Lucene search
K

5151 matches found

OSV
OSV
added 2026/06/17 6:35 p.m.3 views

GHSA-5GP7-4733-2W2V Duplicate Advisory: Picklescan Bypasses Unsafe Globals Check using pty.spawn

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hgrh-qx5j-jfwx. This link is maintained to preserve external references. Original Description PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to...

8.8CVSS6.1AI score0.00384EPSS
Exploits0References3
OSV
OSV
added 2026/06/17 6:35 p.m.3 views

GHSA-6V84-V468-3C7F Duplicate Advisory: Picklescan has Incomplete List of Disallowed Inputs

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-84r2-jw7c-4r5q. This link is maintained to preserve external references. Original Description picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller...

9.8CVSS6.2AI score0.00623EPSS
Exploits0References4
OSV
OSV
added 2026/06/16 9:31 p.m.4 views

GHSA-27PQ-2PH8-8X25 Duplicate Advisory: Shell positional parameters could weaken strict inline-eval checks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5cj2-3jr2-5h77. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken stri...

8.1CVSS5.5AI score0.0026EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/16 4:53 p.m.6 views

gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security DTLS packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This...

7.5CVSS5.3AI score0.01335EPSS
Exploits0References5
NVD
NVD
added 2026/06/15 6:16 p.m.11 views

CVE-2026-8358

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...

6.9CVSS0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 4:24 p.m.7 views

CVE-2026-8358 Heap buffer overflow in spreadsheet tracked-changes import

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...

6.9CVSS5.6AI score0.00171EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 4:24 p.m.11 views

EUVD-2026-36740

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...

6.9CVSS5.6AI score0.00171EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 4:24 p.m.43 views

CVE-2026-8358

CVE-2026-8358 affects LibreOffice Calc during import of tracked changes. A heap buffer overflow occurs when a document reuses the same change identifier for two different kinds of changes; the importer may treat one change object as a larger type and write past the end of its allocation. The vuln...

6.9CVSS5.6AI score0.00171EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 4:24 p.m.39 views

CVE-2026-8358 Heap buffer overflow in spreadsheet tracked-changes import

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...

6.9CVSS0.00171EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 2:16 p.m.17 views

CVE-2019-25746

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicatequoteinvoice and...

7.1CVSS0.00226EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 p.m.8 views

CVE-2019-25746 WordPress Sliced Invoices 3.8.2 SQL Injection via post Parameter

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicatequoteinvoice and...

7.1CVSS5.7AI score0.00226EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/15 12:0 p.m.15 views

EUVD-2019-20182

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicatequoteinvoice and...

7.1CVSS5.7AI score0.00226EPSS
Exploits0References4
CVE
CVE
added 2026/06/15 12:0 p.m.18 views

CVE-2019-25746

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability exploitable via the post parameter. Attackers can target admin.php with action=duplicate_quote_invoice and malicious post values to extract data or modify data. Evidence: authenticated, low-privilege requirement...

7.1CVSS5.8AI score0.00226EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49268

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...

6.9CVSS5.6AI score0.00171EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.21 views

PT-2026-49225

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicate quote invoice an...

7.1CVSS5.7AI score0.00226EPSS
Exploits0References5
NVD
NVD
added 2026/06/14 8:16 a.m.16 views

CVE-2025-15546

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

5.4CVSS0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/14 6:0 a.m.37 views

CVE-2025-15546 Iptanus File Upload < 5.1.7 - File Overwrite via Race Condition

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

0.00159EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/14 6:0 a.m.15 views

EUVD-2025-210137

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

5.3AI score0.00159EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.25 views

PT-2026-49106

Name of the Vulnerable Software and Affected Versions Iptanus File Upload versions prior to 5.1.7 Description Improper file handling occurs when the duplicatepolicy setting is configured to "maintain both." A Time-of-Check to Time-of-Use TOCTOU race condition—a scenario where a system checks a...

5.4CVSS6AI score0.00159EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.20 views

PT-2026-49183

CVE-2026-54095 - Rejected reason: CVE REJECT DO NOT USE THIS CVE ID :CVE-2026-54095 Published : June 12, 2026, 10:16 p.m. | 3 hours, 19 minutes ago Description :Rejected reason: CVE REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-53826. Reason: This candidate is a duplicate of...

5.3AI score0.00039EPSS
Exploits0References1
Rows per page
Query Builder