a\ - \ crafted model archive can cause the static initializer of any class on the classpath\ - \ to run during model loading, regardless of whether that class passes the subsequent\ - \ type check. \n\nExploitation requires a class with attacker-useful side effects\ - \ in its static initializer (for example, JNDI lookup, outbound network I/O, or\ - \ filesystem access) to be present on the classpath, so this is not a drop-in\ - \ remote code execution; however, the attack surface grows as third-party model\ - \ distribution becomes more common (community model repositories, Hugging Face-style\ - \ sharing), where users routinely load model files from origins they do not control.\ - \ A secondary, narrower vector affects deployments that ship legitimate BaseToolFactory\_\ - or ArtifactSerializer\_subclasses with side-effecting no-arg constructors: a malicious\ - \ manifest can name such a class and force its constructor to run during model\ - \ load.\n\n\n\n\n\nMitigation:\_\n\n\n\n * 2.x users should upgrade to 2.5.9.\ - \ \n * 3.x users should upgrade to 3.0.0-M3. \n\n\n\n\nNote: The fix introduces\ - \ a package-prefix allowlist that is consulted before Class.forName()\_is invoked,\ - \ so the static initializer of a disallowed class is never executed. Classes under\ - \ the opennlp.\_prefix remain permitted by default. Deployments that load models\ - \ referencing factories or serializers outside opennlp.*\_must opt those packages\ - \ in, either programmatically via ExtensionLoader.registerAllowedPackage(String)\_\ - before the first model load, or by setting the OPENNLP_EXT_ALLOWED_PACKAGES\_\ - system property to a comma-separated list of allowed package prefixes. \n\nUsers\ - \ who cannot upgrade immediately should ensure that all model files are sourced\ - \ from trusted origins\_and should audit their classpath for classes with side-effecting\ - \ static initializers or constructors, particularly any that perform JNDI lookups,\ - \ network requests, or filesystem operations during class initialization." + description: An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() + method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading + a crafted file. detection: payload: null verify: null @@ -32813,59 +26240,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42027 - - https://lists.apache.org/thread/ltlo4powjfc0w2w2yyl1o5tc7q1gcb2y - - https://access.redhat.com/security/cve/CVE-2026-42027 - - https://bugzilla.redhat.com/show_bug.cgi?id=2466527 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42027.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-51928 + - https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51928.txt + - https://www.yonyou.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42440-CANDIDATE - cve_id: CVE-2026-42440 - name: Candidate detection for CVE-2026-42440 - severity: high - cvss: 7.5 + id: CVE-2023-51906-CANDIDATE + cve_id: CVE-2023-51906 + name: Candidate detection for CVE-2023-51906 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP\ - \ AbstractModelReader\_\n\nVersions Affected:\_\n\nbefore 1.9.5\nbefore 2.5.9\n\ - \nbefore 3.0.0-M3\_\n\nDescription:\n\n\nThe AbstractModelReader methods getOutcomes(),\ - \ getOutcomePatterns(), and getPredicates() each read a 32-bit signed integer\ - \ count field from a binary model stream and pass that value directly to an array\ - \ allocation (new String[numOutcomes], new int[numOCTypes][], new String[NUM_PREDS])\ - \ without validating that the value is non-negative or within a reasonable bound.\ - \ The count is therefore fully attacker-controlled when the model file originates\ - \ from an untrusted source.\n\n\nA crafted .bin model file in which any of these\ - \ count fields is set to Integer.MAX_VALUE (or any value large enough to exhaust\ - \ the available heap) triggers an OutOfMemoryError at the array allocation itself,\ - \ before the corresponding label or pattern data is consumed from the stream.\ - \ The error occurs very early in deserialization: for a GIS model, getOutcomes()\ - \ is reached after only the model-type string, the correction constant, and the\ - \ correction parameter have been read; so the attacker pays no meaningful size\ - \ cost to weaponize a payload, and a single small file can crash a JVM that loads\ - \ it. Any code path that deserializes a .bin model is affected, including direct\ - \ use of GenericModelReader and any higher-level component that delegates to it\ - \ during model load.\n\n\nThe practical impact is denial of service against processes\ - \ that load model files from untrusted or semi-trusted origins.\_\_\n\n\nMitigation:\n\ - \n\n\n * 2.x users should upgrade to 2.5.9.\n\n * 3.x users should upgrade\ - \ to 3.0.0-M3.\n\n\n\n\nNote: The fix introduces an upper bound on each of the\ - \ three count fields, checked before array allocation; counts that are negative\ - \ or exceed the bound cause an IllegalArgumentException to be thrown and the read\ - \ to fail fast with no large allocation. The default bound is 10,000,000, which\ - \ is well above the entry counts of legitimate OpenNLP models but far below any\ - \ value that would threaten heap exhaustion. Deployments that legitimately need\ - \ to load models with more entries than the default can raise the limit at JVM\ - \ startup by setting the OPENNLP_MAX_ENTRIES system property to the desired positive\ - \ integer (e.g. -DOPENNLP_MAX_ENTRIES=50000000); invalid or non-positive values\ - \ fall back to the default.\n\n\nUsers who cannot upgrade immediately should treat\ - \ all .bin model files as untrusted input unless their provenance is verified,\ - \ and should avoid loading models supplied by end users or fetched from third-party\ - \ repositories without integrity checks." + description: An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute + arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager + component. detection: payload: null verify: null @@ -32873,32 +26267,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42440 - - https://lists.apache.org/thread/s8xlkx1gqbxfsq48py5h6jphjvgqp1jo - - https://access.redhat.com/security/cve/CVE-2026-42440 - - https://bugzilla.redhat.com/show_bug.cgi?id=2466494 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42440.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-51906 + - https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51906.txt + - https://www.yonyou.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-29004-CANDIDATE - cve_id: CVE-2026-29004 - name: Candidate detection for CVE-2026-29004 - severity: high - cvss: 8.1 + id: CVE-2023-51924-CANDIDATE + cve_id: CVE-2023-51924 + name: Candidate detection for CVE-2023-51924 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: BusyBox before commit 42202bf contains a heap buffer overflow vulnerability - in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c - that allows network-adjacent attackers to trigger memory corruption by sending - a crafted DHCPv6 response with a malformed D6_OPT_DNS_SERVERS option. Attackers - can exploit incorrect heap buffer allocation calculations in the option_to_env() - function to cause denial of service or achieve arbitrary code execution on embedded - systems without heap hardening. + description: An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager + interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading + a crafted file. detection: payload: null verify: null @@ -32906,28 +26294,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-29004 - - https://busybox.net/ - - https://github.com/vda-linux/busybox_mirror/commit/42202bfb1e6ac51fa995beda8be4d7b654aeee2a - - https://github.com/vda-linux/busybox_mirror/commit/d368f3f7836d1c2484c8f839316e5c93e76d4409 - - https://www.vulncheck.com/advisories/busybox-dhcpv6-client-heap-buffer-overflow-via-dns-servers + - https://nvd.nist.gov/vuln/detail/CVE-2023-51924 + - https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51924.txt + - https://www.yonyou.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-37459-CANDIDATE - cve_id: CVE-2026-37459 - name: Candidate detection for CVE-2026-37459 - severity: high - cvss: 7.5 + id: CVE-2023-51925-CANDIDATE + cve_id: CVE-2023-51925 + name: Candidate detection for CVE-2023-51925 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 - allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP - UPDATE message. + description: An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() + method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading + a crafted file. detection: payload: null verify: null @@ -32935,32 +26321,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-37459 - - https://github.com/FRRouting/frr/commit/693a2e02687cdc9d16501275e05136edea9650d9 - - https://access.redhat.com/errata/RHSA-2026:24347 - - https://access.redhat.com/errata/RHSA-2026:24370 - - https://access.redhat.com/security/cve/CVE-2026-37459 + - https://nvd.nist.gov/vuln/detail/CVE-2023-51925 + - https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51925.txt + - https://www.yonyou.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42151-CANDIDATE - cve_id: CVE-2026-42151 - name: Candidate detection for CVE-2026-42151 + id: CVE-2023-24135-CANDIDATE + cve_id: CVE-2023-24135 + name: Candidate detection for CVE-2023-24135 severity: high - cvss: 7.5 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Prometheus is an open-source monitoring system and time series database. - Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote - write OAuth configuration (storage/remote/azuread) was typed as string instead - of Secret. Prometheus redacts fields of type Secret when serving the configuration - via the /-/config HTTP API endpoint. Because the field was a plain string, the - Azure OAuth client secret was exposed in plaintext to any user or process with - access to that endpoint. This issue has been patched in versions 3.5.3 and 3.11.3. + description: Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to + contain a command injection vulnerability in the function formWriteFacMac. This + vulnerability allows attackers to execute arbitrary commands via manipulation + of the mac parameter. detection: payload: null verify: null @@ -32968,32 +26349,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42151 - - https://github.com/prometheus/prometheus/pull/18587 - - https://github.com/prometheus/prometheus/pull/18590 - - https://github.com/prometheus/prometheus/releases/tag/v3.11.3 - - https://github.com/prometheus/prometheus/releases/tag/v3.5.3 + - https://nvd.nist.gov/vuln/detail/CVE-2023-24135 + - https://oxnan.com/img/Pasted%20image%2020230112110814.png + - https://oxnan.com/posts/WriteFacMac-Command-Injection generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42154-CANDIDATE - cve_id: CVE-2026-42154 - name: Candidate detection for CVE-2026-42154 - severity: high - cvss: 7.5 + id: CVE-2023-36177-CANDIDATE + cve_id: CVE-2023-36177 + name: Candidate detection for CVE-2023-36177 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Prometheus is an open-source monitoring system and time series database. - Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does - not validate the declared decoded length in a snappy-compressed request body before - allocating memory. An unauthenticated attacker can send a small payload that causes - a huge heap allocation per request. Under concurrent load this can exhaust available - memory and crash the Prometheus process. This issue has been patched in versions - 3.5.3 and 3.11.3. + description: An issue was discovered in badaix Snapcast version 0.27.0, allows remote + attackers to execute arbitrary code and gain sensitive information via crafted + request in JSON-RPC-API. detection: payload: null verify: null @@ -33001,28 +26376,37 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42154 - - https://github.com/prometheus/prometheus/pull/18584 - - https://github.com/prometheus/prometheus/pull/18585 - - https://github.com/prometheus/prometheus/releases/tag/v3.11.3 - - https://github.com/prometheus/prometheus/releases/tag/v3.5.3 + - https://nvd.nist.gov/vuln/detail/CVE-2023-36177 + - https://oxnan.com/posts/Snapcast_jsonrpc_rce + - https://lists.debian.org/debian-lts-announce/2025/07/msg00015.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-43964-CANDIDATE - cve_id: CVE-2026-43964 - name: Candidate detection for CVE-2026-43964 - severity: low - cvss: 3.7 + id: CVE-2023-51702-CANDIDATE + cve_id: CVE-2023-51702 + name: Candidate detection for CVE-2023-51702 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes - allows a buffer over-read and process crash via an enhanced status code that lacks - text after the third number. + description: 'Since version 5.2.0, when using deferrable mode with the path of a + Kubernetes configuration file for authentication, the Airflow worker serializes + this configuration file as a dictionary and sends it to the triggerer by storing + it in metadata without any encryption. Additionally, if used with an Airflow version + between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain + text in the triggerer service without masking. This allows anyone with access + to the metadata or triggerer log to obtain the configuration file and use it to + access the Kubernetes cluster. + + + This behavior was changed in version 7.0.0, which stopped serializing the file + contents and started providing the file path instead to read the contents into + the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this + issue.' detection: payload: null verify: null @@ -33030,32 +26414,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-43964 - - https://www.mail-archive.com/postfix-announce@postfix.org/msg00110.html - - https://access.redhat.com/errata/RHSA-2026:25930 - - https://access.redhat.com/errata/RHSA-2026:25932 - - https://access.redhat.com/errata/RHSA-2026:26205 + - https://nvd.nist.gov/vuln/detail/CVE-2023-51702 + - https://github.com/apache/airflow/pull/29498 + - https://github.com/apache/airflow/pull/30110 + - https://github.com/apache/airflow/pull/36492 + - https://lists.apache.org/thread/89x3q6lz5pykrkr1fkr04k4rfn9pvnv9 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6321-CANDIDATE - cve_id: CVE-2026-6321 - name: Candidate detection for CVE-2026-6321 - severity: high - cvss: 7.5 + id: CVE-2024-22922-CANDIDATE + cve_id: CVE-2024-22922 + name: Candidate detection for CVE-2024-22922 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: fast-uri decoded percent-encoded path separators and dot segments before - applying dot-segment removal in its normalize() and equal() functions. Encoded - path data was treated like real slashes and parent-directory references, so distinct - URIs could collapse onto the same normalized path. Applications that normalize - or compare attacker-controlled URLs to enforce path-based policy can be bypassed, - with a path that appears confined under an allowed prefix normalizing to a different - location. Versions <= 3.1.0 are affected. Update to 3.1.1 or later. + description: An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows + a remtoe attacker to escalate privileges via a crafted script to the login page + in the POST/index.php detection: payload: null verify: null @@ -33063,33 +26443,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6321 - - https://cna.openjsf.org/security-advisories.html - - https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6 - - https://access.redhat.com/errata/RHSA-2026:19238 - - https://access.redhat.com/errata/RHSA-2026:20338 + - https://nvd.nist.gov/vuln/detail/CVE-2024-22922 + - https://github.com/keru6k/CVE-2024-22922/blob/main/CVE-2024-22922.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-43869-CANDIDATE - cve_id: CVE-2026-43869 - name: Candidate detection for CVE-2026-43869 - severity: high - cvss: 7.3 + id: CVE-2024-23055-CANDIDATE + cve_id: CVE-2024-23055 + name: Candidate detection for CVE-2024-23055 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Improper Validation of Certificate with Host Mismatch vulnerability - in Apache Thrift. - - - This issue affects Apache Thrift: before 0.23.0. - - - Users are recommended to upgrade to version 0.23.0, which fixes the issue.' + description: An issue in Plone Docker Official Image 5.2.13 (5221) open-source software + allows for remote code execution via improper validation of input by the HOST + headers. detection: payload: null verify: null @@ -33097,33 +26469,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-43869 - - https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r - - https://access.redhat.com/errata/RHSA-2026:21769 - - https://access.redhat.com/errata/RHSA-2026:22347 - - https://access.redhat.com/errata/RHSA-2026:22423 + - https://nvd.nist.gov/vuln/detail/CVE-2024-23055 + - https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23055 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-43868-CANDIDATE - cve_id: CVE-2026-43868 - name: Candidate detection for CVE-2026-43868 - severity: medium - cvss: 5.3 + id: CVE-2024-21488-CANDIDATE + cve_id: CVE-2024-21488 + name: Candidate detection for CVE-2024-21488 + severity: high + cvss: 7.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Memory Allocation with Excessive Size Value vulnerability in Apache - Thrift. - - - This issue affects Apache Thrift: before 0.23.0. - - - Users are recommended to upgrade to version 0.23.0, which fixes the issue.' + description: Versions of the package network before 0.7.0 are vulnerable to Arbitrary + Command Injection due to use of the child_process exec function without input + sanitization. If (attacker-controlled) user input is given to the mac_address_for + function of the package, it is possible for the attacker to execute arbitrary + commands on the operating system that this package is being run on. detection: payload: null verify: null @@ -33131,33 +26497,35 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-43868 - - https://lists.apache.org/thread/zj76dtwnbbs1m7z3focf4wd51pqpsmn9 - - https://access.redhat.com/errata/RHSA-2026:26586 - - https://access.redhat.com/security/cve/CVE-2026-43868 - - https://bugzilla.redhat.com/show_bug.cgi?id=2466670 + - https://nvd.nist.gov/vuln/detail/CVE-2024-21488 + - https://gist.github.com/icemonster/282ab98fb68fc22aac7c576538f6369c + - https://github.com/tomas/network/commit/5599ed6d6ff1571a5ccadea775430c131f381de7 + - https://github.com/tomas/network/commit/6ec8713580938ab4666df2f2d0f3399891ed2ad7 + - https://github.com/tomas/network/commit/72c523265940fe279eb0050d441522628f8988e5 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6322-CANDIDATE - cve_id: CVE-2026-6322 - name: Candidate detection for CVE-2026-6322 + id: CVE-2024-21626-CANDIDATE + cve_id: CVE-2024-21626 + name: Candidate detection for CVE-2024-21626 severity: high - cvss: 7.5 + cvss: 8.6 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: fast-uri normalize() decoded percent-encoded authority delimiters inside - the host component and then re-emitted them as raw delimiters during serialization. - A host that combined an allowed domain, an encoded at-sign, and a different domain - was re-emitted with the at-sign as a raw userinfo separator, changing the URI's - authority to the second domain. Applications that normalize untrusted URLs before - host allowlist checks, redirect validation, or outbound request routing can be - steered to a different authority than the input appeared to specify. Versions - <= 3.1.1 are affected. Update to 3.1.2 or later. + description: runc is a CLI tool for spawning and running containers on Linux according + to the OCI specification. In runc 1.1.11 and earlier, due to an internal file + descriptor leak, an attacker could cause a newly-spawned container process (from + runc exec) to have a working directory in the host filesystem namespace, allowing + for a container escape by giving access to the host filesystem ("attack 2"). The + same attack could be used by a malicious image to allow a container process to + gain access to the host filesystem through runc run ("attack 1"). Variants of + attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, + allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 + includes patches for this issue. detection: payload: null verify: null @@ -33165,27 +26533,34 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6322 - - https://cna.openjsf.org/security-advisories.html - - https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc - - https://access.redhat.com/errata/RHSA-2026:25271 - - https://access.redhat.com/errata/RHSA-2026:25273 + - https://nvd.nist.gov/vuln/detail/CVE-2024-21626 + - https://github.com/opencontainers/runc/commit/02120488a4c0fc487d1ed2867e901eeed7ce8ecf + - https://github.com/opencontainers/runc/releases/tag/v1.1.12 + - https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv + - https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6918-CANDIDATE - cve_id: CVE-2026-6918 - name: Candidate detection for CVE-2026-6918 - severity: high - cvss: 7.5 + id: CVE-2023-46344-CANDIDATE + cve_id: CVE-2023-46344 + name: Candidate detection for CVE-2023-46344 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote - attacker can crash JITServer by sending a 32-byte crafted TCP message. + description: 'A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and + possibly other Solar-Log Base products, allows an attacker to escalate their privileges + by exploiting a stored cross-site scripting (XSS) vulnerability in the switch + group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal. The + vulnerability can be exploited to gain the rights of an installer or PM, which + can then be used to gain administrative access to the web portal and execute further + attacks. NOTE: The vendor states that this vulnerability has been fixed with 3.0.0-60 + 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL + 50 Gateway, SL Base.' detection: payload: null verify: null @@ -33193,18 +26568,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6918 - - https://github.com/eclipse-openj9/openj9/pull/23793 - - https://github.com/eclipse-openj9/openj9/security/advisories/GHSA-q393-vr4c-969r - - https://access.redhat.com/errata/RHSA-2026:22328 - - https://access.redhat.com/security/cve/CVE-2026-6918 + - https://nvd.nist.gov/vuln/detail/CVE-2023-46344 + - https://github.com/vinnie1717/CVE-2023-46344/blob/main/Solar-Log%20XSS + - https://www.solar-log.com/en/support/firmware-database-1 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23479-CANDIDATE - cve_id: CVE-2026-23479 - name: Candidate detection for CVE-2026-23479 + id: CVE-2024-22899-CANDIDATE + cve_id: CVE-2024-22899 + name: Candidate detection for CVE-2024-22899 severity: high cvss: 8.8 risk_level: unknown @@ -33212,11 +26585,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: Redis is an in-memory data structure store. In redis-server from 7.2.0 - until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` - when re-executing a blocked command. If a blocked client is evicted during this - flow, an authenticated attacker can trigger a use-after-free that may lead to - remote code execution. This has been patched in version 8.6.3. + description: Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated + remote code execution (RCE) vulnerability via the syncNtpTime function. detection: payload: null verify: null @@ -33224,31 +26594,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23479 - - https://github.com/redis/redis/releases/tag/8.6.3 - - https://github.com/redis/redis/security/advisories/GHSA-93m2-935m-8rj3 - - https://access.redhat.com/errata/RHSA-2026:25216 - - https://access.redhat.com/errata/RHSA-2026:25219 + - https://nvd.nist.gov/vuln/detail/CVE-2024-22899 + - https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/ + - https://seclists.org/fulldisclosure/2024/Jan/29 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-23631-CANDIDATE - cve_id: CVE-2026-23631 - name: Candidate detection for CVE-2026-23631 + id: CVE-2024-22900-CANDIDATE + cve_id: CVE-2024-22900 + name: Candidate detection for CVE-2024-22900 severity: high - cvss: 8.1 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Redis is an in-memory data structure store. In all versions of redis-server - with Lua scripting, an authenticated attacker can exploit the master-replica synchronization - mechanism to trigger a use-after-free on replicas where replica-read-only is disabled - or can be disabled, which may lead to remote code execution. A workaround is to - prevent users from executing Lua scripts or avoid using replicas where replica-read-only - is disabled. This is patched in version 8.6.3. + description: Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated + remote code execution (RCE) vulnerability via the setNetworkCardInfo function. detection: payload: null verify: null @@ -33256,31 +26620,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-23631 - - https://github.com/redis/redis/releases/tag/8.6.3 - - https://github.com/redis/redis/security/advisories/GHSA-8ghh-qpmp-7826 - - https://access.redhat.com/errata/RHSA-2026:25216 - - https://access.redhat.com/errata/RHSA-2026:25219 + - https://nvd.nist.gov/vuln/detail/CVE-2024-22900 + - https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/ + - https://seclists.org/fulldisclosure/2024/Jan/29 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-25243-CANDIDATE - cve_id: CVE-2026-25243 - name: Candidate detection for CVE-2026-25243 - severity: high - cvss: 8.8 + id: CVE-2024-22901-CANDIDATE + cve_id: CVE-2024-22901 + name: Candidate detection for CVE-2024-22901 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Redis is an in-memory data structure store. In versions of redis-server - up to 8.6.3, the RESTORE command does not properly validate serialized values. - An authenticated attacker with permission to execute RESTORE can supply a crafted - serialized payload that triggers invalid memory access and may lead to remote - code execution. A workaround is to restrict access to the RESTORE command with - ACL rules. This is patched in version 8.6.3. + description: Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL + credentials. detection: payload: null verify: null @@ -33288,31 +26646,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-25243 - - https://github.com/redis/redis/releases/tag/8.6.3 - - https://github.com/redis/redis/security/advisories/GHSA-c8h9-259x-jff4 - - https://access.redhat.com/errata/RHSA-2026:23229 - - https://access.redhat.com/errata/RHSA-2026:25216 + - https://nvd.nist.gov/vuln/detail/CVE-2024-22901 + - https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/ + - https://seclists.org/fulldisclosure/2024/Jan/30 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42997-CANDIDATE - cve_id: CVE-2026-42997 - name: Candidate detection for CVE-2026-42997 - severity: high - cvss: 7.7 + id: CVE-2024-22902-CANDIDATE + cve_id: CVE-2024-22902 + name: Candidate detection for CVE-2024-22902 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: An issue was discovered in idrac in OpenStack Ironic before 35.0.1. - During import, a user invoking molds can request authorization to be sent to a - remote endpoint. The credential forwarded is a time-limited Keystone token (which - provides access to all OpenStack services Ironic is authorized for); or basic - credentials configured for molds storage. The fixed versions are 26.1.6, 29.0.5, - 32.0.1, and 35.0.1. + description: Vinchin Backup & Recovery v7.2 was discovered to be configured with + default root credentials. detection: payload: null verify: null @@ -33320,18 +26672,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42997 - - https://security.openstack.org/ossa/OSSA-2026-010.html - - https://www.openwall.com/lists/oss-security/2026/05/05/10 - - https://access.redhat.com/security/cve/CVE-2026-42997 - - https://bugzilla.redhat.com/show_bug.cgi?id=2466844 + - https://nvd.nist.gov/vuln/detail/CVE-2024-22902 + - https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/ + - https://seclists.org/fulldisclosure/2024/Jan/31 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-35397-CANDIDATE - cve_id: CVE-2026-35397 - name: Candidate detection for CVE-2026-35397 + id: CVE-2024-22903-CANDIDATE + cve_id: CVE-2024-22903 + name: Candidate detection for CVE-2024-22903 severity: high cvss: 8.8 risk_level: unknown @@ -33339,19 +26689,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: "Jupyter Server is the backend for Jupyter web applications. In versions\ - \ 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an\ - \ authenticated user to escape the configured root_dir and access sibling directories\ - \ whose names begin with the same prefix as the root_dir. For example, with a\ - \ root_dir named \"test\", the API permits access to a sibling directory named\ - \ \"testtest\" through a crafted request to the /api/contents endpoint using encoded\ - \ path components. An attacker can read, write, and delete files in affected sibling\ - \ directories. Multi-tenant deployments using predictable naming schemes are particularly\ - \ at risk, as a user with a directory named \"user1\" could access directories\ - \ for user10 through user19 and beyond. A user who can choose a single-character\ - \ folder name could gain access to a significant number of sibling directories.