Lucene search
K

1421 matches found

EUVD
EUVD
added 4 days ago5 views

EUVD-2026-40307

Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if the appliance is configured as a Gateway SSL VPN, ICA Proxy, CVPN, RDP Proxy or AAA virtual server...

8.8CVSS5.8AI score0.00486EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-40524 FrontAccounting < 2.4.20 SQL Injection via get_gl_transactions()

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...

8.1CVSS0.00276EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 8:39 a.m.5 views

EUVD-2026-39280

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: update file PMD counter before folioput splithugepmdlocked updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. If folioput drops the last reference, mmcounterfile can later read fre...

5.7AI score0.00138EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-52994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vsock/virtio: fix MSGZEROCOPY pinned-pages accounting virtiotransportinitzcopyskb uses iter-count as the size argument for msgzerocopyrealloc, which in turn...

5.8AI score0.00173EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 6:32 p.m.4 views

EUVD-2026-38862

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix MSGZEROCOPY pinned-pages accounting virtiotransportinitzcopyskb uses iter-count as the size argument for msgzerocopyrealloc, which in turn passes it to mmaccountpinnedpages for RLIMITMEMLOCK accounting. However,...

5.7AI score0.00173EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 5:17 p.m.5 views

CVE-2026-52983

In the Linux kernel, the following vulnerability has been resolved: net: airoha: fix BQL imbalance in TX path Fix a possible BQL imbalance in airohadevxmit, where inflight packets are accounted only for the AIROHANUMTXRING netdev TX queues. The queue index is computed as: qid =...

7.5CVSS0.00451EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:28 p.m.25 views

CVE-2026-52983 net: airoha: fix BQL imbalance in TX path

In the Linux kernel, the following vulnerability has been resolved: net: airoha: fix BQL imbalance in TX path Fix a possible BQL imbalance in airohadevxmit, where inflight packets are accounted only for the AIROHANUMTXRING netdev TX queues. The queue index is computed as: qid =...

7.5CVSS0.00451EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 4:28 p.m.6 views

CVE-2026-52983

The CVE-2026-52983 issue concerns the Linux kernel airoha network driver where inflight packets were counted only for the AIROHA_NUM_TX_RING TX queues in airoha_dev_xmit(), while airoha_qdma_tx_napi_poll() aggregated completions across all netdev TX queues (num_tx_queues). This mismatch creates a...

7.5CVSS5.7AI score0.00451EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:28 p.m.5 views

CVE-2026-52982

In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix use-after-free in rtl8150startxmit syzbot reported a KASAN slab-use-after-free read in rtl8150startxmit when accessing skb-len for tx statistics after usbsubmiturb has been called: BUG: KASAN:...

5.6AI score0.00543EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2026/06/24 8:16 a.m.5 views

UBUNTU-CVE-2026-52914

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly. That accounting currently allows the accumulated...

9.8CVSS5.6AI score0.00519EPSS
Exploits0References11
NVD
NVD
added 2026/06/24 7:16 a.m.10 views

CVE-2026-9175

The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. This is due to the getsingleaccount REST API callback being registered with a permissioncallback that unconditionally returns tru...

5.3CVSS0.00348EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 7:16 a.m.8 views

CVE-2026-9172

The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to unauthorized modification/deletion of data due to a missing capability check on the deletesingleaccount function in versions up to, and including, 1.2.0. The REST route...

5.3CVSS0.00227EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 7:14 a.m.9 views

CVE-2026-52914

In the Linux kernel, the batman-adv component is affected by CVE-2026-52914. The root cause is an accounting bug where the accumulated fragment length used for validating queued fragment chains can be truncated during updates. This allows malformed fragment chains to bypass validation and drive r...

9.8CVSS5.7AI score0.00519EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/06/24 7:14 a.m.4 views

CVE-2026-52914

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly. That accounting currently allows the accumulated...

9.8CVSS5.6AI score0.00519EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.34 views

CVE-2026-9172 Devs Accounting <= 1.2.0 - Missing Authorization to Unauthenticated Account Deletion via /delete-account/ REST Endpoint

The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to unauthorized modification/deletion of data due to a missing capability check on the deletesingleaccount function in versions up to, and including, 1.2.0. The REST route...

5.3CVSS0.00227EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 5:33 a.m.7 views

EUVD-2026-38677

The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to unauthorized modification/deletion of data due to a missing capability check on the deletesingleaccount function in versions up to, and including, 1.2.0. The REST route...

5.3CVSS6AI score0.00227EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 5:33 a.m.12 views

CVE-2026-9172

WordPress plugin Devs Accounting – Simple Accounting and Invoicing Solution (versions up to 1.2.0) is vulnerable to unauthorized modification/deletion of data due to a missing capability check in delete_single_account(), with the REST route devs-accounting/v1/delete-account/(?P\d+) registered wit...

5.3CVSS6AI score0.00227EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 5:33 a.m.10 views

EUVD-2026-38659

The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. This is due to the getsingleaccount REST API callback being registered with a permissioncallback that unconditionally returns tru...

5.3CVSS6AI score0.00348EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.31 views

CVE-2026-9175 Devs Accounting <= 1.2.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'id' Parameter

The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. This is due to the getsingleaccount REST API callback being registered with a permissioncallback that unconditionally returns tru...

5.3CVSS0.00348EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 5:33 a.m.6 views

CVE-2026-9175

The CVE concerns the WordPress plugin Devs Accounting – Simple Accounting and Invoicing Solution, affected versions up to 1.2.0. The root cause is a REST endpoint get-account in get_single_account() where the permission_callback unconditionally returns true, resulting in missing authorization for...

5.3CVSS6AI score0.00348EPSS
Exploits0References3
Rows per page
Query Builder