Lucene search
K

13 matches found

CVE
CVE
added 2026/06/16 4:15 p.m.19 views

CVE-2026-42089

The CVE concerns yeoman-environment. Vulnerable versions 2.9.0 through 6.0.0 install missing local generator packages from attacker-controlled names without user confirmation, via installLocalGenerators() calling repository.install(). This can cause arbitrary package installation and code executi...

8.6CVSS5.9AI score0.00139EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/26 4:2 p.m.12 views

EUVD-2026-31852

Traccar is an open source GPS tracking system. Prior to 6.13.0, DeviceResource.uploadImage authorizes the target device only through Condition.PermissionUser.class, getUserId, Device.class and then immediately streams the uploaded body into mediaManager.createFileStream.... Unlike the generic...

5.3CVSS5.8AI score0.00185EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.5 views

Unity Linux 20.1070a Security Update: pcs (UTSA-2026-007275)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007275 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's...

7.5CVSS6.4AI score0.00396EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/08 7:34 p.m.3 views

CVE-2026-35518

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS CNAME records configuration parameter dns.cnameRecords. This vulnerability allows a...

8.8CVSS6.2AI score0.00686EPSS
Exploits1References1
CVE
CVE
added 2026/04/07 3:19 p.m.19 views

CVE-2026-35520

Pi-hole FTLDNS (pihole-FTL) versions 6.0 through

8.8CVSS6.2AI score0.00701EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/03/31 9:16 p.m.16 views

CVE-2026-34404

CVE-2026-34404 affects Nuxt OG Image. The vulnerability is in the image-generation component accessed via /_og/d/ (and older /og-image/), where unbounded width/height parameters allow a Denial of Service. Affected versions prior to 6.2.5 are exploitable; the issue has been patched in version 6.2....

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/03/09 9:37 p.m.52 views

CVE-2026-28687

ImageMagick (MSL decoder) is affected by a heap use-after-free in the MSL decoding path prior to 7.1.2-16 and 6.9.13-41. A freed memory access is triggered by crafting an MSL file, leading to potential memory corruption. The issue is fixed in 7.1.2-16 and 6.9.13-41. Remediation: upgrade to those ...

5.3CVSS5.8AI score0.00243EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 9:34 p.m.3 views

CVE-2026-27939 Statamic allows Authenticated Control Panel users to escalate privileges via elevated session bypass

Statmatic is a Laravel and Git powered content management system CMS. Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensiti...

8.8CVSS5.9AI score0.00386EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.12 views

PT-2026-2940

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long a...

7.7CVSS6.5AI score0.00306EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-46724

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled usi...

8.6CVSS7.3AI score0.04012EPSS
Exploits0References2
OSV
OSV
added 2023/12/14 6:15 p.m.2 views

DEBIAN-CVE-2023-50269

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to...

7.5CVSS7.7AI score0.57627EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.3 views

PT-2022-35078 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue is related to a refcount leak in the tegra210 clock init function. It was introduced in version v4.5 and fixed in version v6.0.3. The actual impact and attack plausibility have not...

7.1AI score
Exploits0References1
OSV
OSV
added 2018/08/15 12:29 p.m.2 views

CVE-2018-13394

The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery CSRF vulnerability...

6.5CVSS5.8AI score0.00841EPSS
Exploits0References2
Rows per page
Query Builder