\ - \ \n\nVersion 2.18.0 contains a fix. As a workaround, ensure folder names do not\ - \ share a common prefix with any sibling directory." + description: Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated + remote code execution (RCE) vulnerability via the deleteUpdateAPK function. detection: payload: null verify: null @@ -33359,18 +26698,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-35397 - - https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3 - - https://access.redhat.com/security/cve/CVE-2026-35397 - - https://bugzilla.redhat.com/show_bug.cgi?id=2466858 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35397.json + - https://nvd.nist.gov/vuln/detail/CVE-2024-22903 + - https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/ + - https://seclists.org/fulldisclosure/2024/Jan/32 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-35579-CANDIDATE - cve_id: CVE-2026-35579 - name: Candidate detection for CVE-2026-35579 + id: CVE-2024-23054-CANDIDATE + cve_id: CVE-2024-23054 + name: Candidate detection for CVE-2024-23054 severity: critical cvss: 9.8 risk_level: unknown @@ -33378,27 +26715,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, - the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG - authentication. For gRPC and QUIC, the server checks whether the TSIG key name - exists in the configuration but never calls dns.TsigVerify() to validate the HMAC. - If the key name matches a configured key, the tsigStatus field remains nil and - the tsig plugin treats the request as successfully authenticated regardless of - the MAC value. For DoH and DoH3, the issue is more severe: the DoHWriter.TsigStatus() - method unconditionally returns nil, and the server never inspects the TSIG record - at all. Any request containing a TSIG record is treated as authenticated over - DoH and DoH3, even if the key name is invalid and the MAC is arbitrary. - - - An unauthenticated network attacker can exploit this to bypass TSIG-protected - functionality such as AXFR/IXFR zone transfers, dynamic DNS updates, or other - TSIG-gated plugin behavior. The DoH and DoH3 variants have a lower exploitation - bar because the attacker does not need to know a valid TSIG key name. - - - This issue has been fixed in version 1.14.3. As a workaround, disable gRPC, QUIC, - DoH, and DoH3 listeners where TSIG authentication is required, or restrict network-level - access to affected transport ports to trusted sources only.' + description: An issue in Plone Docker Official Image 5.2.13 (5221) open-source software + that could allow for remote code execution due to a package listed in ++plone++static/components + not existing in the public package index (npm). detection: payload: null verify: null @@ -33406,36 +26725,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-35579 - - https://github.com/coredns/coredns/security/advisories/GHSA-vp29-5652-4fw9 - - https://access.redhat.com/errata/RHSA-2026:25127 - - https://access.redhat.com/security/cve/CVE-2026-35579 - - https://bugzilla.redhat.com/show_bug.cgi?id=2466905 + - https://nvd.nist.gov/vuln/detail/CVE-2024-23054 + - https://github.com/c0d3x27/CVEs/blob/main/CVE-2024-23054/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-39852-CANDIDATE - cve_id: CVE-2026-39852 - name: Candidate detection for CVE-2026-39852 - severity: high - cvss: 8.2 + id: CVE-2024-24397-CANDIDATE + cve_id: CVE-2024-24397 + name: Candidate detection for CVE-2024-24397 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Quarkus is a Java framework for building cloud-native applications. - In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, - a path normalization inconsistency between the security layer and the routing - layer allows unauthenticated or lower-privileged users to bypass HTTP path-based - authorization policies. Quarkus's security layer performs authorization checks - on the raw URL path which preserves matrix parameters (semicolons), while RESTEasy - Reactive's routing layer strips matrix parameters before matching endpoints. An - attacker can append a semicolon and arbitrary text to a request URL (e.g., /api/admin;anything) - to bypass policies protecting /api/admin while still routing to the protected - endpoint. This issue has been fixed in versions 3.20.6.1, 3.27.3.1, 3.33.1.1, - 3.35.1.1, 3.34.7, and 3.35.2. + description: Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS + before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted + payload to the ReportName field. detection: payload: null verify: null @@ -33443,18 +26751,43 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-39852 - - https://github.com/quarkusio/quarkus/security/advisories/GHSA-rc95-pcm8-65v9 - - https://access.redhat.com/errata/RHSA-2026:11720 - - https://access.redhat.com/errata/RHSA-2026:11721 - - https://access.redhat.com/errata/RHSA-2026:13631 + - https://nvd.nist.gov/vuln/detail/CVE-2024-24397 + - https://cloud-trustit.spp.at/s/Pi78FFazHamJQ5R + - https://cves.at/posts/cve-2024-24397/writeup/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28780-CANDIDATE - cve_id: CVE-2026-28780 - name: Candidate detection for CVE-2026-28780 + id: CVE-2024-24396-CANDIDATE + cve_id: CVE-2024-24396 + name: Candidate detection for CVE-2024-24396 + severity: medium + cvss: 6.1 + risk_level: unknown + requires_confirmation: true + priority: + cisa_kev: false + exploitdb_reference: false + description: Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS + before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted + payload to the search bar component. + detection: + payload: null + verify: null + review_required: Define a read-only matcher and classify execution risk before + promotion. + remediation: Apply the vendor remediation or patched version documented in the advisory. + references: + - https://nvd.nist.gov/vuln/detail/CVE-2024-24396 + - https://cloud-trustit.spp.at/s/Pi78FFazHamJQ5R + - https://cves.at/posts/cve-2024-24396/writeup/ + generated_from: + - nvd +- status: candidate + executable: false + id: CVE-2024-24398-CANDIDATE + cve_id: CVE-2024-24398 + name: Candidate detection for CVE-2024-24398 severity: critical cvss: 9.8 risk_level: unknown @@ -33462,18 +26795,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache - HTTP Server. - - If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a - malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled - bytes after the end of a heap based buffer. - - - This issue affects Apache HTTP Server: through 2.4.66. - - - Users are recommended to upgrade to version 2.4.67, which fixes the issue.' + description: Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS + before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted + payload to the fileName parameter of the Save function. detection: payload: null verify: null @@ -33481,34 +26805,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28780 - - https://httpd.apache.org/security/vulnerabilities_24.html - - https://access.redhat.com/errata/RHSA-2026:21391 - - https://access.redhat.com/errata/RHSA-2026:21433 - - https://access.redhat.com/errata/RHSA-2026:22140 + - https://nvd.nist.gov/vuln/detail/CVE-2024-24398 + - https://cloud-trustit.spp.at/s/Pi78FFazHamJQ5R + - https://cves.at/posts/cve-2024-24398/writeup/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40110-CANDIDATE - cve_id: CVE-2026-40110 - name: Candidate detection for CVE-2026-40110 - severity: high - cvss: 7.3 + id: CVE-2023-46359-CANDIDATE + cve_id: CVE-2023-46359 + name: Candidate detection for CVE-2023-46359 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Jupyter Server is the backend for Jupyter web applications. In versions - 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check - incoming origins against the allow_origin_pat configuration value. Because re.match() - only anchors at the start of the string and does not require a full match, a pattern - intended to match only a trusted domain (e.g., trusted.example.com) will also - match any origin that begins with that domain followed by additional characters - (e.g., trusted.example.com.evil.com). An attacker who controls such a domain can - bypass the CORS origin restriction and make cross-origin requests to the Jupyter - Server API from an untrusted site. This issue has been fixed in version 2.18.0. + description: An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation + v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary + commands on the system via a specifically crafted arguments passed to the connectivity + check feature. detection: payload: null verify: null @@ -33516,18 +26833,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40110 - - https://github.com/jupyter-server/jupyter_server/commit/057869a327c46730afede3eab0ca2d2e3e74acea - - https://github.com/jupyter-server/jupyter_server/commit/49b34392feaa97735b3b777e3baf8f22f2a14ed8 - - https://github.com/jupyter-server/jupyter_server/pull/603 - - https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p + - https://nvd.nist.gov/vuln/detail/CVE-2023-46359 + - https://www.offensity.com/en/blog/os-command-injection-in-cph2-charging-station-200-cve-2023-46359-and-cve-2023-46360/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-43112-CANDIDATE - cve_id: CVE-2026-43112 - name: Candidate detection for CVE-2026-43112 + id: CVE-2023-46360-CANDIDATE + cve_id: CVE-2023-46360 + name: Candidate detection for CVE-2023-46360 severity: high cvss: 8.8 risk_level: unknown @@ -33535,31 +26849,8 @@ priority: cisa_kev: false exploitdb_reference: false - description: 'In the Linux kernel, the following vulnerability has been resolved: - - - fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath - - - When cifs_sanitize_prepath is called with an empty string or a string - - containing only delimiters (e.g., "/"), the current logic attempts to - - check *(cursor2 - 1) before cursor2 has advanced. This results in an - - out-of-bounds read. - - - This patch adds an early exit check after stripping prepended - - delimiters. If no path content remains, the function returns NULL. - - - The bug was identified via manual audit and verified using a - - standalone test case compiled with AddressSanitizer, which - - triggered a SEGV on affected inputs.' + description: Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable + to Execution with Unnecessary Privileges. detection: payload: null verify: null @@ -33567,48 +26858,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-43112 - - https://git.kernel.org/stable/c/2d29214448ec0f4e7e18bb1c14dd4a6c07f1c439 - - https://git.kernel.org/stable/c/49b1ce6d7cfb6c5a49f68bf5ccfcfb6ba14e63c3 - - https://git.kernel.org/stable/c/5d4fe469fe7dbff7d874c196bb680a82f2625d95 - - https://git.kernel.org/stable/c/78ec5bf2f589ec7fd8f169394bfeca541b077317 + - https://nvd.nist.gov/vuln/detail/CVE-2023-46360 + - https://www.offensity.com/en/blog/os-command-injection-in-cph2-charging-station-200-cve-2023-46359-and-cve-2023-46360/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-43114-CANDIDATE - cve_id: CVE-2026-43114 - name: Candidate detection for CVE-2026-43114 + id: CVE-2024-24321-CANDIDATE + cve_id: CVE-2024-24321 + name: Candidate detection for CVE-2024-24321 severity: critical - cvss: 9.4 + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "In the Linux kernel, the following vulnerability has been resolved:\n\ - \nnetfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry\n\n\ - New test case fails unexpectedly when avx2 matching functions are used.\n\nThe\ - \ test first loads a ranomly generated pipapo set\nwith 'ipv4 . port' key, i.e.\ - \ nft -f foo.\n\nThis works. Then, it reloads the set after a flush:\n(echo\ - \ flush set t s; cat foo) | nft -f -\n\nThis is expected to work, because its\ - \ the same set after all and it was\nalready loaded once.\n\nBut with avx2, this\ - \ fails: nft reports a clashing element.\n\nThe reported clash is of following\ - \ form:\n\n We successfully re-inserted\n a . b\n c . d\n\nThen we\ - \ try to insert a . d\n\navx2 finds the already existing a . d, which (due to\ - \ 'flush set') is marked\nas invalid in the new generation. It skips the element\ - \ and moves to next.\n\nDue to incorrect masking, the skip-step finds the next\ - \ matching\nelement *only considering the first field*,\n\ni.e. we return the\ - \ already reinserted \"a . b\", even though the\nlast field is different and the\ - \ entry should not have been matched.\n\nNo such error is reported for the generic\ - \ c implementation (no avx2) or when\nthe last field has to use the 'nft_pipapo_avx2_lookup_slow'\ - \ fallback.\n\nBisection points to\n7711f4bb4b36 (\"netfilter: nft_set_pipapo:\ - \ fix range overlap detection\")\nbut that fix merely uncovers this bug.\n\nBefore\ - \ this commit, the wrong element is returned, but erronously\nreported as a full,\ - \ identical duplicate.\n\nThe root-cause is too early return in the avx2 match\ - \ functions.\nWhen we process the last field, we should continue to process data\n\ - until the entire input size has been consumed to make sure no stale\nbits remain\ - \ in the map." + description: An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to + execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 + function. detection: payload: null verify: null @@ -33616,39 +26884,31 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-43114 - - https://git.kernel.org/stable/c/07de44424bb7f17ef9357e8535df96d9e97c40cb - - https://git.kernel.org/stable/c/0abbc43f71d99baadeeba6fa3fe1c80b676f57ed - - https://git.kernel.org/stable/c/1c43f0dd8691ddf8884793b481ddc7511cf593c3 - - https://git.kernel.org/stable/c/3d53f9aafd469ae1ea27051e00f5b96ca1b55d52 + - https://nvd.nist.gov/vuln/detail/CVE-2024-24321 + - https://github.com/dkjiayu/Vul/blob/main/DIR816A2-dir_setWanWifi.md + - https://www.dlink.com/ + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-43125-CANDIDATE - cve_id: CVE-2026-43125 - name: Candidate detection for CVE-2026-43125 - severity: critical - cvss: 9.8 + id: CVE-2024-21490-CANDIDATE + cve_id: CVE-2024-21490 + name: Candidate detection for CVE-2024-21490 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'In the Linux kernel, the following vulnerability has been resolved: - - - dlm: validate length in dlm_search_rsb_tree - - - The len parameter in dlm_dump_rsb_name() is not validated and comes - - from network messages. When it exceeds DLM_RESNAME_MAXLEN, it can - - cause out-of-bounds write in dlm_search_rsb_tree(). - - - Add length validation to prevent potential buffer overflow.' + description: "This affects versions of the package angular from 1.3.0; versions\ + \ of the package angularjs from 1.3.0. A regular expression used to split the\ + \ value of the ng-srcset directive is vulnerable to super-linear runtime due to\ + \ backtracking. With large carefully-crafted input, this can result in catastrophic\ + \ backtracking and cause a denial of service. \r\r\r**Note:**\r\rThis package\ + \ is EOL and will not receive any updates to address this issue. Users should\ + \ migrate to [@angular/core](https://www.npmjs.com/package/@angular/core)." detection: payload: null verify: null @@ -33656,45 +26916,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-43125 - - https://git.kernel.org/stable/c/080e5563f878c64e697b89e7439d730d0daad882 - - https://git.kernel.org/stable/c/082083c9fbd99422a0370fe2102144a231c9f5d6 - - https://git.kernel.org/stable/c/5f053a2e7209d326cbbc07738fa6d6893d307438 - - https://git.kernel.org/stable/c/67288113c5e6cf9e659b4065c0ed6f16100e0c71 + - https://nvd.nist.gov/vuln/detail/CVE-2024-21490 + - https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJS-10771616 + - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746 + - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747 + - https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-43133-CANDIDATE - cve_id: CVE-2026-43133 - name: Candidate detection for CVE-2026-43133 + id: CVE-2024-25423-CANDIDATE + cve_id: CVE-2024-25423 + name: Candidate detection for CVE-2024-25423 severity: high - cvss: 7.9 + cvss: 7.0 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'In the Linux kernel, the following vulnerability has been resolved: - - - KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation - - - Commit cc3ed80ae69f ("KVM: nSVM: always use vmcb01 to for vmsave/vmload - - of guest state") made KVM always use vmcb01 for the fields controlled by - - VMSAVE/VMLOAD, but it missed updating the VMLOAD/VMSAVE emulation code - - to always use vmcb01. - - - As a result, if VMSAVE/VMLOAD is executed by an L2 guest and is not - - intercepted by L1, KVM will mistakenly use vmcb02. Always use vmcb01 - - instead of the current VMCB.' + description: An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execute + arbitrary code via a crafted c4d_base.xdl64 file. detection: payload: null verify: null @@ -33702,40 +26944,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-43133 - - https://git.kernel.org/stable/c/0004ecb798b30e90d7ebfe74efae2d9423315a64 - - https://git.kernel.org/stable/c/10063e1251c1485034a018236080792ad083dcc5 - - https://git.kernel.org/stable/c/127ccae2c185f62e6ecb4bf24f9cb307e9b9c619 - - https://git.kernel.org/stable/c/3880e331b0b31d0d5d3702b124f6c93539cd478a + - https://nvd.nist.gov/vuln/detail/CVE-2024-25423 + - https://github.com/DriverUnload/cve-2024-25423 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-43178-CANDIDATE - cve_id: CVE-2026-43178 - name: Candidate detection for CVE-2026-43178 + id: CVE-2024-22873-CANDIDATE + cve_id: CVE-2024-22873 + name: Candidate detection for CVE-2024-22873 severity: high - cvss: 7.8 + cvss: 8.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'In the Linux kernel, the following vulnerability has been resolved: - - - procfs: fix possible double mmput() in do_procmap_query() - - - When user provides incorrectly sized buffer for build ID for PROCMAP_QUERY - - we return with -ENAMETOOLONG error. After recent changes this condition - - happens later, after we unlocked mmap_lock/per-VMA lock and did mmput(), - - so original goto out is now wrong and will double-mmput() mm_struct. Fix - - by jumping further to clean up only vm_file and name_buf.' + description: Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a + Server-Side Request Forgery (SSRF) via the event subscription function (/service/subscription.go). + This vulnerability allows attackers to access internal requests via a crafted + POST request. detection: payload: null verify: null @@ -33743,58 +26971,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-43178 - - https://git.kernel.org/stable/c/61dc9f776705d6db6847c101b98fa4f0e9eb6fa3 - - https://git.kernel.org/stable/c/8adaff87db143583e08eec4f4e7788f1ef8af94d - - https://git.kernel.org/stable/c/90f5e87c9b75833b9ef3a4415b92c0247f28ab2f - - https://git.kernel.org/stable/c/f9fe092084cd04deea18747f58a2304026e76aaa + - https://nvd.nist.gov/vuln/detail/CVE-2024-22873 + - https://gist.github.com/exp1orer/0f190c6a64b668a9b1c4c47789affa09 + - https://sphenoid-enquiry-9be.notion.site/BK-CMDB-SSRF-ba21e94f4976460188fa52d26c15a6ae?pvs=4 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-43198-CANDIDATE - cve_id: CVE-2026-43198 - name: Candidate detection for CVE-2026-43198 - severity: critical - cvss: 9.8 + id: CVE-2024-22983-CANDIDATE + cve_id: CVE-2024-22983 + name: Candidate detection for CVE-2024-22983 + severity: high + cvss: 8.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'In the Linux kernel, the following vulnerability has been resolved: - - - tcp: fix potential race in tcp_v6_syn_recv_sock() - - - Code in tcp_v6_syn_recv_sock() after the call to tcp_v4_syn_recv_sock() - - is done too late. - - - After tcp_v4_syn_recv_sock(), the child socket is already visible - - from TCP ehash table and other cpus might use it. - - - Since newinet->pinet6 is still pointing to the listener ipv6_pinfo - - bad things can happen as syzbot found. - - - Move the problematic code in tcp_v6_mapped_child_init() - - and call this new helper from tcp_v4_syn_recv_sock() before - - the ehash insertion. - - - This allows the removal of one tcp_sync_mss(), since - - tcp_v4_syn_recv_sock() will call it with the correct - - context.' + description: SQL injection vulnerability in Projectworlds Visitor Management System + in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter + in the myform.php endpoint. detection: payload: null verify: null @@ -33802,45 +26998,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-43198 - - https://git.kernel.org/stable/c/7178e2a8027423b2af17ab95df73a749a5b72e5b - - https://git.kernel.org/stable/c/858d2a4f67ff69e645a43487ef7ea7f28f06deae - - https://git.kernel.org/stable/c/fe89b2f05b854847784f91127319172945c1fadd - - https://access.redhat.com/errata/RHSA-2026:30129 + - https://nvd.nist.gov/vuln/detail/CVE-2024-22983 + - https://github.com/keru6k/CVE-2024-22983/blob/main/CVE-2024-22983.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-5081-CANDIDATE - cve_id: CVE-2026-5081 - name: Candidate detection for CVE-2026-5081 - severity: critical - cvss: 9.1 + id: CVE-2023-33677-CANDIDATE + cve_id: CVE-2023-33677 + name: Candidate detection for CVE-2023-33677 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Apache::Session::Generate::ModUniqueId versions from 1.54 through - 1.94 for Perl session ids are insecure. - - - Apache::Session::Generate::ModUniqueId (added in version 1.54) uses the value - of the UNIQUE_ID environment variable for the session id. The UNIQUE_ID variable - is set by the Apache mod_unique_id plugin, which generates unique ids for the - request. The id is based on the IPv4 address, the process id, the epoch time, - a 16-bit counter and a thread index, with no obfuscation. - - - The server IP is often available to the public, and if not available, can be guessed - from previous session ids being issued. The process ids may also be guessed from - previous session ids. The timestamp is easily guessed (and leaked in the HTTP - Date response header). - - - The purpose of mod_unique_id is to assign a unique id to requests so that events - can be correlated in different logs. The id is not designed, nor is it suitable - for security purposes.' + description: Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable + to unauthenticated SQL Injection at "?page=items/view&id=*". detection: payload: null verify: null @@ -33848,29 +27023,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-5081 - - https://httpd.apache.org/docs/current/mod/mod_unique_id.html - - https://metacpan.org/pod/Apache::Session::Generate::Random - - https://access.redhat.com/security/cve/CVE-2026-5081 - - https://bugzilla.redhat.com/show_bug.cgi?id=2467174 + - https://nvd.nist.gov/vuln/detail/CVE-2023-33677 + - https://github.com/ASR511-OO7/CVE-2023-33677/blob/main/CVE-29 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-31976-CANDIDATE - cve_id: CVE-2025-31976 - name: Candidate detection for CVE-2025-31976 - severity: medium - cvss: 4.8 + id: CVE-2023-47415-CANDIDATE + cve_id: CVE-2023-47415 + name: Candidate detection for CVE-2023-47415 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: HCL BigFix Service Management (SM) is vulnerable to insufficiently - protected credentials for a short duration while communicating with a backend, - internal application which could allow an attacker to potentially misuse them, - if exfiltrated. . + description: Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to contain + an OS command injection vulnerability via the cli_text parameter. detection: payload: null verify: null @@ -33878,28 +27048,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-31976 - - https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128144 + - https://nvd.nist.gov/vuln/detail/CVE-2023-47415 + - https://gitlab.com/loudmouth-security/vulnerability-disclosures/cve-2023-47415 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-31978-CANDIDATE - cve_id: CVE-2025-31978 - name: Candidate detection for CVE-2025-31978 - severity: medium - cvss: 4.6 + id: CVE-2024-26566-CANDIDATE + cve_id: CVE-2024-26566 + name: Candidate detection for CVE-2024-26566 + severity: high + cvss: 8.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: HCL BigFix Service Management (SM) does not adequately sanitize or - safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing - them. An attacker could populate data fields which, when saved to a CSV file, - may attempt information exfiltration or other malicious activity when automatically - executed by the spreadsheet software. Note that current versions of Excel warn - users of untrusted content. + description: An issue in Cute Http File Server v.3.1 allows a remote attacker to + escalate privileges via the password verification component. detection: payload: null verify: null @@ -33907,29 +27073,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-31978 - - https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128144 + - https://nvd.nist.gov/vuln/detail/CVE-2024-26566 + - https://github.com/GZLDL/CVE/blob/main/CVE-2024-26566/CVE-2024-26566%20English.md + - https://github.com/GZLDL/CVE/tree/main/Cute%20Http%20File%20Server%20JWT generated_from: - nvd - status: candidate executable: false - id: CVE-2026-20167-CANDIDATE - cve_id: CVE-2026-20167 - name: Candidate detection for CVE-2026-20167 + id: CVE-2024-22257-CANDIDATE + cve_id: CVE-2024-22257 + name: Candidate detection for CVE-2024-22257 severity: high - cvss: 7.7 + cvss: 8.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A vulnerability in the web-based management interface of Cisco IoT\ - \ Field Network Director could allow an authenticated, remote attacker with low\ - \ privileges to cause a DoS condition on a remotely managed router.\r\n\r\nThis\ - \ vulnerability is due to improper error handling. An attacker could exploit this\ - \ vulnerability by submitting crafted input to the web-based management interface.\ - \ A successful exploit could allow the attacker to request unauthorized files\ - \ from a remote router, causing the router to reload and resulting in a DoS condition." + description: "In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to\ + \ \n5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, \nversions\ + \ 6.2.x prior to 6.2.3, an application is possible vulnerable to \nbroken access\ + \ control when it directly uses the AuthenticatedVoter#vote passing a null Authentication\ + \ parameter." detection: payload: null verify: null @@ -33937,29 +27102,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-20167 - - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u + - https://nvd.nist.gov/vuln/detail/CVE-2024-22257 + - https://security.netapp.com/advisory/ntap-20240419-0005/ + - https://spring.io/security/cve-2024-22257 + - https://github.com/dependency-check/DependencyCheck/issues/8642 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-20168-CANDIDATE - cve_id: CVE-2026-20168 - name: Candidate detection for CVE-2026-20168 - severity: medium - cvss: 6.5 + id: CVE-2024-28735-CANDIDATE + cve_id: CVE-2024-28735 + name: Candidate detection for CVE-2024-28735 + severity: high + cvss: 8.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A vulnerability in the web-based management interface of Cisco IoT\ - \ Field Network Director could allow an authenticated, remote attacker with low\ - \ privileges to retrieve files that they do not have permission to access.\r\n\ - \r\nThis vulnerability is due to insufficient file access checks. An attacker\ - \ could exploit this vulnerability by submitting crafted input in the web-based\ - \ management interface. A successful exploit could allow the attacker to read\ - \ files that they are not authorized to access." + description: Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect + access control authorization bypass vulnerability which allows an authenticated + user to modify the password of any user of the application via a crafted request. detection: payload: null verify: null @@ -33967,30 +27130,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-20168 - - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u + - https://nvd.nist.gov/vuln/detail/CVE-2024-28735 + - https://packetstormsecurity.com/files/177620/Financials-By-Coda-Authorization-Bypass.html + - https://www.unit4.com/ + - https://www.unit4.com/products/financial-management-software generated_from: - nvd - status: candidate executable: false - id: CVE-2026-20169-CANDIDATE - cve_id: CVE-2026-20169 - name: Candidate detection for CVE-2026-20169 - severity: medium - cvss: 6.4 + id: CVE-2024-25294-CANDIDATE + cve_id: CVE-2024-25294 + name: Candidate detection for CVE-2024-25294 + severity: critical + cvss: 9.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A vulnerability in the web-based management interface of Cisco IoT\ - \ Field Network Director could allow an authenticated, remote attacker with low\ - \ privileges to access files and execute commands on a remote router.\r\n\r\n\ - This vulnerability is due to insufficient input validation of user-supplied data.\ - \ An attacker could exploit this vulnerability by submitting crafted input in\ - \ the web-based management interface. A successful exploit could allow the attacker\ - \ to create, read, or delete files and execute limited commands in user EXEC\ - \ mode on a remote router." + description: An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive + information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL + parameters. detection: payload: null verify: null @@ -33998,31 +27158,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-20169 - - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u + - https://nvd.nist.gov/vuln/detail/CVE-2024-25294 + - https://deeply-capri-1c8.notion.site/REBUILD-V3-5-2023-12-11-SSRF-30324be04e00477eae472bf75f4f5e0d + - https://github.com/getrebuild/rebuild/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-20189-CANDIDATE - cve_id: CVE-2026-20189 - name: Candidate detection for CVE-2026-20189 - severity: medium - cvss: 4.3 + id: CVE-2024-24520-CANDIDATE + cve_id: CVE-2024-24520 + name: Candidate detection for CVE-2024-24520 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A vulnerability in the log file download functionality of Cisco Prime\ - \ Infrastructure could allow an authenticated, remote attacker to download\ - \ arbitrary log files from the server.\r\n\r\nThis vulnerability is due to insufficient\ - \ authorization checks on the download service API. An attacker could exploit\ - \ this vulnerability by submitting a crafted URL request to an affected device.\ - \ A successful exploit could allow the attacker to download sensitive log files\ - \ that they would otherwise not have authorization to access.\r\nTo exploit this\ - \ vulnerability, the attacker must have valid credentials to access the web-based\ - \ management interface of the affected device." + description: An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary + code via the upgrade.php file in the languages place. detection: payload: null verify: null @@ -34030,29 +27184,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-20189 - - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-unauth-infodiscl-LFnLgmey + - https://nvd.nist.gov/vuln/detail/CVE-2024-24520 + - https://github.com/capture0x/leptoncms + - https://github.com/xF9979/LEPTON-CMS + - https://packetstormsecurity.com/files/176647/Lepton-CMS-7.0.0-Remote-Code-Execution.html + - https://www.exploit-db.com/exploits/51949 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-20195-CANDIDATE - cve_id: CVE-2026-20195 - name: Candidate detection for CVE-2026-20195 + id: CVE-2024-28835-CANDIDATE + cve_id: CVE-2024-28835 + name: Candidate detection for CVE-2024-28835 severity: medium - cvss: 5.3 + cvss: 5.0 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A vulnerability in an identity management API endpoint of Cisco ISE\ - \ could allow an unauthenticated, remote attacker to enumerate valid user accounts\ - \ on an affected device.\r\n\r\nThis vulnerability exists because error messages\ - \ are observed when the affected API endpoint is called. An attacker could exploit\ - \ this vulnerability by sending a series of crafted requests to the affected endpoint\ - \ and analyzing the differentiated responses. A successful exploit could allow\ - \ the attacker to compile a list of valid usernames on an affected system." + description: A flaw has been discovered in GnuTLS where an application crash can + be induced when attempting to verify a specially crafted .pem bundle using the + "certtool --verify-chain" command. detection: payload: null verify: null @@ -34060,34 +27213,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-20195 - - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-bypass-uxjRXGpb + - https://nvd.nist.gov/vuln/detail/CVE-2024-28835 + - https://access.redhat.com/errata/RHSA-2024:1879 + - https://access.redhat.com/errata/RHSA-2024:2570 + - https://access.redhat.com/errata/RHSA-2024:2889 + - https://access.redhat.com/security/cve/CVE-2024-28835 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33079-CANDIDATE - cve_id: CVE-2026-33079 - name: Candidate detection for CVE-2026-33079 - severity: high - cvss: 7.5 + id: CVE-2024-28386-CANDIDATE + cve_id: CVE-2024-28386 + name: Candidate detection for CVE-2024-28386 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS (Regular - Expression Denial of Service) vulnerability in `LINK_TITLE_RE` that allows an - attacker who can supply Markdown for parsing to cause denial of service. The regular - expression used for parsing link titles contains overlapping alternatives that - can trigger catastrophic backtracking. In both the double-quoted and single-quoted - branches, a backslash followed by punctuation can be matched either as an escaped - punctuation sequence or as two ordinary characters, creating an ambiguous pattern - inside a repeated group. If an attacker supplies Markdown containing repeated - ! sequences with no closing quote, the regex engine explores an exponential number - of backtracking paths. This is reachable through normal Markdown parsing of inline - links and block link reference definitions. A small crafted input can therefore - cause significant CPU consumption and make applications using Mistune unresponsive. + description: An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote + attacker to execute arbitrary code via the getPhpBin() component. detection: payload: null verify: null @@ -34095,37 +27241,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33079 - - https://github.com/lepture/mistune/blob/df23edd60b43b639d2e6760ef9dd3d618aa11c21/src/mistune/helpers.py#L20-L25 - - https://github.com/lepture/mistune/security/advisories/GHSA-8mp2-v27r-99xp - - https://access.redhat.com/security/cve/CVE-2026-33079 - - https://bugzilla.redhat.com/show_bug.cgi?id=2467298 + - https://nvd.nist.gov/vuln/detail/CVE-2024-28386 + - https://reference1.example.com/modules/fastmagsync/crons/cron_mutualise_job_queue.php?hosting=.%20%26%20%20echo%20%27%3C%3Fphp%20echo%20%2242ovh%22%3B%27%20%3E%20a.php%3B%23&syncway=tofastmag + - https://security.friendsofpresta.org/modules/2024/03/19/fastmagsync.html + - https://www.home-made.io/module-fastmag-sync-prestashop/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40981-CANDIDATE - cve_id: CVE-2026-40981 - name: Candidate detection for CVE-2026-40981 - severity: high - cvss: 7.5 + id: CVE-2024-29644-CANDIDATE + cve_id: CVE-2024-29644 + name: Candidate detection for CVE-2024-29644 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'When using Google Secrets Manager as a backend for the Spring Cloud - Config server a client can craft a request to the config server potentially exposing - secrets from unintended GCP projects. - - Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade - to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected - from 4.1.0 through 4.1.9 (inclusive); upgrade to 4.1.10 or greater (Enterprise - Support Only). Spring Cloud Config 4.2.x: affected from 4.2.0 through 4.2.6 (inclusive); - upgrade to 4.2.7 or greater (Enterprise Support Only). Spring Cloud Config 4.3.x: - affected from 4.3.0 through 4.3.2 (inclusive); upgrade to 4.3.3 or greater. Spring - Cloud Config 5.0.x: affected from 5.0.0 through 5.0.2 (inclusive); upgrade to - 5.0.3 or greater.' + description: Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before + allows a remote attacker to execute arbitrary code via a crafted script to the + user login box. detection: payload: null verify: null @@ -34133,38 +27269,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40981 - - https://spring.io/security/cve-2026-40981 - - https://access.redhat.com/security/cve/CVE-2026-40981 - - https://bugzilla.redhat.com/show_bug.cgi?id=2467621 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40981.json + - https://nvd.nist.gov/vuln/detail/CVE-2024-29644 + - https://github.com/jqhph/dcat-admin + - https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m generated_from: - nvd - status: candidate executable: false - id: CVE-2026-40982-CANDIDATE - cve_id: CVE-2026-40982 - name: Candidate detection for CVE-2026-40982 - severity: critical - cvss: 9.1 + id: CVE-2023-51148-CANDIDATE + cve_id: CVE-2023-51148 + name: Candidate detection for CVE-2023-51148 + severity: high + cvss: 8.0 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Spring Cloud Config allows applications to serve arbitrary text and - binary files through the spring-cloud-config-server module. A malicious user, - or attacker, can send a request using a specially crafted URL that can lead to - a directory traversal attack. - - Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade - to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected - from 4.1.0 through 4.1.9 (inclusive); upgrade to 4.1.10 or greater (Enterprise - Support Only). Spring Cloud Config 4.2.x: affected from 4.2.0 through 4.2.6 (inclusive); - upgrade to 4.2.7 or greater (Enterprise Support Only). Spring Cloud Config 4.3.x: - affected from 4.3.0 through 4.3.2 (inclusive); upgrade to 4.3.3 or greater. Spring - Cloud Config 5.0.x: affected from 5.0.0 through 5.0.2 (inclusive); upgrade to - 5.0.3 or greater.' + description: An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless + Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code + via the 'mycli' command-line interface component. detection: payload: null verify: null @@ -34172,31 +27296,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-40982 - - https://spring.io/security/cve-2026-40982 - - https://access.redhat.com/security/cve/CVE-2026-40982 - - https://bugzilla.redhat.com/show_bug.cgi?id=2467619 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40982.json + - https://nvd.nist.gov/vuln/detail/CVE-2023-51148 + - https://github.com/SpikeReply/advisories/blob/main/cve/trendnet/cve-2023-51148.