Lucene search
K

130315 matches found

BDU FSTEC
BDU FSTEC
added 9 hours ago17 views

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

8.4CVSS6AI score0.00456EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 12 hours ago4 views

firefox: thunderbird: Use-after-free in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Networking: HTTP component...

8.8CVSS6AI score0.00382EPSS
Exploits0References6
Nuclei
Nuclei
added 14 hours ago46 views

Web Directory Free < 1.7.0 - SQL Injection

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based. id: CVE-2024-3552 info: name: Web Directory Free 1.7.0 - SQL...

9.8CVSS6.1AI score0.67288EPSS
Exploits4References2
Nuclei
Nuclei
added 14 hours ago38 views

Web Directory Free < 1.7.3 - Local File Inclusion

The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include, which could lead to Local File Inclusion issues. id: CVE-2024-3673 info: name: Web Directory Free 1.7.3 - Local File Inclusion author: s4e-io severity: critical description: | The Web...

9.1CVSS7AI score0.05578EPSS
Exploits2References3
Nuclei
Nuclei
added 14 hours ago12 views

Guten Free Options - Cross Site Scripting

Guten Free Options WordPress plugin = 0.9.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click malicious link. id: CVE-2024-13492 info: name: Guten Free...

6.1CVSS7AI score0.00568EPSS
Exploits1References1
Nuclei
Nuclei
added 14 hours ago31 views

JustRows WordPress - Cross-Site Scripting

JustRows free WordPress plugin v0.2 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

7.1CVSS7AI score0.00556EPSS
Exploits1References1
Nuclei
Nuclei
added 14 hours ago119 views

My Geo Posts Free <= 1.2 - PHP Object Injection

The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If ...

9.8CVSS7.2AI score0.0307EPSS
Exploits0References4
Nuclei
Nuclei
added 14 hours ago37 views

WordPress Title Experiments Free <9.0.1 - SQL Injection

WordPress Title Experiments Free plugin before 9.0.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via the wpextitles AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive...

9.8CVSS7.1AI score0.10079EPSS
Exploits2References5
Nuclei
Nuclei
added 14 hours ago44 views

WordPress WP Video Gallery <=1.7.1 - SQL Injection

WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...

9.8CVSS7.1AI score0.09238EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 15 hours ago6 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 shadow paging mechanism. This use-after-free vulnerability arises from incorrect handling of Guest Frame Numbers GFNs when guest page tables are modified. A local attacker with control over a guest virtual machine could...

8.8CVSS6.5AI score0.00126EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 15 hours ago9 views

kernel: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change

In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in etsqdiscchange [email protected] says: The vulnerability is a race condition between etsqdiscdequeue and etsqdiscchange. It leads to UAF on stru...

7.5CVSS6.3AI score0.00151EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 15 hours ago5 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...

7.1AI score0.00176EPSS
Exploits3References6
RedHat Linux
RedHat Linux
added 15 hours ago6 views

kernel: iommu: disable SVA when CONFIG_X86 is set

A security vulnerability was found in the Linux kernel's IOMMU Shared Virtual Addressing SVA implementation on x86 architecture. When SVA is enabled, the IOMMU caches kernel page table entries. Since the kernel lacks a mechanism to notify the IOMMU when kernel page table pages are freed and...

7.8CVSS6.7AI score0.00145EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 15 hours ago7 views

kernel: rtmutex: Use waiter::task instead of current in remove_waiter()

A flaw was found in the Linux kernel. When the kernel's real-time mutex rtmutex component performs a specific operation called 'proxy-lock rollback' during futex requeue, it incorrectly handles task pointers. This can lead to a 'Use-After-Free' UAF vulnerability, where the system attempts to use...

7.8CVSS6.8AI score0.00125EPSS
Exploits12References6
RedHat Linux
RedHat Linux
added yesterday6 views

Important: Red Hat Security Advisory: compat-openssl11 security update

An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

8.8CVSS6.9AI score0.02719EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added yesterday3 views

openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...

8.8CVSS6.2AI score0.02719EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added yesterday5 views

Important: Red Hat Security Advisory: compat-openssl11 security update

An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

8.8CVSS6.1AI score0.02719EPSS
Exploits0References3
EUVD
EUVD
added yesterday6 views

EUVD-2026-43492

Use After Free vulnerability has been found in "io.c" program file of gawk dogetlineredir routine. This issue may lead to a crash. It affects gawk in versions 5.4.0 and below...

7.5CVSS6AI score
Exploits0References2
CVE
CVE
added yesterday11 views

CVE-2026-40467

CVE-2026-40467 is a use-after-free in the gawk project. The issue occurs in the io.c file within the do_getline_redir() routine and affects gawk versions 5.4.0 and earlier. The vulnerability can cause a crash due to a dangling pointer, per the public descriptions. Connected sources confirm the co...

7.5CVSS6AI score
Exploits0References2Affected Software1
NVD
NVD
added yesterday3 views

CVE-2026-57396

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Flintop Free Gifts for WooCommerce free-gifts-for-woocommerce allows Stored XSS.This issue affects Free Gifts for WooCommerce: from n/a through = 13.1.0...

7.1CVSS0.00251EPSS
Exploits0References1
Rows per page
Query Builder