Lucene search
K

3643 matches found

CVE
CVE
added 2026/06/15 8:18 p.m.9 views

CVE-2026-39583

The CVE-2026-39583 entry concerns WordPress plugin Datalogics Ecommerce Delivery (versions

9.8CVSS5.2AI score0.00357EPSS
Exploits0References1
Microsoft Secure
Microsoft Secure
added 2026/06/15 4:0 p.m.10 views

Microsoft Defender email security benchmarking: Key insights from one year of data

Microsoft publishes quarterly email security benchmarking data comparing Microsoft Defender against secure email gateway SEG and integrated cloud email security ICES vendors using real-world threat telemetry. A year ago, we set out to change how email security effectiveness is measured. With our...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49401

Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery = 2.6.62 versions...

9.8CVSS5.2AI score0.00357EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49499

Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels = 4.9.4 versions...

7.5CVSS5.2AI score0.00294EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49439

Unauthenticated SQL Injection in Order Delivery Date for WooCommerce = 4.5.1 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References2
HackRead
HackRead
added 2026/06/12 6:17 p.m.32 views

Atomic Arch Campaign Hijacks 20+ Linux AUR Packages to Deliver Malware

Over 20 Linux packages were compromised in the Atomic Arch campaign, which abuses AUR ownership transfers to drop rootkit-like malware...

5.4AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/12 3:52 a.m.74 views

linux-privesc-linpeas

🐧 linux-privesc-linpeas End-to-end Linux privilege escalati...

7.8CVSS7.5AI score0.83524EPSS
Exploits102
OSV
OSV
added 2026/06/11 6:49 a.m.9 views

MAL-2026-5616 Malicious code in sysbu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7d7e10321db9abd5e77b0f656d5fac237968ecd79c0ce409b58ee555fb5b236 Despite advertising itself as a 'System binary configuration tool', sysbu's index.js unconditionally invokes startApp on require/CLI execution. If...

5.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 3:14 a.m.9 views

Malicious code in @403name/ether-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 927758f43d6eaa6514273bd8ab8f3559624055b9bbf8c9ef9a190b645c0a6eef On require'@403name/ether-js', index.js runs an IIFE that targets macOS only returns early on non-darwin and when CI/GITHUBACTIONS env vars are set,...

6.3AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.11 views

CVE-2026-9749

This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer that is, many results are routed to the same consumer,...

7.1CVSS5.8AI score0.0027EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.4 views

FreeBSD : FreeBSD -- sigqueue(2) missing capability mode restriction (94f20492-6473-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 94f20492-6473-11f1-958d-bc241121aa0a advisory. sigqueue2 was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the...

6.5CVSS5.4AI score0.00092EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/10 1:39 p.m.56 views

Papra HTTP redirect bypass can lead to SSRF via webhook delivery system

Summary Papra's webhook delivery system contains an SSRF protection bypass that allows any authenticated organisation member to cause the server to make HTTP requests to internal addresses — loopback, link-local, and RFC-1918 ranges. The SSRF protection validates the registered webhook URL but...

5.6AI score0.00025EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/10 12:31 a.m.10 views

EUVD-2026-35865

This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer that is, many results are routed to the same consumer,...

7.1CVSS5.8AI score0.0027EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 11:17 p.m.13 views

CVE-2026-9749

This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer that is, many results are routed to the same consumer,...

7.1CVSS0.0027EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 10:10 p.m.40 views

CVE-2026-9749

The CVE-2026-9749 entry describes a bug in MongoDB where an aggregation pipeline using the internal $exchange stage with key-range partitioning and order-preserving delivery can cause a server crash. When a single key range produces many results that fill its exchange buffer, the code path detect...

7.1CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/09 10:10 p.m.42 views

CVE-2026-9749 Using MaxKey() may crash the server

This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer that is, many results are routed to the same consumer,...

7.1CVSS0.0027EPSS
Exploits0References1
MongoDB
MongoDB
added 2026/06/09 10:10 p.m.9 views

Using MaxKey() may crash the server

This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer that is, many results are routed to the same consumer,...

7.1CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/09 5:34 p.m.24 views

CVE-2026-50635

LimeSurvey Password Reset Host Header Injection: The system builds password-reset links from the client-supplied Host header without validating it; the default config leaves the allowlist undefined, so LSHttpRequest::checkIsAllowedHost() does nothing. A remote, unauthenticated attacker can reques...

8.8CVSS5.5AI score0.00372EPSS
Exploits0References3
Microsoft KB
Microsoft KB
added 2026/06/09 2:0 p.m.780 views

June 9, 2026—KB5094128 (OS Build 20348.5256)

June 9, 2026—KB5094128 OS Build 20348.5256 This cumulative update for Windows Server 2022 KB5094128, includes the latest security fixes and improvements, along with non-security updates from last month’s optional preview release. To learn more about differences between security updates, optional...

9.8CVSS7.4AI score0.99962EPSS
Exploits28
FreeBSD Advisory
FreeBSD Advisory
added 2026/06/09 12:0 a.m.9 views

FreeBSD-SA-26:28.capsicum

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:28.capsicum Security Advisory The FreeBSD Project Topic: sigqueue2 missing capability mode restriction Category: core Module: capsicum Announced: 2026-06-09...

6.5CVSS5.7AI score0.00092EPSS
Exploits0
Rows per page
Query Builder