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41142-CANDIDATE - cve_id: CVE-2026-41142 - name: Candidate detection for CVE-2026-41142 - severity: high - cvss: 8.8 + id: CVE-2024-28713-CANDIDATE + cve_id: CVE-2024-28713 + name: Candidate detection for CVE-2024-28713 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: OpenEXR provides the specification and reference implementation of - the EXR file format, an image storage format for the motion picture industry. - From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before - 3.4.11, there is an integer overflow in ImageChannel::resize that leads to heap - OOB write via OpenEXRUtil public API. This issue has been patched in versions - 3.2.9, 3.3.11, and 3.4.11. + description: An issue in Mblog Blog system v.3.5.0 allows an attacker to execute + arbitrary code via a crafted file to the theme management feature. detection: payload: null verify: null @@ -34204,32 +27321,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41142 - - https://github.com/AcademySoftwareFoundation/openexr/commit/0592ee539f33c122c90f09238579b902d838afb4 - - https://github.com/AcademySoftwareFoundation/openexr/pull/2367 - - https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-m25w-72cj-q6mg - - https://access.redhat.com/security/cve/CVE-2026-41142 + - https://nvd.nist.gov/vuln/detail/CVE-2024-28713 + - https://gitee.com/mtons/mblog + - https://github.com/JiangXiaoBaiJia/cve/blob/main/%E5%9B%BE%E7%89%871.png + - https://github.com/JiangXiaoBaiJia/cve/blob/main/%E5%9B%BE%E7%89%872.png + - https://github.com/JiangXiaoBaiJia/cve/blob/main/%E5%9B%BE%E7%89%873.png generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41672-CANDIDATE - cve_id: CVE-2026-41672 - name: Candidate detection for CVE-2026-41672 - severity: high - cvss: 7.5 + id: CVE-2024-31064-CANDIDATE + cve_id: CVE-2024-31064 + name: Candidate detection for CVE-2024-31064 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) - `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 - and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled - comment content to be serialized into XML without validating or neutralizing comment-breaking - sequences. As a result, an attacker can terminate the comment early and inject - arbitrary XML nodes into the serialized output. This issue has been patched in - versions @xmldom/xmldom versions 0.9.10 and 0.8.13. + description: Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 + and before allows a remote attacker to execute arbitrary code via the First Name + input field. detection: payload: null verify: null @@ -34237,31 +27350,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41672 - - https://github.com/xmldom/xmldom/commit/b397540889086da868c30c366ad5c220d1a750c7 - - https://github.com/xmldom/xmldom/commit/fda7cc313de30243fea35cada64e0bb12099c2a1 - - https://github.com/xmldom/xmldom/pull/987 - - https://github.com/xmldom/xmldom/releases/tag/0.8.13 + - https://nvd.nist.gov/vuln/detail/CVE-2024-31064 + - https://drive.google.com/file/d/1yTIeXAPs3PJcQwj9gxhvs92zTdBwKGVB/view?usp=sharing + - https://github.com/sahildari/cve/blob/master/CVE-2024-31064.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41673-CANDIDATE - cve_id: CVE-2026-41673 - name: Candidate detection for CVE-2026-41673 + id: CVE-2024-28714-CANDIDATE + cve_id: CVE-2024-28714 + name: Candidate detection for CVE-2024-28714 severity: high - cvss: 7.5 + cvss: 8.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) - `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 - and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js - operate without a depth limit. A sufficiently deeply nested DOM tree causes a - RangeError: Maximum call stack size exceeded, crashing the application. This issue - has been patched in versions @xmldom/xmldom versions 0.9.10 and 0.8.13.' + description: SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 + allows an attacker to execute arbitrary code via the groupid parameter. detection: payload: null verify: null @@ -34269,33 +27376,31 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41673 - - https://github.com/xmldom/xmldom/commit/17678a2a73ecbd1a2da90f3d47dc23da9cef81aa - - https://github.com/xmldom/xmldom/commit/291257493cb0eb6980eda83b162a9c4e6d7d2597 - - https://github.com/xmldom/xmldom/commit/2d6d6916ed8a4c223db1f6d7560ab4544c465b0f - - https://github.com/xmldom/xmldom/commit/430357c7b6333108856e917bf2367afe5ceb6f8a + - https://nvd.nist.gov/vuln/detail/CVE-2024-28714 + - https://gitee.com/ZhongBangKeJi/crmeb_java + - https://github.com/JiangXiaoBaiJia/cve2/blob/main/1.md + - https://github.com/JiangXiaoBaiJia/cve2/blob/main/a.png + - https://www.vicarius.io/vsociety/posts/ssti-in-mblog-351-a-tale-of-a-glorified-rce-cve-2024-28713-28714 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41674-CANDIDATE - cve_id: CVE-2026-41674 - name: Candidate detection for CVE-2026-41674 + id: CVE-2024-27619-CANDIDATE + cve_id: CVE-2024-27619 + name: Candidate detection for CVE-2024-27619 severity: high - cvss: 7.5 + cvss: 7.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) - `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 - and 0.8.13 and xmldom version 0.6.0 and prior, the package serializes DocumentType - node fields (internalSubset, publicId, systemId) verbatim without any escaping - or validation. When these fields are set programmatically to attacker-controlled - strings, XMLSerializer.serializeToString can produce output where the DOCTYPE - declaration is terminated early and arbitrary markup appears outside it. This - issue has been patched in versions @xmldom/xmldom versions 0.9.10 and 0.8.13. + description: Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. + Any user having read/write access to ftp server can write directly to ram causing + buffer overflow if file or files uploaded are greater than available ram. Ftp + server allows change of directory to root which is one level up than root of usb + flash directory. During upload ram is getting filled and causing system resource + exhaustion (no free memory) which causes system to crash and reboot. detection: payload: null verify: null @@ -34303,32 +27408,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41674 - - https://github.com/xmldom/xmldom/commit/372008f9ae0e20fd69f761c7b79e202598267314 - - https://github.com/xmldom/xmldom/releases/tag/0.8.13 - - https://github.com/xmldom/xmldom/releases/tag/0.9.10 - - https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h + - https://nvd.nist.gov/vuln/detail/CVE-2024-27619 + - https://github.com/ioprojecton/dir-3040_dos + - https://www.dlink.com/en/security-bulletin/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41675-CANDIDATE - cve_id: CVE-2026-41675 - name: Candidate detection for CVE-2026-41675 - severity: high - cvss: 7.5 + id: CVE-2024-29640-CANDIDATE + cve_id: CVE-2024-29640 + name: Candidate detection for CVE-2024-29640 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) - `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 - and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled - processing instruction data to be serialized into XML without validating or neutralizing - the PI-closing sequence ?>. As a result, an attacker can terminate the processing - instruction early and inject arbitrary XML nodes into the serialized output. This - issue has been patched in versions @xmldom/xmldom versions 0.9.10 and 0.8.13. + description: An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker + to execute arbitrary code via a crafted payload to the sid parameter in the action_query_qrcode + component. detection: payload: null verify: null @@ -34336,33 +27435,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41675 - - https://github.com/xmldom/xmldom/commit/7207a4b0e0bcc228868075ed991665ef9f73b1c2 - - https://github.com/xmldom/xmldom/releases/tag/0.8.13 - - https://github.com/xmldom/xmldom/releases/tag/0.9.10 - - https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx + - https://nvd.nist.gov/vuln/detail/CVE-2024-29640 + - https://github.com/lakemoon602/vuln/blob/main/detail.md + - https://github.com/messense/aliyundrive-webdav generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42216-CANDIDATE - cve_id: CVE-2026-42216 - name: Candidate detection for CVE-2026-42216 - severity: critical - cvss: 9.1 + id: CVE-2024-22780-CANDIDATE + cve_id: CVE-2024-22780 + name: Candidate detection for CVE-2024-22780 + severity: medium + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: OpenEXR provides the specification and reference implementation of - the EXR file format, an image storage format for the motion picture industry. - From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before - 3.4.11, IDManifest::init() reconstructs strings from a prefix-compressed representation. - If the previous string is longer than 255 bytes, the next string is expected to - begin with a 2-byte prefix length. The code reads stringList[i][0] and stringList[i][1] - without checking that the current string has at least two bytes. This issue has - been patched in versions 3.2.9, 3.3.11, and 3.4.11. + description: Cross Site Scripting vulnerability in CA17 TeamsACS v.1.0.1 allows + a remote attacker to execute arbitrary code via a crafted script to the errmsg + parameter. detection: payload: null verify: null @@ -34370,18 +27462,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42216 - - https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-65j8-95g9-jgj4 - - https://access.redhat.com/security/cve/CVE-2026-42216 - - https://bugzilla.redhat.com/show_bug.cgi?id=2467633 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42216.json + - https://nvd.nist.gov/vuln/detail/CVE-2024-22780 + - https://fuo.fi/CVE-2024-22780/ + - https://github.com/CA17/TeamsACS generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41139-CANDIDATE - cve_id: CVE-2026-41139 - name: Candidate detection for CVE-2026-41139 + id: CVE-2024-29477-CANDIDATE + cve_id: CVE-2024-29477 + name: Candidate detection for CVE-2024-29477 severity: high cvss: 8.8 risk_level: unknown @@ -34389,9 +27479,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: Math.js is an extensive math library for JavaScript and Node.js. From - version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed - via the expression parser of mathjs. This issue has been patched in version 15.2.0. + description: Lack of sanitization during Installation Process in Dolibarr ERP CRM + up to version 19.0.0 allows an attacker with adjacent access to the network to + execute arbitrary code via a specifically crafted input. detection: payload: null verify: null @@ -34399,31 +27489,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41139 - - https://github.com/josdejong/mathjs/commit/0aee2f61866e35ffa0aef915221cdf6b026ffdd4 - - https://github.com/josdejong/mathjs/commit/bcf0da46f0b8577ec03c9ecd7bff8b5c2543a611 - - https://github.com/josdejong/mathjs/pull/3656 - - https://github.com/josdejong/mathjs/releases/tag/v15.2.0 + - https://nvd.nist.gov/vuln/detail/CVE-2024-29477 + - https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-29477.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42010-CANDIDATE - cve_id: CVE-2026-42010 - name: Candidate detection for CVE-2026-42010 + id: CVE-2024-27620-CANDIDATE + cve_id: CVE-2024-27620 + name: Candidate detection for CVE-2024-27620 severity: high - cvss: 7.1 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: false - description: "A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest\u2013\ - Shamir\u2013Adleman \u2013 Pre-Shared Key) wrongfully matched usernames containing\ - \ a NUL character with truncated usernames. A remote attacker could exploit this\ - \ by sending a specially crafted username, leading to an authentication bypass.\ - \ This vulnerability allows an attacker to gain unauthorized access by circumventing\ - \ the authentication process." + exploitdb_reference: true + description: An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to + obtain sensitive information via a crafted request to the API. detection: payload: null verify: null @@ -34431,28 +27514,30 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42010 - - https://access.redhat.com/errata/RHSA-2026:13274 - - https://access.redhat.com/errata/RHSA-2026:20611 - - https://access.redhat.com/errata/RHSA-2026:20612 - - https://access.redhat.com/errata/RHSA-2026:20613 + - https://nvd.nist.gov/vuln/detail/CVE-2024-27620 + - https://everywall.github.io/ + - https://packetstormsecurity.com/files/177506/Ladder-0.0.21-Server-Side-Request-Forgery.html generated_from: - nvd + - exploit_db - status: candidate executable: false - id: CVE-2026-8090-CANDIDATE - cve_id: CVE-2026-8090 - name: Candidate detection for CVE-2026-8090 - severity: high - cvss: 7.3 + id: CVE-2024-23082-CANDIDATE + cve_id: CVE-2024-23082 + name: Candidate detection for CVE-2024-23082 + severity: unknown + cvss: 0.0 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Use-after-free in the DOM: Networking component. This vulnerability - was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird - 150.0.2, and Thunderbird 140.10.2.' + description: 'ThreeTen Backport v1.6.8 was discovered to contain an integer overflow + via the component org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, + ParsePosition). NOTE: this is disputed by multiple third parties who believe there + was not reasonable evidence to determine the existence of a vulnerability. The + submission may have been based on a tool that is not sufficiently robust for vulnerability + identification.' detection: payload: null verify: null @@ -34460,28 +27545,29 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-8090 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2034352 - - https://www.mozilla.org/security/advisories/mfsa2026-40/ - - https://www.mozilla.org/security/advisories/mfsa2026-41/ - - https://www.mozilla.org/security/advisories/mfsa2026-42/ + - https://nvd.nist.gov/vuln/detail/CVE-2024-23082 + - https://gist.github.com/LLM4IG/d2618f5f4e5ac37eb75cff5617e58b90 + - https://github.com/ThreeTen/threetenbp generated_from: - nvd - status: candidate executable: false - id: CVE-2026-8091-CANDIDATE - cve_id: CVE-2026-8091 - name: Candidate detection for CVE-2026-8091 + id: CVE-2024-23078-CANDIDATE + cve_id: CVE-2024-23078 + name: Candidate detection for CVE-2024-23078 severity: critical - cvss: 9.8 + cvss: 9.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Incorrect boundary conditions in the Audio/Video: Playback component. - This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, - Thunderbird 140.10.1, and Firefox ESR 115.35.2.' + description: 'JGraphT Core v1.5.2 was discovered to contain a NullPointerException + via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, + Double). NOTE: this is disputed by multiple third parties who believe there was + not reasonable evidence to determine the existence of a vulnerability. The submission + may have been based on a tool that is not sufficiently robust for vulnerability + identification.' detection: payload: null verify: null @@ -34489,30 +27575,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-8091 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2029301 - - https://www.mozilla.org/security/advisories/mfsa2026-30/ - - https://www.mozilla.org/security/advisories/mfsa2026-33/ - - https://www.mozilla.org/security/advisories/mfsa2026-36/ + - https://nvd.nist.gov/vuln/detail/CVE-2024-23078 + - https://gist.github.com/LLM4IG/5feabadf06a88102df316174123e2770 + - https://github.com/jgrapht/jgrapht generated_from: - nvd - status: candidate executable: false - id: CVE-2026-8092-CANDIDATE - cve_id: CVE-2026-8092 - name: Candidate detection for CVE-2026-8092 + id: CVE-2024-23085-CANDIDATE + cve_id: CVE-2024-23085 + name: Candidate detection for CVE-2024-23085 severity: high - cvss: 8.1 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 - and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and - we presume that with enough effort some of these could have been exploited to - run arbitrary code. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR - 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2. + description: 'Apfloat v1.10.1 was discovered to contain a NullPointerException via + the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]). + NOTE: this is disputed by multiple third parties who believe there was not reasonable + evidence to determine the existence of a vulnerability. The submission may have + been based on a tool that is not sufficiently robust for vulnerability identification.' detection: payload: null verify: null @@ -34520,29 +27604,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-8092 - - https://bugzilla.mozilla.org/buglist.cgi?bug_id=1806249%2C2021977%2C2022576%2C2022722%2C2024439%2C2027883%2C2029463%2C2030323%2C2032042%2C2032043%2C2033270%2C2033637%2C2034422%2C2034496%2C2035879%2C2036516 - - https://www.mozilla.org/security/advisories/mfsa2026-40/ - - https://www.mozilla.org/security/advisories/mfsa2026-41/ - - https://www.mozilla.org/security/advisories/mfsa2026-42/ + - https://nvd.nist.gov/vuln/detail/CVE-2024-23085 + - https://gist.github.com/LLM4IG/a4a54fc4abe044976a66af9fffedfc94 + - https://github.com/mtommila/apfloat generated_from: - nvd - status: candidate executable: false - id: CVE-2026-8093-CANDIDATE - cve_id: CVE-2026-8093 - name: Candidate detection for CVE-2026-8093 - severity: high - cvss: 8.1 + id: CVE-2024-23086-CANDIDATE + cve_id: CVE-2024-23086 + name: Candidate detection for CVE-2024-23086 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed - evidence of memory corruption and we presume that with enough effort some of these - could have been exploited to run arbitrary code. This vulnerability was fixed - in Firefox 150.0.2 and Thunderbird 150.0.2. + description: 'Apfloat v1.10.1 was discovered to contain a stack overflow via the + component org.apfloat.internal.DoubleModMath::modPow(double. NOTE: this is disputed + by multiple third parties who believe there was not reasonable evidence to determine + the existence of a vulnerability. The submission may have been based on a tool + that is not sufficiently robust for vulnerability identification.' detection: payload: null verify: null @@ -34550,27 +27633,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-8093 - - https://bugzilla.mozilla.org/buglist.cgi?bug_id=1981270%2C2027154%2C2028332%2C2029327%2C2029894%2C2032189%2C2034837%2C2035968%2C2036256 - - https://www.mozilla.org/security/advisories/mfsa2026-40/ - - https://www.mozilla.org/security/advisories/mfsa2026-43/ - - https://access.redhat.com/security/cve/CVE-2026-8093 + - https://nvd.nist.gov/vuln/detail/CVE-2024-23086 + - https://gist.github.com/LLM4IG/63ad1a4d1e3955043b7a90fdbf36676b + - https://github.com/mtommila/apfloat generated_from: - nvd - status: candidate executable: false - id: CVE-2026-8094-CANDIDATE - cve_id: CVE-2026-8094 - name: Candidate detection for CVE-2026-8094 + id: CVE-2024-22949-CANDIDATE + cve_id: CVE-2024-22949 + name: Candidate detection for CVE-2024-22949 severity: critical - cvss: 9.8 + cvss: 9.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Other issue in the WebRTC component. This vulnerability was fixed in - Firefox ESR 140.10.2 and Thunderbird 140.10.2. + description: 'JFreeChart v1.5.4 was discovered to contain a NullPointerException + via the component /chart/annotations/CategoryLineAnnotation. NOTE: this is disputed + by multiple third parties who believe there was not reasonable evidence to determine + the existence of a vulnerability. The submission may have been based on a tool + that is not sufficiently robust for vulnerability identification.' detection: payload: null verify: null @@ -34578,31 +27662,29 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-8094 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2035939 - - https://www.mozilla.org/security/advisories/mfsa2026-41/ - - https://www.mozilla.org/security/advisories/mfsa2026-44/ - - https://access.redhat.com/errata/RHSA-2026:19160 + - https://nvd.nist.gov/vuln/detail/CVE-2024-22949 + - https://gist.github.com/LLM4IG/35c46e009b205ef6acd0e290e80fb876 + - https://github.com/jfree/jfreechart generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42011-CANDIDATE - cve_id: CVE-2026-42011 - name: Candidate detection for CVE-2026-42011 - severity: high - cvss: 7.4 + id: CVE-2024-23079-CANDIDATE + cve_id: CVE-2024-23079 + name: Candidate detection for CVE-2024-23079 + severity: medium + cvss: 6.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in gnutls. This vulnerability occurs because permitted - name constraints were incorrectly ignored when previous Certificate Authorities - (CAs) only had excluded name constraints. A remote attacker could exploit this - to bypass critical name constraint checks during certificate validation. This - bypass could lead to the acceptance of invalid certificates, potentially enabling - spoofing or man-in-the-middle attacks against affected systems. + description: 'JGraphT Core v1.5.2 was discovered to contain a NullPointerException + via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, + Double). NOTE: this is disputed by multiple third parties who believe there was + not reasonable evidence to determine the existence of a vulnerability. The submission + may have been based on a tool that is not sufficiently robust for vulnerability + identification.' detection: payload: null verify: null @@ -34610,27 +27692,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42011 - - https://access.redhat.com/errata/RHSA-2026:13274 - - https://access.redhat.com/errata/RHSA-2026:20611 - - https://access.redhat.com/errata/RHSA-2026:20612 - - https://access.redhat.com/errata/RHSA-2026:20613 + - https://nvd.nist.gov/vuln/detail/CVE-2024-23079 + - https://gist.github.com/LLM4IG/c19779800945cd0a400d2150fb83d079 + - https://github.com/jgrapht/jgrapht generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33811-CANDIDATE - cve_id: CVE-2026-33811 - name: Candidate detection for CVE-2026-33811 - severity: high - cvss: 7.5 + id: CVE-2024-23081-CANDIDATE + cve_id: CVE-2024-23081 + name: Candidate detection for CVE-2024-23081 + severity: low + cvss: 3.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: When using LookupCNAME with the cgo DNS resolver, a very long CNAME - response can trigger a double-free of C memory and a crash. + description: 'ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException + via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate). NOTE: + this is disputed by multiple third parties who believe there was not reasonable + evidence to determine the existence of a vulnerability. The submission may have + been based on a tool that is not sufficiently robust for vulnerability identification.' detection: payload: null verify: null @@ -34638,18 +27721,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33811 - - https://go.dev/cl/767860 - - https://go.dev/issue/78803 - - https://groups.google.com/g/golang-announce/c/qcCIEXso47M - - https://pkg.go.dev/vuln/GO-2026-4981 + - https://nvd.nist.gov/vuln/detail/CVE-2024-23081 + - https://gist.github.com/LLM4IG/3cc9183dcd887020368a0bafeafec5e3 + - https://github.com/ThreeTen/threetenbp generated_from: - nvd - status: candidate executable: false - id: CVE-2026-33814-CANDIDATE - cve_id: CVE-2026-33814 - name: Candidate detection for CVE-2026-33814 + id: CVE-2024-23084-CANDIDATE + cve_id: CVE-2024-23084 + name: Candidate detection for CVE-2024-23084 severity: high cvss: 7.5 risk_level: unknown @@ -34657,9 +27738,11 @@ priority: cisa_kev: false exploitdb_reference: false - description: When processing HTTP/2 SETTINGS frames, transport will enter an infinite - loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with - a value of 0. + description: 'Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException + via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]). + NOTE: this is disputed by multiple third parties who believe there was not reasonable + evidence to determine the existence of a vulnerability. The submission may have + been based on a tool that is not sufficiently robust for vulnerability identification.' detection: payload: null verify: null @@ -34667,18 +27750,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-33814 - - https://go.dev/cl/761581 - - https://go.dev/cl/761640 - - https://go.dev/issue/78476 - - https://groups.google.com/g/golang-announce/c/qcCIEXso47M + - https://nvd.nist.gov/vuln/detail/CVE-2024-23084 + - https://gist.github.com/LLM4IG/5b7dd0a87db14d9c95d4c0ea62e0195b + - https://github.com/mtommila/apfloat generated_from: - nvd - status: candidate executable: false - id: CVE-2026-39820-CANDIDATE - cve_id: CVE-2026-39820 - name: Candidate detection for CVE-2026-39820 + id: CVE-2024-23076-CANDIDATE + cve_id: CVE-2024-23076 + name: Candidate detection for CVE-2024-23076 severity: high cvss: 7.5 risk_level: unknown @@ -34686,8 +27767,11 @@ priority: cisa_kev: false exploitdb_reference: false - description: Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate - were able to trigger excessive CPU exhaustion and memory allocations. + description: 'JFreeChart v1.5.4 was discovered to contain a NullPointerException + via the component /labels/BubbleXYItemLabelGenerator.java. NOTE: this is disputed + by multiple third parties who believe there was not reasonable evidence to determine + the existence of a vulnerability. The submission may have been based on a tool + that is not sufficiently robust for vulnerability identification.' detection: payload: null verify: null @@ -34695,27 +27779,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-39820 - - https://go.dev/cl/759940 - - https://go.dev/issue/78566 - - https://groups.google.com/g/golang-announce/c/qcCIEXso47M - - https://pkg.go.dev/vuln/GO-2026-4986 + - https://nvd.nist.gov/vuln/detail/CVE-2024-23076 + - https://gist.github.com/LLM4IG/115de1f7c3051403f0301cee0d293518 + - https://github.com/jfree/jfreechart generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42499-CANDIDATE - cve_id: CVE-2026-42499 - name: Candidate detection for CVE-2026-42499 - severity: high - cvss: 7.5 + id: CVE-2024-23080-CANDIDATE + cve_id: CVE-2024-23080 + name: Candidate detection for CVE-2024-23080 + severity: critical + cvss: 9.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Pathological inputs could cause DoS through consumePhrase when parsing - an email address according to RFC 5322. + description: 'Joda Time v2.12.5 was discovered to contain a NullPointerException + via the component org.joda.time.format.PeriodFormat::wordBased(Locale). NOTE: + this is disputed by multiple third parties who believe there was not reasonable + evidence to determine the existence of a vulnerability. The submission may have + been based on a tool that is not sufficiently robust for vulnerability identification.' detection: payload: null verify: null @@ -34723,28 +27808,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42499 - - https://go.dev/cl/771520 - - https://go.dev/issue/78987 - - https://groups.google.com/g/golang-announce/c/qcCIEXso47M - - https://pkg.go.dev/vuln/GO-2026-4977 + - https://nvd.nist.gov/vuln/detail/CVE-2024-23080 + - https://gist.github.com/LLM4IG/6614bfa658295d7af07a6d37e06db27f + - https://github.com/JodaOrg/joda-time generated_from: - nvd - status: candidate executable: false - id: CVE-2026-43510-CANDIDATE - cve_id: CVE-2026-43510 - name: Candidate detection for CVE-2026-43510 + id: CVE-2024-23083-CANDIDATE + cve_id: CVE-2024-23083 + name: Candidate detection for CVE-2024-23083 severity: medium - cvss: 5.9 + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov - allows an organization administrator to assign domain manager privileges for domains - not already in another organization. Fixed in 1.176.0 on or around 2026-04-30. + description: 'Time4J Base v5.9.3 was discovered to contain a NullPointerException + via the component net.time4j.format.internal.FormatUtils::useDefaultWeekmodel(Locale). + NOTE: this is disputed by multiple third parties who believe there was not reasonable + evidence to determine the existence of a vulnerability. The submission may have + been based on a tool that is not sufficiently robust for vulnerability identification.' detection: payload: null verify: null @@ -34752,31 +27837,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-43510 - - https://github.com/cisagov/manage.get.gov/issues/4858 - - https://github.com/cisagov/manage.get.gov/pull/4900 - - https://github.com/cisagov/manage.get.gov/releases/tag/v1.176.0 - - https://github.com/cisagov/manage.get.gov/security/advisories/GHSA-6wrg-x3j6-x464 + - https://nvd.nist.gov/vuln/detail/CVE-2024-23083 + - https://gist.github.com/LLM4IG/624598834f6699e3617d47c675227e97 + - https://github.com/MenoData/Time4J generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42880-CANDIDATE - cve_id: CVE-2026-42880 - name: Candidate detection for CVE-2026-42880 - severity: critical - cvss: 9.6 + id: CVE-2024-29296-CANDIDATE + cve_id: CVE-2024-29296 + name: Candidate detection for CVE-2024-29296 + severity: medium + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. - From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing - authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows - an attacker with read-only access to extract plaintext Kubernetes Secret data - from etcd via the Kubernetes API server's Server-Side Apply dry-run mechanism. - This issue has been patched in versions 3.2.11 and 3.3.9. + description: A user enumeration vulnerability was found in Portainer CE 2.19.4. + This issue occurs during user authentication process, where a difference in response + time could allow a remote unauthenticated user to determine if a username is valid + or not. detection: payload: null verify: null @@ -34784,34 +27865,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42880 - - https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3 - - https://access.redhat.com/errata/RHBA-2026:12433 - - https://access.redhat.com/errata/RHSA-2026:20943 - - https://access.redhat.com/errata/RHSA-2026:20947 + - https://nvd.nist.gov/vuln/detail/CVE-2024-29296 + - https://github.com/ThaySolis/CVE-2024-29296 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42203-CANDIDATE - cve_id: CVE-2026-42203 - name: Candidate detection for CVE-2026-42203 + id: CVE-2023-52070-CANDIDATE + cve_id: CVE-2023-52070 + name: Candidate detection for CVE-2023-52070 severity: high - cvss: 8.8 + cvss: 8.