Lucene search
+L

4930709 matches found

osv
osv
added tomorrow3 views

UBUNTU-CVE-2026-11386

An input validation and injection vulnerability exists in Canonical ubuntu-pro-client formerly ubuntu-advantage-tools. The client constructs APT source files such as /etc/apt/sources.list.d/ubuntu-.list or their DEB822 equivalents using data received directly from the contract server response via...

9CVSS6.4AI score
Exploits0References3
osv
osv
added tomorrow3 views

UBUNTU-CVE-2026-12391

An insecure symlink following vulnerability exists in Canonical ubuntu-pro-client formerly ubuntu-advantage-tools within the pro collect-logs command framework. The utility creates or utilizes predictable temporary file paths or user-accessible log directories when gathering diagnostic informatio...

5CVSS6.1AI score
Exploits0References3
osv
osv
added tomorrow4 views

UBUNTU-CVE-2026-9494

An information disclosure vulnerability exists in Canonical ubuntu-pro-client formerly ubuntu-advantage-tools. The client validates Ubuntu Pro APT credentials by executing /usr/lib/apt/apt-helper using the download-file command. During this process, the secret bearer token is embedded directly in...

5.5CVSS6.1AI score
Exploits0References3
cvelist
cvelist
added 5 minutes ago0 views

CVE-2026-62826 Microsoft SharePoint Server Spoofing Vulnerability

...

4.6CVSS
Exploits0References1
cvelist
cvelist
added 8 minutes ago0 views

CVE-2026-44180 Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids can be Bypassed

Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. Versions 2.0.0rc1 and above prior to 3.3.0 have a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 root, and...

9.8CVSS0.00106EPSS
Exploits0References2
cvelist
cvelist
added 10 minutes ago0 views

CVE-2026-58598 Windows Backup Service Elevation of Privilege Vulnerability

...

7CVSS
Exploits0References1
cvelist
cvelist
added 10 minutes ago0 views

CVE-2026-58643 Windows Admin Center Spoofing Vulnerability

...

6.1CVSS
Exploits0References1
cvelist
cvelist
added 11 minutes ago0 views

CVE-2026-59117 Windows Terminal Remote Code Execution Vulnerability

...

7.5CVSS
Exploits0References1
cvelist
cvelist
added 18 minutes ago0 views

CVE-2026-45368 Kirby: Cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend

Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, the underlying URL methods for the KirbyTags and image blocks components did not filter out malicious URL values that resolve to script execution. The vulnerability affects four first-party Kirby renderers th...

8.4CVSS0.00062EPSS
Exploits0References2
cvelist
cvelist
added 25 minutes ago0 views

CVE-2026-45334 Kirby: Content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions

Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, the content-locking feature returned lock information without checking the requesting user's access permissions. Kirby's Panel includes a content-locking feature that records which user currently has a model...

5.3CVSS0.00033EPSS
Exploits0References2
cvelist
cvelist
added 26 minutes ago0 views

CVE-2026-57077 YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newline_len

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newlinelen. In the bundled libsyck newlinelen and isnewline dereference the scan pointer, and the following byte for a "\r\n" pair, with no NUL-terminator or bounds check. During block-scalar...

Exploits0References3
cvelist
cvelist
added 27 minutes ago0 views

CVE-2026-57076 YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syck_hdlr_add_anchor

YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syckhdlraddanchor. In the bundled libsyck an anchor name allocated by syckstrndup is stored both as node-anchor, freed when the node is freed, and as the key in the parser's...

Exploits0References2
cvelist
cvelist
added 29 minutes ago0 views

CVE-2026-57075 YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syck_base64dec

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syckbase64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64xtable with a signed char, so any !!binary byte = 0x80 sign-extends to a negative index and...

Exploits0References2
cve
cve
added 32 minutes ago25 views

CVE-2026-44175 Kirby: Cross-site scripting (XSS) from list field content in the site frontend

Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, Kirby did not securely sanitize the contents of the list field on save, leaving it vulnerable to cross-site scripting XSS. Kirby's list field stores its formatted content as HTML, and unlike other field types...

8.5CVSS0.0004EPSS
Exploits0References2
cvelist
cvelist
added 32 minutes ago2 views

CVE-2026-44175 Kirby: Cross-site scripting (XSS) from list field content in the site frontend

Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, Kirby did not securely sanitize the contents of the list field on save, leaving it vulnerable to cross-site scripting XSS. Kirby's list field stores its formatted content as HTML, and unlike other field types...

8.5CVSS0.0004EPSS
Exploits0References2
cve
cve
added 33 minutes ago2 views

CVE-2026-13713 YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack

YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack. In the bundled libsyck, when an anchor name is redefined or removed, syckhdlraddanchor and syckhdlrremoveanchor free the node stored under that name with...

Exploits0References2
cvelist
cvelist
added 33 minutes ago3 views

CVE-2026-13713 YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack

YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack. In the bundled libsyck, when an anchor name is redefined or removed, syckhdlraddanchor and syckhdlrremoveanchor free the node stored under that name with...

Exploits0References2
githubexploit
githubexploit
added 36 minutes ago4 views

aurora-earn-poc

Aurora Earn PoC A TypeScript HTTP service that reads Kraken E...

Exploits0
cve
cve
added 38 minutes ago1 views

CVE-2026-14782 Booking for Appointments and Events Calendar – Amelia <= 2.4.3 - Authenticated (Custom+) SQL Injection via Customer Import

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to SQL Injection via the Customer Import in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer...

4.9CVSS
Exploits0References2
cvelist
cvelist
added 38 minutes ago2 views

CVE-2026-14782 Booking for Appointments and Events Calendar – Amelia <= 2.4.3 - Authenticated (Custom+) SQL Injection via Customer Import

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to SQL Injection via the Customer Import in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer...

4.9CVSS
Exploits0References2
Rows per page
Query Builder