Lucene search
+L

334 matches found

Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-63845 drm/amdgpu/jpeg: set no_user_fence for JPEG v4.0 ring

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/jpeg: set nouserfence for JPEG v4.0 ring JPEG rings do not support 64-bit user fence writes, reject CS submissions with user fences. cherry picked from commit 8d0cac9478a3f046279c657d6a2545de49ae675a...

Exploits0References5
OSV
OSV
added 11 hours ago7 views

ROOT-OS-UBUNTU-2404-CVE-2025-68188 CVE-2025-68188 in rootio-linux - Patched by Root

Root has patched CVE-2025-68188 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.5CVSS5.4AI score0.00172EPSS
Exploits0
OSV
OSV
added 2 days ago8 views

GHSA-MHWW-P97M-3368 AWS-JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance

Aurora PostgreSQL is a fully managed relational database engine that's compatible with PostgreSQL. The team has identified CVE-2026-11400, an issue in Aurora PostgreSQL using the AWS Advanced JDBC Wrapper Impact An issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege...

8.6CVSS5.3AI score0.00305EPSS
Exploits0References6
NVD
NVD
added 2026/07/07 4:17 a.m.11 views

CVE-2026-42172

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Sanctum API tokens did not expire, allowing a leaked token to retain access indefinitely until manually revoked. This issue is fixed in version 4.0.0-beta.474...

3.1CVSS0.00188EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/07 2:56 a.m.5 views

EUVD-2026-41982

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...

8.8CVSS6AI score0.0034EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:21 p.m.7 views

CVE-2026-34594

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, an authenticated command injection vulnerability in the Destination Network Management functionality allows users with destination management permissions to execute arbitra...

8.8CVSS6.6AI score0.01092EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/26 2:53 p.m.5 views

EUVD-2026-39744

Administrator SQL Injection in WP All Import = 4.0.1 versions...

7.6CVSS5.8AI score0.00279EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 6:35 p.m.14 views

EUVD-2026-37647

Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37653

Unauthenticated Local File Inclusion in Right Way = 4.0 versions...

8.1CVSS5.2AI score0.00363EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 5:21 p.m.36 views

CVE-2026-30803

CVE-2026-30803 describes an Integer Underflow in RTI Connext Micro (Core Libraries) that allows an overread of buffers. Affected is Connext Micro versions from 4.0.0 up to, but not including, 4.3.0. The description provided does not specify a disclosed exploit, mitigation, or a confirmed fix vers...

9.1CVSS5.2AI score0.00296EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/15 9:30 p.m.12 views

EUVD-2026-36969

Subscriber Arbitrary File Upload in WP-BusinessDirectory = 4.0.0 versions...

9.9CVSS5.2AI score0.00465EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 8:0 p.m.30 views

CVE-2026-45384 bit7z: Arbitrary File Overwrite via Symlink Attack on Predictable Temp File During Archive Update

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12...

6.1CVSS0.00125EPSS
Exploits0References2
Chainguard
Chainguard
added 2026/06/09 7:18 p.m.16 views

CVE-2026-46340 vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-4.0, pinot-fips, thingsboard, management-api-for-apache-cassandra-4.1, apache-hop-fips, trino, pinot, celeborn, apache-hop, seata, tez, management-api-for-apache-cassandra-5.0...

7.5CVSS5.1AI score0.0038EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.24 views

PT-2026-48266

Evoluted PHP Directory Listing Script through 4.0.5 contains a reflected cross-site scripting vulnerability in index.php where the dir parameter value is reflected without HTML encoding inside the HTML title element and inside anchor href attributes in the breadcrumb navigation. Attackers can...

5.4CVSS5.5AI score0.00187EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-33807

@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time,...

9.1CVSS5.4AI score0.0043EPSS
Exploits1References1
OSV
OSV
added 2026/06/04 12:4 p.m.12 views

RLSA-2026:20606 Important: ruby4.0 security update

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible. Security Fixes: ruby/json: Ruby JSON: Denial of Service or Informatio...

9.1CVSS6.2AI score0.01131EPSS
Exploits0References3
NVD
NVD
added 2026/06/03 11:16 a.m.13 views

CVE-2025-14774

Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

7.4CVSS0.0018EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 9:16 a.m.7 views

CVE-2025-14771

Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

9.9CVSS5.8AI score0.00347EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.15 views

PT-2026-45907

Name of the Vulnerable Software and Affected Versions ABB T-MAC Plus version 4.0-24 Description A file disclosure issue exists in the ABB T-MAC Plus web application and the ABB T-MAC plus Server - Default IIS Web Site, where files or directories are accessible to external parties. Recommendations...

9.9CVSS5.4AI score0.00347EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/02 5:28 p.m.37 views

CVE-2026-1829 Content Visibility for Divi Builder <= 4.02 - Authenticated (Contributor+) Remote Code Execution

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...

8.8CVSS0.00682EPSS
Exploits0References3
Rows per page
Query Builder