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or - native) format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test - endpoint accepted user-supplied prompt templates and rendered them without sandboxing. - A crafted template could run arbitrary code inside the LiteLLM Proxy process. - The endpoint only checks that the caller presents a valid proxy API key, so any - authenticated user could reach it. Depending on how the proxy is deployed, this - could expose secrets in the process environment (such as provider API keys or - database credentials) and allow commands to be run on the host. This issue has - been patched in version 1.83.7. + description: 'JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds + via the ''setSeriesNeedle(int index, int type)'' method. NOTE: this is disputed + by multiple third parties who believe there was not reasonable evidence to determine + the existence of a vulnerability. The submission may have been based on a tool + that is not sufficiently robust for vulnerability identification.' detection: payload: null verify: null @@ -34819,34 +27893,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42203 - - https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable - - https://github.com/BerriAI/litellm/security/advisories/GHSA-xqmj-j6mv-4862 - - https://access.redhat.com/security/cve/CVE-2026-42203 - - https://bugzilla.redhat.com/show_bug.cgi?id=2467917 + - https://nvd.nist.gov/vuln/detail/CVE-2023-52070 + - https://gist.github.com/LLM4IG/f55de46e65fb5a19b7815adb36fd858b generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42208-CANDIDATE - cve_id: CVE-2026-42208 - name: Candidate detection for CVE-2026-42208 - severity: critical - cvss: 9.8 + id: CVE-2024-23077-CANDIDATE + cve_id: CVE-2024-23077 + name: Candidate detection for CVE-2024-23077 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: - cisa_kev: true + cisa_kev: false exploitdb_reference: false - description: LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or - native) format. From version 1.81.16 to before version 1.83.7, a database query - used during proxy API key checks mixed the caller-supplied key value into the - query text instead of passing it as a separate parameter. An unauthenticated attacker - could send a specially crafted Authorization header to any LLM API route (for - example POST /chat/completions) and reach this query through the proxy's error-handling - path. An attacker could read data from the proxy's database and may be able to - modify it, leading to unauthorised access to the proxy and the credentials it - manages. This issue has been patched in version 1.83.7. + description: 'JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds + via the component /chart/plot/CompassPlot.java. NOTE: this is disputed by multiple + third parties who believe there was not reasonable evidence to determine the existence + of a vulnerability. The submission may have been based on a tool that is not sufficiently + robust for vulnerability identification.' detection: payload: null verify: null @@ -34854,34 +27921,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42208 - - https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable - - https://github.com/BerriAI/litellm/security/advisories/GHSA-r75f-5x8p-qvmc - - https://access.redhat.com/security/cve/CVE-2026-42208 - - https://bugzilla.redhat.com/show_bug.cgi?id=2463965 - - https://www.cisa.gov/known-exploited-vulnerabilities-catalog + - https://nvd.nist.gov/vuln/detail/CVE-2024-23077 + - https://gist.github.com/LLM4IG/f55de46e65fb5a19b7815adb36fd858b + - https://github.com/jfree/jfreechart generated_from: - nvd - - cisa_kev - status: candidate executable: false - id: CVE-2026-42264-CANDIDATE - cve_id: CVE-2026-42264 - name: Candidate detection for CVE-2026-42264 - severity: high - cvss: 7.4 + id: CVE-2023-51141-CANDIDATE + cve_id: CVE-2023-51141 + name: Candidate detection for CVE-2023-51141 + severity: medium + cvss: 6.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Axios is a promise based HTTP client for the browser and Node.js. From - version 1.0.0 to before version 1.15.2, fFive config properties (auth, baseURL, - socketPath, beforeRedirect, and insecureHTTPParser) in the HTTP adapter are read - via direct property access without hasOwnProperty guards, making them exploitable - as prototype pollution gadgets. When Object.prototype is polluted by another dependency - in the same process, axios silently picks up these polluted values on every outbound - HTTP request. This issue has been patched in version 1.15.2. + description: An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker + to obtain sensitive information via the Authentication & Authorization component detection: payload: null verify: null @@ -34889,36 +27947,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42264 - - https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa - - https://github.com/axios/axios/pull/10779 - - https://github.com/axios/axios/releases/tag/v1.15.2 - - https://github.com/axios/axios/security/advisories/GHSA-q8qp-cvcw-x6jj + - https://nvd.nist.gov/vuln/detail/CVE-2023-51141 + - https://gist.github.com/ipxsec/1680d29c49fe368be81b037168175b10 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42271-CANDIDATE - cve_id: CVE-2026-42271 - name: Candidate detection for CVE-2026-42271 + id: CVE-2023-51142-CANDIDATE + cve_id: CVE-2023-51142 + name: Candidate detection for CVE-2023-51142 severity: high - cvss: 8.8 + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: - cisa_kev: true + cisa_kev: false exploitdb_reference: false - description: "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI\ - \ (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints\ - \ used to preview an MCP server before saving it \u2014 POST /mcp-rest/test/connection\ - \ and POST /mcp-rest/test/tools/list \u2014 accepted a full server configuration\ - \ in the request body, including the command, args, and env fields used by the\ - \ stdio transport. When called with a stdio configuration, the endpoints attempted\ - \ to connect, which spawned the supplied command as a subprocess on the proxy\ - \ host with the privileges of the proxy process. The endpoints were gated only\ - \ by a valid proxy API key, with no role check. Any authenticated user \u2014\ - \ including holders of low-privilege internal-user keys \u2014 could therefore\ - \ run arbitrary commands on the host. This issue has been patched in version 1.83.7." + description: An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker + to obtain sensitive information. detection: payload: null verify: null @@ -34926,73 +27972,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42271 - - https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable - - https://github.com/BerriAI/litellm/security/advisories/GHSA-v4p8-mg3p-g94g - - https://access.redhat.com/errata/RHSA-2026:27784 - - https://access.redhat.com/errata/RHSA-2026:28960 - - https://www.cisa.gov/known-exploited-vulnerabilities-catalog + - https://nvd.nist.gov/vuln/detail/CVE-2023-51142 + - https://gist.github.com/ipxsec/b20383620c9e1d5300f7716e62e8a82f + - https://www.zkteco.com/en/Security_Bulletinsibs/14 generated_from: - nvd - - cisa_kev - status: candidate executable: false - id: CVE-2026-43284-CANDIDATE - cve_id: CVE-2026-43284 - name: Candidate detection for CVE-2026-43284 - severity: high - cvss: 8.8 + id: CVE-2024-32161-CANDIDATE + cve_id: CVE-2024-32161 + name: Candidate detection for CVE-2024-32161 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: true - description: 'In the Linux kernel, the following vulnerability has been resolved: - - - xfrm: esp: avoid in-place decrypt on shared skb frags - - - MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP - - marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), - - so later paths that may modify packet data can first make a private - - copy. The IPv4/IPv6 datagram append paths did not set this flag when - - splicing pages into UDP skbs. - - - That leaves an ESP-in-UDP packet made from shared pipe pages looking - - like an ordinary uncloned nonlinear skb. ESP input then takes the no-COW - - fast path for uncloned skbs without a frag_list and decrypts in place - - over data that is not owned privately by the skb. - - - Mark IPv4/IPv6 datagram splice frags with SKBFL_SHARED_FRAG, matching - - TCP. Also make ESP input fall back to skb_cow_data() when the flag is - - present, so ESP does not decrypt externally backed frags in place. - - Private nonlinear skb frags still use the existing fast path. - - - This intentionally does not change ESP output. In esp_output_head(), - - the path that appends the ESP trailer to existing skb tailroom without - - calling skb_cow_data() is not reachable for nonlinear skbs: - - skb_tailroom() returns zero when skb->data_len is nonzero, while ESP - - tailen is positive. Thus ESP output will either use the separate - - destination-frag path or fall back to skb_cow_data().' + exploitdb_reference: false + description: jizhiCMS 2.5 suffers from a File upload vulnerability. detection: payload: null verify: null @@ -35000,37 +27997,23 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-43284 - - https://git.kernel.org/stable/c/50ed1e7873100f77abad20fd31c51029bc49cd03 - - https://git.kernel.org/stable/c/52646cbd00e765a6db9c3afe9535f26218276034 - - https://git.kernel.org/stable/c/5d55c7336f8032d434adcc5fab987ccc93a44aec - - https://git.kernel.org/stable/c/71a1d9d985d26716f74d21f18ee8cac821b06e97 + - https://nvd.nist.gov/vuln/detail/CVE-2024-32161 + - https://github.com/XiLitter/CMS_vulnerability-discovery/blob/main/jizhicms%20v_2.5.md generated_from: - nvd - - exploit_db - status: candidate executable: false - id: CVE-2026-43329-CANDIDATE - cve_id: CVE-2026-43329 - name: Candidate detection for CVE-2026-43329 - severity: high - cvss: 7.8 + id: CVE-2024-32162-CANDIDATE + cve_id: CVE-2024-32162 + name: Candidate detection for CVE-2024-32162 + severity: medium + cvss: 4.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "In the Linux kernel, the following vulnerability has been resolved:\n\ - \nnetfilter: flowtable: strictly check for maximum number of actions\n\nThe maximum\ - \ number of flowtable hardware offload actions in IPv6 is:\n\n* ethernet mangling\ - \ (4 payload actions, 2 for each ethernet address)\n* SNAT (4 payload actions)\n\ - * DNAT (4 payload actions)\n* Double VLAN (4 vlan actions, 2 for popping vlan,\ - \ and 2 for pushing)\n for QinQ.\n* Redirect (1 action)\n\nWhich makes 17, while\ - \ the maximum is 16. But act_ct supports for tunnels\nactions too. Note that payload\ - \ action operates at 32-bit word level, so\nmangling an IPv6 address takes 4 payload\ - \ actions.\n\nUpdate flow_action_entry_next() calls to check for the maximum number\ - \ of\nsupported actions.\n\nWhile at it, rise the maximum number of actions per\ - \ flow from 16 to 24\nso this works fine with IPv6 setups." + description: CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion. detection: payload: null verify: null @@ -35038,32 +28021,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-43329 - - https://git.kernel.org/stable/c/504c9456699dcf4d15195ef34a0fa94a80bfc877 - - https://git.kernel.org/stable/c/5382bb03e9c33b089d60788478b922a2dca284cc - - https://git.kernel.org/stable/c/57c78bd2e2dd08897acd35b2bf8bcef322e36f5e - - https://git.kernel.org/stable/c/76522fcdbc3a02b568f5d957f7e66fc194abb893 + - https://nvd.nist.gov/vuln/detail/CVE-2024-32162 + - https://github.com/XiLitter/CMS_vulnerability-discovery/blob/main/CMSeasy_7.7.7_file_deletion.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-41163-CANDIDATE - cve_id: CVE-2026-41163 - name: Candidate detection for CVE-2026-41163 - severity: high - cvss: 7.0 + id: CVE-2024-32206-CANDIDATE + cve_id: CVE-2024-32206 + name: Candidate detection for CVE-2024-32206 + severity: medium + cvss: 4.6 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: bubblewrap is a low-level unprivileged sandboxing tool. From version - 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then - the user can use ptrace to attach to bubblewrap and control the unprivileged part - of the sandbox setup phase. This allows the attacker to arbitrarily use the privileged - operations, and in particular the "overlay mount" operation, allowing the creation - of overlay mounts which is otherwise not allowed in the setuid version of bubblewrap. - This issue has been patched in version 0.11.2. + description: A stored cross-site scripting (XSS) vulnerability in the component + \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary + web scripts or HTML via a crafted payload injected into the $formdata parameter. detection: payload: null verify: null @@ -35071,34 +28047,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-41163 - - https://github.com/containers/bubblewrap/releases/tag/v0.11.2 - - https://github.com/containers/bubblewrap/security/advisories/GHSA-xq78-7hw4-5jvp - - https://access.redhat.com/security/cve/CVE-2026-41163 - - https://bugzilla.redhat.com/show_bug.cgi?id=2468439 + - https://nvd.nist.gov/vuln/detail/CVE-2024-32206 + - https://github.com/majic-banana/vulnerability/blob/main/POC/WUZHICMS4.1.0%20Stored%20Xss%20In%20Affiche%20Model.md + - https://github.com/wuzhicms/wuzhicms generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42294-CANDIDATE - cve_id: CVE-2026-42294 - name: Candidate detection for CVE-2026-42294 + id: CVE-2024-32409-CANDIDATE + cve_id: CVE-2024-32409 + name: Candidate detection for CVE-2024-32409 severity: high - cvss: 7.5 + cvss: 7.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Argo Workflows is an open source container-native workflow engine for - orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, - the Webhook Interceptor loads the entire request body into memory before authenticating - the request or verifying its signature. This occurs on the /api/v1/events/ endpoint, - which is publicly accessible (albeit intended for webhooks). An attacker can send - a request with an extremely large body (e.g., multiple gigabytes), causing the - Argo Server to allocate excessive memory, potentially leading to an Out-Of-Memory - (OOM) crash and denial of service. This issue has been patched in versions 3.7.14 - and 4.0.5. + description: An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary + code via a crafted script. detection: payload: null verify: null @@ -35106,35 +28073,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42294 - - https://github.com/argoproj/argo-workflows/commit/7abb4de6c3599e2d5d960ba4d5de4cf1df109965 - - https://github.com/argoproj/argo-workflows/releases/tag/v3.7.14 - - https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5 - - https://github.com/argoproj/argo-workflows/security/advisories/GHSA-jcc8-g2q4-9fxq + - https://nvd.nist.gov/vuln/detail/CVE-2024-32409 + - https://gitee.com/whats-the-bad-idea/cve generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42296-CANDIDATE - cve_id: CVE-2026-42296 - name: Candidate detection for CVE-2026-42296 - severity: high - cvss: 8.1 + id: CVE-2024-28722-CANDIDATE + cve_id: CVE-2024-28722 + name: Candidate detection for CVE-2024-28722 + severity: medium + cvss: 6.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Argo Workflows is an open source container-native workflow engine - for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, - a user with create Workflow permission can bypass templateReferencing: Strict - to get host network access, switch service accounts, override pod security context, - add tolerations to schedule on control-plane nodes, or enable SA token mounting. - This defeats the stated purpose of the feature. The practical impact depends on - what Kubernetes-level controls are in place. Clusters with PodSecurity admission - or OPA/Gatekeeper would independently block some of these (like hostNetwork). - Clusters that rely on Argo''s Strict mode as the primary enforcement layer are - fully exposed. This issue has been patched in versions 3.7.14 and 4.0.5.' + description: Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, + v.12r2 allows a remote attacker to execute arbitrary code via the query parameter + to the /CMD0/xml_modes.xml endpoint detection: payload: null verify: null @@ -35142,32 +28099,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42296 - - https://github.com/argoproj/argo-workflows/commit/534f4ff1cbd86908e8ff76d97d553ad5a49a950d - - https://github.com/argoproj/argo-workflows/releases/tag/v3.7.14 - - https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5 - - https://github.com/argoproj/argo-workflows/security/advisories/GHSA-3775-99mw-8rp4 + - https://nvd.nist.gov/vuln/detail/CVE-2024-28722 + - https://wiki.innovaphone.com/index.php?title=Reference14r1:Release_Notes_Firmware#159317_-_Advanced_UI:_Prevent_XSL_injection generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42297-CANDIDATE - cve_id: CVE-2026-42297 - name: Candidate detection for CVE-2026-42297 + id: CVE-2024-28699-CANDIDATE + cve_id: CVE-2024-28699 + name: Candidate detection for CVE-2024-28699 severity: high - cvss: 8.3 + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "Argo Workflows is an open source container-native workflow engine\ - \ for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before\ - \ version 4.0.5, the Sync Service's ConfigMap-backed provider (server/sync/sync_cm.go)\ - \ performs zero authorization checks on all CRUD operations (create, read, update,\ - \ delete). Any authenticated user \u2014 including those using fake Bearer tokens\ - \ \u2014 can create, read, update, and delete Kubernetes ConfigMaps containing\ - \ synchronization limits. This issue has been patched in version 4.0.5." + description: A buffer overflow vulnerability in pdf2json v0.70 allows a local attacker + to execute arbitrary code via the GString::copy() and ImgOutputDev::ImgOutputDev + function. detection: payload: null verify: null @@ -35175,30 +28125,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42297 - - https://github.com/argoproj/argo-workflows/commit/09fff05e0830c14a5e36cc40597ad84881db1ab6 - - https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5 - - https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xchc-cqwg-g76q - - https://access.redhat.com/security/cve/CVE-2026-42297 + - https://nvd.nist.gov/vuln/detail/CVE-2024-28699 + - https://github.com/flexpaper/pdf2json + - https://github.com/flexpaper/pdf2json/issues/52 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42246-CANDIDATE - cve_id: CVE-2026-42246 - name: Candidate detection for CVE-2026-42246 - severity: high - cvss: 7.4 + id: CVE-2024-28328-CANDIDATE + cve_id: CVE-2024-28328 + name: Candidate detection for CVE-2024-28328 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Net::IMAP implements Internet Message Access Protocol (IMAP) client - functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a - man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", - without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, - 0.5.14, and 0.6.4. + description: CSV Injection vulnerability in the Asus RT-N12+ router allows administrator + users to inject arbitrary commands or formulas in the client name parameter which + can be triggered and executed in a different user session upon exporting to CSV + format. detection: payload: null verify: null @@ -35206,30 +28153,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42246 - - https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618 - - https://github.com/ruby/net-imap/commit/24a4e770b43230286a05aa2a9746cdbb3eb8485e - - https://github.com/ruby/net-imap/commit/97e2488fb5401a1783bddd959dde007d9fbce42c - - https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da + - https://nvd.nist.gov/vuln/detail/CVE-2024-28328 + - https://github.com/ShravanSinghRathore/ASUS-RT-N300-B1/wiki/CSV-Injection-CVE%E2%80%902024%E2%80%9028328 + - https://redfoxsec.com/blog/asus-rt-n12-b1s-csv-injection-cve%E2%80%902024%E2%80%9028328/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42258-CANDIDATE - cve_id: CVE-2026-42258 - name: Candidate detection for CVE-2026-42258 + id: CVE-2024-28325-CANDIDATE + cve_id: CVE-2024-28325 + name: Candidate detection for CVE-2024-28325 severity: medium - cvss: 5.3 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: Net::IMAP implements Internet Message Access Protocol (IMAP) client - functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments - to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol - arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, - 0.5.14, and 0.6.4. + description: Asus RT-N12+ B1 router stores credentials in cleartext, which could + allow local attackers to obtain unauthorized access and modify router settings. detection: payload: null verify: null @@ -35237,32 +28179,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42258 - - https://github.com/ruby/net-imap/releases/tag/v0.4.24 - - https://github.com/ruby/net-imap/releases/tag/v0.5.14 - - https://github.com/ruby/net-imap/releases/tag/v0.6.4 - - https://github.com/ruby/net-imap/security/advisories/GHSA-75xq-5h9v-w6px + - https://nvd.nist.gov/vuln/detail/CVE-2024-28325 + - https://github.com/ShravanSinghRathore/ASUS-RT-N300-B1/wiki/Credentials-Stored-in-Cleartext-CVE%E2%80%902024%E2%80%9028325 generated_from: - nvd - status: candidate executable: false - id: CVE-2025-14179-CANDIDATE - cve_id: CVE-2025-14179 - name: Candidate detection for CVE-2025-14179 - severity: critical - cvss: 9.8 + id: CVE-2024-28327-CANDIDATE + cve_id: CVE-2024-28327 + name: Candidate detection for CVE-2024-28327 + severity: high + cvss: 8.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before\ - \ 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL\ - \ bytes when preparing SQL queries. During token-by-token query construction,\ - \ a string token containing a NUL byte is copied via strncat(), which stops at\ - \ the NUL byte, dropping the closing quote and causing subsequent SQL tokens to\ - \ be interpreted as part of the string. This allows SQL injection when attacker-controlled\ - \ values are quoted via PDO::quote() and embedded in SQL\_statements." + description: Asus RT-N12+ B1 router stores user passwords in plaintext, which could + allow local attackers to obtain unauthorized access and modify router settings. detection: payload: null verify: null @@ -35270,35 +28204,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-14179 - - https://github.com/php/php-src/security/advisories/GHSA-w476-322c-wpvm - - https://access.redhat.com/security/cve/CVE-2025-14179 - - https://bugzilla.redhat.com/show_bug.cgi?id=2468567 - - https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14179.json + - https://nvd.nist.gov/vuln/detail/CVE-2024-28327 + - https://github.com/ShravanSinghRathore/ASUS-RT-N300-B1/wiki/Insecure-Credential-Storage-CVE%E2%80%902024%E2%80%9028327 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6722-CANDIDATE - cve_id: CVE-2026-6722 - name: Candidate detection for CVE-2026-6722 + id: CVE-2024-25343-CANDIDATE + cve_id: CVE-2024-25343 + name: Candidate detection for CVE-2024-25343 severity: critical - cvss: 9.8 + cvss: 9.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before\ - \ 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism\ - \ stores pointers to PHP objects in a global map\_without incrementing their reference\ - \ counts. When an apache:Map node contains duplicate keys, processing the second\ - \ entry overwrites the first in the temporary result map, freeing the original\ - \ PHP object while its stale pointer remains in the map. A subsequent href reference\ - \ to the freed node can copy the dangling pointer into the result. As PHP string\ - \ allocations can reclaim the freed memory region, an attacker with control over\ - \ the SOAP request body can exploit this use-after-free to achieve remote code\ - \ execution." + description: Tenda N300 F3 router vulnerability allows users to bypass intended + security policy and create weak passwords. detection: payload: null verify: null @@ -35306,31 +28229,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6722 - - https://github.com/php/php-src/security/advisories/GHSA-85c2-q967-79q5 - - https://access.redhat.com/security/cve/CVE-2026-6722 - - https://bugzilla.redhat.com/show_bug.cgi?id=2468560 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6722.json + - https://nvd.nist.gov/vuln/detail/CVE-2024-25343 + - https://github.com/ShravanSinghRathore/Tenda-N300-F3-Router/wiki/Password-Policy-Bypass-Vulnerability-CVE%E2%80%902024%E2%80%9025343 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-7262-CANDIDATE - cve_id: CVE-2026-7262 - name: Candidate detection for CVE-2026-7262 - severity: high - cvss: 7.5 + id: CVE-2024-28326-CANDIDATE + cve_id: CVE-2024-28326 + name: Candidate detection for CVE-2024-28326 + severity: medium + cvss: 6.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before\ - \ 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured,\ - \ the decoding process contains a mistake which checks the wrong variable in case\ - \ of missing value element.\_ This leads to\_dereferences a NULL pointer, causing\ - \ a segmentation fault. This allows a remote unauthenticated attacker to crash\ - \ the PHP SOAP server process, resulting in denial of service." + description: Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allows + local attackers to obtain root terminal access via the the UART interface. detection: payload: null verify: null @@ -35338,18 +28254,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-7262 - - https://github.com/php/php-src/security/advisories/GHSA-hmxp-6pc4-f3vv - - https://access.redhat.com/errata/RHSA-2026:22142 - - https://access.redhat.com/errata/RHSA-2026:22143 - - https://access.redhat.com/errata/RHSA-2026:22305 + - https://nvd.nist.gov/vuln/detail/CVE-2024-28326 + - https://github.com/ShravanSinghRathore/ASUS-RT-N300-B1/wiki/Privilege-Escalation-CVE%E2%80%902024%E2%80%9028326 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-7568-CANDIDATE - cve_id: CVE-2026-7568 - name: Candidate detection for CVE-2026-7568 + id: CVE-2024-33270-CANDIDATE + cve_id: CVE-2024-33270 + name: Candidate detection for CVE-2024-33270 severity: high cvss: 7.5 risk_level: unknown @@ -35357,13 +28270,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before - 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c - uses a signed int variable to track the current position within the input string. - If a string longer than 2,147,483,647 bytes is passed, a signed integer overflow - occurs, resulting in undefined behavior. This can lead to an out-of-bounds read, - causing a segmentation fault or access to unrelated memory, and may affect the - availability of the PHP process. + description: An issue in FME Modules fileuploads v.2.0.3 and before and fixed in + v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php + component. detection: payload: null verify: null @@ -35371,33 +28280,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-7568 - - https://github.com/php/php-src/security/advisories/GHSA-96wq-48vp-hh57 - - https://access.redhat.com/errata/RHSA-2026:22142 - - https://access.redhat.com/errata/RHSA-2026:22143 - - https://access.redhat.com/errata/RHSA-2026:22305 + - https://nvd.nist.gov/vuln/detail/CVE-2024-33270 + - https://addons.prestashop.com/en/additional-information-product-tab/21373-customer-file-upload-attach-file-on-productcart-pages.html + - https://security.friendsofpresta.org/modules/2024/04/29/fileuploads.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-6104-CANDIDATE - cve_id: CVE-2026-6104 - name: Candidate detection for CVE-2026-6104 - severity: critical - cvss: 9.1 + id: CVE-2024-22830-CANDIDATE + cve_id: CVE-2024-22830 + name: Candidate detection for CVE-2024-22830 + severity: medium + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an\ - \ encoding name containing an embedded NUL byte is passed to mb_convert_encoding()\ - \ or related mbstring functions, the code incorrectly assumes that when\_strncasecmp()\_\ - returns 0 it means the strings have the same length. This can lead to out-of-bounds\ - \ read of global memory, potentially causing a crash or information disclosure\ - \ or crash.\_Affected functions include mb_convert_encoding(), mb_detect_encoding(),\ - \ mb_convert_variables(), and mb_detect_order(), as well as the mbstring.detect_order\ - \ and mbstring.http_output INI settings." + description: Anti-Cheat Expert's Windows kernel module "ACE-BASE.sys" version 1.0.2202.6217 + does not perform proper access control when handling system resources. This allows + a local attacker to escalate privileges from regular user to System or PPL level. detection: payload: null verify: null @@ -35405,30 +28307,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-6104 - - https://github.com/php/php-src/security/advisories/GHSA-74r9-qxhc-fx53 - - https://access.redhat.com/errata/RHSA-2026:22649 - - https://access.redhat.com/security/cve/CVE-2026-6104 - - https://bugzilla.redhat.com/show_bug.cgi?id=2468573 + - https://nvd.nist.gov/vuln/detail/CVE-2024-22830 + - https://intl.anticheatexpert.com/#/tool-center + - https://www.defencetech.it/wp-content/uploads/2024/04/Report-CVE-2024-22830.pdf generated_from: - nvd - status: candidate executable: false - id: CVE-2026-7263-CANDIDATE - cve_id: CVE-2026-7263 - name: Candidate detection for CVE-2026-7263 - severity: high - cvss: 7.5 + id: CVE-2024-32359-CANDIDATE + cve_id: CVE-2024-32359 + name: Candidate detection for CVE-2024-32359 + severity: medium + cvss: 6.9 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N()\_\ - method may process the XML data incorrectly, causing a circular linked list in\ - \ the data structure representing the XML document. This may cause subsequent\ - \ processing of the XML document to enter infinite loop, causing denial of service\ - \ in the processing application." + description: An RBAC authorization risk in Carina v0.13.0 and earlier allows local + attackers to execute arbitrary code through designed commands to obtain the secrets + of the entire cluster and further take over the cluster. detection: payload: null verify: null @@ -35436,28 +28334,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-7263 - - https://github.com/php/php-src/security/advisories/GHSA-4jhr-8w89-j733 - - https://access.redhat.com/errata/RHSA-2026:22649 - - https://access.redhat.com/security/cve/CVE-2026-7263 - - https://bugzilla.redhat.com/show_bug.cgi?id=2468572 + - https://nvd.nist.gov/vuln/detail/CVE-2024-32359 + - https://gist.github.com/HouqiyuA/568d9857dab4ddba6b8b6a791e90f906 + - https://github.com/HouqiyuA/k8s-rbac-poc + - https://github.com/carina-io/carina generated_from: - nvd - status: candidate executable: false - id: CVE-2026-45186-CANDIDATE - cve_id: CVE-2026-45186 - name: Candidate detection for CVE-2026-45186 - severity: low - cvss: 2.9 + id: CVE-2024-33844-CANDIDATE + cve_id: CVE-2024-33844 + name: Candidate detection for CVE-2024-33844 + severity: high + cvss: 7.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: In libexpat before 2.8.1, the computational complexity of attribute - name collision checks allows a denial of service via moderately sized crafted - XML input. + description: The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the + MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection + between a controller and the drone by sending MAVLink MISSION_COUNT command with + a wrong MAV_MISSION_TYPE. detection: payload: null verify: null @@ -35465,36 +28363,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-45186 - - https://github.com/libexpat/libexpat/pull/1216 - - https://access.redhat.com/errata/RHSA-2026:22715 - - https://access.redhat.com/errata/RHSA-2026:22721 - - https://access.redhat.com/errata/RHSA-2026:23230 + - https://nvd.nist.gov/vuln/detail/CVE-2024-33844 + - https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501 + - https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501/1 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-8177-CANDIDATE - cve_id: CVE-2026-8177 - name: Candidate detection for CVE-2026-8177 - severity: high - cvss: 7.5 + id: CVE-2024-31636-CANDIDATE + cve_id: CVE-2024-31636 + name: Candidate detection for CVE-2024-31636 + severity: low + cvss: 3.9 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap - memory when parsing XML node names containing truncated UTF-8 byte sequences. - - - A node name ending in the middle of a multi byte UTF-8 sequence causes the parser - to read past the end of the input string into adjacent heap memory. - - - Any Perl process that passes attacker controlled strings to XML::LibXML''s DOM - node-name methods can reach this path on the default API. The likely consequence - is a crash, causing denial of service.' + description: An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive + information via the name parameter of the machd_reader.c component. detection: payload: null verify: null @@ -35502,57 +28389,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-8177 - - https://github.com/cpan-authors/XML-LibXML/commit/15652bd905a6c9dda59a81b14d4766adbbae2ea8.patch - - https://github.com/cpan-authors/XML-LibXML/issues/146 - - https://github.com/cpan-authors/XML-LibXML/pull/149 - - https://access.redhat.com/security/cve/CVE-2026-8177 + - https://nvd.nist.gov/vuln/detail/CVE-2024-31636 + - https://github.com/lief-project/LIEF + - https://github.com/lief-project/LIEF/issues/1038 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-43500-CANDIDATE - cve_id: CVE-2026-43500 - name: Candidate detection for CVE-2026-43500 - severity: high - cvss: 7.8 + id: CVE-2024-33120-CANDIDATE + cve_id: CVE-2024-33120 + name: Candidate detection for CVE-2024-33120 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false - exploitdb_reference: true - description: 'In the Linux kernel, the following vulnerability has been resolved: - - - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present - - - The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE - - handler in rxrpc_verify_response() copy the skb to a linear one before - - calling into the security ops only when skb_cloned() is true. An skb - - that is not cloned but still carries externally-owned paged fragments - - (e.g. SKBFL_SHARED_FRAG set by splice() into a UDP socket via - - __ip_append_data, or a chained skb_has_frag_list()) falls through to - - the in-place decryption path, which binds the frag pages directly into - - the AEAD/skcipher SGL via skb_to_sgvec(). - - - Extend the gate to also unshare when skb_has_frag_list() or - - skb_has_shared_frag() is true. This catches the splice-loopback vector - - and other externally-shared frag sources while preserving the - - zero-copy fast path for skbs whose frags are kernel-private (e.g. NIC - - page_pool RX, GRO). The OOM/trace handling already in place is reused.' + exploitdb_reference: false + description: Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability + via the customPath parameter in the upload() function. This vulnerability allows + attackers to execute arbitrary code via a crafted JSP file. detection: payload: null verify: null @@ -35560,32 +28416,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-43500 - - https://git.kernel.org/stable/c/3711382a77342a9a1c3d2e7330dcfc7ea927f568 - - https://git.kernel.org/stable/c/3eae0f4f9f7206a4801efa5e0235c25bbd5a412c - - https://git.kernel.org/stable/c/7c504ffab3efce8f7e4f463b314ae31030bdf18b - - https://git.kernel.org/stable/c/aa54b1d27fe0c2b78e664a34fd0fdf7cd1960d71 + - https://nvd.nist.gov/vuln/detail/CVE-2024-33120 + - https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/33120.txt generated_from: - nvd - - exploit_db - status: candidate executable: false - id: CVE-2026-4802-CANDIDATE - cve_id: CVE-2026-4802 - name: Candidate detection for CVE-2026-4802 - severity: high - cvss: 8.0 + id: CVE-2024-30801-CANDIDATE + cve_id: CVE-2024-30801 + name: Candidate detection for CVE-2024-30801 + severity: medium + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A flaw was found in Cockpit. This vulnerability allows a remote attacker - to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled - parameters within crafted links in the system logs user interface (UI). An attacker - can inject shell metacharacters and command substitutions into these parameters, - leading to the execution of arbitrary shell commands on the affected system. This - could result in a complete system compromise. + description: SQL Injection vulnerability in Cloud based customer service management + platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted + payload to Login.asp component. detection: payload: null verify: null @@ -35593,28 +28442,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4802 - - https://access.redhat.com/errata/RHSA-2026:21390 - - https://access.redhat.com/errata/RHSA-2026:21392 - - https://access.redhat.com/errata/RHSA-2026:21394 - - https://access.redhat.com/errata/RHSA-2026:21395 + - https://nvd.nist.gov/vuln/detail/CVE-2024-30801 + - https://github.com/WarmBrew/web_vul/blob/main/Cloud%20based%20customer%20service/SQLi.