Lucene search
+L

3399 matches found

CNNVD
CNNVD
added 2026/04/30 12:0 a.m.15 views

Traefik 数据伪造问题漏洞

Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions prior to Traefik 2.11.43, 3.6.14, and 3.7.0-rc.2 contained a data manipulation vulnerability. This vulnerability stems from the ForwardAuth middleware, which has a authentication bypass vulnerability wh...

10CVSS5.7AI score0.00267EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.12 views

Gravitl Netmaker 数据伪造问题漏洞

Gravitl Netmaker is a platform developed by the American company Gravitl, which uses WireGuard to create and manage fast, secure, and dynamic virtual overlay networks. It is used to create and control automated virtual networks. Versions of Gravitl Netmaker prior to 1.5.0 contained a data...

8.2CVSS5.8AI score0.00298EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/04/27 8:36 a.m.7 views

TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions

A flaw was found in TigerVNC's x0vncserver component. Due to incorrect permissions in the Image.cxx file, other users on the system can observe or manipulate the screen contents of a running session. This vulnerability could also lead to an application crash, resulting in a Denial of Service DoS...

9.8CVSS5.3AI score0.00247EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/27 8:36 a.m.12 views

Important: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS5.7AI score0.0038EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.4 views

RHEL 9 : tigervnc (RHSA-2026:10739)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:10739 advisory. Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine...

9.8CVSS5.8AI score0.0038EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/04/24 4:11 p.m.15 views

Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources

Summary A critical Broken Access Control vulnerability was identified in the ActionsController of the Avo framework v3.x. Due to insecure action lookup logic, an authenticated user can execute any Action class descendants of Avo::BaseAction on any resource, even if the action is not registered fo...

8.8CVSS5.7AI score0.00295EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

Amazon tough 数据伪造问题漏洞

Amazon Tough is a Rust client library for The Update Framework TUF by Amazon Inc. Versions of Amazon Tough prior to v0.22.0 contained a data manipulation vulnerability. This vulnerability stemmed from the lack of expiration, hashing, and length checks in the delegated metadata validation process...

7.1CVSS5.7AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/23 6:32 a.m.10 views

CVE-2026-35239

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access v...

4.9CVSS7.2AI score0.00242EPSS
Exploits0References5
NVD
NVD
added 2026/04/22 2:17 p.m.6 views

CVE-2026-6355

A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration...

6.5CVSS0.00213EPSS
Exploits0References1
CNVD
CNVD
added 2026/04/22 12:0 a.m.12 views

Oracle MySQL Server DML Component Denial of Service Vulnerability

Oracle MySQL Server is an open source relational database management system for storing, querying and managing data. A denial of service vulnerability exists in Oracle MySQL Server. The vulnerability stems from a failure of the Server: DML component to properly handle a specific request and can b...

4.9CVSS7.4AI score0.00242EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/21 8:35 p.m.6 views

CVE-2026-35239

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.9CVSS5.7AI score0.00242EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

Oracle Life Sciences InForm 安全漏洞

Oracle Life Sciences InForm is a clinical trial data collection and management system developed by Oracle Corporation. Versions 7.0.1.0 and 7.0.1.1 of Oracle Life Sciences InForm contain security vulnerabilities. These vulnerabilities stem from issues with the App Server component, which may allo...

6.5CVSS7.3AI score0.00202EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

Microsoft ASP.NET Core 数据伪造问题漏洞

Microsoft ASP.NET Core is a cross-platform open-source framework developed by Microsoft. This framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Microsoft ASP.NET Core has a vulnerability related to data manipulation, caused by...

9.1CVSS6AI score0.11205EPSS
Exploits0References2
NCSC
NCSC
added 2026/04/15 8:53 a.m.12 views

Vulnerabilities in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges -...

9.8CVSS7.2AI score0.64095EPSS
Exploits15
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

BSV Ruby SDK 数据伪造问题漏洞

BSV Ruby SDK is a Ruby development toolkit developed by Simon Bettison for BSV blockchain. Versions of the BSV Ruby SDK from 0.3.1 to 0.8.2 had a data manipulation vulnerability. This vulnerability stemmed from the lack of signature verification when storing certificate records, which could allow...

8.1CVSS5.7AI score0.00135EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/04/07 11:25 p.m.2 views

CVE-2026-2263 Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.10.2 - Missing Authorization to Unauthenticated Conversion Tracking Data Manipulation

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hustlemoduleconverted' AJAX action in all versions up to, and including, 7.8.10.2. This makes it possible for...

5.3CVSS5.9AI score0.00375EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/07 11:25 p.m.27 views

CVE-2026-2263 Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.10.2 - Missing Authorization to Unauthenticated Conversion Tracking Data Manipulation

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hustlemoduleconverted' AJAX action in all versions up to, and including, 7.8.10.2. This makes it possible for...

5.3CVSS0.00375EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

WWBN AVideo 数据伪造问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a data manipulation vulnerability. This vulnerability stemmed from a lack of transaction deduplication in the PayPal IPN v1 handler, which could allow attackers to...

6.5CVSS5.7AI score0.0017EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/04/06 12:0 a.m.5 views

Digital Privacy in IoT: Exploring Challenges, Approaches and Open Issues

Privacy has always been a critical issue in the digital era, particularly with the increasing use of Internet of Things IoT devices. As the IoT continues to transform industries such as healthcare, smart cities, and home automation, it has also introduced serious challenges regarding the security...

5.9AI score
Exploits0
Debian
Debian
added 2026/04/05 4:39 p.m.6 views

[SECURITY] [DSA 6198-1] valkey security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6198-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 05, 2026 https://www.debian.org/security/faq -...

8.5CVSS5.9AI score0.00586EPSS
Exploits0
Rows per page
Query Builder