Lucene search
K

2223 matches found

Vulnrichment
Vulnrichment
added 2026/05/29 10:58 a.m.9 views

CVE-2025-41278

Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host...

7.5CVSS6AI score0.0012EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 5:32 a.m.16 views

EUVD-2025-209981

The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8 via the 'settings' parameter in the 'importsettings' function. This is due to deserialization of untrusted data supplied via the import...

8.8CVSS6AI score0.00378EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 12:0 a.m.13 views

RLSA-2026:20585 Important: compat-libtiff3 security update

The libtiff3 package provides libtiff 3, an older version of libtiff library for manipulating TIFF Tagged Image File Format image format files. This version should be used only if you are unable to use the current version of libtiff. Security Fixes: libtiff: libtiff: Arbitrary code execution or...

7.8CVSS6.2AI score0.00553EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.16 views

RockyLinux 10 : python3.14 (RLSA-2026:19019)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19019 advisory. cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865 cpython: CPython: Logging Bypass in Legacy .pyc File Handling...

9.1CVSS7.6AI score0.00621EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.9 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Apache Commons BeanUtils vulnerability (USN-8322-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8322-1 advisory. It was discovered that Apache Commons BeanUtils incorrectly allowed access to the declaredClass proper...

8.8CVSS7.1AI score0.01495EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/28 7:4 p.m.8 views

EUVD-2026-33002

A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the...

9.3CVSS6AI score0.00246EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 6:59 p.m.8 views

CVE-2026-49127 Music Player Daemon < 0.24.11 Stack Buffer Overflow via pcm_unpack_24be

Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin. Attackers can issue two MPD...

8.8CVSS6.1AI score0.0051EPSS
Exploits0References7
AlmaLinux
AlmaLinux
added 2026/05/27 12:0 a.m.20 views

Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due to missing null-termination...

9.8CVSS6.3AI score0.01325EPSS
Exploits0References12
Snyk
Snyk
added 2026/05/26 6:40 p.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Host header when the server is running in --domain mode. An attacker can access files and execute Lua scripts from the parent directory by supplying a specially crafted Host header value. Details A Directory...

8.8CVSS6.4AI score0.00335EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/05/26 6:19 p.m.18 views

USN-8308-1: Dnsmasq vulnerability

It was discovered that Dnsmasq incorrectly handled BOOTREPLY packets when configured with the --dhcp-split-relay option. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS6.1AI score0.00482EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/26 12:0 a.m.9 views

CVE-2026-48686

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI Network Layer Reachability Information decoder. The function decodebgpsubnetencodingipv4raw in src/bgpprotocol.cpp reads prefixbitlength directly from the BGP packet line 99 without validating it is ...

6.4AI score0.00565EPSS
Exploits0References3
OSV
OSV
added 2026/05/23 7:14 p.m.8 views

MAL-2026-4750 Malicious code in fastapi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a753fd569a7bb908b7cdf82fe0228dc0e24dcc253b67993af5dd5c30b61f4411 This release of fastapi 0.136.3 modifies pyproject.toml and PKG-INFO to add an undocumented dependency 'fastar=0.9.0' to the...

6.2AI score
Exploits0References1
NVD
NVD
added 2026/05/22 7:17 p.m.15 views

CVE-2026-48700

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program based on the file type without user confirmation. This could be us...

9.3CVSS0.00181EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/22 6:43 p.m.11 views

EUVD-2026-31487

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program based on the file type without user confirmation. This could be us...

9.3CVSS6.2AI score0.00181EPSS
Exploits0References3
OSV
OSV
added 2026/05/22 1:22 p.m.6 views

OESA-2026-2442 freerdp security update

FreeRDP is a client implementation of the Remote Desktop Protocol RDP that follows Microsoft's open specifications. This package provides the client applications xfreerdp. Security Fixes: A malicious server can trigger a client-side global buffer overflow, causing a crash denial of...

9.8CVSS6.1AI score0.00599EPSS
Exploits9References11
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: datanucleus-api-jdo (UTSA-2026-016658)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016658 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...

10CVSS7.3AI score0.99999EPSS
Exploits348References4
CVE
CVE
added 2026/05/20 3:0 a.m.20 views

CVE-2026-24142

NVIDIA TensorRT-LLM (any platform) is affected by CVE-2026-24142, a deserialization vulnerability and unsafe serialized handle. The issue could enable code execution, data tampering, and information disclosure due to unsafe deserialization paths in TRT-LLM. NVIDIA’s security bulletin confirms the...

9.8CVSS5.9AI score0.00379EPSS
Exploits0References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 2:15 a.m.13 views

Malicious code in @wengine-ai/claude-code-router-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45e362000d036139e02a066a82ec157314a07796e0e855cdce184cc081ca4591 dist/index.js line 14 issues a fetch call to https://pub-0dc3e1677e894f07bbea11b17a29e032.r2.dev, an anonymous Cloudflare R2 bucket, and references...

6AI score
Exploits0References7
F5 Networks
F5 Networks
added 2026/05/19 1:43 p.m.15 views

K000161307: NGINX ngx_http_js_module vulnerability CVE-2026-8711

Security Advisory Description NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http , $arg , $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacke...

9.8CVSS6.1AI score0.00889EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/19 9:20 a.m.9 views

firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution...

8.8CVSS6.8AI score0.00762EPSS
Exploits0References9
Rows per page
Query Builder