Lucene search
K

2773 matches found

OSV
OSV
added 2026/04/28 1:7 p.m.9 views

JLSEC-2026-287

A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system...

5.5CVSS6AI score0.00352EPSS
Exploits0References17
NVD
NVD
added 2026/04/27 3:16 p.m.10 views

CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS0.00138EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/27 2:19 p.m.6 views

EUVD-2026-25857

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS5.3AI score0.00138EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/27 2:19 p.m.3 views

CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS5.3AI score0.00138EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/27 12:4 a.m.8 views

EUVD-2026-25742

There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...

5.1CVSS5.6AI score0.00177EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.6 views

PT-2026-35435

Name of the Vulnerable Software and Affected Versions pip versions prior to 26.1 Description The self-update check functionality runs after installing wheel files, which requires importing well-known Python module names. These imports were deferred to improve the startup time of the pip CLI. This...

5.8CVSS6.7AI score0.00182EPSS
Exploits0References111
RedhatCVE
RedhatCVE
added 2026/04/24 10:30 p.m.6 views

CVE-2026-31664

A flaw was found in the Linux kernel's xfrm subsystem. This vulnerability arises because the buildpolexpire function does not clear trailing padding bytes within the xfrmuserpolexpire structure. Consequently, these uninitialized padding bytes, which contain kernel heap memory contents, are sent t...

5.5CVSS5.2AI score0.00114EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/23 12:31 p.m.13 views

EUVD-2026-25213

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

9.8CVSS6AI score0.00358EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/23 9:30 a.m.3 views

CVE-2026-6887

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

9.8CVSS6AI score0.00358EPSS
Exploits0References3
OSV
OSV
added 2026/04/22 6:4 p.m.7 views

USN-8199-1 glance vulnerabilities

Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker could possibly use this issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2024-32498 Hyeongeun Ji and Abhishek Keka...

7.1CVSS5.8AI score0.00835EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/22 4:8 p.m.7 views

CVE-2026-35363 uutils coreutils rm Safeguard Bypass via Improper Path Normalization

A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...

5.6CVSS6AI score0.00165EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/22 9:31 a.m.7 views

EUVD-2026-24696

The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rendering script reading heading text via innerText and inserting it into the page using innerHTML...

6.4CVSS5.9AI score0.00227EPSS
Exploits0References4
NVD
NVD
added 2026/04/22 9:16 a.m.6 views

CVE-2026-5820

The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rendering script reading heading text via innerText and inserting it into the page using innerHTML...

6.4CVSS0.00227EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/22 7:45 a.m.29 views

CVE-2026-5820 Zypento Blocks <= 1.0.6 - Authenticated (Author+) Stored Cross-Site Scripting via Table of Contents Block

The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rendering script reading heading text via innerText and inserting it into the page using innerHTML...

6.4CVSS0.00227EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:45 a.m.6 views

CVE-2026-5820

The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rendering script reading heading text via innerText and inserting it into the page using innerHTML...

6.4CVSS5.9AI score0.00227EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/22 7:45 a.m.2 views

CVE-2026-5820 Zypento Blocks <= 1.0.6 - Authenticated (Author+) Stored Cross-Site Scripting via Table of Contents Block

The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rendering script reading heading text via innerText and inserting it into the page using innerHTML...

6.4CVSS5.9AI score0.00227EPSS
Exploits0References3
CVE
CVE
added 2026/04/22 7:45 a.m.18 views

CVE-2026-5820

The CVE-2026-5820 entry concerns the WordPress plugin Zypento Blocks (versions ≤ 1.0.6). The issue is a Stored Cross-Site Scripting (Stored XSS) in the Table of Contents block due to a front-end rendering script that reads heading text with innerText and injects it via innerHTML without proper sa...

6.4CVSS5.9AI score0.00227EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/22 6:30 a.m.11 views

EUVD-2026-24599

The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

7.1CVSS6AI score0.00278EPSS
Exploits0References3
NVD
NVD
added 2026/04/22 4:16 a.m.12 views

CVE-2026-6833

The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

7.1CVSS0.00278EPSS
Exploits0References2
CVE
CVE
added 2026/04/22 3:36 a.m.9 views

CVE-2026-6834

Technical details about CVE-2026-6834 are not publicly provided in the supplied documents. No affected products, versions, impact, or remediation are detailed here; monitor for updates.

7.1CVSS5.8AI score0.00259EPSS
Exploits0References2
Rows per page
Query Builder