Lucene search
K

4437 matches found

Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.17 views

PT-2026-38892

Name of the Vulnerable Software and Affected Versions User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration versions prior to 4.3.2 Description Insufficient input validation and type checking on the wpuf files parameter during form submission, combine...

8.8CVSS6.2AI score0.00951EPSS
Exploits0References23
RedHat Linux
RedHat Linux
added 2026/05/07 3:46 p.m.16 views

Important: Red Hat Security Advisory: General availability of the satellite/iop-host-inventory-frontend-rhel9 container image

A new satellite/iop-host-inventory-frontend-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running...

9.8CVSS6.6AI score0.01735EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/07 3:45 p.m.14 views

Important: Red Hat Security Advisory: General availability of the satellite/iop-advisor-frontend-rhel9 container image

A new satellite/iop-advisor-frontend-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services...

9.8CVSS6.5AI score0.01735EPSS
Exploits0References7
OSV
OSV
added 2026/05/07 3:55 a.m.4 views

MAL-2026-3363 Malicious code in mrdaa-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 757aca74d8d75ecde7421f2c632969a5b34c11a279d9d28b75755c2ca0825ceb The package mrdaa-frontend was found to contain malicious code. Source: ghsa-malware 0b6c586cd7adad52516658de8bbb3eb18f166350414f223fd73fe34a240d6948...

5.8AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/07 2:16 a.m.11 views

SUSE CVE-2026-43249

In the Linux kernel, the following vulnerability has been resolved: 9p/xen: protect xen9pfsfrontfree against concurrent calls The xenwatch thread can race with other back-end change notifications and call xen9pfsfrontfree twice, hitting the observed general protection fault due to a double-free...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References12
OSV
OSV
added 2026/05/06 10:11 p.m.4 views

GHSA-Q98M-7W8C-W388 Kyverno policy-reporter-ui has XSS via Stored Property Values in PropertyCard Component

Summary Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentionally disables the auto-escaping that interpolation provides. The PropertyCard.vue component uses v-html for the else branch of the URL check, meaning any non-URL string value flows...

6.1CVSS6AI score0.00183EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/06 11:28 a.m.37 views

CVE-2026-43249 9p/xen: protect xen_9pfs_front_free against concurrent calls

In the Linux kernel, the following vulnerability has been resolved: 9p/xen: protect xen9pfsfrontfree against concurrent calls The xenwatch thread can race with other back-end change notifications and call xen9pfsfrontfree twice, hitting the observed general protection fault due to a double-free...

8.8CVSS0.00241EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/05/06 11:28 a.m.6 views

CVE-2026-43249

In the Linux kernel, the following vulnerability has been resolved: 9p/xen: protect xen9pfsfrontfree against concurrent calls The xenwatch thread can race with other back-end change notifications and call xen9pfsfrontfree twice, hitting the observed general protection fault due to a double-free...

8.8CVSS5.7AI score0.00241EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/05 10:17 p.m.12 views

sse-channel: SSE Injection via unsanitized event fields

Impact Implementations that allows user-provided values to be passed to event, retry or id fields would be susceptible to event spoofing, where an attacker could inject arbitrary messages into the stream. - Event Spoofing: Attacker can inject arbitrary SSE events into the stream - Client-side...

8.7CVSS5.9AI score0.0041EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/05 1:30 a.m.9 views

CLSA-2026-1777944610 grafana: Fix of CVE-2026-27877

CVE-2026-27877: fix exposure of direct data-source passwords via public dashboards by limiting frontend settings to data sources actually used by the dashboard - Note: upstream test additions in pkg/api/frontendsettingstest.go are not backported. The %check stage only runs the Jest frontend suite...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.8 views

CVE-2026-5337

During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...

6.5CVSS5.8AI score0.00212EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/04 4:45 a.m.37 views

CVE-2026-7733 funadmin Frontend Chunked Upload Endpoint UploadService.php chunkUpload unrestricted upload

A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to ...

7.5CVSS0.00294EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/04 4:45 a.m.4 views

CVE-2026-7733 funadmin Frontend Chunked Upload Endpoint UploadService.php chunkUpload unrestricted upload

A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to ...

7.5CVSS6.7AI score0.00294EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

FunAdmin 访问控制错误漏洞

FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin 7.1.0-rc6 and earlier contain an access control vulnerability. This vulnerability stems from the UploadService::chunkUpload function in the Frontend Chunked Upload Endpoint, where the...

7.5CVSS7.1AI score0.00294EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/03 12:35 p.m.8 views

Malicious code in @breezeai-frontend/i18n-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6ac9fdcbcce08cc6f8e7c4cef2e5fee0a6d39a79341be57b71f5bb219743e05 The package @breezeai-frontend/i18n-config was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/03 12:35 p.m.9 views

MAL-2026-3293 Malicious code in @breezeai-frontend/i18n-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6ac9fdcbcce08cc6f8e7c4cef2e5fee0a6d39a79341be57b71f5bb219743e05 The package @breezeai-frontend/i18n-config was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
NVD
NVD
added 2026/05/03 7:16 a.m.21 views

CVE-2026-5337

During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...

6.5CVSS0.00212EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/03 6:0 a.m.5 views

EUVD-2026-26818

During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...

5.8AI score0.00212EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/03 6:0 a.m.6 views

CVE-2026-5337

During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...

5.8AI score0.00212EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/03 6:0 a.m.39 views

CVE-2026-5337 Frontend File Manager Plugin <= 23.6 - Subscriber+ Arbitrary Download Access via IDOR

During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...

0.00212EPSS
Exploits0References1
Rows per page
Query Builder