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4890-CANDIDATE - cve_id: CVE-2026-4890 - name: Candidate detection for CVE-2026-4890 + id: CVE-2024-3727-CANDIDATE + cve_id: CVE-2024-3727 + name: Candidate detection for CVE-2024-3727 severity: high - cvss: 7.5 + cvss: 8.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A Denial of Service (DoS) vulnerability in the DNSSEC validation of - dnsmasq allows remote attackers to cause a denial of service via a crafted DNS - packet. + description: A flaw was found in the github.com/containers/image library. This flaw + allows attackers to trigger unexpected authenticated registry accesses on behalf + of a victim user, causing resource exhaustion, local path traversal, and other + attacks. detection: payload: null verify: null @@ -35622,28 +28469,29 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4890 - - https://github.com/NixOS/nixpkgs/pull/519082 - - https://github.com/NixOS/nixpkgs/pull/519093 - - https://github.com/pi-hole/FTL/releases/tag/v6.6.2 - - https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html + - https://nvd.nist.gov/vuln/detail/CVE-2024-3727 + - https://access.redhat.com/errata/RHSA-2024:0045 + - https://access.redhat.com/errata/RHSA-2024:3718 + - https://access.redhat.com/errata/RHSA-2024:4159 + - https://access.redhat.com/errata/RHSA-2024:4613 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4891-CANDIDATE - cve_id: CVE-2026-4891 - name: Candidate detection for CVE-2026-4891 + id: CVE-2024-26367-CANDIDATE + cve_id: CVE-2024-26367 + name: Candidate detection for CVE-2024-26367 severity: medium - cvss: 5.3 + cvss: 6.1 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A heap-based out-of-bounds read vulnerability in the DNSSEC validation - of dnsmasq allows remote attackers to cause a denial of service via a crafted - DNS packet. + description: Cross Site Scripting vulnerability in Evertz microsystems MViP-II Firmware + 8.6.5, XPS-EDGE-* Build 1467, evEDGE-EO-* Build 0029, MMA10G-* Build 0498, 570IPG-X19-10G + Build 0691 allows a remote attacker to execute arbitrary code via a crafted payload + to the login parameters. detection: payload: null verify: null @@ -35651,28 +28499,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4891 - - https://github.com/NixOS/nixpkgs/pull/519082 - - https://github.com/NixOS/nixpkgs/pull/519093 - - https://github.com/pi-hole/FTL/releases/tag/v6.6.2 - - https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html + - https://nvd.nist.gov/vuln/detail/CVE-2024-26367 + - https://wiki.notveg.ninja/blog/CVE-2024-26367/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-4892-CANDIDATE - cve_id: CVE-2026-4892 - name: Candidate detection for CVE-2026-4892 + id: CVE-2024-35395-CANDIDATE + cve_id: CVE-2024-35395 + name: Candidate detection for CVE-2024-35395 severity: high - cvss: 8.4 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation - of dnsmasq allows local attackers to execute arbitrary code with root privileges - via a crafted DHCPv6 packet. + description: TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a + hardcoded password vulnerability in /etc/shadow.sample, which allows attackers + to log in as root. detection: payload: null verify: null @@ -35680,29 +28525,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-4892 - - https://github.com/NixOS/nixpkgs/pull/519082 - - https://github.com/NixOS/nixpkgs/pull/519093 - - https://github.com/pi-hole/FTL/releases/tag/v6.6.2 - - https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html + - https://nvd.nist.gov/vuln/detail/CVE-2024-35395 + - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK%20CP900L/HardcodeRoot/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-5172-CANDIDATE - cve_id: CVE-2026-5172 - name: Candidate detection for CVE-2026-5172 - severity: high - cvss: 7.3 + id: CVE-2024-35396-CANDIDATE + cve_id: CVE-2024-35396 + name: Candidate detection for CVE-2024-35396 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A buffer overflow in dnsmasq\u2019s extract_addresses() function allows\ - \ an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed\ - \ DNS response, enabling extract_name() to advance the pointer past the record\u2019\ - s end." + description: TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a + hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers + to log in as root. detection: payload: null verify: null @@ -35710,34 +28551,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-5172 - - https://github.com/NixOS/nixpkgs/pull/519082 - - https://github.com/NixOS/nixpkgs/pull/519093 - - https://github.com/pi-hole/FTL/releases/tag/v6.6.2 - - https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html + - https://nvd.nist.gov/vuln/detail/CVE-2024-35396 + - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK%20CP900L/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-2614-CANDIDATE - cve_id: CVE-2026-2614 - name: Candidate detection for CVE-2026-2614 + id: CVE-2024-35397-CANDIDATE + cve_id: CVE-2024-35397 + name: Candidate detection for CVE-2024-35397 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability in the `_create_model_version()` handler of `mlflow/server/handlers.py` - in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker - to read arbitrary files from the server's filesystem. The issue arises when a - `CreateModelVersion` request includes the tag `mlflow.prompt.is_prompt`, which - bypasses source path validation. This enables an attacker to store an arbitrary - local filesystem path as the model version source. The `get_model_version_artifact_handler()` - function later uses this source to serve files without verifying the model version's - prompt status, leading to a complete confidentiality compromise. This issue is - fixed in version 3.10.0. + description: TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a + command injection vulnerability in the NTPSyncWithHost function via the hostTime + parameter. This vulnerability allows attackers to execute arbitrary commands via + a crafted request. detection: payload: null verify: null @@ -35745,29 +28578,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-2614 - - https://github.com/mlflow/mlflow/commit/6e801f4259d96804c73107315b24cef0f6aa115a - - https://huntr.com/bounties/19380271-3fbf-4beb-987e-6fd7069c55e6 - - https://access.redhat.com/security/cve/CVE-2026-2614 - - https://bugzilla.redhat.com/show_bug.cgi?id=2469309 + - https://nvd.nist.gov/vuln/detail/CVE-2024-35397 + - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK%20CP900L/NTPSyncWithHost/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28847-CANDIDATE - cve_id: CVE-2026-28847 - name: Candidate detection for CVE-2026-28847 - severity: high - cvss: 8.8 + id: CVE-2024-35398-CANDIDATE + cve_id: CVE-2024-35398 + name: Candidate detection for CVE-2024-35398 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, - macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously - crafted web content may lead to an unexpected process crash. + description: TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a + stack overflow via the desc parameter in the function setMacFilterRules. detection: payload: null verify: null @@ -35775,29 +28603,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28847 - - https://support.apple.com/en-us/127110 - - https://support.apple.com/en-us/127111 - - https://support.apple.com/en-us/127115 - - https://support.apple.com/en-us/127118 + - https://nvd.nist.gov/vuln/detail/CVE-2024-35398 + - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK%20CP900L/setMacFilterRules/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28883-CANDIDATE - cve_id: CVE-2026-28883 - name: Candidate detection for CVE-2026-28883 + id: CVE-2024-35399-CANDIDATE + cve_id: CVE-2024-35399 + name: Candidate detection for CVE-2024-35399 severity: high - cvss: 7.5 + cvss: 8.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A use-after-free issue was addressed with improved memory management. - This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, - tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content - may lead to an unexpected process crash. + description: TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a + stack overflow via the password parameter in the function loginAuth detection: payload: null verify: null @@ -35805,29 +28628,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28883 - - https://support.apple.com/en-us/127110 - - https://support.apple.com/en-us/127115 - - https://support.apple.com/en-us/127118 - - https://support.apple.com/en-us/127119 + - https://nvd.nist.gov/vuln/detail/CVE-2024-35399 + - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK%20CP900L/loginAuth/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28901-CANDIDATE - cve_id: CVE-2026-28901 - name: Candidate detection for CVE-2026-28901 + id: CVE-2024-35400-CANDIDATE + cve_id: CVE-2024-35400 + name: Candidate detection for CVE-2024-35400 severity: medium - cvss: 4.3 + cvss: 5.3 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS - 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an - unexpected process crash. + description: TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a + stack overflow via the desc parameter in the function SetPortForwardRules detection: payload: null verify: null @@ -35835,29 +28653,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28901 - - https://support.apple.com/en-us/127110 - - https://support.apple.com/en-us/127115 - - https://support.apple.com/en-us/127118 - - https://support.apple.com/en-us/127119 + - https://nvd.nist.gov/vuln/detail/CVE-2024-35400 + - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK%20CP900L/SetPortForwardRules/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28902-CANDIDATE - cve_id: CVE-2026-28902 - name: Candidate detection for CVE-2026-28902 + id: CVE-2024-35401-CANDIDATE + cve_id: CVE-2024-35401 + name: Candidate detection for CVE-2024-35401 severity: medium - cvss: 6.5 + cvss: 5.9 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS - 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an - unexpected process crash. + description: TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a + command injection vulnerability via the FileName parameter in the UploadFirmwareFile + function. detection: payload: null verify: null @@ -35865,29 +28679,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28902 - - https://support.apple.com/en-us/127110 - - https://support.apple.com/en-us/127115 - - https://support.apple.com/en-us/127118 - - https://support.apple.com/en-us/127119 + - https://nvd.nist.gov/vuln/detail/CVE-2024-35401 + - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK%20CP900L/UploadFirmwareFile/README.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28903-CANDIDATE - cve_id: CVE-2026-28903 - name: Candidate detection for CVE-2026-28903 - severity: medium - cvss: 6.5 + id: CVE-2024-35563-CANDIDATE + cve_id: CVE-2024-35563 + name: Candidate detection for CVE-2024-35563 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, - macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously - crafted web content may lead to an unexpected process crash. + description: CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL + injection vulnerability via the permissionId parameter in CDGTempPermissions. detection: payload: null verify: null @@ -35895,29 +28704,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28903 - - https://support.apple.com/en-us/127110 - - https://support.apple.com/en-us/127111 - - https://support.apple.com/en-us/127115 - - https://support.apple.com/en-us/127118 + - https://nvd.nist.gov/vuln/detail/CVE-2024-35563 + - https://github.com/helloBegin/blog/tree/main + - https://www.esafenet.com/dzwdaqglxt generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28904-CANDIDATE - cve_id: CVE-2026-28904 - name: Candidate detection for CVE-2026-28904 + id: CVE-2024-36702-CANDIDATE + cve_id: CVE-2024-36702 + name: Candidate detection for CVE-2024-36702 severity: high - cvss: 7.5 + cvss: 7.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, - macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously - crafted web content may lead to an unexpected process crash. + description: libiec61850 v1.5 was discovered to contain a heap overflow via the + BerEncoder_encodeLength function at /asn1/ber_encoder.c. detection: payload: null verify: null @@ -35925,29 +28730,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28904 - - https://support.apple.com/en-us/127110 - - https://support.apple.com/en-us/127111 - - https://support.apple.com/en-us/127115 - - https://support.apple.com/en-us/127118 + - https://nvd.nist.gov/vuln/detail/CVE-2024-36702 + - https://github.com/mz-automation/libiec61850 + - https://github.com/mz-automation/libiec61850/issues/505 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28905-CANDIDATE - cve_id: CVE-2026-28905 - name: Candidate detection for CVE-2026-28905 - severity: high - cvss: 7.5 + id: CVE-2024-36543-CANDIDATE + cve_id: CVE-2024-36543 + name: Candidate detection for CVE-2024-36543 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS - 26.5. Processing maliciously crafted web content may lead to an unexpected process - crash. + description: Incorrect access control in the Kafka Connect REST API in the STRIMZI + Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, + potentially mirror the topics' content to his Kafka cluster via a malicious connector + (bypassing Kafka ACL if it exists), and potentially steal Kafka SASL credentials, + by querying the MirrorMaker Kafka REST API. detection: payload: null verify: null @@ -35955,29 +28759,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28905 - - https://support.apple.com/en-us/127110 - - https://support.apple.com/en-us/127115 - - https://support.apple.com/en-us/127118 - - https://support.apple.com/en-us/127120 + - https://nvd.nist.gov/vuln/detail/CVE-2024-36543 + - https://github.com/almounah/vulnerability-research/tree/main/CVE-2024-36543 generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28942-CANDIDATE - cve_id: CVE-2026-28942 - name: Candidate detection for CVE-2026-28942 - severity: medium - cvss: 6.5 + id: CVE-2023-37057-CANDIDATE + cve_id: CVE-2023-37057 + name: Candidate detection for CVE-2023-37057 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A use-after-free issue was addressed with improved memory management. - This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, - tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content - may lead to an unexpected Safari crash. + description: An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows + a remote attacker to execute arbitrary code via the router's authentication mechanism. detection: payload: null verify: null @@ -35985,28 +28784,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28942 - - https://support.apple.com/en-us/127110 - - https://support.apple.com/en-us/127115 - - https://support.apple.com/en-us/127118 - - https://support.apple.com/en-us/127119 + - https://nvd.nist.gov/vuln/detail/CVE-2023-37057 + - https://github.com/ri5c/Jlink-Router-RCE + - https://jlink-global.com/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28946-CANDIDATE - cve_id: CVE-2026-28946 - name: Candidate detection for CVE-2026-28946 - severity: medium - cvss: 6.5 + id: CVE-2023-37058-CANDIDATE + cve_id: CVE-2023-37058 + name: Candidate detection for CVE-2023-37058 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: A use-after-free issue was addressed with improved memory management. - This issue is fixed in Safari 26.5, macOS Tahoe 26.5. Processing maliciously crafted - web content may lead to an unexpected Safari crash. + description: Insecure Permissions vulnerability in JLINK Unionman Technology Co. + Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted + command. detection: payload: null verify: null @@ -36014,18 +28811,15 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28946 - - https://support.apple.com/en-us/127115 - - https://support.apple.com/en-us/127121 - - https://access.redhat.com/errata/RHSA-2026:25918 - - https://access.redhat.com/errata/RHSA-2026:25927 + - https://nvd.nist.gov/vuln/detail/CVE-2023-37058 + - https://github.com/ri5c/Jlink-Router-RCE generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28947-CANDIDATE - cve_id: CVE-2026-28947 - name: Candidate detection for CVE-2026-28947 + id: CVE-2024-37821-CANDIDATE + cve_id: CVE-2024-37821 + name: Candidate detection for CVE-2024-37821 severity: high cvss: 8.8 risk_level: unknown @@ -36033,10 +28827,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: A use-after-free issue was addressed with improved memory management. - This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, - tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content - may lead to an unexpected Safari crash. + description: An arbitrary file upload vulnerability in the Upload Template function + of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via + uploading a crafted .SQL file. detection: payload: null verify: null @@ -36044,29 +28837,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28947 - - https://support.apple.com/en-us/127110 - - https://support.apple.com/en-us/127115 - - https://support.apple.com/en-us/127118 - - https://support.apple.com/en-us/127119 + - https://nvd.nist.gov/vuln/detail/CVE-2024-37821 + - https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-37821.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28953-CANDIDATE - cve_id: CVE-2026-28953 - name: Candidate detection for CVE-2026-28953 + id: CVE-2024-37676-CANDIDATE + cve_id: CVE-2024-37676 + name: Candidate detection for CVE-2024-37676 severity: high - cvss: 7.5 + cvss: 8.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, - macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously - crafted web content may lead to an unexpected process crash. + description: An issue in htop-dev htop v.2.20 allows a local attacker to cause an + out-of-bounds access in the Header_populateFromSettings function. detection: payload: null verify: null @@ -36074,18 +28862,16 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28953 - - https://support.apple.com/en-us/127110 - - https://support.apple.com/en-us/127111 - - https://support.apple.com/en-us/127115 - - https://support.apple.com/en-us/127118 + - https://nvd.nist.gov/vuln/detail/CVE-2024-37676 + - https://gist.github.com/Cirno9-dev/0109cde3bdbe7eccc6770515106740b7 + - https://github.com/htop-dev/htop generated_from: - nvd - status: candidate executable: false - id: CVE-2026-28955-CANDIDATE - cve_id: CVE-2026-28955 - name: Candidate detection for CVE-2026-28955 + id: CVE-2024-37626-CANDIDATE + cve_id: CVE-2024-37626 + name: Candidate detection for CVE-2024-37626 severity: high cvss: 8.8 risk_level: unknown @@ -36093,10 +28879,9 @@ priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, - macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously - crafted web content may lead to an unexpected process crash. + description: A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 + firmware allows a remote attacker to execute arbitrary code via the iface parameter + in the vif_enable function. detection: payload: null verify: null @@ -36104,29 +28889,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-28955 - - https://support.apple.com/en-us/127110 - - https://support.apple.com/en-us/127111 - - https://support.apple.com/en-us/127115 - - https://support.apple.com/en-us/127118 + - https://nvd.nist.gov/vuln/detail/CVE-2024-37626 + - https://github.com/lakemoon602/vuln/blob/main/totolink/TOTOlink%20A6000R%20vif_enable.md + - https://www.totolink.net/ generated_from: - nvd - status: candidate executable: false - id: CVE-2026-43658-CANDIDATE - cve_id: CVE-2026-43658 - name: Candidate detection for CVE-2026-43658 - severity: high - cvss: 7.5 + id: CVE-2024-37674-CANDIDATE + cve_id: CVE-2024-37674 + name: Candidate detection for CVE-2024-37674 + severity: medium + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: The issue was addressed with improved memory handling. This issue is - fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS - 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an - unexpected Safari crash. + description: Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote + attacker to execute arbitrary code via the Field Name (name parameter) of a new + activity. detection: payload: null verify: null @@ -36134,36 +28916,24 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-43658 - - https://support.apple.com/en-us/127110 - - https://support.apple.com/en-us/127115 - - https://support.apple.com/en-us/127118 - - https://support.apple.com/en-us/127119 + - https://nvd.nist.gov/vuln/detail/CVE-2024-37674 + - https://github.com/MohamedAzizMSALLEMI/Moodle_Security/blob/main/CVE-2024-37674.md generated_from: - nvd - status: candidate executable: false - id: CVE-2025-40947-CANDIDATE - cve_id: CVE-2025-40947 - name: Candidate detection for CVE-2025-40947 - severity: high - cvss: 7.5 + id: CVE-2024-37671-CANDIDATE + cve_id: CVE-2024-37671 + name: Candidate detection for CVE-2024-37671 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions\ - \ < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400\ - \ (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM\ - \ ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1),\ - \ RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions\ - \ < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536\ - \ (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected\ - \ devices do not properly sanitize user-supplied input during the feature key\ - \ installation process.\r\n\r\nThis could allow an authenticated remote attacker\ - \ to inject arbitrary commands, resulting in remote code execution with root privileges\ - \ on the underlying operating system." + description: Cross Site Scripting vulnerability in Tessi Docubase Document Management + product 5.x allows a remote attacker to execute arbitrary code via the page parameter. detection: payload: null verify: null @@ -36171,32 +28941,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-40947 - - https://cert-portal.siemens.com/productcert/html/ssa-078743.html + - https://nvd.nist.gov/vuln/detail/CVE-2024-37671 + - https://github.com/MohamedAzizMSALLEMI/Docubase_Security/blob/main/CVE-2024-37671.md generated_from: - nvd - status: candidate executable: false - id: CVE-2025-40948-CANDIDATE - cve_id: CVE-2025-40948 - name: Candidate detection for CVE-2025-40948 + id: CVE-2024-37672-CANDIDATE + cve_id: CVE-2024-37672 + name: Candidate detection for CVE-2024-37672 severity: medium - cvss: 6.8 + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions\ - \ < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400\ - \ (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM\ - \ ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1),\ - \ RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions\ - \ < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536\ - \ (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected\ - \ devices do not properly validate input in the web server's JSON-RPC interface.\r\ - \n\r\nThis could allow an authenticated remote attacker to read arbitrary files\ - \ from the underlying operating system's filesystem with root privileges." + description: Cross Site Scripting vulnerability in Tessi Docubase Document Management + product 5.x allows a remote attacker to execute arbitrary code via the idactivity + parameter. detection: payload: null verify: null @@ -36204,33 +28967,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-40948 - - https://cert-portal.siemens.com/productcert/html/ssa-973901.html + - https://nvd.nist.gov/vuln/detail/CVE-2024-37672 + - https://github.com/MohamedAzizMSALLEMI/Docubase_Security/blob/main/CVE-2024-37672.md generated_from: - nvd - status: candidate executable: false - id: CVE-2025-40949-CANDIDATE - cve_id: CVE-2025-40949 - name: Candidate detection for CVE-2025-40949 - severity: critical - cvss: 9.1 + id: CVE-2024-37673-CANDIDATE + cve_id: CVE-2024-37673 + name: Candidate detection for CVE-2024-37673 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions\ - \ < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400\ - \ (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM\ - \ ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1),\ - \ RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions\ - \ < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536\ - \ (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected\ - \ devices do not properly sanitize user-supplied input in the Scheduler functionality\ - \ of the Web UI, allowing commands to be injected into the task scheduling backend.\r\ - \n\r\nThis could allow an authenticated remote attacker to execute arbitrary commands\ - \ with root privileges on the underlying operating system." + description: Cross Site Scripting vulnerability in Tessi Docubase Document Management + product 5.x allows a remote attacker to execute arbitrary code via the filename + parameter. detection: payload: null verify: null @@ -36238,27 +28993,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2025-40949 - - https://cert-portal.siemens.com/productcert/html/ssa-081142.html + - https://nvd.nist.gov/vuln/detail/CVE-2024-37673 + - https://github.com/MohamedAzizMSALLEMI/Docubase_Security/blob/main/CVE-2024-37673.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-22924-CANDIDATE - cve_id: CVE-2026-22924 - name: Candidate detection for CVE-2026-22924 - severity: critical - cvss: 9.1 + id: CVE-2024-37675-CANDIDATE + cve_id: CVE-2024-37675 + name: Candidate detection for CVE-2024-37675 + severity: medium + cvss: 5.4 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A vulnerability has been identified in SIMATIC CN 4100 (All versions\ - \ < V5.0). The affected application does not properly restrict unauthenticated\ - \ connections and is susceptible to resource exhaustion conditions.\r\nThis could\ - \ allow an attacker to disrupt normal operations or perform unauthorized actions,\ - \ potentially impacting system availability and integrity." + description: Cross Site Scripting vulnerability in Tessi Docubase Document Management + product 5.x allows a remote attacker to execute arbitrary code via the parameter + "sectionContent" related to the functionality of adding notes to an uploaded file. detection: payload: null verify: null @@ -36266,27 +29019,26 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-22924 - - https://cert-portal.siemens.com/productcert/html/ssa-032379.html + - https://nvd.nist.gov/vuln/detail/CVE-2024-37675 + - https://github.com/MohamedAzizMSALLEMI/Docubase_Security/blob/main/CVE-2024-37675.md generated_from: - nvd - status: candidate executable: false - id: CVE-2026-22925-CANDIDATE - cve_id: CVE-2026-22925 - name: Candidate detection for CVE-2026-22925 - severity: high - cvss: 7.5 + id: CVE-2022-25477-CANDIDATE + cve_id: CVE-2022-25477 + name: Candidate detection for CVE-2022-25477 + severity: medium + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: "A vulnerability has been identified in SIMATIC CN 4100 (All versions\ - \ < V5.0). The affected application is susceptible to resource exhaustion when\ - \ subjected to high volume of TCP SYN packets\r\nThis could allow an attacker\ - \ to render the service unavailable and cause denial-of-service conditions by\ - \ overwhelming system resources." + description: Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) + before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) + before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode + objects, weakening KASLR. detection: payload: null verify: null @@ -36294,15 +29046,17 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-22925 - - https://cert-portal.siemens.com/productcert/html/ssa-032379.html + - https://nvd.nist.gov/vuln/detail/CVE-2022-25477 + - https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a + - https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf + - https://zwclose.github.io/2024/10/14/rtsper1.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-44411-CANDIDATE - cve_id: CVE-2026-44411 - name: Candidate detection for CVE-2026-44411 + id: CVE-2022-25478-CANDIDATE + cve_id: CVE-2022-25478 + name: Candidate detection for CVE-2022-25478 severity: high cvss: 7.8 risk_level: unknown @@ -36310,10 +29064,10 @@ priority: cisa_kev: false exploitdb_reference: false - description: A vulnerability has been identified in Solid Edge SE2026 (All versions - < V226.0 Update 5). The affected application is vulnerable to uninitialized pointer - access while parsing specially crafted PAR files. An attacker could leverage this - vulnerability to execute code in the context of the current process. + description: Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) + before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) + before 10.0.22000.31274 provides read and write access to the PCI configuration + space of the device. detection: payload: null verify: null @@ -36321,27 +29075,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-44411 - - https://cert-portal.siemens.com/productcert/html/ssa-921111.html + - https://nvd.nist.gov/vuln/detail/CVE-2022-25478 + - https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a + - https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf + - https://zwclose.github.io/2024/10/14/rtsper1.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-27851-CANDIDATE - cve_id: CVE-2026-27851 - name: Candidate detection for CVE-2026-27851 - severity: high - cvss: 7.4 + id: CVE-2022-25479-CANDIDATE + cve_id: CVE-2022-25479 + name: Candidate detection for CVE-2022-25479 + severity: medium + cvss: 5.5 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: When safe filter is used with variable expansion, all following pipelines - on the same string are incorrectly interpreted as safe too, enabling unsafe data - to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. - Avoid using safe filter until on fixed version. No publicly available exploits - are known. + description: Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) + before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) + before 10.0.22000.31274 allows for the leakage of kernel memory from both the + stack and the heap. detection: payload: null verify: null @@ -36349,32 +29104,28 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-27851 - - https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0002.json - - https://access.redhat.com/security/cve/CVE-2026-27851 - - https://bugzilla.redhat.com/show_bug.cgi?id=2476471 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27851.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-25479 + - https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a + - https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf + - https://zwclose.github.io/2024/10/14/rtsper1.