Lucene search
+L

2918 matches found

Nuclei
Nuclei
added 2 days ago60 views

rConfig <=3.9.4 - SQL Injection

rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10549 info: name: rConfig 3.9.4 or apply th...

9.8CVSS8.6AI score0.36164EPSS
Exploits1References5
OSV
OSV
added 5 days ago5 views

JLSEC-2026-672

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct...

7.5CVSS6.1AI score0.02121EPSS
Exploits2References7
CVE
CVE
added 5 days ago55 views

CVE-2026-45073

CVE-2026-45073 affects Symfony’s PHP framework, specifically the PdoAdapter::doClear() path. Prior to versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the code builds a DELETE with a namespace derived from caller-supplied prefix without binding or escaping it, allowing an attacker who controls the pr...

7.3CVSS6.1AI score0.0041EPSS
Exploits0References6Affected Software1
SUSE Linux
SUSE Linux
added 5 days ago3 views

Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.34 fixes various security issues The following security issues were fixed: CVE-2026-23393: bridge: cfm: Fix race condition in peermep deletion bsc1260524. CVE-2026-31505: iavf: fix out-of-bounds writes in iavfgetethtoolstats...

9CVSS6.7AI score0.00563EPSS
Exploits8References96
Cvelist
Cvelist
added 2026/07/11 3:44 a.m.34 views

CVE-2026-1832 ThriveDesk <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Cache Deletion

The ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base plugin for WordPress is vulnerable to unauthorized cache deletion due to a missing capability check on the 'thrivedeskclearcache' AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticated...

4.3CVSS0.00204EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/11 3:44 a.m.6 views

EUVD-2026-43146

The ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base plugin for WordPress is vulnerable to unauthorized cache deletion due to a missing capability check on the 'thrivedeskclearcache' AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticated...

4.3CVSS6.1AI score0.00204EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/11 3:44 a.m.32 views

CVE-2026-6803 AI Chatbot & Workflow Automation by AIWU <= 1.4.12 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via AJAX Actions 'removeGroup' and 'clear'

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.12. This is due to missing capability checks and nonce verification on AJAX actions registered under both wpajax and wpajaxnopriv hooks, as the base...

5.3CVSS0.00297EPSS
Exploits0References12
SUSE Linux
SUSE Linux
added 2026/07/10 9:24 a.m.6 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2026-31771: Bluetooth: hcievent: move wake reason storage into validated event handlers bsc1264145. CVE-2026-43038: ipv6: icmp: clear skb2-cb in ip6errgenicmpv6unrea...

9.3CVSS6.8AI score0.00385EPSS
Exploits17References120
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.16 views

PT-2026-56039

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.6 through 0.7.2 Description When a ClientPasswordReset record already exists for a client from a previous unexpired request, subsequent calls to the reset password guest API endpoint reuse the existing token instead of...

7.7CVSS6AI score0.00215EPSS
Exploits1References5
NVD
NVD
added 2026/07/03 7:16 a.m.10 views

CVE-2026-9546

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

7.5CVSS0.00652EPSS
Exploits1References3
OSV
OSV
added 2026/07/03 7:16 a.m.5 views

ALPINE-CVE-2026-9546

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

7.5CVSS5.9AI score0.00652EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/07/03 6:18 a.m.43 views

CVE-2026-9546 sending old referer

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

0.00652EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/07/03 3:3 a.m.6 views

SUSE CVE-2026-53355

In the Linux kernel, the following vulnerability has been resolved: net: rds: clear isends on setup unwind The RDS IB connection teardown path is written so it can run during partial startup and on repeated shutdown attempts. It uses NULL pointers to distinguish resources that are still owned fro...

5.8AI score0.00404EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/07/02 8:4 a.m.3 views

signal: clear JOBCTL_PENDING_MASK for caller in zap_other_threads()

...

5.5CVSS6.1AI score0.00164EPSS
Exploits0
NVD
NVD
added 2026/07/01 2:16 p.m.5 views

CVE-2026-53355

In the Linux kernel, the following vulnerability has been resolved: net: rds: clear isends on setup unwind The RDS IB connection teardown path is written so it can run during partial startup and on repeated shutdown attempts. It uses NULL pointers to distinguish resources that are still owned fro...

9.8CVSS0.00404EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/07/01 1:32 p.m.11 views

CVE-2026-53355

In the Linux kernel, the following vulnerability has been resolved: net: rds: clear isends on setup unwind The RDS IB connection teardown path is written so it can run during partial startup and on repeated shutdown attempts. It uses NULL pointers to distinguish resources that are still owned fro...

5.8AI score0.00404EPSS
Exploits0
NVD
NVD
added 2026/06/30 9:16 p.m.6 views

CVE-2025-12530

IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

5.9CVSS0.00203EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 8:34 p.m.6 views

EUVD-2025-210384

IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

5.9CVSS5.8AI score0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 8:34 p.m.38 views

CVE-2025-12530 Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

5.9CVSS0.00203EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 8:12 p.m.14 views

CVE-2025-36336

CVE-2025-36336 affects IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0. The issue is that data is transmitted in clear text, which an attacker could exploit via man-in-the-middle techniques to obtain sensitive information. The base metrics show a moderate network attack with...

5.9CVSS5.8AI score0.00203EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder