Lucene search
+L

5170 matches found

MongoDB
MongoDB
added 2026/06/12 1:57 a.m.18 views

Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS5.5AI score0.00384EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.21 views

Linux Distros Unpatched Vulnerability : CVE-2026-9748

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal skip this document when an index stats conversion failed. But PauseExecution i...

7.1CVSS5.5AI score0.00323EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 12:16 p.m.24 views

CVE-2022-47150

Cross-Site request forgery CSRF vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10...

4.3CVSS0.00113EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 10:43 a.m.9 views

CVE-2022-47150 WordPress WooCommerce Conversion Tracking plugin <= 2.0.10 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site request forgery CSRF vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10...

4.3CVSS5.4AI score0.00113EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 10:43 a.m.12 views

EUVD-2022-56006

Cross-Site request forgery CSRF vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10...

4.3CVSS5.4AI score0.00113EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 10:43 a.m.32 views

CVE-2022-47150 WordPress WooCommerce Conversion Tracking plugin <= 2.0.10 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site request forgery CSRF vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10...

4.3CVSS0.00113EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-44293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could...

8.8CVSS7.2AI score0.00392EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.19 views

PT-2026-48640

Cross-Site request forgery CSRF vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10...

4.3CVSS5.4AI score0.00113EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 12:57 a.m.10 views

CLEANSTART-2026-LA96053 ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label

Multiple security vulnerabilities affect the wave package. The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. See references for individual vulnerability details...

9.8CVSS6.8AI score0.00813EPSS
Exploits2References87
OSV
OSV
added 2026/06/10 12:7 a.m.10 views

OSV-2026-895 Heap-buffer-overflow in ihevcd_fmt_conv

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=521437880 Crash type: Heap-buffer-overflow WRITE 8 Crash state: ihevcdfmtconv ihevcdprocessthread startthread...

5.4AI score
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

sharp 安全漏洞

Sharp is a personal development tool by Lovell, designed to convert large images in common formats into smaller, web-friendly JPEG, PNG, WebP, GIF, and AVIF images. Versions of Sharp prior to 9.22.0 contained a security vulnerability. This vulnerability stemmed from the general download endpoint...

7.7CVSS5.4AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 4:45 p.m.15 views

CVE-2026-46330

A flaw was found in the Linux kernel's TCP User-Level Protocol ULP support for SMC. This vulnerability arises when an active TCP socket is converted into an SMC socket, as the implementation attempts to modify core Virtual File System VFS structures in-place. This action violates fundamental VFS...

7.8CVSS5.8AI score0.00112EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.13 views

CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...

6.3AI score0.00358EPSS
Exploits0References6
CVE
CVE
added 2026/06/09 4:3 p.m.85 views

CVE-2026-7383

The CVE concerns OpenSSL’s ASN1 mbstring handling (functions ASN1_mbstring_copy() and ASN1_mbstring_ncopy()). A signed integer overflow in sizing the destination buffer for Unicode output can cause a heap buffer overflow, potentially crashing a process or enabling attacker-controlled code executi...

8.1CVSS6.3AI score0.00358EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/06/09 12:25 p.m.43 views

CVE-2026-46330

The CVE-2026-46330 entry concerns the Linux kernel TCP ULP support for SMC. The vulnerability arises when an active TCP socket is converted into an SMC socket by in-place modifications to core VFS structures (struct file, dentry, inode), violating VFS invariants that expect these structures to be...

7.8CVSS5.4AI score0.00112EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/09 3:51 a.m.16 views

CVE-2026-41855

In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary class instantiation, which can lead to unauthorized actions via gadget class deserialization. Affect...

9.8CVSS5.6AI score0.00268EPSS
Exploits0
OSV
OSV
added 2026/06/08 11:33 a.m.10 views

USN-8395-1 netatalk vulnerabilities

Arjun Basnet discovered that Netatalk incorrectly sanitized user input in its MySQL CNID backend. A remote authenticated attacker could possibly use this issue to conduct SQL injection attacks. CVE-2026-44047 Arjun Basnet discovered that Netatalk incorrectly handled UCS-2 character set conversion...

9.9CVSS6.2AI score0.00516EPSS
Exploits0References11
Amazon
Amazon
added 2026/06/08 12:0 a.m.11 views

Important: nvidia-xconfig

Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

8.8CVSS6AI score0.00206EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.9 views

CVE-2026-39821

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.6AI score0.00478EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.13 views

CVE-2026-2263

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hustlemoduleconverted' AJAX action in all versions up to, and including, 7.8.10.2. This makes it possible for...

5.3CVSS5.5AI score0.00375EPSS
Exploits0References1
Rows per page
Query Builder