Lucene search
K

823 matches found

Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-59897 Hono: API Gateway v1 adapter can drop a distinct repeated request header value during de-duplication

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware o...

4.8CVSS0.00124EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-25012

mv: symlinks expanded during cross-device move resource exhaustion / data duplication...

6.6CVSS5.9AI score0.00161EPSS
Exploits0References5
NVD
NVD
added 2026/06/30 7:16 a.m.10 views

CVE-2026-11581

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13 does not sanitise a form field's caption before outputting it as a column header on the administrator form-entries screen, allowing users with Contributor-level access or above to store JavaScript that executes i...

5.9CVSS0.0014EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 6:0 a.m.8 views

EUVD-2026-40261

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13 does not sanitise a form field's caption before outputting it as a column header on the administrator form-entries screen, allowing users with Contributor-level access or above to store JavaScript that executes i...

5.9CVSS5.8AI score0.0014EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 10:17 a.m.7 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2026.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation released in June 2026. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM...

9.8CVSS8.2AI score0.01815EPSS
Exploits5Affected Software2
NVD
NVD
added 2026/06/24 7:16 a.m.6 views

CVE-2026-10749

The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied serialized values without the WordPress meta API's double-serialization protection, allowing users with Contributor-level access and above to inject a PHP...

7.2CVSS0.003EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:12 p.m.24 views

CVE-2026-47386

CVE-2026-47386 affects NocoDB’s OAuth token-exchange flow. Before 2026.05.1, two concurrent token-exchange requests could use the same OAuth authorization code to mint two valid token pairs, breaking PKCE’s single-use guarantee. The issue is mitigated by a fix in 2026.05.1, which introduces atomi...

6.3CVSS5.9AI score0.00197EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: s390: fixed the issue where double-free of GS and RI CBs occurs during fork failures. The pointers for guarded storage and runtime instrumentation control blocks are stored in the threadstruct of the associated task. These...

7.8CVSS6.3AI score0.0022EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 6:17 a.m.13 views

CVE-2026-9013

The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogorestcreateposttranslation. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the raw title, content, excerpt,...

4.3CVSS0.00254EPSS
Exploits0References9
CVE
CVE
added 2026/06/19 4:31 a.m.19 views

CVE-2026-9013

CVE-2026-9013 affects the WordPress Bogo plugin (

4.3CVSS5.4AI score0.00254EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.5 views

Devolutions Server <= 2026.1.21 / 2026.2.0 <= 2026.2.5 Multiple Vulnerabilities (DEVO-2026-0017)

The version of Devolutions Server installed on the remote host is prior or equal to 2026.1.21 or 2026.2.0 prior or equal to 2026.2.5. It is, therefore, affected by multiple vulnerabilities, including: - Improper access control in PAM account discovery results in Devolutions Server 2026.2.5,...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/16 9:32 p.m.10 views

EUVD-2026-37203

Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions...

5.2AI score0.00201EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 8:16 p.m.10 views

CVE-2026-12105

Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions...

6.5CVSS0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 6:28 p.m.23 views

CVE-2026-12105

Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions...

0.00201EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 6:28 p.m.15 views

CVE-2026-12105

CVE-2026-12105 affects Devolutions Server in versions 2026.2.5 and 2026.1.21. The root cause is improper access control that allows an authenticated user to access attachments via folder duplication with inherited permissions. The documented impact is confidential data exposure (high) with a CVSS...

6.5CVSS5.3AI score0.00201EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-49823

Name of the Vulnerable Software and Affected Versions Devolutions Server version 2026.2.5 Devolutions Server version 2026.1.21 Description Improper access control allows an authenticated user to access attachments through a process of folder duplication with inherited permissions. Recommendations...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

SAP MDG Review Match Groups Application 安全漏洞

The SAP MDG Review Match Groups Application is a data duplication detection tool developed by SAP, a German company. This application has security vulnerabilities; these vulnerabilities stem from the lack of necessary authorization checks, which may lead to privilege escalation...

4.3CVSS5.3AI score0.00161EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.11 views

CVE-2026-9248

Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault they cannot access via a crafted save request. This issue affects : Devolutions Server 2026.1.6.0...

2.6CVSS5.5AI score0.00129EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.8 views

CVE-2026-6966

Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegated role...

7CVSS5.5AI score0.00262EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/02 3:27 p.m.2 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: net: skbuff: The SKBFLSHAREDFRAG bit was not properly propagated through the frag-transfer helpers. Two frag-transfer helpers pskbcopyfclone and skbshift fail to propagate the SKBFLSHAREDFRAG bit in skbshinfo-flags when moving...

8.8CVSS6.3AI score0.00135EPSS
Exploits7References3
Rows per page
Query Builder