Lucene search
+L

1260734 matches found

CVE
CVE
added 39 minutes ago1 views

CVE-2026-63835

In the Linux kernel, the following vulnerability has been resolved: batman-adv: v: prevent OGM aggregation on disabled hardif When an interface gets disabled, the worker is correctly disabled by batadvhardifdisableinterface - ... - batadvvogmifacedisable. In this process, the skb aggrlist is also...

Exploits0References8
CVE
CVE
added 40 minutes ago1 views

CVE-2026-63799

In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Fix OOB clearbit when CID is MMCIDUNSET in fixup path In mmcidfixupcpustotasks, when rq-curr has the target mm and mmcid.active is set, the CID is checked with cidintransit before setting the transition bit. In per-C...

Exploits0References2
CVE
CVE
added 2 hours ago9 views

CVE-2026-53377

In the Linux kernel DRM/MSM driver, CVE-2026-53377 describes a fix for GPU recovery behavior. Previously, when there was no more work, the recover_worker could fail to trigger recovery and rely on the GPU sleeping and resuming later; if the GPU remained hung, timeouts could reoccur. The fix makes...

5.4AI score
Exploits0References3
CVE
CVE
added 2 hours ago5 views

CVE-2026-53375

The CVE affects the Linux kernel DRM AMDGPU VCE code path. The vulnerability involved partial address patches where only one of lo/hi was valid, risking a bad address being written to the firmware (FW). The issue has been resolved upstream by applying a patch that prevents partial address writes,...

5.4AI score
Exploits0References6
CVE
CVE
added 4 hours ago7 views

CVE-2026-16225

Technical details are not publicly available in the provided documents. Monitor for updates.

6.5CVSS6.2AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added 4 hours ago3 views

CVE-2026-16224

A vulnerability was identified in jxxghp MoviePilot up to 2.13.5. The affected element is an unknown function of the file /jxxghp/MoviePilot of the component Application API. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The identifier of the pat...

5.3CVSS4.7AI score
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 6 hours ago2 views

CVE-2026-16218

A vulnerability was detected in hunvreus devpush up to 0.4.6. Affected by this issue is the function resetstorage of the file app/workers/tasks/storage.py of the component Storage Reset Failure Handler. The manipulation results in improper check or handling of exceptional conditions. A high...

2.6CVSS4AI score
Exploits0References7Affected Software1
CVE
CVE
added 6 hours ago10 views

CVE-2026-16218

Technical details for CVE-2026-16218 are not publicly available in the provided documents; no affected versions, root cause specifics, or remediation are disclosed here. Monitor for updates.

2.6CVSS4AI score
Exploits0References6
NVD
NVD
added 7 hours ago6 views

CVE-2026-16212

A vulnerability was identified in awesto django-shop up to 1.2.4. Affected is an unknown function of the file shop/models/inventory.py of the component Purchase Stock Handler. The manipulation leads to race condition. The attack is possible to be carried out remotely. The attack is considered to...

4.2CVSS
Exploits0References6
NVD
NVD
added 8 hours ago9 views

CVE-2026-16211

A vulnerability was determined in allegro up to bcf65b994ef29fb3fc2e10b660e6288723d5209e. This impacts the function AssetLastHostname.incrementhostname of the file src/ralph/assets/models/assets.py of the component Hostname Allocation Handler. Executing a manipulation of the argument counter can...

2.6CVSS
Exploits0References5
NVD
NVD
added 8 hours ago8 views

CVE-2026-16210

A vulnerability was found in newpanjing simpleui 2026.01.13. This affects the function self.getaction of the file simpleui/admin.py of the component AjaxAdmin AJAX Endpoint. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. The exploit has...

7.5CVSS
Exploits0References6
CVE
CVE
added 8 hours ago7 views

CVE-2026-16214

CVE-2026-16214 affects geex-arts django-jet up to version 1.0.8, specifically the Dashboard Module’s jet/dashboard/views.py component. The documentation reports an authorization bypass vulnerability caused by manipulation of an unknown function, with remote exploitation possible and a publicly av...

