Lucene search
K

14277 matches found

RedHat Linux
RedHat Linux
added 2026/06/22 2:32 a.m.6 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6.1AI score0.02995EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51314

Name of the Vulnerable Software and Affected Versions Mattermost version 11.7.0 Mattermost version 11.6.2 Mattermost version 11.5.5 Mattermost version 10.11.17 Description An issue exists where the system fails to validate channel ownership of an existing subscription before applying edits. This...

6.4CVSS5.8AI score0.00153EPSS
Exploits0References6
OSV
OSV
added 2026/06/19 9:16 p.m.6 views

GHSA-QRPV-Q767-XQQ2 Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow

Summary Insecure Direct Object Reference IDOR vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. Details The vulnerability exists in the getflowbyidorendpointname helper...

8.4CVSS6AI score0.00438EPSS
Exploits2References8
EUVD
EUVD
added 2026/06/19 5:45 p.m.5 views

EUVD-2019-20197

Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the dealid parameter. Attackers can send GET requests to index.php with option=comjoomcrm&view=contacts and inject SQL...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 5:35 p.m.5 views

EUVD-2019-20194

Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profilepic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and...

8.8CVSS6.4AI score0.0067EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 5:31 p.m.5 views

EUVD-2019-20193

Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and userid parameters. Attackers can send POST requests to the component with crafted SQL payloads in these...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Dbus

A issue was discovered in D-Bus before 1.12.24, 1.13.x, and 1.14.x, before 1.14.4, and 1.15.x, before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where the array length is inconsistent with the size of the element...

6.5CVSS6.7AI score0.0131EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.27 views

PT-2026-50985

Name of the Vulnerable Software and Affected Versions Joomla J-CruisePortal version 6.0.4 Description An SQL injection allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending POST requests to the "cruises" endpoint using crafted SQL...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.23 views

PT-2026-51099

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.2 Description An Insecure Direct Object Reference IDOR issue exists in the /api/v1/responses endpoint. This occurs because the get flow by id or endpoint name function retrieves flows by UUID from the database...

8.4CVSS6.2AI score0.00438EPSS
Exploits2References49
Cvelist
Cvelist
added 2026/06/18 4:12 p.m.20 views

CVE-2026-54104 U.S. GAO EPDS and CBCA EDS client-based privilege escalation

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS trusts client-provided values for the 'epdsroleid' parameter without verification, allowing a remote, authenticated attacker to escala...

8.8CVSS0.004EPSS
Exploits0References4
NVD
NVD
added 2026/06/18 2:17 p.m.10 views

CVE-2026-54224

UBB.threads is vulnerable to Denial of Service DoS. By sending multiple concurrent requests to view any user profile on instances with many registered users, an authenticated attacker can easily exhaust database resources and completely deny access to the application for other users. Because vend...

7.1CVSS0.00272EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 12:56 p.m.6 views

CVE-2026-54224

UBB.threads is vulnerable to Denial of Service DoS. By sending multiple concurrent requests to view any user profile on instances with many registered users, an authenticated attacker can easily exhaust database resources and completely deny access to the application for other users. Because vend...

7.1CVSS5.3AI score0.00293EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 12:56 p.m.10 views

EUVD-2026-37887

UBB.threads is vulnerable to Denial of Service DoS. By sending multiple concurrent requests to view any user profile on instances with many registered users, an authenticated attacker can easily exhaust database resources and completely deny access to the application for other users. Because vend...

7.1CVSS5.3AI score0.00293EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 12:56 p.m.18 views

CVE-2026-54224

UBB.threads is affected by a Denial of Service described in CVE-2026-54224. An authenticated attacker can trigger DoS by issuing multiple concurrent requests to view user profiles on instances with many registered users, exhausting database resources and denying access to the application for othe...

7.1CVSS5.3AI score0.00272EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.22 views

PT-2026-50704

Name of the Vulnerable Software and Affected Versions GAO Electronic Protest Docketing System EPDS affected versions not specified CBCA Electronic Docketing System EDS affected versions not specified Description The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPD...

8.8CVSS5.9AI score0.004EPSS
Exploits0References9
CVE
CVE
added 2026/06/17 8:5 p.m.27 views

CVE-2026-32682

The CVE-2026-32682 entry concerns NGINX Gateway Fabric. The vulnerability arises when GRPCRoutes are configured; an authenticated user with permission to create or modify GRPCRoute resources can cause the control plane to terminate by sending undisclosed GRPCRoute configurations containing backen...

7.1CVSS5.5AI score0.00292EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/17 8:5 p.m.10 views

EUVD-2026-37793

When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. Note:...

7.1CVSS5.4AI score0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 8:4 p.m.11 views

EUVD-2026-37792

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...

8.6CVSS5.6AI score0.00492EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 4:17 p.m.22 views

CVE-2026-20220 Cisco Crosswork Network Controller Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input validation in the configuration template engine of the...

6.3CVSS0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 4:17 p.m.23 views

CVE-2026-20220

Cisco CVE-2026-20220 affects the web-based management interface of Cisco Crosswork Network Controller. The root cause is insufficient input validation in the configuration template engine. An authenticated attacker with write permissions to a template user can send crafted requests to execute arb...

6.3CVSS6.2AI score0.00253EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder