Lucene search
K

7154 matches found

NVD
NVD
added 2026/06/21 2:16 p.m.10 views

CVE-2026-56378

ImageMagick before 7.1.2-15 and 6.x before 6.9.13-40 contains a heap out-of-bounds read in the PCD coder's DecodeImage loop. A crafted PCD file can trigger a one-byte heap out-of-bounds read during image decoding, resulting in denial of service and potential disclosure of an adjacent heap byte...

8.2CVSS0.00223EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.19 views

Linux Distros Unpatched Vulnerability : CVE-2026-56210

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding...

7.1CVSS5.8AI score0.00245EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 9:17 p.m.12 views

CVE-2026-50519

Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...

7.5CVSS0.00514EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Firefox

A race condition involving requestPointerLock and setTimeout could have allowed a user to interact with one tab while believing they were on a different tab. Combined with certain elements such as , this could lead to an attack where the user became confused about the origin of the webpage and...

3.1CVSS6.7AI score0.00605EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in xorg-server

A flaw was discovered in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow, which may lead to the disclosure of sensitive information...

7.6CVSS6.7AI score0.01631EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in atftp

In atftp, before version 0.7.5, the options.c file was written beyond the end of an array, thereby exposing server-side /etc/group data to a remote client...

5.3CVSS6.8AI score0.01356EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/19 12:31 a.m.8 views

EUVD-2026-37962

PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive disclosure, denial of...

8.8CVSS5.6AI score0.00687EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-50980

Name of the Vulnerable Software and Affected Versions Tilt versions 0.20.8 through 0.37.3 Description The HUD HTTP server lacks authentication for state-changing and sensitive-read endpoints. When the HUD is bound to a non-loopback address, a network attacker can trigger pre-defined Tiltfile...

9.2CVSS5.9AI score
Exploits0References8
NVD
NVD
added 2026/06/18 10:16 p.m.13 views

CVE-2026-54130

Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...

9.8CVSS0.00578EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/18 3:5 p.m.12 views

Kirby: `pages.access` permission is not checked in the `site/find` REST API route

TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to access pages pages.access permission is disabled. This can be due to configuration in the user blueprints, options in the model blueprints, or a combination of both settings. It was possible to...

7.1CVSS5.4AI score0.00269EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/18 1:53 a.m.6 views

SUSE CVE-2026-52719

An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causi...

7.1CVSS5.9AI score0.00301EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.21 views

PT-2026-50802

Name of the Vulnerable Software and Affected Versions M365 Copilot affected versions not specified Description A missing authentication flaw in a critical function allows an unauthorized attacker to disclose information over a network. Recommendations At the moment, there is no information about ...

9.8CVSS5.9AI score0.00578EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/06/17 2:30 p.m.10 views

CVE-2026-49502

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure, Information tampering, and Unauthorized access...

7.4CVSS5.9AI score0.0021EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 2:30 p.m.13 views

CVE-2026-49502

Dell PowerFlex Manager is reported vulnerable to an Improper Authentication issue. An unauthenticated attacker with adjacent network access could potentially cause Information disclosure, Information tampering, and Unauthorized access. CVSS v3.1 base score 7.4 (HIGH); attack vector ADJACENT; no u...

8.1CVSS5.9AI score0.0021EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/17 2:19 p.m.2 views

CVE-2026-40641

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering...

4.8CVSS5.9AI score0.001EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-28576

In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00148EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.7 views

CVE-2025-48571

In multiple functions of btmsec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

4.3CVSS0.00191EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:55 a.m.10 views

CVE-2026-48294

Adobe Acrobat PDF Extension Chrome versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session. Exploitation of this issue requires user interaction in tha...

7.4CVSS0.00719EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:53 a.m.8 views

CVE-2026-46809

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

9.1CVSS0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/17 8:33 a.m.9 views

CVE-2026-46286

A flaw was found in the Linux kernel's qcom-lpg LED driver. This vulnerability, an array overflow, occurs when the driver attempts to select high-resolution values. Due to incorrect indexing, the system may read random data from memory, which could lead to information disclosure or unpredictable...

5.5CVSS5.3AI score0.00122EPSS
Exploits0References4
Rows per page
Query Builder