Lucene search
K

3391 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.4 views

RHEL 9 : tigervnc (RHSA-2026:10739)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:10739 advisory. Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine...

9.8CVSS5.8AI score0.0038EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/04/24 4:11 p.m.13 views

Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources

Summary A critical Broken Access Control vulnerability was identified in the ActionsController of the Avo framework v3.x. Due to insecure action lookup logic, an authenticated user can execute any Action class descendants of Avo::BaseAction on any resource, even if the action is not registered fo...

8.8CVSS5.7AI score0.00295EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.8 views

Amazon tough 数据伪造问题漏洞

Amazon Tough is a Rust client library for The Update Framework TUF by Amazon Inc. Versions of Amazon Tough prior to v0.22.0 contained a data manipulation vulnerability. This vulnerability stemmed from the lack of expiration, hashing, and length checks in the delegated metadata validation process...

7.1CVSS5.7AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/23 6:32 a.m.9 views

CVE-2026-35239

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access v...

4.9CVSS7.2AI score0.00242EPSS
Exploits0References5
NVD
NVD
added 2026/04/22 2:17 p.m.4 views

CVE-2026-6355

A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration...

6.5CVSS0.00213EPSS
Exploits0References1
CNVD
CNVD
added 2026/04/22 12:0 a.m.5 views

Oracle MySQL Server DML Component Denial of Service Vulnerability

Oracle MySQL Server is an open source relational database management system for storing, querying and managing data. A denial of service vulnerability exists in Oracle MySQL Server. The vulnerability stems from a failure of the Server: DML component to properly handle a specific request and can b...

4.9CVSS7.4AI score0.00242EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/21 8:35 p.m.6 views

CVE-2026-35239

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.9CVSS5.7AI score0.00242EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

Microsoft ASP.NET Core 数据伪造问题漏洞

Microsoft ASP.NET Core is a cross-platform open-source framework developed by Microsoft. This framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Microsoft ASP.NET Core has a vulnerability related to data manipulation, caused by...

9.1CVSS6AI score0.11205EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

Oracle Life Sciences InForm 安全漏洞

Oracle Life Sciences InForm is a clinical trial data collection and management system developed by Oracle Corporation. Versions 7.0.1.0 and 7.0.1.1 of Oracle Life Sciences InForm contain security vulnerabilities. These vulnerabilities stem from issues with the App Server component, which may allo...

6.5CVSS7.3AI score0.00202EPSS
Exploits0References2
NCSC
NCSC
added 2026/04/15 8:53 a.m.11 views

Vulnerabilities in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges -...

9.8CVSS7.2AI score0.64095EPSS
Exploits15
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

BSV Ruby SDK 数据伪造问题漏洞

BSV Ruby SDK is a Ruby development toolkit developed by Simon Bettison for BSV blockchain. Versions of the BSV Ruby SDK from 0.3.1 to 0.8.2 had a data manipulation vulnerability. This vulnerability stemmed from the lack of signature verification when storing certificate records, which could allow...

8.1CVSS5.7AI score0.00135EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/04/07 11:25 p.m.1 views

CVE-2026-2263 Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.10.2 - Missing Authorization to Unauthenticated Conversion Tracking Data Manipulation

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hustlemoduleconverted' AJAX action in all versions up to, and including, 7.8.10.2. This makes it possible for...

5.3CVSS5.9AI score0.00375EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/07 11:25 p.m.25 views

CVE-2026-2263 Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.10.2 - Missing Authorization to Unauthenticated Conversion Tracking Data Manipulation

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hustlemoduleconverted' AJAX action in all versions up to, and including, 7.8.10.2. This makes it possible for...

5.3CVSS0.00375EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.7 views

WWBN AVideo 数据伪造问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a data manipulation vulnerability. This vulnerability stemmed from a lack of transaction deduplication in the PayPal IPN v1 handler, which could allow attackers to...

6.5CVSS5.7AI score0.0017EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/04/06 12:0 a.m.4 views

Digital Privacy in IoT: Exploring Challenges, Approaches and Open Issues

Privacy has always been a critical issue in the digital era, particularly with the increasing use of Internet of Things IoT devices. As the IoT continues to transform industries such as healthcare, smart cities, and home automation, it has also introduced serious challenges regarding the security...

5.9AI score
Exploits0
Debian
Debian
added 2026/04/05 4:39 p.m.5 views

[SECURITY] [DSA 6198-1] valkey security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6198-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 05, 2026 https://www.debian.org/security/faq -...

8.5CVSS5.9AI score0.00586EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.9 views

Electron 数据伪造问题漏洞

Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. Versions of Electron prior to 38.8.6, 39.8.1,...

6.5CVSS5.7AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/03 11:1 p.m.4 views

CVE-2026-35053

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId without any authentication middleware. An attacker who ca...

9.8CVSS6.2AI score0.00546EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.15 views

core-rs-albatross 数据伪造问题漏洞

core-rs-albatross is a Rust implementation of the Albatross protocol developed by Nimiq. Versions prior to 1.3.0 of core-rs-albatross had a data manipulation vulnerability. This vulnerability stemmed from the lack of checking the interlink bindings of election macroblocks, which could lead to the...

6.5CVSS5.7AI score0.00187EPSS
Exploits0References4
NVD
NVD
added 2026/04/02 8:16 p.m.2 views

CVE-2026-35053

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId without any authentication middleware. An attacker who ca...

9.8CVSS0.00546EPSS
Exploits1References2
Rows per page
Query Builder