2862513 matches found
IServ Schoolserver User Enumeration
IServ Schoolserver suffers from a user enumeration vulnerability. The vendor does not feel this is an issue...
CVE-2026-47870
VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious authenticated user with network access may be able to execute remote code. Affected versions: 32.1.1 fixed in 32.1.2 31.1.1 through 31.2.2 fixed in 31.2.2-2p3 30.1.1 through 30.2.6 fixed in 30.2.7 22.1.1 through...
CVE-2026-16082
A vulnerability was identified in Sipeed PicoClaw up to 0.2.9. The impacted element is the function ExecTool.executeRun of the file pkg/agent/pipelineexecute.go. The manipulation of the argument cwe leads to time-of-check time-of-use. The attack must be carried out locally. The exploit is publicl...
CVE-2026-16082 Sipeed PicoClaw pipeline_execute.go ExecTool.executeRun toctou
A vulnerability was identified in Sipeed PicoClaw up to 0.2.9. The impacted element is the function ExecTool.executeRun of the file pkg/agent/pipelineexecute.go. The manipulation of the argument cwe leads to time-of-check time-of-use. The attack must be carried out locally. The exploit is publicl...
CVE-2026-16081
A vulnerability was determined in Sipeed PicoClaw up to 0.2.9. The affected element is an unknown function of the file web/backend/api/auth.go. Executing a manipulation can lead to cross-site request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be...
CVE-2026-16076
A vulnerability has been found in AstrBotDevs AstrBot up to 4.25.5. This issue affects the function OpenApiRoute.chatsend of the file astrbot/dashboard/routes/openapi.py of the component API. Such manipulation of the argument Username leads to authentication bypass by spoofing. It is possible to...
CVE-2026-16075
A flaw has been found in AstrBotDevs AstrBot up to 4.25.5. This vulnerability affects the function OpenApiRoute.getchatsessions of the file astrbot/dashboard/routes/openapi.py of the component session-listing Endpoint. This manipulation of the argument Username causes authorization bypass. It is...
EUVD-2026-45353
A flaw has been found in AstrBotDevs AstrBot up to 4.25.5. This vulnerability affects the function OpenApiRoute.getchatsessions of the file astrbot/dashboard/routes/openapi.py of the component session-listing Endpoint. This manipulation of the argument Username causes authorization bypass. It is...
EUVD-2026-45344
Authentication bypass using an alternate path or channel in Microsoft Edge Chromium-based allows an unauthorized attacker to perform tampering over a network...
CVE-2026-56740
creationtimestamp| type| source ---|---|--- 2026-07-18 00:24:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mquytzuy6y2i 2026-07-18 05:00:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqviazwau42g...
CVE-2026-56741
creationtimestamp| type| source ---|---|--- 2026-07-18 00:19:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mquyl3hgcb2a 2026-07-18 05:00:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqvibaehij2c...
CVE-2026-49485
creationtimestamp| type| source ---|---|--- 2026-07-18 00:11:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mquy4oxscf2i 2026-07-18 05:00:54+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqvibgrkxm2g...
PT-2026-60919
A flaw has been found in AstrBotDevs AstrBot up to 4.25.5. This vulnerability affects the function OpenApiRoute.get chat sessions of the file astrbot/dashboard/routes/open api.py of the component session-listing Endpoint. This manipulation of the argument Username causes authorization bypass. It ...
The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.
The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
CVE-2026-13448
creationtimestamp| type| source ---|---|--- 2026-07-17 22:36:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mquss3f7uk2a 2026-07-18 05:13:26+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mqvixu56322t 2026-07-18 05:13:42+00:00| seen|...
CVE-2026-57980
CVE-2026-57980 refers to a vulnerability in Microsoft Edge (Chromium-based) where an authentication bypass via an alternate path or channel could allow an unauthenticated, network-based tampering by an attacker. The description and connected sources consistently describe this as a network-exposed...
DEBIAN-CVE-2026-9537
Mojo::JWT versions before 1.02 for Perl verify HMAC signatures with a non-constant-time string comparison. The decode method compares the supplied signature to the recomputed HMAC with Perl's eq operator, which stops at the first differing byte, so the comparison time varies with the number of...
DEBIAN-CVE-2026-13082
GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...
CVE-2026-54498
CVE-2026-54498 affects ViewComponent (Ruby on Rails) where ViewComponent::Base#around_render can return HTML-unsafe strings, bypassing normal escaping and causing XSS. The issue is amplified when ViewComponent::Collection#render_in joins per-item results and marks the whole output html_safe, conv...