Lucene search
K

492 matches found

ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-54262

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed in...

4.3CVSS5.8AI score
Exploits0References2Affected Software1
NVD
NVD
added yesterday5 views

CVE-2026-53903

MCO is vulnerable to an Insecure Direct Object Reference IDOR vulnerability in the /customer/servlet/mco/webapi/trading-document/fetchPdfStatement endpoint. The application does not properly validate whether an authenticated user is authorized to access a requested document, allowing direct...

5.3CVSS
Exploits0References2
CVE
CVE
added 6 days ago7 views

CVE-2026-11779

Technical details about CVE-2026-11779 are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.8AI score0.00235EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52205

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 13.6 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description Incorrect authorization checks in the group packages feature allow an authenticated user with...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.5 views

Dell Wyse Management Suite < 2605 Multiple Vulnerabilities (DSA-2026-247)

The version of Dell Wyse Management Suite installed on the remote host is prior to 2605. It is, therefore, affected by multiple vulnerabilities, including: - Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command...

8.8CVSS5.9AI score0.00249EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.12 views

RHEL 9 : redis (RHSA-2026:28139)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28139 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...

8.8CVSS6.6AI score0.02995EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.18 views

PT-2026-51208

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description An authentication bypass exists in the SSO Debug Flow component. A remote attacker can manipulate the json.dumps function within the file litellm/proxy/management endpoints/ui sso.py, which...

7.5CVSS7.1AI score0.00508EPSS
Exploits1References13
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to perform out-of-bounds memory access via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.4AI score0.00529EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Qemu

A buffer overflow vulnerability was discovered in the ATI VGA device emulation provided by QEMU. This vulnerability occurs in the ati2dblt routine, during the handling of MMIO write operations, when the guest provides invalid values for the destination display parameters. A malicious guest could...

6.5CVSS6.8AI score0.00429EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in net-snmp

Net-SNMP provides various tools related to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable could lead to an out-of-bounds memory access. A user with read-write credentials could exploit this issue. Versio...

6.5CVSS6.5AI score0.01008EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 12:19 p.m.6 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

7.8CVSS5.4AI score0.00148EPSS
Exploits0References7
NVD
NVD
added 2026/06/15 9:16 p.m.6 views

CVE-2026-39518

Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...

7.1CVSS0.00278EPSS
Exploits0References1
Redos
Redos
added 2026/06/15 12:0 a.m.6 views

ROS-20260615-73-0021

The vulnerability of the xfAppUpdateWindowFromSurface function in the RDP client FreeRDP relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

9.8CVSS8.3AI score0.00587EPSS
Exploits1
EUVD
EUVD
added 2026/06/09 7:24 p.m.11 views

EUVD-2026-35804

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issu...

8.2CVSS5.6AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 11:16 a.m.10 views

CVE-2026-47352

Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46,...

5.3CVSS0.00238EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

Dell Inventory Collector Client 安全漏洞

Dell Inventory Collector Client is a terminal asset inventory tool developed by the American company Dell. Versions of Dell Inventory Collector Client prior to version 13.8.0 contained security vulnerabilities. These vulnerabilities were caused by improper link resolution before file access, whic...

6.3CVSS5.5AI score0.00085EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/07 5:8 a.m.9 views

CVE-2026-11191

An out of bounds memory access flaw was found in the ANGLE component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=503392431...

8.8CVSS5.4AI score0.00272EPSS
Exploits0References5
OSV
OSV
added 2026/06/05 4:28 p.m.5 views

GHSA-7P8G-6C6G-H9W7 praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The agent CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/agents/agentid gate access on requireworkspacememberworkspaceid only, then resolve agentid through AgentService.getagentid which is a primary-key lookup with no workspace...

8.3CVSS5.5AI score0.00043EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/02 10:2 p.m.10 views

CVE-2026-45632

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, update, run, or delete schedules belonging to other organizations if they know the scheduleId/serverId...

9.9CVSS6AI score0.00256EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

NamelessMC 安全漏洞

NamelessMC is a free, easy-to-use, and powerful website software developed by the NamelessMC team. It’s suitable for your Minecraft server and comes with numerous features. Version 2.2.4 of NamelessMC has a security vulnerability that stems from the lack of re-enforcing topic-level viewotherstopi...

5.3CVSS5.4AI score0.00235EPSS
Exploits0References1
Rows per page
Query Builder