6.5CVSS6.2AI score
Exploits0References6
Nuclei
Nuclei
added 8 hours ago3 views

Balbooa Forms < 2.4.1 - Unauthenticated Arbitrary File Upload

Joomla Balbooa Forms contains an unrestricted file upload vulnerability caused by lack of authentication checks, letting unauthenticated attackers upload executable files and achieve remote code execution. id: CVE-2026-56291 info: name: Balbooa Forms 2.4.1 - Unauthenticated Arbitrary File Upload...

10CVSS6AI score0.00836EPSS
Exploits6References2
Nuclei
Nuclei
added 8 hours ago14 views

Windmill/Nextcloud Flow < 1.603.3 - Unauthenticated Path Traversal

Windmill 1.603.3 contains a path traversal caused by unsanitized filename parameter in getlogfile endpoint, letting unauthenticated attackers read arbitrary files on the server, exploit requires no authentication. id: CVE-2026-29059 info: name: Windmill/Nextcloud Flow 1.603.3 - Unauthenticated Pa...

7.5CVSS7.7AI score0.02584EPSS
Exploits0References3
OSV
OSV
added 8 hours ago4 views

OESA-2026-3025 libnfs security update

Package contains a library of functions for accessing NFSv2 and NFSv3 servers from user space. It provides a low-level,asynchronous RPC library for accessing NFS protocols, an asynchronous library with POSIX-like VFS functions,and a synchronous library with POSIX-like VFS functions. Security Fixe...

7.1CVSS5.3AI score0.00192EPSS
Exploits0References2
OSV
OSV
added 8 hours ago2 views

OESA-2026-3024 libnfs security update

Package contains a library of functions for accessing NFSv2 and NFSv3 servers from user space. It provides a low-level,asynchronous RPC library for accessing NFS protocols, an asynchronous library with POSIX-like VFS functions,and a synchronous library with POSIX-like VFS functions. Security Fixe...

7.1CVSS5.3AI score0.00192EPSS
Exploits0References2
OSV
OSV
added 8 hours ago2 views

OESA-2026-3023 libnfs security update

Package contains a library of functions for accessing NFSv2 and NFSv3 servers from user space. It provides a low-level,asynchronous RPC library for accessing NFS protocols, an asynchronous library with POSIX-like VFS functions,and a synchronous library with POSIX-like VFS functions. Security Fixe...

7.1CVSS5.3AI score0.00192EPSS
Exploits0References2
Cvelist
Cvelist
added 9 hours ago10 views

CVE-2026-16211 allegro Hostname Allocation assets.py AssetLastHostname.increment_hostname race condition

A vulnerability was determined in allegro up to bcf65b994ef29fb3fc2e10b660e6288723d5209e. This impacts the function AssetLastHostname.incrementhostname of the file src/ralph/assets/models/assets.py of the component Hostname Allocation Handler. Executing a manipulation of the argument counter can...

2.6CVSS
Exploits0References5
Cvelist
Cvelist
added 9 hours ago11 views

CVE-2026-16210 newpanjing simpleui AjaxAdmin AJAX Endpoint admin.py self.get_action missing authentication

A vulnerability was found in newpanjing simpleui 2026.01.13. This affects the function self.getaction of the file simpleui/admin.py of the component AjaxAdmin AJAX Endpoint. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. The exploit has...

7.5CVSS
Exploits0References6
Nuclei
Nuclei
added 9 hours ago43 views

ProfilePress < 3.1.11 - Cross-Site Scripting

The ProfilePress plugin for WordPress before 3.1.11 is vulnerable to unauthenticated reflected cross-site scripting XSS via the tabbed login/register widget due to improper escaping of user input. Attackers can inject arbitrary JavaScript via the tabbed-login-name parameter. id: CVE-2021-24522...

6.1CVSS6AI score0.01552EPSS
Exploits2References3
Rows per page
Query Builder