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-42006-CANDIDATE - cve_id: CVE-2026-42006 - name: Candidate detection for CVE-2026-42006 - severity: medium - cvss: 4.3 + id: CVE-2022-25480-CANDIDATE + cve_id: CVE-2022-25480 + name: Candidate detection for CVE-2022-25480 + severity: high + cvss: 7.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: An attacker can cause uncontrolled memory usage with excessive bracing - over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of - doing this, so there was still another way left open. In particular, the fix was - for closing braces, but you could still use open braces to bypass the limit. Using - excessive bracing, attacker can cause memory usage up to configured memory limit. - Install fixed version, or configure vsz_limit for imap process to low value. No - publicly available exploits are known. + description: Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) + before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) + before 10.0.22000.31274 allows writing to kernel memory beyond the SystemBuffer + of the IRP. detection: payload: null verify: null @@ -36382,28 +29133,27 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-42006 - - https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0002.json - - https://access.redhat.com/security/cve/CVE-2026-42006 - - https://bugzilla.redhat.com/show_bug.cgi?id=2476476 - - https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42006.json + - https://nvd.nist.gov/vuln/detail/CVE-2022-25480 + - https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a + - https://www.realtek.com/images/safe-report/Realtek_RtsPer_RtsUer_Security_Advisory_Report.pdf + - https://zwclose.github.io/2024/10/14/rtsper1.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-8388-CANDIDATE - cve_id: CVE-2026-8388 - name: Candidate detection for CVE-2026-8388 - severity: medium - cvss: 6.5 + id: CVE-2024-39171-CANDIDATE + cve_id: CVE-2024-39171 + name: Candidate detection for CVE-2024-39171 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Incorrect boundary conditions in the JavaScript Engine: JIT component. - This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR - 140.11, and Thunderbird 140.11.' + description: Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums + and directory checks, which can lead to code execution via writing specific statements + to .htaccess and code to a file with a .png suffix. detection: payload: null verify: null @@ -36411,27 +29161,25 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-8388 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2036978 - - https://www.mozilla.org/security/advisories/mfsa2026-45/ - - https://www.mozilla.org/security/advisories/mfsa2026-47/ - - https://www.mozilla.org/security/advisories/mfsa2026-48/ + - https://nvd.nist.gov/vuln/detail/CVE-2024-39171 + - https://github.com/751897386/PHPVibe_vulnerability_Directory-Traversal generated_from: - nvd - status: candidate executable: false - id: CVE-2026-8389-CANDIDATE - cve_id: CVE-2026-8389 - name: Candidate detection for CVE-2026-8389 - severity: high - cvss: 8.8 + id: CVE-2023-48194-CANDIDATE + cve_id: CVE-2023-48194 + name: Candidate detection for CVE-2023-48194 + severity: critical + cvss: 9.8 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability - was fixed in Firefox 150.0.3.' + description: Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last + digit of s8 being overwritten with \x0. After executing set_client_qos, control + over the gp register can be obtained. detection: payload: null verify: null @@ -36439,27 +29187,32 @@ promotion. remediation: Apply the vendor remediation or patched version documented in the advisory. references: - - https://nvd.nist.gov/vuln/detail/CVE-2026-8389 - - https://bugzilla.mozilla.org/show_bug.cgi?id=2036983 - - https://www.mozilla.org/security/advisories/mfsa2026-45/ - - https://access.redhat.com/security/cve/CVE-2026-8389 - - https://bugzilla.redhat.com/show_bug.cgi?id=2476466 + - https://nvd.nist.gov/vuln/detail/CVE-2023-48194 + - https://github.com/zt20xx/CVE-2023-48194 + - https://www.tenda.com.cn/download/detail-3683.html generated_from: - nvd - status: candidate executable: false - id: CVE-2026-8390-CANDIDATE - cve_id: CVE-2026-8390 - name: Candidate detection for CVE-2026-8390 + id: CVE-2024-21527-CANDIDATE + cve_id: CVE-2024-21527 + name: Candidate detection for CVE-2024-21527 severity: high - cvss: 7.3 + cvss: 8.2 risk_level: unknown requires_confirmation: true priority: cisa_kev: false exploitdb_reference: false - description: 'Use-after-free in the JavaScript: WebAssembly component. This vulnerability - was fixed in Firefox 150.0.3.' + description: "Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg\ + \ before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium\ + \ before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/webhook\ + \ before 8.1.0 are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html\ + \ endpoint when a request is made to a file via localhost, such as "],"case-insensitive":true}]}]},{"id":"oureman-eman","info":{"name":"oureman-eman","author":"cn-kali-team","tags":"detect,tech,oureman-eman","severity":"info","metadata":{"product":"oureman-eman","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["益模模具智能制造系统"],"case-insensitive":true}]}]},{"id":"xcyg-system","info":{"name":"xcyg-system","author":"cn-kali-team","tags":"detect,tech,xcyg-system","severity":"info","metadata":{"product":"xcyg-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":[">digital anywhere platform

"],"case-insensitive":true}]}]},{"id":"bicesoft-super-custom-survey-voting-system","info":{"name":"bicesoft-super-custom-survey-voting-system","author":"cn-kali-team","tags":"detect,tech,bicesoft-super-custom-survey-voting-system","severity":"info","metadata":{"product":"bicesoft-super-custom-survey-voting-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["href=\"images/bicesoft.css\"","佰思超强自定义问卷调查系统(bicesoft.com)"],"case-insensitive":true}]}]},{"id":"poweralert","info":{"name":"poweralert","author":"cn-kali-team","tags":"detect,tech,poweralert","severity":"info","metadata":{"product":"poweralert","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["server: poweralert http server"],"part":"header","case-insensitive":true}]}]},{"id":"hivemail","info":{"name":"hivemail","author":"cn-kali-team","tags":"detect,tech,hivemail","severity":"info","metadata":{"product":"hivemail","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["content=\"hivemail"],"case-insensitive":true}]}]},{"id":"jing-yun-wang-luo-fang-bing-du-xi-tong","info":{"name":"景云网络防病毒系统","author":"cn-kali-team","tags":"detect,tech,景云网络防病毒系统","severity":"info","metadata":{"product":"景云网络防病毒系统","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["login_form","styles/images/logo.png","防病毒"],"condition":"and","case-insensitive":true}]}]},{"id":"lie-ying-an-quan-jin-shan-du-ba-qi-ye-ban","info":{"name":"猎鹰安全-金山毒霸企业版","author":"cn-kali-team","tags":"detect,tech,猎鹰安全-金山毒霸企业版","severity":"info","metadata":{"product":"猎鹰安全-金山毒霸企业版","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["class=\"title\">关于全网部署金山毒霸企业版","金山毒霸企业版"],"condition":"and","case-insensitive":true}]}]},{"id":"3dcart","info":{"name":"3dcart","author":"cn-kali-team","tags":"detect,tech,3dcart","severity":"info","metadata":{"product":"3dcart","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["powered by 3dcart"],"case-insensitive":true},{"type":"word","words":["x-powered-by: 3dcart"],"part":"header","case-insensitive":true}]}]},{"id":"sonicwall-ssl-vpn","info":{"name":"sonicwall-ssl-vpn","author":"cn-kali-team","tags":"detect,tech,sonicwall-ssl-vpn","severity":"info","metadata":{"product":"sonicwall-ssl-vpn","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["javascript/aventail.js"],"case-insensitive":true}]}]},{"id":"kentico-cms","info":{"name":"kentico-cms","author":"cn-kali-team","tags":"detect,tech,kentico-cms","severity":"info","metadata":{"product":"kentico-cms","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/cmspages/getresource.ashx","content=\"kentico cms"],"condition":"and","case-insensitive":true},{"type":"word","words":["kentico"],"case-insensitive":true}]}]},{"id":"nstc-software","info":{"name":"nstc-software","author":"cn-kali-team","tags":"detect,tech,nstc-software","severity":"info","metadata":{"product":"nstc-software","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["skysz.fw.index.validatecodenew = \"/loginaction/validatecodenew.html"],"case-insensitive":true}]}]},{"id":"crow-force-portal-cms","info":{"name":"crow-force-portal-cms","author":"cn-kali-team","tags":"detect,tech,crow-force-portal-cms","severity":"info","metadata":{"product":"crow-force-portal-cms","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["中企动力提供技术支持"],"case-insensitive":true}]}]},{"id":"maccms","info":{"name":"maccms","author":"cn-kali-team","tags":"detect,tech,maccms","severity":"info","metadata":{"product":"maccms","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":[""],"case-insensitive":true}]}]},{"id":"sophos-an-quan-chan-pin","info":{"name":"sophos-安全产品","author":"cn-kali-team","tags":"detect,tech,sophos-安全产品","severity":"info","metadata":{"product":"sophos-安全产品","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["protected by","blocked site"],"condition":"and","case-insensitive":true}]}]},{"id":"xray-clandbeta","info":{"name":"xray-clandbeta","author":"cn-kali-team","tags":"detect,tech,xray-clandbeta","severity":"info","metadata":{"product":"xray-clandbeta","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"favicon","hash":["2fdaf65cb9342b76c97b027fc6f545e8"]},{"type":"word","words":["/cland/css/"],"case-insensitive":true}]}]},{"id":"smarterstats","info":{"name":"smarterstats","author":"cn-kali-team","tags":"detect,tech,smarterstats","severity":"info","metadata":{"product":"smarterstats","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["smarterstats"],"case-insensitive":true}]}]},{"id":"paloalto-globalprotect","info":{"name":"paloalto-globalprotect","author":"cn-kali-team","tags":"detect,tech,paloalto-globalprotect","severity":"info","metadata":{"product":"paloalto-globalprotect","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["global-protect/login.esp"],"case-insensitive":true}]}]},{"id":"fang-biao-csmail","info":{"name":"方标-csmail","author":"cn-kali-team","tags":"detect,tech,方标-csmail","severity":"info","metadata":{"product":"方标-csmail","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":[""],"case-insensitive":true}]}]},{"id":"trac","info":{"name":"trac","author":"cn-kali-team","tags":"detect,tech,trac","severity":"info","metadata":{"product":"trac","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["

available projects

","powered by trac","wiki/tracguide"],"case-insensitive":true}]}]},{"id":"machttp","info":{"name":"machttp","author":"cn-kali-team","tags":"detect,tech,machttp","severity":"info","metadata":{"product":"machttp","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["server: machttp"],"part":"header","case-insensitive":true}]}]},{"id":"ai-ban-gong-oa","info":{"name":"爱办公-oa","author":"cn-kali-team","tags":"detect,tech,爱办公-oa","severity":"info","metadata":{"product":"爱办公-oa","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["爱办公app","id=\"foot_version\">厦门容能科技有限公司"],"condition":"and","case-insensitive":true}]}]},{"id":"onethink","info":{"name":"onethink","author":"cn-kali-team","tags":"detect,tech,onethink","severity":"info","metadata":{"product":"onethink","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["onethink管理平台","onethink.css"],"case-insensitive":true}]}]},{"id":"manageengine-assetexplorer","info":{"name":"manageengine-assetexplorer","author":"cn-kali-team","tags":"detect,tech,manageengine-assetexplorer","severity":"info","metadata":{"product":"manageengine-assetexplorer","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["class=\"footerf2\">manageengine assetexplorer"],"case-insensitive":true}]}]},{"id":"iwebsns","info":{"name":"iwebsns","author":"cn-kali-team","tags":"detect,tech,iwebsns","severity":"info","metadata":{"product":"iwebsns","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/jooyea/images/sns_idea1.jpg","/jooyea/images/snslogo.gif"],"case-insensitive":true}]}]},{"id":"splunkd","info":{"name":"splunkd","author":"cn-kali-team","tags":"detect,tech,splunkd","severity":"info","metadata":{"product":"splunkd","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["splunkd"],"case-insensitive":true},{"type":"word","words":["server: splunkd"],"part":"header","case-insensitive":true}]}]},{"id":"wuliupingtai","info":{"name":"wuliupingtai","author":"cn-kali-team","tags":"detect,tech,wuliupingtai","severity":"info","metadata":{"product":"wuliupingtai","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["static/styles/frame/basic.css"],"case-insensitive":true}]}]},{"id":"richinfo-richmail","info":{"name":"richinfo-richmail","author":"cn-kali-team","tags":"detect,tech,richinfo-richmail","severity":"info","metadata":{"product":"richinfo-richmail","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["content=\"richmail","richmail"],"condition":"and","case-insensitive":true}]}]},{"id":"rapid-browser","info":{"name":"rapid-browser","author":"cn-kali-team","tags":"detect,tech,rapid-browser","severity":"info","metadata":{"product":"rapid-browser","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["","images/login_button.gif\" alt=\"login to rapid browser"],"case-insensitive":true}]}]},{"id":"wackopicko","info":{"name":"wackopicko","author":"cn-kali-team","tags":"detect,tech,wackopicko","severity":"info","metadata":{"product":"wackopicko","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["

wackopicko.com

","

welcome to wackopicko

"],"case-insensitive":true}]}]},{"id":"drwebantivirus","info":{"name":"drwebantivirus","author":"cn-kali-team","tags":"detect,tech,drwebantivirus","severity":"info","metadata":{"product":"drwebantivirus","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/avdesk/includes/system/templates/images/logo_en.png"],"case-insensitive":true},{"type":"word","words":["server: drwebserver"],"part":"header","case-insensitive":true}]}]},{"id":"synology-dms","info":{"name":"synology-dms","author":"cn-kali-team","tags":"detect,tech,synology-dms","severity":"info","metadata":{"product":"synology-dms","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["class=\"logo-dsm\"","class=\"logo-synology\""],"case-insensitive":true}]}]},{"id":"tinyproxy","info":{"name":"tinyproxy","author":"cn-kali-team","tags":"detect,tech,tinyproxy","severity":"info","metadata":{"product":"tinyproxy","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["server: tinyproxy/"],"part":"header","case-insensitive":true}]}]},{"id":"jloa","info":{"name":"jloa","author":"cn-kali-team","tags":"detect,tech,jloa","severity":"info","metadata":{"product":"jloa","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["logintable","selectcss","toptitleimg"],"condition":"and","case-insensitive":true}]}]},{"id":"novnc","info":{"name":"novnc","author":"cn-kali-team","tags":"detect,tech,novnc","severity":"info","metadata":{"product":"novnc","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["id=\"novnc-control-bar","novnc example: simple"],"case-insensitive":true}]}]},{"id":"netport","info":{"name":"netport","author":"cn-kali-team","tags":"detect,tech,netport","severity":"info","metadata":{"product":"netport","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["server: netport software"],"part":"header","case-insensitive":true}]}]},{"id":"xie-daoa","info":{"name":"协达oa","author":"cn-kali-team","tags":"detect,tech,协达oa","severity":"info","metadata":{"product":"协达oa","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["img.style.height=(bodyh-84-100)"],"case-insensitive":true}]}]},{"id":"webpa","info":{"name":"webpa","author":"cn-kali-team","tags":"detect,tech,webpa","severity":"info","metadata":{"product":"webpa","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["
爱办公app","id=\"foot_version\">厦门容能科技有限公司"],"case-insensitive":true}]}]},{"id":"tu-chuang-ruan-jian-tu-shu-guan-zhan-qun-guan-li-xi-tong","info":{"name":"图创软件-图书馆站群管理系统","author":"cn-kali-team","tags":"detect,tech,图创软件-图书馆站群管理系统","severity":"info","metadata":{"product":"图创软件-图书馆站群管理系统","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/interlib/common/"],"case-insensitive":true}]}]},{"id":"riicy-rui-bo-shi-yun-ban-gong-xi-tong","info":{"name":"riicy-睿博士云办公系统","author":"cn-kali-team","tags":"detect,tech,riicy-睿博士云办公系统","severity":"info","metadata":{"product":"riicy-睿博士云办公系统","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/studentsign/tologin.di","/user/toupdatepasswordpage.di"],"condition":"and","case-insensitive":true}]}]},{"id":"comexe-ras","info":{"name":"comexe-ras","author":"cn-kali-team","tags":"detect,tech,comexe-ras","severity":"info","metadata":{"product":"comexe-ras","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["href=\"pic/iras.ico","href=\"pic/ras.ico"],"condition":"and","case-insensitive":true},{"type":"word","words":["href=\"cmxlogin.php\"","type=\"application/npras","科迈ras","远程技术支持请求: "],"case-insensitive":true}]}]},{"id":"drugpak","info":{"name":"drugpak","author":"cn-kali-team","tags":"detect,tech,drugpak","severity":"info","metadata":{"product":"drugpak","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/dplimg/dpstyle.css","powered by drugpak"],"case-insensitive":true}]}]},{"id":"ibot-cloud","info":{"name":"ibot-cloud","author":"cn-kali-team","tags":"detect,tech,ibot-cloud","severity":"info","metadata":{"product":"ibot-cloud","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["author:lvzhaohua"],"case-insensitive":true}]}]},{"id":"sdcncsi","info":{"name":"sdcncsi","author":"cn-kali-team","tags":"detect,tech,sdcncsi","severity":"info","metadata":{"product":"sdcncsi","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["在沃系统","refreshcaptchaimgfun"],"case-insensitive":true}]}]},{"id":"ali-monitoring-system","info":{"name":"ali-monitoring-system","author":"cn-kali-team","tags":"detect,tech,ali-monitoring-system","severity":"info","metadata":{"product":"ali-monitoring-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/monitor/css/monitor.css","href=\"/monitor/monitoritem/monitoritemlist.htm"],"case-insensitive":true}]}]},{"id":"bluepacific-network-monitoring-system","info":{"name":"bluepacific-network-monitoring-system","author":"cn-kali-team","tags":"detect,tech,bluepacific-network-monitoring-system","severity":"info","metadata":{"product":"bluepacific-network-monitoring-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/biradarserver/web/"],"case-insensitive":true}]}]},{"id":"znv-digital-campus","info":{"name":"znv-digital-campus","author":"cn-kali-team","tags":"detect,tech,znv-digital-campus","severity":"info","metadata":{"product":"znv-digital-campus","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["list.asp?caseid="],"case-insensitive":true}]}]},{"id":"mibew-messenger","info":{"name":"mibew-messenger","author":"cn-kali-team","tags":"detect,tech,mibew-messenger","severity":"info","metadata":{"product":"mibew-messenger","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["class=\"empty_inner","class=\"flink\">mibew messenger"],"case-insensitive":true}]}]},{"id":"tradingeye","info":{"name":"tradingeye","author":"cn-kali-team","tags":"detect,tech,tradingeye","severity":"info","metadata":{"product":"tradingeye","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["content=\"dpivision.com ltd\" />","id=\"credits\">powered by tradingeye"],"case-insensitive":true}]}]},{"id":"percona-xtradb-cluster","info":{"name":"percona-xtradb-cluster","author":"cn-kali-team","tags":"detect,tech,percona-xtradb-cluster","severity":"info","metadata":{"product":"percona-xtradb-cluster","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["percona xtradb cluster node"],"case-insensitive":true}]}]},{"id":"wireless-access-point-controller","info":{"name":"wireless-access-point-controller","author":"cn-kali-team","tags":"detect,tech,wireless-access-point-controller","severity":"info","metadata":{"product":"wireless-access-point-controller","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["微信数字投票","content=\"微平台投票管理系统"],"condition":"and","case-insensitive":true},{"type":"word","words":["content=\"微平台投票系统"],"case-insensitive":true}]}]},{"id":"ecash-system","info":{"name":"ecash-system","author":"cn-kali-team","tags":"detect,tech,ecash-system","severity":"info","metadata":{"product":"ecash-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["
欢迎使用e-cash系统"],"case-insensitive":true}]}]},{"id":"automatedlogiccorporation-webctrl","info":{"name":"automatedlogiccorporation-webctrl","author":"cn-kali-team","tags":"detect,tech,automatedlogiccorporation-webctrl","severity":"info","metadata":{"product":"automatedlogiccorporation-webctrl","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["href=\"/_common/lvl5/about/eula.jsp\""],"case-insensitive":true}]}]},{"id":"aurion","info":{"name":"aurion","author":"cn-kali-team","tags":"detect,tech,aurion","severity":"info","metadata":{"product":"aurion","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/aurion.js",""],"case-insensitive":true}]}]},{"id":"smartthumbs","info":{"name":"smartthumbs","author":"cn-kali-team","tags":"detect,tech,smartthumbs","severity":"info","metadata":{"product":"smartthumbs","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["powered bysmart thumbs"],"case-insensitive":true}]}]},{"id":"uniview-ezstation","info":{"name":"uniview-ezstation","author":"cn-kali-team","tags":"detect,tech,uniview-ezstation","severity":"info","metadata":{"product":"uniview-ezstation","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["

welcome to ezstation vc server"],"case-insensitive":true}]}]},{"id":"softbiz-online-classifieds","info":{"name":"softbiz-online-classifieds","author":"cn-kali-team","tags":"detect,tech,softbiz-online-classifieds","severity":"info","metadata":{"product":"softbiz-online-classifieds","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["http://www.softbizscripts.com/classified-ads-plus-script-features.php"],"case-insensitive":true}]}]},{"id":"dptech-umc","info":{"name":"dptech-umc","author":"cn-kali-team","tags":"detect,tech,dptech-umc","severity":"info","metadata":{"product":"dptech-umc","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["onsubmit=\"return sys_submit(this)"],"case-insensitive":true}]}]},{"id":"juniper-vpn","info":{"name":"juniper-vpn","author":"cn-kali-team","tags":"detect,tech,juniper-vpn","severity":"info","metadata":{"product":"juniper-vpn","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["juniper networks vpn","junos pulse secure access service"],"condition":"and","case-insensitive":true}]}]},{"id":"atutor-elearning","info":{"name":"atutor-elearning","author":"cn-kali-team","tags":"detect,tech,atutor-elearning","severity":"info","metadata":{"product":"atutor-elearning","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["content=\"atutor"],"case-insensitive":true},{"type":"word","words":["set-cookie: atutorid"],"part":"header","case-insensitive":true}]}]},{"id":"you-you-mailgard-webmail","info":{"name":"佑友-mailgard-webmail","author":"cn-kali-team","tags":"detect,tech,佑友-mailgard-webmail","severity":"info","metadata":{"product":"佑友-mailgard-webmail","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["mailgard webmail","window.open('http://www.hechen.com')"],"condition":"and","case-insensitive":true}]}]},{"id":"kxmail","info":{"name":"kxmail","author":"cn-kali-team","tags":"detect,tech,kxmail","severity":"info","metadata":{"product":"kxmail","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/systemfunction.pack.js","lo_computername","powered by \""],"condition":"and","case-insensitive":true}]}]},{"id":"promise-webpam","info":{"name":"promise-webpam","author":"cn-kali-team","tags":"detect,tech,promise-webpam","severity":"info","metadata":{"product":"promise-webpam","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["js/promise/themes/apple/images/logo_promise.png","src=\"js/dojo/promise.js"],"case-insensitive":true}]}]},{"id":"lenovo-thinkserver","info":{"name":"lenovo-thinkserver","author":"cn-kali-team","tags":"detect,tech,lenovo-thinkserver","severity":"info","metadata":{"product":"lenovo-thinkserver","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["thinkserver"],"case-insensitive":true}]}]},{"id":"tai-yi-xing-chen-xia-yi-dai-fang-huo-qiang","info":{"name":"太一星晨-下一代防火墙","author":"cn-kali-team","tags":"detect,tech,太一星晨-下一代防火墙","severity":"info","metadata":{"product":"太一星晨-下一代防火墙","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["t-force下一代防火墙"],"case-insensitive":true}]}]},{"id":"jurassic-application-management-system","info":{"name":"jurassic-application-management-system","author":"cn-kali-team","tags":"detect,tech,jurassic-application-management-system","severity":"info","metadata":{"product":"jurassic-application-management-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["jurassic","var _usermenusurl = '/appcenter/functions/getusermenu'"],"case-insensitive":true}]}]},{"id":"zhe-da-en-te-ke-hu-zi-yuan-guan-li-xi-tong--entercrm","info":{"name":"浙大恩特客户资源管理系统- entercrm","author":"cn-kali-team","tags":"detect,tech","severity":"info","metadata":{"product":"浙大恩特客户资源管理系统- entercrm","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["entercrm","欢迎使用浙大恩特客户资源管理系统"],"case-insensitive":true}]}]},{"id":"yichao-system","info":{"name":"yichao-system","author":"cn-kali-team","tags":"detect,tech,yichao-system","severity":"info","metadata":{"product":"yichao-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["src=\"amy/webos/jpmanager.js\""],"case-insensitive":true}]}]},{"id":"cinvoice","info":{"name":"cinvoice","author":"cn-kali-team","tags":"detect,tech,cinvoice","severity":"info","metadata":{"product":"cinvoice","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["powered by 系统负荷过高,导致网络拥塞,建议降低系统负荷或重启路由器"],"condition":"and","case-insensitive":true},{"type":"word","words":["锐捷网络","href=/static/img/title.ico"],"condition":"and","case-insensitive":true},{"type":"word","words":["锐捷网络","index.data?opt=err"],"condition":"and","case-insensitive":true},{"type":"word","words":["锐捷网络","/luci-static/ruijie/images/favicon.ico"],"condition":"and","case-insensitive":true},{"type":"word","words":["302 moved","relogin.htm?_t="],"condition":"and","case-insensitive":true},{"type":"word","words":["锐捷网络","mailto:service@ruijie.com.cn"],"condition":"and","case-insensitive":true},{"type":"favicon","hash":["a45883b12d753bc87aff5bddbef16ab3"]},{"type":"word","words":["class=\"line resource\" id=\"nbr_1\"","锐捷网络 --nbr路由器--登录界面","ruijie - nbr"],"case-insensitive":true}]}]},{"id":"pcitc-sslvpn","info":{"name":"pcitc-sslvpn","author":"cn-kali-team","tags":"detect,tech,pcitc-sslvpn","severity":"info","metadata":{"product":"pcitc-sslvpn","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["src=\"new_style/placeholderfriend.js\""],"case-insensitive":true}]}]},{"id":"exponent-cms","info":{"name":"exponent-cms","author":"cn-kali-team","tags":"detect,tech,exponent-cms","severity":"info","metadata":{"product":"exponent-cms","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["content=\"exponent content management system","powered by exponent cms"],"case-insensitive":true}]}]},{"id":"vam-product","info":{"name":"vam-product","author":"cn-kali-team","tags":"detect,tech,vam-product","severity":"info","metadata":{"product":"vam-product","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["href=\"https://virtualairlinesmanager.net/\">virtual airlines manager","id=\"mymodallabel\">login vam system","powered by virtual airlines manager","src=\"js/vam.js\""],"case-insensitive":true}]}]},{"id":"zhong-xin-jin-dun-xin-xi-an-quan-guan-li-xi-tong","info":{"name":"中新金盾-信息安全管理系统","author":"cn-kali-team","tags":"detect,tech,中新金盾-信息安全管理系统","severity":"info","metadata":{"product":"中新金盾-信息安全管理系统","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["c.alertmsg('磁盘空间剩余: ' + space_available + ' m','alert_msg');","onclick=\"javascript:useaccountlogin();"],"condition":"and","case-insensitive":true}]}]},{"id":"profense-firewall","info":{"name":"profense-firewall","author":"cn-kali-team","tags":"detect,tech,profense-firewall","severity":"info","metadata":{"product":"profense-firewall","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["server: profense"],"part":"header","case-insensitive":true}]}]},{"id":"project-management-system","info":{"name":"project-management-system","author":"cn-kali-team","tags":"detect,tech,project-management-system","severity":"info","metadata":{"product":"project-management-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["var right = regexp.rightcontext","window.top.location = \"login.aspx?url=\" + right\""],"case-insensitive":true}]}]},{"id":"easyscp","info":{"name":"easyscp","author":"cn-kali-team","tags":"detect,tech,easyscp","severity":"info","metadata":{"product":"easyscp","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/css/easyscp.login.css","content='easyscp"],"condition":"and","case-insensitive":true}]}]},{"id":"yong-you-zhi-yuan-a6-xie-tong-ban-gong-ruan-jian","info":{"name":"用友致远a6协同办公软件","author":"cn-kali-team","tags":"detect,tech","severity":"info","metadata":{"product":"用友致远a6协同办公软件","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["images/login/a6flash.swf","辅助程序安装"],"condition":"and","case-insensitive":true},{"type":"word","words":["用友致远a6协同办公软件","辅助程序安装"],"condition":"and","case-insensitive":true}]}]},{"id":"nuance-safecom","info":{"name":"nuance-safecom","author":"cn-kali-team","tags":"detect,tech,nuance-safecom","severity":"info","metadata":{"product":"nuance-safecom","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["safecom mobile print"],"case-insensitive":true}]}]},{"id":"zhi-yuan-a6+-xie-tong-guan-li-ruan-jian","info":{"name":"致远a6+协同管理软件","author":"cn-kali-team","tags":"detect,tech","severity":"info","metadata":{"product":"致远a6+协同管理软件","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/seeyon/common/images/a6/favicon.ico"],"case-insensitive":true}]}]},{"id":"goonie-internet-public-ppinion-monitoring-system","info":{"name":"goonie-internet-public-ppinion-monitoring-system","author":"cn-kali-team","tags":"detect,tech,goonie-internet-public-ppinion-monitoring-system","severity":"info","metadata":{"product":"goonie-internet-public-ppinion-monitoring-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["alert(\"菜单层数量和内容层数量不一样!