Lucene search
K

10155 matches found

Debian CVE
Debian CVE
added 2026/04/30 5:36 a.m.6 views

CVE-2026-6530

DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS5.3AI score0.0016EPSS
Exploits1
Oracle linux
Oracle linux
added 2026/04/28 12:0 a.m.11 views

yggdrasil security update

0.4.8-4 - Bump release for rebuild...

7.5CVSS7.9AI score0.00728EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.4 views

CentOS 9 : sudo-1.9.17p2-4.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the sudo-1.9.17p2-4.el9 build changelog. - Privilege escalation due to failure in privilege drop calls CVE-2026-35535 Note that Nessus has not tested for this issue but has instead relied...

7.8CVSS5.4AI score0.00173EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/23 11:2 a.m.3 views

CVE-2025-62104 WordPress ACF Galerie 4 plugin <= 1.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACF Galerie 4: from n/a through 1.4.2...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/23 11:1 a.m.5 views

WordPress ACF Galerie 4 plugin <= 1.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin ACF Galerie 4 versions = 1.4.2...

4.3CVSS5.8AI score0.00198EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 11:36 p.m.5 views

CVE-2026-41130 Craft CMS has a host header injection leading to SSRF via resource-js endpoint

Craft CMS is a content management system CMS. In versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14, the resource-js endpoint in Craft CMS allows unauthenticated requests to proxy remote JavaScript resources. When trustedHosts is not explicitly restricted default...

7CVSS5.9AI score0.0026EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.5 views

Photon OS 4.0: Openssl PHSA-2026-4.0-0993

An update of the openssl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0993. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

9.8CVSS7.7AI score0.01059EPSS
Exploits0References7
CBLMariner
CBLMariner
added 2026/04/14 6:44 p.m.6 views

CVE-2025-67030 affecting package plexus-utils for versions less than 3.3.0-4

CVE-2025-67030 affecting package plexus-utils for versions less than 3.3.0-4. A patched version of the package is available...

8.8CVSS5.8AI score0.00663EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/13 9:59 p.m.8 views

Important: Red Hat Security Advisory: HawtIO 4.3.1 for Red Hat build of Apache Camel 4 Release and security update.

HawtIO 4.3.1 for Red Hat build of Apache Camel 4 GA Release is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product Security has rated this update ...

7.5CVSS5.8AI score0.01945EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2026/04/12 1:16 p.m.4 views

CVE-2019-25695

R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the...

8.6CVSS6.5AI score0.00191EPSS
Exploits0References4
CVE
CVE
added 2026/04/10 7:43 p.m.18 views

CVE-2026-40188

goshs is a Go-based SimpleHTTPServer. From 1.0.7 to before 2.0.0-beta.4, the SFTP rename logic sanitizes only the source path, not the destination, allowing writes outside the root directory of the SFTP. This could enable writing outside the intended sandbox. The issue is fixed in 2.0.0-beta.4 . ...

7.7CVSS5.8AI score0.00318EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.7 views

PT-2026-32005

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offline changes endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON content...

8.2CVSS5.9AI score0.00333EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/08 7:15 p.m.4 views

EUVD-2026-20484

CI4MS has stored XSS via Unescaped Blacklist Note in Admin User List...

4.8CVSS5.9AI score0.0023EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/08 7:15 p.m.5 views

EUVD-2026-20483

CI4MS has stored XSS via srcdoc attribute bypass in Google Maps iframe setting...

5.5CVSS5.9AI score0.00235EPSS
Exploits0References3
CBLMariner
CBLMariner
added 2026/04/06 11:43 p.m.6 views

CVE-2026-25645 affecting package python-requests for versions less than 2.31.0-4

CVE-2026-25645 affecting package python-requests for versions less than 2.31.0-4. A patched version of the package is available...

5.5CVSS6.1AI score0.00182EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/02 10:55 p.m.4 views

CVE-2026-34569

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog categories. An attacker can injec...

9.9CVSS5.7AI score0.00324EPSS
Exploits1References1
CVE
CVE
added 2026/04/02 4:8 p.m.11 views

CVE-2026-33950

SignalK server (signalk-server) is affected. Before version 2.24.0-beta.4, there is a privilege escalation via Admin Role Injection through /enableSecurity. An unauthenticated attacker can gain full Administrator access to the server, potentially modifying vessel routing data, server configuratio...

9.4CVSS5.8AI score0.00418EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/02 4:8 p.m.19 views

CVE-2026-33950 signalk-server: Privilege Escalation by Admin Role Injection via /enableSecurity

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time...

9.4CVSS0.00418EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/02 4:8 p.m.6 views

CVE-2026-33950

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time...

9.4CVSS5.8AI score0.00418EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/02 4:8 p.m.6 views

CVE-2026-33950 signalk-server: Privilege Escalation by Admin Role Injection via /enableSecurity

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time...

9.4CVSS5.9AI score0.00418EPSS
Exploits1References2
Rows per page
Query Builder