Overview
- zed-industries
- zed
25 Feb 2026
Published
26 Feb 2026
Updated
CVSS v3.1
HIGH (7.4)
EPSS
0.03%
KEV
Description
Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exists in its extension archive extraction functionality prior to version 0.224.4. The `extract_zip()` function in `crates/util/src/archive.rs` fails to validate ZIP entry filenames for path traversal sequences (e.g., `../`). This allows a malicious extension to write files outside its designated sandbox directory by downloading and extracting a crafted ZIP archive. Version 0.224.4 fixes the issue.
Statistics
- 1 Post
- 1 Interaction
Last activity: 11 hours ago
Overview
Description
Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)
Statistics
- 1 Post
- 1 Interaction
Last activity: 21 hours ago
Overview
- Red Hat
- Enterprise Linux 9
- OpenSSH
01 Jul 2024
Published
11 Dec 2025
Updated
CVSS
Pending
EPSS
33.18%
KEV
Description
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Statistics
- 1 Post
Last activity: 19 hours ago
Bluesky
Overview
- Oscommerce
- osCommerce
27 Feb 2026
Published
27 Feb 2026
Updated
CVSS v4.0
HIGH (8.8)
EPSS
0.06%
KEV
Description
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. Attackers can send GET requests to product_reviews_write.php with malicious reviews_id values using boolean-based SQL injection payloads to extract sensitive database information.
Statistics
- 1 Post
Last activity: 9 hours ago
Overview
- projectworlds
- Online Art Gallery Shop
02 Mar 2026
Published
02 Mar 2026
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.03%
KEV
Description
A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.php of the component Registration Handler. The manipulation of the argument fname results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Statistics
- 1 Post
Last activity: 15 hours ago
Overview
- Oscommerce
- osCommerce
27 Feb 2026
Published
27 Feb 2026
Updated
CVSS v4.0
HIGH (8.8)
EPSS
0.06%
KEV
Description
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. Attackers can modify the products_id value in product_info.php requests and append boolean-based SQL injection payloads to extract sensitive database information.
Statistics
- 1 Post
Last activity: 12 hours ago
Overview
- Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.
10 Feb 2026
Published
26 Feb 2026
Updated
CVSS v4.0
LOW (1.8)
EPSS
0.00%
KEV
Description
Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.
Statistics
- 1 Post
Last activity: 1 hour ago
Overview
Description
A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromqossetting of the file /goform/qossetting. Executing a manipulation of the argument qos can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
Statistics
- 1 Post
Last activity: 18 hours ago
Overview
Description
A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Performing a manipulation of the argument page results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
Statistics
- 1 Post
Last activity: 17 hours ago
Overview
- Chargemap
- chargemap.com
26 Feb 2026
Published
02 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.4)
EPSS
0.10%
KEV
Description
WebSocket endpoints lack proper authentication mechanisms, enabling
attackers to perform unauthorized station impersonation and manipulate
data sent to the backend. An unauthenticated attacker can connect to the
OCPP WebSocket endpoint using a known or discovered charging station
identifier, then issue or receive OCPP commands as a legitimate charger.
Given that no authentication is required, this can lead to privilege
escalation, unauthorized control of charging infrastructure, and
corruption of charging network data reported to the backend.
Statistics
- 1 Post
Last activity: 21 hours ago