\")","网络舆情监控系统"],"case-insensitive":true}]}]},{"id":"cisco-nexus-data-broker","info":{"name":"cisco-nexus-data-broker","author":"cn-kali-team","tags":"detect,tech,cisco-nexus-data-broker","severity":"info","metadata":{"product":"cisco-nexus-data-broker","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["window.location.href = '/monitor';"],"case-insensitive":true}]}]},{"id":"todaymail","info":{"name":"todaymail","author":"cn-kali-team","tags":"detect,tech,todaymail","severity":"info","metadata":{"product":"todaymail","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["todaymail anti-spam police","todaynic.com,inc."],"condition":"and","case-insensitive":true}]}]},{"id":"teradata-parallel","info":{"name":"teradata-parallel","author":"cn-kali-team","tags":"detect,tech,teradata-parallel","severity":"info","metadata":{"product":"teradata-parallel","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["var currentmode ='fittowindowonload"],"case-insensitive":true}]}]},{"id":"confluence","info":{"name":"confluence","author":"cn-kali-team","tags":"detect,tech,confluence","severity":"info","metadata":{"product":"confluence","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["location: /login.action?os_destination=","x-confluence-request-time:"],"part":"header","condition":"and","case-insensitive":true},{"type":"word","words":["id=\"com-atlassian-confluence","name=\"confluence-base-url\""],"condition":"and","case-insensitive":true}]}]},{"id":"webbased-pear-package-manager","info":{"name":"webbased-pear-package-manager","author":"cn-kali-team","tags":"detect,tech,webbased-pear-package-manager","severity":"info","metadata":{"product":"webbased-pear-package-manager","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["\"pear\"","pear_frontend_web"],"case-insensitive":true}]}]},{"id":"reddoxx","info":{"name":"reddoxx","author":"cn-kali-team","tags":"detect,tech,reddoxx","severity":"info","metadata":{"product":"reddoxx","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["148779de-1cf1-49bb-8bdb-129321cf8974"],"case-insensitive":true}]}]},{"id":"yi-dong-ban-gong-xi-tong","info":{"name":"移动办公系统","author":"cn-kali-team","tags":"detect,tech,移动办公系统","severity":"info","metadata":{"product":"移动办公系统","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["window.location.href = '/ui/html/login.html';","移动办公系统"],"condition":"and","case-insensitive":true}]}]},{"id":"shi-wu-you-shi-an-nei-wang-an-quan","info":{"name":"世无忧-世安内网安全","author":"cn-kali-team","tags":"detect,tech,世无忧-世安内网安全","severity":"info","metadata":{"product":"世无忧-世安内网安全","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["gzsa. all rights reserved","内网终端安全管理系统登陆界面"],"condition":"and","case-insensitive":true}]}]},{"id":"udesk","info":{"name":"udesk","author":"cn-kali-team","tags":"detect,tech,udesk","severity":"info","metadata":{"product":"udesk","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["assets-cli.udesk.cn/im_client/js/udeskapi.js","udesk.cn/im_client/?web_plugin_id="],"case-insensitive":true}]}]},{"id":"creatsoft-system","info":{"name":"creatsoft-system","author":"cn-kali-team","tags":"detect,tech,creatsoft-system","severity":"info","metadata":{"product":"creatsoft-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["href=\"/corrosion/charts/ph.jsp\"","href=\"/corrosion/charts/water-pid.jsp"],"case-insensitive":true}]}]},{"id":"byzoro-an-quan-wang-guan","info":{"name":"byzoro-安全网关","author":"cn-kali-team","tags":"detect,tech,byzoro-安全网关","severity":"info","metadata":{"product":"byzoro-安全网关","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":[" patrolflow 多业务安全网关","patrolflow"],"condition":"and","case-insensitive":true}]}]},{"id":"gong-kong-an-quan-yin-huan-zhi-li-xiang-mu-xi-tong","info":{"name":"工控安全隐患治理项目系统","author":"cn-kali-team","tags":"detect,tech,工控安全隐患治理项目系统","severity":"info","metadata":{"product":"工控安全隐患治理项目系统","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["href=\"qyxt.html\""],"case-insensitive":true}]}]},{"id":"lg-supersign","info":{"name":"lg-supersign","author":"cn-kali-team","tags":"detect,tech,lg-supersign","severity":"info","metadata":{"product":"lg-supersign","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["src=\"/ssw/js/user/index.js\""],"case-insensitive":true}]}]},{"id":"vrv-desktop-application-system","info":{"name":"vrv-desktop-application-system","author":"cn-kali-team","tags":"detect,tech,vrv-desktop-application-system","severity":"info","metadata":{"product":"vrv-desktop-application-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["vrv","var vver = $('#hidverify').val();"],"case-insensitive":true}]}]},{"id":"vectra-product","info":{"name":"vectra-product","author":"cn-kali-team","tags":"detect,tech,vectra-product","severity":"info","metadata":{"product":"vectra-product","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["vectra.base.css"],"case-insensitive":true}]}]},{"id":"wayos--wei-meng-ac-ji-zhong-guan-li-ping-tai","info":{"name":"wayos - 维盟ac集中管理平台","author":"cn-kali-team","tags":"detect,tech","severity":"info","metadata":{"product":"wayos - 维盟ac集中管理平台","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["ac集中管理平台","login_25.jpg"],"condition":"and","case-insensitive":true},{"type":"favicon","hash":["715c49c5512d763084a4082c27d935e1"]}]}]},{"id":"sangfor-zero-trust-integrated-gateway","info":{"name":"sangfor-zero-trust-integrated-gateway","author":"cn-kali-team","tags":"detect,tech,sangfor-zero-trust-integrated-gateway","severity":"info","metadata":{"product":"sangfor-zero-trust-integrated-gateway","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"favicon","hash":["61ea21861c73970bc98ed619f2748992"]},{"type":"word","words":["atrust"],"case-insensitive":true}]}]},{"id":"netartmedia-real-estate-portal","info":{"name":"netartmedia-real-estate-portal","author":"cn-kali-team","tags":"detect,tech,netartmedia-real-estate-portal","severity":"info","metadata":{"product":"netartmedia-real-estate-portal","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["powered by <a href=\"http://www.netartmedia.net/realestate"],"case-insensitive":true}]}]},{"id":"centerm","info":{"name":"centerm","author":"cn-kali-team","tags":"detect,tech,centerm","severity":"info","metadata":{"product":"centerm","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["new ct.extapp.aboutsystemwindow()"],"case-insensitive":true}]}]},{"id":"cirrusgate-system","info":{"name":"cirrusgate-system","author":"cn-kali-team","tags":"detect,tech,cirrusgate-system","severity":"info","metadata":{"product":"cirrusgate-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["window.location.href = \"/dlp/admin/user/login.action\""],"case-insensitive":true}]}]},{"id":"17mail-yi-qi-you","info":{"name":"17mail-易企邮","author":"cn-kali-team","tags":"detect,tech,17mail-易企邮","severity":"info","metadata":{"product":"17mail-易企邮","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["//易企邮正式版发布"],"case-insensitive":true}]}]},{"id":"consul-hashicorp","info":{"name":"consul-hashicorp","author":"cn-kali-team","tags":"detect,tech,consul-hashicorp","severity":"info","metadata":{"product":"consul-hashicorp","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["consul instance","consul-ui/config/environment","consulhost","www.consul.io"],"case-insensitive":true}]}]},{"id":"ymhome-oa","info":{"name":"ymhome-oa","author":"cn-kali-team","tags":"detect,tech,ymhome-oa","severity":"info","metadata":{"product":"ymhome-oa","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/yimioa.apk"],"case-insensitive":true}]}]},{"id":"anneca-intouch-crm","info":{"name":"anneca-intouch-crm","author":"cn-kali-team","tags":"detect,tech,anneca-intouch-crm","severity":"info","metadata":{"product":"anneca-intouch-crm","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["href=\"http://www.anneca.cz\""],"case-insensitive":true}]}]},{"id":"shwatermeter-system","info":{"name":"shwatermeter-system","author":"cn-kali-team","tags":"detect,tech,shwatermeter-system","severity":"info","metadata":{"product":"shwatermeter-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["关于正则表达式的内容在本书的第10章中有较详细的讨论"],"case-insensitive":true}]}]},{"id":"opendocman","info":{"name":"opendocman","author":"cn-kali-team","tags":"detect,tech,opendocman","severity":"info","metadata":{"product":"opendocman","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["target=\"_new\">opendocman","welcome to opendocman"],"case-insensitive":true}]}]},{"id":"microsoft-exchange","info":{"name":"microsoft-exchange","author":"cn-kali-team","tags":"detect,tech,microsoft-exchange","severity":"info","metadata":{"product":"microsoft-exchange","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["location: /owa/","server: microsoft"],"part":"header","condition":"and","case-insensitive":true},{"type":"word","words":["<div class=\"signinheader\">outlook</div>","owalogocontainer"],"condition":"and","case-insensitive":true},{"type":"word","words":["/owa/","owapage = asp.auth_logon_aspx"],"condition":"and","case-insensitive":true},{"type":"word","words":["/owa/","showpasswordcheck"],"condition":"and","case-insensitive":true},{"type":"word","words":["/exchweb/bin/auth/owalogon.asp","/exchweb/bin/auth/owalogon.asp?url=","<!-- owapage = asp.auth_logon_aspx","<div class=\"signinheader\">outlook</div>","<meta http-equiv=\"refresh\" content=\"0;url=/owa\">","href=\"/owa/auth/","themes/resources/segoeui-semibold.ttf","window.location.replace(\"/owa/\" + window.location.hash);</script></head><body></body>"],"case-insensitive":true}]}]},{"id":"proxmox-ve","info":{"name":"proxmox-ve","author":"cn-kali-team","tags":"detect,tech,proxmox-ve","severity":"info","metadata":{"product":"proxmox-ve","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["class=\"boxheadline\">proxmox virtual environment","ext.create('pve.stdworkspace')","href='http://www.proxmox.com' target='_blank' class=\"boxheadline"],"case-insensitive":true}]}]},{"id":"terminal-feature-collection-and-control-system","info":{"name":"terminal-feature-collection-and-control-system","author":"cn-kali-team","tags":"detect,tech,terminal-feature-collection-and-control-system","severity":"info","metadata":{"product":"terminal-feature-collection-and-control-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/home/pkibinduser?subjectname="],"case-insensitive":true}]}]},{"id":"kodcloud-system","info":{"name":"kodcloud-system","author":"cn-kali-team","tags":"detect,tech,kodcloud-system","severity":"info","metadata":{"product":"kodcloud-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/common/loading_simple.gif"],"case-insensitive":true}]}]},{"id":"cms4j","info":{"name":"cms4j","author":"cn-kali-team","tags":"detect,tech,cms4j","severity":"info","metadata":{"product":"cms4j","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["href=\"/cms4jadmin/login.jsp","method=\"post\" name=\"cms4jsearchform\" id=\"cms4jsearchform"],"case-insensitive":true}]}]},{"id":"arl","info":{"name":"arl","author":"cn-kali-team","tags":"detect,tech,arl","severity":"info","metadata":{"product":"arl","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["<title>资产灯塔系统"],"case-insensitive":true}]}]},{"id":"shen-xin-fuweb-fang-cuan-gai-guan-li-xi-tong","info":{"name":"深信服web防篡改管理系统","author":"cn-kali-team","tags":"detect,tech,深信服web防篡改管理系统","severity":"info","metadata":{"product":"深信服web防篡改管理系统","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["web防篡改","cgi-bin/tamper_admin.cgi"],"condition":"and","case-insensitive":true}]}]},{"id":"esri-arcgis","info":{"name":"esri-arcgis","author":"cn-kali-team","tags":"detect,tech,esri-arcgis","severity":"info","metadata":{"product":"esri-arcgis","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["esri/discovery/admin.js"],"case-insensitive":true}]}]},{"id":"oscshop","info":{"name":"oscshop","author":"cn-kali-team","tags":"detect,tech,oscshop","severity":"info","metadata":{"product":"oscshop","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["x-powered-by: oscshop"],"part":"header","case-insensitive":true}]}]},{"id":"emerson-environmentalenergymonitoringsystem","info":{"name":"emerson-environmentalenergymonitoringsystem","author":"cn-kali-team","tags":"detect,tech,emerson-environmentalenergymonitoringsystem","severity":"info","metadata":{"product":"emerson-environmentalenergymonitoringsystem","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["alert(\"网络断连或者idu-s没有启动."],"case-insensitive":true}]}]},{"id":"bithighway-product","info":{"name":"bithighway-product","author":"cn-kali-team","tags":"detect,tech,bithighway-product","severity":"info","metadata":{"product":"bithighway-product","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["href='http://www.bithighway.com' target=_blank>北京碧海威科技有限公司<"],"case-insensitive":true}]}]},{"id":"ngi-gxd5-pacs","info":{"name":"ngi-gxd5-pacs","author":"cn-kali-team","tags":"detect,tech,ngi-gxd5-pacs","severity":"info","metadata":{"product":"ngi-gxd5-pacs","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["
"],"case-insensitive":true}]}]},{"id":"yonyou-fe","info":{"name":"yonyou-fe","author":"cn-kali-team","tags":"detect,tech,yonyou-fe","severity":"info","metadata":{"product":"yonyou-fe","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["v_hedden","v_show"],"condition":"and","case-insensitive":true}]}]},{"id":"yichao-crmreporting","info":{"name":"yichao-crmreporting","author":"cn-kali-team","tags":"detect,tech,yichao-crmreporting","severity":"info","metadata":{"product":"yichao-crmreporting","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["href=\"/css/vendors~index.acfeb.css\""],"case-insensitive":true}]}]},{"id":"zhi-yuan-a8-v5-xie-tong-guan-li-ruan-jian","info":{"name":"致远a8-v5协同管理软件","author":"cn-kali-team","tags":"detect,tech","severity":"info","metadata":{"product":"致远a8-v5协同管理软件","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["https://weixin.seeyon.com/mobilehelp.jsp?random=","a8+集团版"],"condition":"and","case-insensitive":true},{"type":"word","words":["common/js/passwdcheck.js?v=v5_6","/seeyon/common/images/a8/favicon.ico"],"case-insensitive":true}]}]},{"id":"cisco-ios-xe","info":{"name":"cisco-ios-xe","author":"cn-kali-team","tags":"detect,tech","severity":"info","metadata":{"product":"cisco-ios-xe","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"favicon","hash":["d2962d133fd209cf567d05d1683f3fc1"]},{"type":"word","words":["",""],"case-insensitive":true}]}]},{"id":"polycom-ippbx","info":{"name":"polycom-ippbx","author":"cn-kali-team","tags":"detect,tech,polycom-ippbx","severity":"info","metadata":{"product":"polycom-ippbx","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["src=\"cgi-bin/httptohttps.cgi\"","src=\"cgi-bin/ippbx.cgi?module=showlogin\""],"case-insensitive":true}]}]},{"id":"citrix-xenserver","info":{"name":"citrix-xenserver","author":"cn-kali-team","tags":"detect,tech,citrix-xenserver","severity":"info","metadata":{"product":"citrix-xenserver","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["xencenter installer","citrix systems, inc. xenserver"],"case-insensitive":true}]}]},{"id":"vmware-vsphere","info":{"name":"vmware-vsphere","author":"cn-kali-team","tags":"detect,tech,vmware-vsphere","severity":"info","metadata":{"product":"vmware-vsphere","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["etcd viewer"],"case-insensitive":true}]}]},{"id":"weisha-learningsystem","info":{"name":"weisha-learningsystem","author":"cn-kali-team","tags":"detect,tech,weisha-learningsystem","severity":"info","metadata":{"product":"weisha-learningsystem","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/utility/corescripts/widget.js"],"case-insensitive":true}]}]},{"id":"activecollab","info":{"name":"activecollab","author":"cn-kali-team","tags":"detect,tech,activecollab","severity":"info","metadata":{"product":"activecollab","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["

"],"case-insensitive":true}]}]},{"id":"manageengine-applications-manager","info":{"name":"manageengine-applications-manager","author":"cn-kali-team","tags":"detect,tech,manageengine-applications-manager","severity":"info","metadata":{"product":"manageengine-applications-manager","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/appmanager.js"],"case-insensitive":true}]}]},{"id":"opt-webfieldassis","info":{"name":"opt-webfieldassis","author":"cn-kali-team","tags":"detect,tech,opt-webfieldassis","severity":"info","metadata":{"product":"opt-webfieldassis","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["href=\"javascript:__dopostback('lbanonymous','')\""],"case-insensitive":true}]}]},{"id":"guan-qun-jin-chen-kill-you-jian-an-quan-wang-guan","info":{"name":"冠群金辰-kill邮件安全网关","author":"cn-kali-team","tags":"detect,tech,冠群金辰-kill邮件安全网关","severity":"info","metadata":{"product":"冠群金辰-kill邮件安全网关","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["background=\"skins/default/images/login_ksgm.jpg","kill邮件安全网关"],"condition":"and","case-insensitive":true}]}]},{"id":"neo4j-browser","info":{"name":"neo4j-browser","author":"cn-kali-team","tags":"detect,tech,neo4j-browser","severity":"info","metadata":{"product":"neo4j-browser","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["neo4j://","neo4j_edition","neo4j_version"],"condition":"and","case-insensitive":true}]}]},{"id":"ntopng","info":{"name":"ntopng","author":"cn-kali-team","tags":"detect,tech,ntopng","severity":"info","metadata":{"product":"ntopng","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["","generated by ntopng","href=\"/css/ntopng.css"],"case-insensitive":true}]}]},{"id":"nstc-software","info":{"name":"nstc-software","author":"cn-kali-team","tags":"detect,tech,nstc-software","severity":"info","metadata":{"product":"nstc-software","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["skysz.fw.index.validatecodenew = \"/loginaction/validatecodenew.html"],"case-insensitive":true}]}]},{"id":"landray-oa-xi-tong","info":{"name":"landray-oa系统","author":"cn-kali-team","tags":"detect,tech","severity":"info","metadata":{"product":"landray-oa系统","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["j_acegi_security_check","lui_login_message_div"],"condition":"and","case-insensitive":true},{"type":"favicon","hash":["302464c3f6207d57240649926cfc7bd4"]}]}]},{"id":"agoracgi","info":{"name":"agoracgi","author":"cn-kali-team","tags":"detect,tech,agoracgi","severity":"info","metadata":{"product":"agoracgi","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/agora.cgi?product=","/store/agora.cgi"],"condition":"and","case-insensitive":true}]}]},{"id":"moosefs","info":{"name":"moosefs","author":"cn-kali-team","tags":"detect,tech,moosefs","severity":"info","metadata":{"product":"moosefs","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["mfs.cgi","under-goal files"],"condition":"and","case-insensitive":true}]}]},{"id":"yonyou-erp-nc","info":{"name":"yonyou-erp-nc","author":"cn-kali-team","tags":"detect,tech,yonyou-erp-nc","severity":"info","metadata":{"product":"yonyou-erp-nc","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/nc/servlet/nc.ui.iufo.login.index"],"case-insensitive":true}]}]},{"id":"solidyne-inet-server","info":{"name":"solidyne-inet-server","author":"cn-kali-team","tags":"detect,tech,solidyne-inet-server","severity":"info","metadata":{"product":"solidyne-inet-server","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["",""],"case-insensitive":true}]}]},{"id":"emc-documentum-webtop","info":{"name":"emc-documentum-webtop","author":"cn-kali-team","tags":"detect,tech,emc-documentum-webtop","severity":"info","metadata":{"product":"emc-documentum-webtop","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/webtop/index.js","/webtop/webtop/theme/documentum/css/webtop.css"],"case-insensitive":true}]}]},{"id":"youhua-iemos_cw","info":{"name":"youhua-iemos_cw","author":"cn-kali-team","tags":"detect,tech,youhua-iemos_cw","severity":"info","metadata":{"product":"youhua-iemos_cw","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["var id = document.getelementbyid(\"txtyhmm\").value"],"case-insensitive":true}]}]},{"id":"sdcncsi","info":{"name":"sdcncsi","author":"cn-kali-team","tags":"detect,tech,sdcncsi","severity":"info","metadata":{"product":"sdcncsi","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["在沃系统","refreshcaptchaimgfun"],"case-insensitive":true}]}]},{"id":"gitweb","info":{"name":"gitweb","author":"cn-kali-team","tags":"detect,tech,gitweb","severity":"info","metadata":{"product":"gitweb","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/gitweb.css","/gitweb.js","content=\"gitweb"],"case-insensitive":true}]}]},{"id":"mibew-messenger","info":{"name":"mibew-messenger","author":"cn-kali-team","tags":"detect,tech,mibew-messenger","severity":"info","metadata":{"product":"mibew-messenger","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["class=\"empty_inner","class=\"flink\">mibew messenger"],"case-insensitive":true}]}]},{"id":"diancms","info":{"name":"diancms","author":"cn-kali-team","tags":"detect,tech,diancms","severity":"info","metadata":{"product":"diancms","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["diancms_sitename","diancms_用户登陆引用"],"case-insensitive":true}]}]},{"id":"zfsoft-educational-management-system","info":{"name":"zfsoft-educational-management-system","author":"cn-kali-team","tags":"detect,tech,zfsoft-educational-management-system","severity":"info","metadata":{"product":"zfsoft-educational-management-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["content=\"站点介绍\"","style/base/jw.css"],"condition":"and","case-insensitive":true}]}]},{"id":"laravel-framework","info":{"name":"laravel-framework","author":"cn-kali-team","tags":"detect,tech,laravel-framework","severity":"info","metadata":{"product":"laravel-framework","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["set-cookie: laravel_session"],"part":"header","case-insensitive":true}]}]},{"id":"websocket","info":{"name":"websocket","author":"cn-kali-team","tags":"detect,tech,websocket","severity":"info","metadata":{"product":"websocket","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["websockets request was expected","not a websocket handshake","ws://","wss://"],"case-insensitive":true}]}]},{"id":"smartbi","info":{"name":"smartbi","author":"cn-kali-team","tags":"detect,tech,smartbi","severity":"info","metadata":{"product":"smartbi","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["gcfutil = jsloader.resolve('smartbi.gcf.gcfutil')"],"case-insensitive":true}]}]},{"id":"trs-wcm","info":{"name":"trs-wcm","author":"cn-kali-team","tags":"detect,tech,trs-wcm","severity":"info","metadata":{"product":"trs-wcm","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/wcm\" target=\"_blank\">网站管理","wcm"],"condition":"and","case-insensitive":true},{"type":"word","words":["/wcm\" target=\"_blank\">管理","/wcm/app/js","0;url=/wcm","forum.trs.com.cn","window.location.href = \"/wcm\";"],"case-insensitive":true}]}]},{"id":"special-device-testing-risk-assessment-system","info":{"name":"special-device-testing-risk-assessment-system","author":"cn-kali-team","tags":"detect,tech,special-device-testing-risk-assessment-system","severity":"info","metadata":{"product":"special-device-testing-risk-assessment-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["var unitid = getpagerequestvalue(\"unitid\")"],"case-insensitive":true}]}]},{"id":"h3c-web-managerment-home","info":{"name":"h3c-web-managerment-home","author":"cn-kali-team","tags":"detect,tech,h3c-web-managerment-home","severity":"info","metadata":{"product":"h3c-web-managerment-home","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/wnm/ssl/web/frame/login.html"],"case-insensitive":true}]}]},{"id":"chinatelecom-guestsupportsystem","info":{"name":"chinatelecom-guestsupportsystem","author":"cn-kali-team","tags":"detect,tech,chinatelecom-guestsupportsystem","severity":"info","metadata":{"product":"chinatelecom-guestsupportsystem","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["href=\"nhmis.css\"","var requiredfieldvalidator2 = document.all "],"case-insensitive":true}]}]},{"id":"online-grades","info":{"name":"online-grades","author":"cn-kali-team","tags":"detect,tech,online-grades","severity":"info","metadata":{"product":"online-grades","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["content=\"online grades"],"case-insensitive":true}]}]},{"id":"sundray-qi-ye-fang-huo-qiang","info":{"name":"sundray-企业防火墙","author":"cn-kali-team","tags":"detect,tech,sundray-企业防火墙","severity":"info","metadata":{"product":"sundray-企业防火墙","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["help = decodeuricomponent(version_info_ch)"],"case-insensitive":true}]}]},{"id":"maipu-isg1000-an-quan-wang-guan","info":{"name":"maipu-isg1000安全网关","author":"cn-kali-team","tags":"detect,tech,maipu-isg1000安全网关","severity":"info","metadata":{"product":"maipu-isg1000安全网关","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/php/common/checknum_creat.php?module=config_authnum\")?","isg1000"],"condition":"and","case-insensitive":true}]}]},{"id":"olat","info":{"name":"olat","author":"cn-kali-team","tags":"detect,tech,olat","severity":"info","metadata":{"product":"olat","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["content=\"olat","content=\"olat - online learning and training","content=\"olat 是一个学习内容管理系统 (lcms).","href=\"/olat/raw/","o_info.uriprefix=\"/olat/dmz/\";","title=\"homepage of open source lms olat"],"case-insensitive":true}]}]},{"id":"thehostingtool","info":{"name":"thehostingtool","author":"cn-kali-team","tags":"detect,tech,thehostingtool","severity":"info","metadata":{"product":"thehostingtool","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["thehostingtool","server os:","page=status&sub=phpinfo\">phpinfo)"],"case-insensitive":true}]}]},{"id":"dtcloud","info":{"name":"dtcloud","author":"cn-kali-team","tags":"detect,tech,dtcloud","severity":"info","metadata":{"product":"dtcloud","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"favicon","hash":["49fe0618acdcd7c9dc443faca20d7bd9"]},{"type":"word","words":["dtcloud"],"case-insensitive":true}]}]},{"id":"cogent-datahub","info":{"name":"cogent-datahub","author":"cn-kali-team","tags":"detect,tech,cogent-datahub","severity":"info","metadata":{"product":"cogent-datahub","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/images/cogent.gif"],"case-insensitive":true}]}]},{"id":"pulsesecure-ssl-vpn","info":{"name":"pulsesecure-ssl-vpn","author":"cn-kali-team","tags":"detect,tech,pulsesecure-ssl-vpn","severity":"info","metadata":{"product":"pulsesecure-ssl-vpn","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["pulse connect secure","pulse connect secure"],"case-insensitive":true}]}]},{"id":"infogo-imc","info":{"name":"infogo-imc","author":"cn-kali-team","tags":"detect,tech,infogo-imc","severity":"info","metadata":{"product":"infogo-imc","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["client_check/js/global.js"],"case-insensitive":true}]}]},{"id":"openfire","info":{"name":"openfire","author":"cn-kali-team","tags":"detect,tech,openfire","severity":"info","metadata":{"product":"openfire","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["openfire 管理界面","background: transparent url(images/login_logo.gif) no-repeat"],"case-insensitive":true}]}]},{"id":"huawei-esight","info":{"name":"huawei-esight","author":"cn-kali-team","tags":"detect,tech,huawei-esight","severity":"info","metadata":{"product":"huawei-esight","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["","esight_login_copy_right_font","location.replace('login.action?_='+ new date().gettime());"],"case-insensitive":true}]}]},{"id":"cloudroom-meeting","info":{"name":"cloudroom-meeting","author":"cn-kali-team","tags":"detect,tech,cloudroom-meeting","severity":"info","metadata":{"product":"cloudroom-meeting","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["src=\"/companyimage/agents/sdk-logo.png\""],"case-insensitive":true}]}]},{"id":"thoughtconduit","info":{"name":"thoughtconduit","author":"cn-kali-team","tags":"detect,tech,thoughtconduit","severity":"info","metadata":{"product":"thoughtconduit","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["erroryour request produced an error."],"case-insensitive":true}]}]},{"id":"tian-wen-wu-ye-erp-xi-tong","info":{"name":"天问物业erp系统","author":"cn-kali-team","tags":"detect,tech","severity":"info","metadata":{"product":"天问物业erp系统","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["www.tw369.com","天问互联"],"case-insensitive":true}]}]},{"id":"netpas-traffic-management-system","info":{"name":"netpas-traffic-management-system","author":"cn-kali-team","tags":"detect,tech,netpas-traffic-management-system","severity":"info","metadata":{"product":"netpas-traffic-management-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["版权所有 关于全网部署金山毒霸企业版","金山毒霸企业版"],"condition":"and","case-insensitive":true}]}]},{"id":"pmway-e4","info":{"name":"pmway-e4","author":"cn-kali-team","tags":"detect,tech,pmway-e4","severity":"info","metadata":{"product":"pmway-e4","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["热情似火","风格"],"case-insensitive":true}]}]},{"id":"zte-police-research-system","info":{"name":"zte-police-research-system","author":"cn-kali-team","tags":"detect,tech,zte-police-research-system","severity":"info","metadata":{"product":"zte-police-research-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["src=\"img/gonanlogo.jpg","深圳市中兴信息技术有限公司版权所有"],"case-insensitive":true}]}]},{"id":"inspinia","info":{"name":"inspinia","author":"cn-kali-team","tags":"detect,tech,inspinia","severity":"info","metadata":{"product":"inspinia","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["inspinia","name=\"password"],"condition":"and","case-insensitive":true}]}]},{"id":"whir-ezoffice","info":{"name":"whir-ezoffice","author":"cn-kali-team","tags":"detect,tech,whir-ezoffice","severity":"info","metadata":{"product":"whir-ezoffice","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/defaultroot/js/cookie.js","ezofficeusername","whirrootpath"],"case-insensitive":true}]}]},{"id":"springboot-manager","info":{"name":"springboot-manager","author":"jlkl","tags":"detect,tech,springboot,manager","severity":"info","metadata":{"product":"springboot-manager","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["sys/getverify","sys/user/login"],"condition":"and","case-insensitive":true}]}]},{"id":"mashery-proxy","info":{"name":"mashery-proxy","author":"cn-kali-team","tags":"detect,tech,mashery-proxy","severity":"info","metadata":{"product":"mashery-proxy","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["server: mashery proxy"],"part":"header","case-insensitive":true}]}]},{"id":"panabit-gateway","info":{"name":"panabit-gateway","author":"cn-kali-team","tags":"detect,tech,panabit-gateway","severity":"info","metadata":{"product":"panabit-gateway","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["forum.panabit.com","pa_iptcode"],"condition":"and","case-insensitive":true},{"type":"word","words":["maintain","panalog"],"condition":"and","case-insensitive":true},{"type":"word","words":["id=\"codeno\"","日志系统"],"condition":"and","case-insensitive":true}]}]},{"id":"censura","info":{"name":"censura","author":"cn-kali-team","tags":"detect,tech,censura","severity":"info","metadata":{"product":"censura","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["powered by: ","","","produced by 大汉网络"],"case-insensitive":true}]}]},{"id":"hillstone-hsa","info":{"name":"hillstone-hsa","author":"cn-kali-team","tags":"detect,tech,hillstone-hsa","severity":"info","metadata":{"product":"hillstone-hsa","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["href=\"resources/login-all.css\""],"case-insensitive":true}]}]},{"id":"tong-cheng-duo-yong-hu-shang-cheng","info":{"name":"同城多用户商城","author":"cn-kali-team","tags":"detect,tech,同城多用户商城","severity":"info","metadata":{"product":"同城多用户商城","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/style_chaoshi/"],"case-insensitive":true}]}]},{"id":"acsoft-cloud","info":{"name":"acsoft-cloud","author":"cn-kali-team","tags":"detect,tech,acsoft-cloud","severity":"info","metadata":{"product":"acsoft-cloud","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["onrememberpasswordclick","sdiyun.com, all rights reserved"],"case-insensitive":true}]}]},{"id":"solarview-compact","info":{"name":"solarview-compact","author":"cn-kali-team","tags":"detect,tech,solarview-compact","severity":"info","metadata":{"product":"solarview-compact","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["refresh\" content=\"3; url=solar_menu.php"],"case-insensitive":true}]}]},{"id":"argocd","info":{"name":"argocd","author":"cn-kali-team","tags":"detect,tech,argocd","severity":"info","metadata":{"product":"argocd","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["argo cd","argoproj.github.io"],"condition":"and","case-insensitive":true}]}]},{"id":"softnext-spam","info":{"name":"softnext-spam","author":"cn-kali-team","tags":"detect,tech,softnext-spam","severity":"info","metadata":{"product":"softnext-spam","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["snspam/spam_request/","snspam/start_page.asp","spam_request/spam_requestact.asp"],"case-insensitive":true}]}]},{"id":"pritlog","info":{"name":"pritlog","author":"cn-kali-team","tags":"detect,tech,pritlog","severity":"info","metadata":{"product":"pritlog","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["please enable javascript for full functionality","powered by pritlog"],"case-insensitive":true}]}]},{"id":"saber","info":{"name":"Saber","author":"jlkl","tags":"detect,tech,saber","severity":"info","metadata":{"product":"saber","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["https://bladex.vip","saber/iconfont.css"],"case-insensitive":true},{"type":"favicon","hash":["1047841028","-1820270953"]}]}]},{"id":"claroline","info":{"name":"claroline","author":"cn-kali-team","tags":"detect,tech,claroline","severity":"info","metadata":{"product":"claroline","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["http://www.claroline.net\" rel=\"copyright","target=\"_blank\">claroline"],"case-insensitive":true}]}]},{"id":"ieslab-scada","info":{"name":"ieslab-scada","author":"cn-kali-team","tags":"detect,tech,ieslab-scada","severity":"info","metadata":{"product":"ieslab-scada","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["copyrightpt12","青岛积成电子有限公司"],"case-insensitive":true}]}]},{"id":"mail2000-you-jian-xi-tong","info":{"name":"mail2000-邮件系统","author":"cn-kali-team","tags":"detect,tech,mail2000-邮件系统","severity":"info","metadata":{"product":"mail2000-邮件系统","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["mail2000郵件系統"],"case-insensitive":true}]}]},{"id":"auxilium-petratepro","info":{"name":"auxilium-petratepro","author":"cn-kali-team","tags":"detect,tech,auxilium-petratepro","severity":"info","metadata":{"product":"auxilium-petratepro","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["index.php?cmd=11"],"case-insensitive":true}]}]},{"id":"symantec-endpoint-protection-manager","info":{"name":"symantec-endpoint-protection-manager","author":"cn-kali-team","tags":"detect,tech,symantec-endpoint-protection-manager","severity":"info","metadata":{"product":"symantec-endpoint-protection-manager","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/portal/about.jsp",""],"condition":"and","case-insensitive":true},{"type":"word","words":["

version","symantec endpoint protection manager
web access
"],"case-insensitive":true}]}]},{"id":"nsfocus-vpn","info":{"name":"nsfocus-vpn","author":"cn-kali-team","tags":"detect,tech,nsfocus-vpn","severity":"info","metadata":{"product":"nsfocus-vpn","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/logo_login_nsfocus.png"],"case-insensitive":true}]}]},{"id":"tomatocart","info":{"name":"tomatocart","author":"cn-kali-team","tags":"detect,tech,tomatocart","severity":"info","metadata":{"product":"tomatocart","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["content=\"tomatocart open source shopping cart solutions\" />","powered by tomatocart"],"case-insensitive":true}]}]},{"id":"carizen-rainmail","info":{"name":"carizen-rainmail","author":"cn-kali-team","tags":"detect,tech,carizen-rainmail","severity":"info","metadata":{"product":"carizen-rainmail","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":[".: rainmail intranet login :.
