Lucene search
K

128 matches found

Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-5952 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to bypass package protection rules and overwrite...

4.3CVSS0.00195EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/16 1:37 p.m.6 views

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

8.1CVSS6.2AI score0.01131EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:0 a.m.5 views

CVE-2026-36180

A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack...

5.8AI score0.00158EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability caused by improper implementations in the Extensions component. This vulnerability could allow attackers to persuade users to install...

6.5CVSS5.3AI score0.00166EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/01 4:53 p.m.12 views

CVE-2026-45282 Nextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file access

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or download...

6.5CVSS5.7AI score0.00294EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/26 7:42 a.m.18 views

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

8.1CVSS6.3AI score0.01131EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/14 6:16 a.m.13 views

CVE-2026-3073

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass PyPI package protection rules and upload restricted packages due to...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/07 9:47 a.m.11 views

CVE-2026-43862

A flaw was found in mutt, an email client. The imapauthgss security level, which is used for secure IMAP Internet Message Access Protocol authentication, is mishandled. This vulnerability could allow an attacker to bypass certain security protections, potentially leading to a low impact on data...

3.7CVSS5.8AI score0.00162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-38290

Name of the Vulnerable Software and Affected Versions dssrf versions prior to 1.3.0 Description A flaw in the library allows attackers to bypass Server-Side Request Forgery SSRF protections by using various IPv6 address categories. This occurs because the is url safe function fails to properly...

8.7CVSS5.8AI score0.00349EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/09 10:41 p.m.5 views

CVE-2026-5894

A flaw was found in the PDF component of Google Chrome and Chromium. A remote attacker could exploit this vulnerability by tricking a user into opening a specially crafted HTML page. This could allow the attacker to bypass navigation restrictions, potentially leading to unintended actions or acce...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.5 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability. This vulnerability stemmed from an exploit in the Downloads mechanism, allowing remote attackers to bypass multiple download protections through specially...

4.3CVSS7.3AI score0.00159EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.6 views

Authlib 安全漏洞

Authlib is an open-source library developed by Authlib, designed as a ultimate Python library for building OAuth and OpenID Connect servers. Versions of Authlib prior to 1.6.9 contained security vulnerabilities. These vulnerabilities stemmed from the OpenID Connect ID token verification logic,...

8.2CVSS7.3AI score0.00226EPSS
Exploits1References4
NVD
NVD
added 2026/03/11 7:16 p.m.9 views

CVE-2019-25485

R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler cha...

6.9CVSS0.00119EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.9 views

PT-2026-24779

R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler cha...

6.9CVSS6.3AI score0.00119EPSS
Exploits0References4
NVD
NVD
added 2026/03/10 6:18 p.m.6 views

CVE-2026-30897

A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute...

6.6CVSS0.00632EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.4 views

PT-2026-24291

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network...

6.5CVSS5.9AI score0.00347EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/04 3:30 p.m.6 views

EUVD-2026-9397

Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0 through 9.12.0.1, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechani...

6.7CVSS5.9AI score0.00107EPSS
Exploits0References2
NVD
NVD
added 2026/02/24 8:27 p.m.10 views

CVE-2026-23859

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass...

2.7CVSS0.0025EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

Dell PowerProtect Data Manager 安全漏洞

Dell PowerProtect Data Manager PPDM is a data protection solution developed by the American company Dell. This product supports functions such as data backup, virtual machine backup, and database protection. Versions of Dell PowerProtect Data Manager prior to 19.22 contained security...

8.8CVSS5.9AI score0.00275EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.9 views

CIPPlanner CIPAce 安全漏洞

CIPPlanner CIPAce is a business process automation and application development platform provided by the American company CIPPlanner. Versions of CIPPlanner CIPAce prior to version 9.17 contained security vulnerabilities. These vulnerabilities stemmed from the use of single-factor authentication i...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References1
Rows per page
Query Builder