Lucene search
K

220395 matches found

BDU FSTEC
BDU FSTEC
added 6 hours ago13 views

The vulnerability of the Directum RX ECM system, related to deficiencies in access control, allows a perpetrator to compromise data integrity.

The vulnerability of the Directum RX ECM system is related to deficiencies in access control. Exploiting this vulnerability could allow a remote attacker to compromise data integrity...

5CVSS5.8AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 6 hours ago10 views

The vulnerability of the MmMapIoSpace() function in the ThrottleBlood.sys driver allows a hacker to escalate their privileges, execute arbitrary code, or cause a service failure.

The vulnerability of the MmMapIoSpace function in the ThrottleBlood.sys driver, as part of the ThrottleStop utility, is related to open IOCTLs with insufficient access control. Exploiting this vulnerability could allow an attacker to enhance their privileges, execute arbitrary code, or cause...

7.5CVSS6AI score0.06702EPSS
Exploits8References3Affected Software1
EUVD
EUVD
added yesterday4 views

EUVD-2026-42401

Improper access control in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

8.2CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added yesterday3 views

EUVD-2026-42374

Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesController that allows authenticated sellers to manipulate purchase access for other sellers' products by sending PUT requests to the revokeaccess and undorevokeaccess actions without seller ownership...

7.1CVSS6.1AI score
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday3 views

httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
NVD
NVD
added yesterday6 views

CVE-2026-59262

AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails...

7.1CVSS
Exploits0References4
CVE
CVE
added yesterday7 views

CVE-2026-29008

U-Boot 2026.04-rc3 contains a vulnerability in tcp_rx_state_machine() (net/tcp.c) that can crash the bootloader via a malformed TCP SYN+ACK with manipulated data offset, causing payload_len to become negative. The negative value is implicitly converted to a large unsigned integer and passed to me...

8.7CVSS6AI score
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-42332

U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...

8.7CVSS6AI score
Exploits0References3
CVE
CVE
added yesterday7 views

CVE-2026-29007

CVE-2026-29007 affects U-Boot (versions up to 2026.04-rc3) with CONFIG_PROT_TCP enabled. The issue is an out-of-bounds read in tcp_rx_state_machine() (net/tcp.c) triggered by a crafted IP packet whose total length and TCP data offset fields are mismatched, e.g., IP length 40 bytes and TCP header ...

6.9CVSS6AI score
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-42328

U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...

6.9CVSS6AI score
Exploits0References3
NVD
NVD
added yesterday10 views

CVE-2026-60125

MISP’s importModule path used getEnabledModule to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules. As a result, an authenticated user from an organisation that was not allowed to use a module restricted v...

5.3CVSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-56246

Capgo before 12.128.2 contains a broken access control vulnerability in the organization management API where a scoped API key limitedtoorgs inherits its owner-user's permissions, allowing destructive cross-organization actions. When a user is an admin in two organizations and creates a write-mod...

8.1CVSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-42249

Capgo before 12.128.2 contains a broken access control vulnerability in the organization management API where a scoped API key limitedtoorgs inherits its owner-user's permissions, allowing destructive cross-organization actions. When a user is an admin in two organizations and creates a write-mod...

8.1CVSS6AI score
Exploits0References2
CVE
CVE
added yesterday12 views

CVE-2026-56003

Summary: CVE-2026-56003 describes a heap buffer overflow in libXfont2’s PCF parsing (ComputeScaledProperties) due to missing size checks, affecting libXfont2 up to version before 2.0.8. Impact per sources: authenticated X clients could trigger code execution in the X server (per NVD entry). Affec...

8.5CVSS6.3AI score0.00581EPSS
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-6280

Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...

6.5CVSS0.00223EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-6280

Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...

6.5CVSS5.9AI score0.00223EPSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-6280

CVE-2026-6280 concerns an improper access control in NOMYSOFT Informatics Education and Consulting Inc.’s Nomysem. The vulnerability enables exposure of sensitive information due to functions not properly constrained by ACLs, with impact limited to confidentiality (C:H/I:N/A:N per CVSS) and no in...

6.5CVSS5.9AI score0.00223EPSS
Exploits0References1
EUVD
EUVD
added yesterday7 views

EUVD-2026-42209

Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...

6.5CVSS5.9AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday14 views

CVE-2026-6280 Improper Access Control in Nomysoft Informatics' Nomysem

Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...

6.5CVSS0.00223EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in na-rony (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdb95cfc7b5a54f15cad828d907d0fb1b348330a42040e24eba98eb6af556fc7 index.js executes at module load and POSTs os.hostname, process.platform, process.cwd, and the entire process.env to a hardcoded webhook.site collect...

5.9AI score
Exploits0References2
Rows per page
Query Builder