","href=\"/resources/rainmailvpninstaller.exe"],"condition":"and","case-insensitive":true}]}]},{"id":"intelligent-cloud","info":{"name":"intelligent-cloud","author":"cn-kali-team","tags":"detect,tech,intelligent-cloud","severity":"info","metadata":{"product":"intelligent-cloud","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["handlexpapplycontact"],"case-insensitive":true}]}]},{"id":"cnrdm-product","info":{"name":"cnrdm-product","author":"cn-kali-team","tags":"detect,tech,cnrdm-product","severity":"info","metadata":{"product":"cnrdm-product","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["登录青铜器rdm
"],"case-insensitive":true}]}]},{"id":"vmware-server-2","info":{"name":"vmware-server-2","author":"cn-kali-team","tags":"detect,tech,vmware-server-2","severity":"info","metadata":{"product":"vmware-server-2","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["content=\"vmware server is virtual"],"case-insensitive":true}]}]},{"id":"ioa","info":{"name":"ioa","author":"cn-kali-team","tags":"detect,tech,ioa","severity":"info","metadata":{"product":"ioa","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["爱办公app","id=\"foot_version\">厦门容能科技有限公司"],"case-insensitive":true}]}]},{"id":"jeecgboot","info":{"name":"jeecgboot","author":"cn-kali-team","tags":"detect,tech,jeecgboot","severity":"info","metadata":{"product":"jeecgboot","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["color: #222222;","lang=zh-cmn-hans","loader-"],"condition":"and","case-insensitive":true},{"type":"word","words":["jeecgboot","polyfill_"],"condition":"and","case-insensitive":true},{"type":"favicon","hash":["dc7a0b69060a0262530b47b46ba7f9b6"]},{"type":"word","words":["onlinepreviewdomainurl'] = 'http://fileview.jeecg.com"],"case-insensitive":true}]}]},{"id":"qi-ming-xing-chen-tian-yue-wang-luo-an-quan-shen-ji","info":{"name":"启明星辰-天玥网络安全审计","author":"cn-kali-team","tags":"detect,tech,启明星辰-天玥网络安全审计","severity":"info","metadata":{"product":"启明星辰-天玥网络安全审计","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["天玥网络安全审计"],"case-insensitive":true}]}]},{"id":"haitian-oa","info":{"name":"haitian-oa","author":"cn-kali-team","tags":"detect,tech,haitian-oa","severity":"info","metadata":{"product":"haitian-oa","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["htvos.js","images/myjs.js","mshtml 8.00.6001.19298"],"case-insensitive":true}]}]},{"id":"php168cms","info":{"name":"php168cms","author":"cn-kali-team","tags":"detect,tech,php168cms","severity":"info","metadata":{"product":"php168cms","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["var system = 'cms"],"case-insensitive":true}]}]},{"id":"netscout-ngeniusone","info":{"name":"netscout-ngeniusone","author":"cn-kali-team","tags":"detect,tech,netscout-ngeniusone","severity":"info","metadata":{"product":"netscout-ngeniusone","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["var newpath = \"/common/ngeniusdirect.jsp"],"case-insensitive":true}]}]},{"id":"emerson-permasense","info":{"name":"emerson-permasense","author":"cn-kali-team","tags":"detect,tech,emerson-permasense","severity":"info","metadata":{"product":"emerson-permasense","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["href=\"/permasense/app/webroot/flot/css/layout.print.ie.css"],"case-insensitive":true}]}]},{"id":"informatics-cms","info":{"name":"informatics-cms","author":"cn-kali-team","tags":"detect,tech,informatics-cms","severity":"info","metadata":{"product":"informatics-cms","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["content=\"informatics"],"case-insensitive":true}]}]},{"id":"metaswitch-networks-metaview-web","info":{"name":"metaswitch-networks-metaview-web","author":"cn-kali-team","tags":"detect,tech,metaswitch-networks-metaview-web","severity":"info","metadata":{"product":"metaswitch-networks-metaview-web","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["content='dcl.metaview.web.client'","src=\"dcl.metaview.web.client.nocache.js\">"],"case-insensitive":true}]}]},{"id":"dfe-scada","info":{"name":"dfe-scada","author":"cn-kali-team","tags":"detect,tech,dfe-scada","severity":"info","metadata":{"product":"dfe-scada","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["536870912"],"case-insensitive":true}]}]},{"id":"nsfocus-xia-yi-dai-fang-huo-qiang","info":{"name":"nsfocus-下一代防火墙","author":"cn-kali-team","tags":"detect,tech,nsfocus-下一代防火墙","severity":"info","metadata":{"product":"nsfocus-下一代防火墙","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/login_logo_nf_zh_cn.png","nsfocus nf"],"condition":"and","case-insensitive":true}]}]},{"id":"he-fei-yi-yong-xin-xi-ke-ji-you-xian-gong-sicrm-xi-tong","info":{"name":"合肥易用信息科技有限公司crm系统","author":"cn-kali-team","tags":"detect,tech,合肥易用信息科技有限公司crm系统","severity":"info","metadata":{"product":"合肥易用信息科技有限公司crm系统","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"favicon","hash":["2e7ead236832180553dab45ba77db6b7"]}]}]},{"id":"finereport","info":{"name":"finereport","author":"cn-kali-team","tags":"detect,tech,finereport","severity":"info","metadata":{"product":"finereport","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["=fs","reportserver"],"condition":"and","case-insensitive":true},{"type":"word","words":["finereport/decision","content=\"finereport--web reporting tool\""],"case-insensitive":true}]}]},{"id":"pmway-e5","info":{"name":"pmway-e5","author":"cn-kali-team","tags":"detect,tech,pmway-e5","severity":"info","metadata":{"product":"pmway-e5","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["tip_browsertoolow:\"您当前使用的浏览器版本或模式太低,鹏为e5为了您更好的体验,请升级您的ie版本至8.0或以上。\""],"case-insensitive":true}]}]},{"id":"oracle-commerce-cloud","info":{"name":"oracle-commerce-cloud","author":"cn-kali-team","tags":"detect,tech,oracle-commerce-cloud","severity":"info","metadata":{"product":"oracle-commerce-cloud","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["id=\"oracle-cc"],"case-insensitive":true}]}]},{"id":"microsoft-silverlight","info":{"name":"microsoft-silverlight","author":"cn-kali-team","tags":"detect,tech,microsoft-silverlight","severity":"info","metadata":{"product":"microsoft-silverlight","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["get microsoft silverlight"],"case-insensitive":true}]}]},{"id":"ziguanghuayu-attendance-management-system","info":{"name":"ziguanghuayu-attendance-management-system","author":"cn-kali-team","tags":"detect,tech,ziguanghuayu-attendance-management-system","severity":"info","metadata":{"product":"ziguanghuayu-attendance-management-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["广州紫光华宇信息技术有限公司"],"case-insensitive":true}]}]},{"id":"hanwei-integrated-business-platform","info":{"name":"hanwei-integrated-business-platform","author":"cn-kali-team","tags":"detect,tech,hanwei-integrated-business-platform","severity":"info","metadata":{"product":"hanwei-integrated-business-platform","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["id=\"loginpwdcontiner\"","window.location.href=\"/源头数据资源管理/default/default.aspx\""],"condition":"and","case-insensitive":true},{"type":"word","words":["content=\"microsoft visual studio .net 7.1\"","directlink = \"programstartup.application\"","onclick=\"window.navigate(this.fname);enablesetup();\"","东营汉威石油技术开发有限公司","系统需要.net框架2.0,请点击安装!"],"case-insensitive":true}]}]},{"id":"uniview-vm50","info":{"name":"uniview-vm50","author":"cn-kali-team","tags":"detect,tech,uniview-vm50","severity":"info","metadata":{"product":"uniview-vm50","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["vm5.0"],"case-insensitive":true}]}]},{"id":"freenas","info":{"name":"freenas","author":"cn-kali-team","tags":"detect,tech,freenas","severity":"info","metadata":{"product":"freenas","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/images/ui/freenas-logo.png","title=\"welcome to freenas"],"case-insensitive":true}]}]},{"id":"vmedia-multimedia-publishing-platform","info":{"name":"vmedia-multimedia-publishing-platform","author":"cn-kali-team","tags":"detect,tech,vmedia-multimedia-publishing-platform","severity":"info","metadata":{"product":"vmedia-multimedia-publishing-platform","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["class=\"video_00\"","function toggle(targetid)"],"case-insensitive":true}]}]},{"id":"thinksns","info":{"name":"thinksns","author":"cn-kali-team","tags":"detect,tech,thinksns","severity":"info","metadata":{"product":"thinksns","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["_static/image/favicon.ico","powered by "],"case-insensitive":true}]}]},{"id":"cdr-stats","info":{"name":"cdr-stats","author":"cn-kali-team","tags":"detect,tech,cdr-stats","severity":"info","metadata":{"product":"cdr-stats","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/static/cdr-stats/js/jquery"],"case-insensitive":true}]}]},{"id":"he-zheng-ruan-jian--wang-zhan-qun-nei-rong-guan-li-xi-tong-hzcms","info":{"name":"合正软件-网站群内容管理系统-hzcms","author":"cn-kali-team","tags":"detect,tech","severity":"info","metadata":{"product":"合正软件-网站群内容管理系统-hzcms","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["produced by cms 网站群内容管理系统"],"case-insensitive":true}]}]},{"id":"preamsolutions-inspection-and-modification-information-platform","info":{"name":"preamsolutions-inspection-and-modification-information-platform","author":"cn-kali-team","tags":"detect,tech,preamsolutions-inspection-and-modification-information-platform","severity":"info","metadata":{"product":"preamsolutions-inspection-and-modification-information-platform","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["action=\"/gqjx/loginmgr.do?method=dologin"],"case-insensitive":true}]}]},{"id":"yiyu-opms","info":{"name":"yiyu-opms","author":"cn-kali-team","tags":"detect,tech,yiyu-opms","severity":"info","metadata":{"product":"yiyu-opms","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["opms","opms管理系统,织蝶-企业应用系统为您的企业保驾护航"],"condition":"and","case-insensitive":true}]}]},{"id":"argosoft-mail-server","info":{"name":"argosoft-mail-server","author":"cn-kali-team","tags":"detect,tech,argosoft-mail-server","severity":"info","metadata":{"product":"argosoft-mail-server","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["argosoft mail server plus for"],"case-insensitive":true}]}]},{"id":"ovirt-virtualization","info":{"name":"ovirt-virtualization","author":"cn-kali-team","tags":"detect,tech,ovirt-virtualization","severity":"info","metadata":{"product":"ovirt-virtualization","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":[""],"case-insensitive":true}]}]},{"id":"mini-httpd","info":{"name":"mini-httpd","author":"cn-kali-team","tags":"detect,tech,mini-httpd","severity":"info","metadata":{"product":"mini-httpd","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["server: mini_httpd"],"part":"header","case-insensitive":true}]}]},{"id":"novell-zenworks","info":{"name":"novell-zenworks","author":"cn-kali-team","tags":"detect,tech,novell-zenworks","severity":"info","metadata":{"product":"novell-zenworks","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/zenworks/js/dojo","managementzonename"],"case-insensitive":true}]}]},{"id":"barracuda-ssl-vpn","info":{"name":"barracuda-ssl-vpn","author":"cn-kali-team","tags":"detect,tech,barracuda-ssl-vpn","severity":"info","metadata":{"product":"barracuda-ssl-vpn","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["barracuda ssl vpn"],"case-insensitive":true}]}]},{"id":"eisoo-anyshare","info":{"name":"eisoo-anyshare","author":"cn-kali-team","tags":"detect,tech,eisoo-anyshare","severity":"info","metadata":{"product":"eisoo-anyshare","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["res/libs/webuploader/webuploader.css","src=\"/res/libs/base64.min.js\""],"case-insensitive":true}]}]},{"id":"yuneasy-ipcalling","info":{"name":"yuneasy-ipcalling","author":"cn-kali-team","tags":"detect,tech,yuneasy-ipcalling","severity":"info","metadata":{"product":"yuneasy-ipcalling","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["云翌ip呼叫中心"],"case-insensitive":true}]}]},{"id":"kasmvnc","info":{"name":"kasmvnc","author":"cn-kali-team","tags":"detect,tech,kasmvnc","severity":"info","metadata":{"product":"kasmvnc","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"favicon","hash":["-360184491"]}]}]},{"id":"vrv-nac","info":{"name":"vrv-nac","author":"cn-kali-team","tags":"detect,tech,vrv-nac","severity":"info","metadata":{"product":"vrv-nac","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["localstorage.setitem('doctitle','北信源网络接入控制系统')","欢迎登录北信源网络接入控制系统"],"condition":"and","case-insensitive":true},{"type":"word","words":["id=\"modal_delay\""],"case-insensitive":true}]}]},{"id":"web-data-administrator","info":{"name":"web-data-administrator","author":"cn-kali-team","tags":"detect,tech,web-data-administrator","severity":"info","metadata":{"product":"web-data-administrator","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["
laysns","title=\"laysns\""],"case-insensitive":true}]}]},{"id":"windows-business-server","info":{"name":"windows-business-server","author":"cn-kali-team","tags":"detect,tech,windows-business-server","severity":"info","metadata":{"product":"windows-business-server","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["href=\"/remote\">remote web workplace","src=\"images/sbslogo.gif"],"case-insensitive":true}]}]},{"id":"hw99-checking","info":{"name":"hw99-checking","author":"cn-kali-team","tags":"detect,tech,hw99-checking","severity":"info","metadata":{"product":"hw99-checking","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/hwface/script/logincheck.js"],"case-insensitive":true}]}]},{"id":"av-arcade","info":{"name":"av-arcade","author":"cn-kali-team","tags":"detect,tech,av-arcade","severity":"info","metadata":{"product":"av-arcade","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["powered by

"],"case-insensitive":true}]}]},{"id":"ren-zi-xing-surfnx-an-quan-wang-guan","info":{"name":"任子行-surfnx安全网关","author":"cn-kali-team","tags":"detect,tech,任子行-surfnx安全网关","severity":"info","metadata":{"product":"任子行-surfnx安全网关","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["lib/templates/surfilter/images/logo_big.png","安全网关"],"condition":"and","case-insensitive":true}]}]},{"id":"qi-an-xin-qi-ye-an-quan-bu-shu","info":{"name":"奇安信-企业安全部署","author":"cn-kali-team","tags":"detect,tech,奇安信-企业安全部署","severity":"info","metadata":{"product":"奇安信-企业安全部署","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["360企业安全部署"],"case-insensitive":true}]}]},{"id":"pg-roomate-finder-solution","info":{"name":"pg-roomate-finder-solution","author":"cn-kali-team","tags":"detect,tech,pg-roomate-finder-solution","severity":"info","metadata":{"product":"pg-roomate-finder-solution","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["powered by ","action=\"/cgi-bin/luci\">","href=\"/cgi-bin/luci\">","luci - lua configuration interface","powered by luci"],"case-insensitive":true}]}]},{"id":"huawei-vpn","info":{"name":"huawei-vpn","author":"cn-kali-team","tags":"detect,tech,huawei-vpn","severity":"info","metadata":{"product":"huawei-vpn","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["oncompleted(hresult,perrorobject, pasynccontext)"],"case-insensitive":true}]}]},{"id":"fe-oa","info":{"name":"fe-oa","author":"cn-kali-team","tags":"detect,tech,fe-oa","severity":"info","metadata":{"product":"fe-oa","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["js39/flyrise.stopbackspace.js"],"case-insensitive":true}]}]},{"id":"cgiproxy","info":{"name":"cgiproxy","author":"cn-kali-team","tags":"detect,tech,cgiproxy","severity":"info","metadata":{"product":"cgiproxy","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["","content=\"北京国信冠群技术有限公司,国信冠群,邮件","href=\"http://www.docmail.cn/android/app/docmail.apk"],"case-insensitive":true}]}]},{"id":"hostbill","info":{"name":"hostbill","author":"cn-kali-team","tags":"detect,tech,hostbill","severity":"info","metadata":{"product":"hostbill","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["hostbill","powered by (查看帝国备份王说明文档)","powered by empirebak"],"case-insensitive":true}]}]},{"id":"ren-zi-xing-net110-wang-luo-an-quan-shen-ji-xi-tong","info":{"name":"任子行-net110网络安全审计系统","author":"cn-kali-team","tags":"detect,tech,任子行-net110网络安全审计系统","severity":"info","metadata":{"product":"任子行-net110网络安全审计系统","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["net110网络安全审计系统","simplemodal.1.4.1.min.js"],"condition":"and","case-insensitive":true}]}]},{"id":"ibm-hmc","info":{"name":"ibm-hmc","author":"cn-kali-team","tags":"detect,tech,ibm-hmc","severity":"info","metadata":{"product":"ibm-hmc","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":[""],"case-insensitive":true}]}]},{"id":"kaijiang-oa","info":{"name":"kaijiang-oa","author":"cn-kali-team","tags":"detect,tech,kaijiang-oa","severity":"info","metadata":{"product":"kaijiang-oa","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["src=\"/kjoa/sheep/login/login.js"],"case-insensitive":true}]}]},{"id":"bit-service","info":{"name":"bit-service","author":"cn-kali-team","tags":"detect,tech,bit-service","severity":"info","metadata":{"product":"bit-service","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["bit-xxzs","xmlpzs/webissue.asp"],"condition":"and","case-insensitive":true}]}]},{"id":"shopnc","info":{"name":"shopnc","author":"cn-kali-team","tags":"detect,tech,shopnc","severity":"info","metadata":{"product":"shopnc","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["content=\"shopnc","copyright 2007-2014 shopnc inc","powered by shopnc"],"case-insensitive":true}]}]},{"id":"mylittleforum","info":{"name":"mylittleforum","author":"cn-kali-team","tags":"detect,tech,mylittleforum","severity":"info","metadata":{"product":"mylittleforum","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["index.php?mode=js_defaults","powered by my little forum"],"case-insensitive":true}]}]},{"id":"tamronos-iptv-xi-tong","info":{"name":"tamronos iptv系统","author":"cn-kali-team","tags":"detect,tech","severity":"info","metadata":{"product":"tamronos iptv系统","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["// 您安装tamronos的硬件系统无法满足系统的基本需求条件,继续运行可能会 造成系统无法正常运行","tamronos iptv系统"],"case-insensitive":true}]}]},{"id":"pg-real-estate-solution","info":{"name":"pg-real-estate-solution","author":"cn-kali-team","tags":"detect,tech,pg-real-estate-solution","severity":"info","metadata":{"product":"pg-real-estate-solution","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":[">pg real estate solution - real estate web site design"],"case-insensitive":true}]}]},{"id":"bh-bh5000c","info":{"name":"bh-bh5000c","author":"cn-kali-team","tags":"detect,tech,bh-bh5000c","severity":"info","metadata":{"product":"bh-bh5000c","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["bhclientcer:\"/modules/web/common/data/bhclient.cer"],"case-insensitive":true}]}]},{"id":"ruvarhrm","info":{"name":"ruvarhrm","author":"cn-kali-team","tags":"detect,tech,ruvarhrm","severity":"info","metadata":{"product":"ruvarhrm","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["src=\"/ruvarhrm/web_login/login.aspx"],"case-insensitive":true}]}]},{"id":"gate-one","info":{"name":"gate-one","author":"cn-kali-team","tags":"detect,tech,gate-one","severity":"info","metadata":{"product":"gate-one","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["
","gateone.css","gateone.js"],"condition":"and","case-insensitive":true},{"type":"word","words":["server: gateone"],"part":"header","case-insensitive":true}]}]},{"id":"http-ji-ben-ren-zheng","info":{"name":"http基本认证","author":"cn-kali-team","tags":"detect,tech,http基本认证","severity":"info","metadata":{"product":"http基本认证","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["unauthorized"],"case-insensitive":true},{"type":"word","words":["www-authenticate: basic realm=\"default\""],"part":"header","case-insensitive":true}]}]},{"id":"salien-software-system","info":{"name":"salien-software-system","author":"cn-kali-team","tags":"detect,tech,salien-software-system","severity":"info","metadata":{"product":"salien-software-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["href=\"images/login/msn/favicon.ico\"","北京市时林电脑公司"],"case-insensitive":true}]}]},{"id":"zhi-yuan-g6-n-duo-zu-zhi-ban","info":{"name":"致远g6-n多组织版","author":"cn-kali-team","tags":"detect,tech","severity":"info","metadata":{"product":"致远g6-n多组织版","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/seeyon/common/images/g6n/favicon.ico"],"case-insensitive":true}]}]},{"id":"glpi","info":{"name":"glpi","author":"cn-kali-team","tags":"detect,tech,glpi","severity":"info","metadata":{"product":"glpi","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"favicon","hash":["c9339a2ecde0980f40ba22c2d237b94b"]}]}]},{"id":"runda-supervisory-platform","info":{"name":"runda-supervisory-platform","author":"cn-kali-team","tags":"detect,tech,runda-supervisory-platform","severity":"info","metadata":{"product":"runda-supervisory-platform","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["class=\"log_rbox\""],"case-insensitive":true}]}]},{"id":"ruijie-smart-web","info":{"name":"ruijie-smart-web","author":"cn-kali-team","tags":"detect,tech,ruijie-smart-web","severity":"info","metadata":{"product":"ruijie-smart-web","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["锐捷交换机"],"case-insensitive":true}]}]},{"id":"360-tianqing","info":{"name":"360-tianqing","author":"cn-kali-team","tags":"detect,tech,360-tianqing","severity":"info","metadata":{"product":"360-tianqing","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/task/index/detail?id={item.id}","appid\":\"skylar6","已过期或者未授权,购买请联系4008-136-360"],"case-insensitive":true}]}]},{"id":"fan-ruan-bao-biao","info":{"name":"帆软报表","author":"cn-kali-team","tags":"detect,tech","severity":"info","metadata":{"product":"帆软报表","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["=fs","reportserver"],"condition":"and","case-insensitive":true},{"type":"word","words":["content=\"finereport--web reporting tool\"","finereport/decision"],"case-insensitive":true}]}]},{"id":"zonghousc-system","info":{"name":"zonghousc-system","author":"cn-kali-team","tags":"detect,tech,zonghousc-system","severity":"info","metadata":{"product":"zonghousc-system","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["data-errormessage-value-missing=\"* 请录入用户名","style/default/frui.css"],"case-insensitive":true}]}]},{"id":"sun-glassfish","info":{"name":"sun-glassfish","author":"cn-kali-team","tags":"detect,tech,sun-glassfish","severity":"info","metadata":{"product":"sun-glassfish","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["glassfish community","webui/jsf"],"condition":"and","case-insensitive":true}]}]},{"id":"vop","info":{"name":"vop","author":"cn-kali-team","tags":"detect,tech,vop","severity":"info","metadata":{"product":"vop","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["id=\"lgform\" action=\"/sso/login","vop"],"condition":"and","case-insensitive":true},{"type":"word","words":["lgdynacodebtn"],"case-insensitive":true}]}]},{"id":"netapp-data-ontap","info":{"name":"netapp-data-ontap","author":"cn-kali-team","tags":"detect,tech,netapp-data-ontap","severity":"info","metadata":{"product":"netapp-data-ontap","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["server: data ontap"],"part":"header","case-insensitive":true}]}]},{"id":"femr","info":{"name":"femr","author":"cn-kali-team","tags":"detect,tech,femr","severity":"info","metadata":{"product":"femr","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/res/images/login-bg-1.png","/res/vendor/bootstrap-3.3.5/css/bootstrap.min.css"],"case-insensitive":true}]}]},{"id":"ami-megarac-sp","info":{"name":"ami-megarac-sp","author":"cn-kali-team","tags":"detect,tech,ami-megarac-sp","severity":"info","metadata":{"product":"ami-megarac-sp","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["ami megarac sp"],"case-insensitive":true}]}]},{"id":"yun-shi-kong-she-hui-hua-shang-ye-erp-xi-tong","info":{"name":"云时空社会化商业erp系统","author":"cn-kali-team","tags":"detect,tech","severity":"info","metadata":{"product":"云时空社会化商业erp系统","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["set-cookie: emscm.session.id"],"part":"header","case-insensitive":true},{"type":"word","words":[" 云时空社会化商业erp系统"],"case-insensitive":true}]}]},{"id":"fidion-cms","info":{"name":"fidion-cms","author":"cn-kali-team","tags":"detect,tech,fidion-cms","severity":"info","metadata":{"product":"fidion-cms","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":[""],"case-insensitive":true}]}]},{"id":"cndatacom-smsp","info":{"name":"cndatacom-smsp","author":"cn-kali-team","tags":"detect,tech,cndatacom-smsp","severity":"info","metadata":{"product":"cndatacom-smsp","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/smrc/resources/default/"],"case-insensitive":true}]}]},{"id":"eqmail","info":{"name":"eqmail","author":"cn-kali-team","tags":"detect,tech,eqmail","severity":"info","metadata":{"product":"eqmail","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["系统运行环境"],"case-insensitive":true}]}]},{"id":"whfst-cms","info":{"name":"whfst-cms","author":"cn-kali-team","tags":"detect,tech,whfst-cms","severity":"info","metadata":{"product":"whfst-cms","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["武汉富思特"],"case-insensitive":true}]}]},{"id":"cnway-ilims","info":{"name":"cnway-ilims","author":"cn-kali-team","tags":"detect,tech,cnway-ilims","severity":"info","metadata":{"product":"cnway-ilims","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["/js/allpagefunction.js","src=\"/extjs/adapter/ext/ext-base-js"],"case-insensitive":true}]}]},{"id":"net2ftp","info":{"name":"net2ftp","author":"cn-kali-team","tags":"detect,tech,net2ftp","severity":"info","metadata":{"product":"net2ftp","vendor":"00_unknown","verified":false}},"http":[{"method":"GET","path":["{{BaseURL}}/"],"matchers":[{"type":"word","words":["