Lucene search
K

170250 matches found

CVE
CVE
added 2 days ago6 views

CVE-2026-56689

Dell PowerFlex Manager versions prior to 5.1.0.1 are affected by an SQL Injection vulnerability caused by improper neutralization of special elements in SQL commands. A low-privileged attacker with remote access could potentially cause information exposure. The available documents do not specify ...

7.7CVSS6.1AI score0.00215EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-42816

Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...

8.3CVSS6AI score0.00379EPSS
Exploits0References1
CVE
CVE
added 3 days ago21 views

CVE-2026-54003

Summary of CVE-2026-54003 (Kirby CMS) : Affected Kirby installations with no configured user accounts, running behind a reverse proxy that sets Forwarded, X-Client-IP, or X-Real-IP headers could allow remote attackers to install the Panel and create the first admin user. This occurs on releases p...

9.1CVSS6AI score0.00545EPSS
Exploits0References8
NVD
NVD
added 4 days ago8 views

CVE-2026-15154

A flaw was found in guardrails-detectors, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service ReDoS, allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking,...

6.5CVSS0.00204EPSS
Exploits0References2
CVE
CVE
added 4 days ago4 views

CVE-2026-53480

Dell PowerProtect Data Domain (versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70) contains a path traversal vulnerability due to an improper limitation of a pathname to a restricted directory. A high-privilege attacker with remote access could po...

2.7CVSS6AI score0.00263EPSS
Exploits0References1Affected Software1
Redos
Redos
added 4 days ago3 views

ROS-20260708-73-0048

The vulnerability in dovecot is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to cause service failures...

7.5CVSS6AI score0.00454EPSS
Exploits0
OSV
OSV
added 5 days ago4 views

PYSEC-2026-1798 Phone information disclosure vulnerability

Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request...

5.5CVSS6AI score0.00697EPSS
Exploits1References5
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41871

The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service conditio...

8.6CVSS6AI score0.00339EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-44937

Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the...

8.3CVSS6AI score0.00506EPSS
Exploits0References2Affected Software1
CVE
CVE
added 6 days ago16 views

CVE-2026-14808

CVE-2026-14808 concerns the Prog Management System from PROG MIS, with an exposed sensitive-information vulnerability. Unauthenticated remote attackers can access a specific page and obtain the database account and password, leading to high-impact confidentiality and integrity risks (CVSS ~9.3–9....

9.8CVSS6AI score0.00507EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/04 1:23 a.m.6 views

EUVD-2025-210413

picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.parameval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed undetected code in pickle files that executes during deserialization, enabling arbitrary cod...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:35 p.m.6 views

CVE-2026-58295

Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

8.3CVSS5.9AI score0.00372EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/03 2:13 p.m.40 views

CVE-2026-49814

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper Neutralization of Special Elements used in an OS Command 'OS...

7.2CVSS0.01216EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/07/03 1:39 p.m.74 views

ZeroShell <= 1.0beta11 Remote Code Execution

ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action. id: CVE-2009-0545 info: name: ZeroShell = 1.0beta11 Remote Code Execution author: geeknik severity: critica...

10CVSS6.2AI score0.90732EPSS
Exploits2References5
Cvelist
Cvelist
added 2026/07/03 1:16 p.m.36 views

CVE-2026-46465

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileg...

5.5CVSS0.00238EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55539

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain LTS2026 release versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain LTS2025 release versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data...

4.9CVSS6AI score0.00422EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55641

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A type confusion issue occurs when a resource is accessed using an incompatible type. This flaw allows an unauthorized attacker to bypass a security feature over a...

8.3CVSS6AI score0.00372EPSS
Exploits0References10
Nuclei
Nuclei
added 2026/07/02 9:36 a.m.39 views

Dolibarr <7.0.2 - Cross-Site Scripting

Dolibarr before 7.0.2 is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. id: CVE-2018-10095 info: name: Dolibarr 7.0.2 - Cross-Site Scripting author: pikpikcu severity: medium...

6.1CVSS6.7AI score0.86988EPSS
Exploits1References5
NVD
NVD
added 2026/07/01 11:16 p.m.9 views

CVE-2026-14408

Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00224EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 7:22 p.m.14 views

CVE-2026-58457

CVE-2026-58457 affects Shenzhen Aitemi M300 MT02 (Wi‑Fi Repeater). An unauthenticated OS command injection exists in the commuos web backend via the smacfilter_conf handler. Attackers can append semicolon-delimited payloads to the name, enable, or mac GET parameters, which are unsanitized and pas...

9.8CVSS6.1AI score0.01671EPSS
Exploits0References3
Rows per page
Query Builder