Lucene search
K

1370 matches found

OSV
OSV
added 2026/04/17 10:32 a.m.6 views

CLSA-2026-1776421961 libwebp: Fix of 2 CVEs

CVE-2018-25013, CVE-2018-25014: wait for all threads to be done in DecodeRemaining, make sure partition 0 is read before VP8 data...

9.8CVSS5.8AI score0.0223EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007236)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007236 advisory. In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure userlength is taken into account when fetching packet contents Ensure that...

7.1CVSS6.4AI score0.00296EPSS
Exploits0References4
CVE
CVE
added 2026/04/14 12:8 a.m.52 views

CVE-2026-27681

CVE-2026-27681 is an SQL injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse caused by insufficient authorization checks. An authenticated user can submit crafted SQL statements to read, modify, and delete data, affecting confidentiality, integrity, and a...

9.9CVSS5.9AI score0.00501EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2026/04/09 2:34 a.m.18 views

K000160685: Linux kernel vulnerability CVE-2025-40322

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: fbdev: bitblit: bound-check glyph index in bitputcs bitputcsaligned/unaligned derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count a...

6.1AI score0.00168EPSS
Exploits0
CVE
CVE
added 2026/04/08 12:5 p.m.11 views

CVE-2026-5302

CVE-2026-5302 describes a CORS misconfiguration in CoolerControl/coolercontrold prior to 4.0.0. The root issue is permissive cross-origin access, allowing unauthenticated remote attackers to read data and send commands through malicious websites. Affected software: CoolerControl/coolercontrold ve...

8.1CVSS6AI score0.00261EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.4 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006803)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006803 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifsdebugdataprocshow Skip SMB sessions that are being...

7.8CVSS6.2AI score0.00246EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/04/07 10:44 p.m.4 views

WordPress Smart Slider 3 plugin <= 3.5.1.33 - Missing Authorization to Authenticated (Contributor+) Slider Data Read and Image Record Manipulation vulnerability

Missing Authorization to Authenticated Contributor+ Slider Data Read and Image Record Manipulation vulnerability discovered by darkmode in WordPress Plugin Smart Slider 3 versions = 3.5.1.33...

5.4CVSS5.9AI score0.00357EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/07 9:26 p.m.22 views

CVE-2026-4065 Smart Slider 3 <= 3.5.1.33 - Missing Authorization to Authenticated (Contributor+) Slider Data Read and Image Record Manipulation

The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wpajaxsmart-slider3 controller actions in all versions up to, and including, 3.5.1.33. The displayadminajax method does not call checkForCap which...

5.4CVSS0.00357EPSS
Exploits0References7
CVE
CVE
added 2026/04/07 9:26 p.m.7 views

CVE-2026-4065

The Smart Slider 3 WordPress plugin (versions up to 3.5.1.33) suffers unauthorized access and data modification due to missing capability checks across multiple wp_ajax_smart-slider3 actions. The display_admin_ajax() path omits checkForCap() (unfiltered_html required), and several controller acti...

5.4CVSS5.9AI score0.00357EPSS
Exploits0References7
Redos
Redos
added 2026/04/06 12:0 a.m.4 views

ROS-20260406-73-0001

A vulnerability in the ngxmailsmtp response header handler of NGINX Plus and NGINX Open Source web servers is related to a violation of the initial buffer boundary. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to the data...

6.3CVSS6AI score0.00371EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/03/29 10:0 p.m.280 views

Exploit for SQL Injection in Ghost

CVE-2026-26980 👻 Ghost CMS Unauthenticated SQLi via Content...

9.4CVSS6AI score0.69996EPSS
Exploits7
OSV
OSV
added 2026/03/27 2:21 p.m.1 views

SUSE-SU-2026:1122-1 Security update for redis

This update for redis fixes the following issue: - a user can manipulate data read by a connection by injecting sequences into a Redis error reply bsc1258706...

5.9AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/20 4:21 p.m.2 views

CVE-2026-22895 QuFTP Service

A cross-site scripting XSS vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version...

6.2CVSS5.6AI score0.00175EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.10 views

International Datacasting SFX2100 SuperFlex Satellite Receiver 安全漏洞

The International Datacasting SFX2100 SuperFlex Satellite Receiver is a professional broadcast-grade satellite signal receiving device from the International Datacasting company. The SFX2100 SuperFlex Satellite Receiver has a security vulnerability, which stems from the setuid bit being set for t...

9.2CVSS5.8AI score0.00139EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/04 4:21 p.m.6 views

CVE-2026-28696

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the GraphQL directive @parseRefs, intended to parse internal reference tags e.g., user:1:email, can be abused by both authenticated users and unauthenticated guests if a Public Schema is enabled to access sensitive...

8.7CVSS5.9AI score0.00447EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/03/02 1:16 p.m.8 views

CVE-2026-3431

On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including...

9.8CVSS0.00352EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 1:37 p.m.6 views

CLSA-2026-1772113038 Fix of 12 CVEs

OpenJDK 8u482 release, build 8. Release notes: https://mail.openjdk.org/pipermail/jdk8u-dev/2026-January/020959.html - Security fixes 8u482: + CVE-2026-21945: Prevent DoS via repeated crash or hang in sandbox security + CVE-2026-21932: Fix integrity issue in sandboxed handling of untrusted input ...

8.6CVSS6.9AI score0.01058EPSS
Exploits2References1
Redos
Redos
added 2026/02/16 12:0 a.m.5 views

ROS-20260216-73-0025

A vulnerability in the Zabbix IT infrastructure monitoring system is related to insufficient server-side request validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to the data...

6.8CVSS5.6AI score0.00311EPSS
Exploits0
Redos
Redos
added 2026/02/16 12:0 a.m.8 views

ROS-20260216-73-0032

A vulnerability in the Networking component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain access ...

6.1CVSS5.6AI score0.00261EPSS
Exploits1
NVD
NVD
added 2026/02/11 1:15 p.m.9 views

CVE-2025-62856

A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File...

5.3CVSS0.00333EPSS
Exploits0References1
Rows per page
Query Builder