Lucene search
K

6946 matches found

NVD
NVD
added 2026/06/04 6:16 a.m.11 views

CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

5.9CVSS0.00218EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 6:16 a.m.4 views

ALPINE-CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

5.9CVSS5.8AI score0.00218EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.12 views

PT-2026-46194

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted...

8.7CVSS6.5AI score0.00388EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

Kurt Yazılım WriteUp Mobile App 安全漏洞

Kurt Yazılım WriteUp Mobile App is a story creation and reading community platform developed by the Turkish company Kurt Yazılım. There are security vulnerabilities in the Kurt Yazılım WriteUp Mobile App version 1.3.0 up to version 04062026. These vulnerabilities stem from improper access control...

8.8CVSS5.3AI score0.00245EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

GX Group Earth 2022 ONT 操作系统命令注入漏洞

GX Group Earth 2022 ONT is an FTTH optical network terminal device developed by the Turkish company GX Group. The GX Group Earth 2022 ONT has a vulnerability related to operating system command injection. This vulnerability arises from improper handling of user input by multiple diagnostic...

8.7CVSS6.1AI score0.00388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/03 10:1 p.m.13 views

CVE-2026-10295

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function addreview/savereview/getallreviews of the file reviewapp.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local approac...

4.8CVSS5.5AI score0.0012EPSS
Exploits0References1
OSV
OSV
added 2026/06/03 4:14 p.m.7 views

DRUPAL-CONTRIB-2026-042

This module provides spam protection using the CleanTalk cloud service. The module doesn't sufficiently sanitize API response messages before rendering them in HTML output. The cleantalkdie and ctdie functions output the CleanTalk API response message directly into HTML without proper sanitizatio...

5.9AI score
Exploits0References1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.8 views

Student-Management-System 授权问题漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. There is a vulnerability related to authorization in Student-Management-System, which stems from unknown functions of the Administrative Backend component in the admin/config.php file. This...

7.5CVSS7.3AI score0.00405EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/02 10:29 p.m.34 views

PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions

A flaw was found in PHP. Some functions, including urldecode, incorrectly pass signed characters to character type ctype functions. On certain systems, this can lead to accessing memory with a negative offset. This vulnerability can be exploited by an attacker to trigger a denial of service DoS,...

7.5CVSS5.7AI score0.00337EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/02 9:27 p.m.9 views

CVE-2025-15653

Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...

7CVSS5.8AI score0.00169EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/02 2:1 p.m.40 views

CVE-2026-10622 CVE-2026-10622

Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/ endpoints...

0.00442EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 2:1 p.m.13 views

EUVD-2026-33930

Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/ endpoints...

8.2CVSS5.8AI score0.00442EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:48 a.m.8 views

CVE-2026-4081

The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the zemstl shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'url', 'color', and 'bgcolor'...

6.4CVSS6AI score0.00241EPSS
Exploits0References10
OSV
OSV
added 2026/06/02 5:23 a.m.11 views

MGASA-2026-0171 Updated libcaca packages fix security vulnerability

Heap OOB write in canvas import functions caused by int overflow. CVE-2026-42046...

7.8CVSS5.8AI score0.00223EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/02 12:31 a.m.12 views

EUVD-2026-33835

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function addreview/savereview/getallreviews of the file reviewapp.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local approac...

4.8CVSS5.5AI score0.0012EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation of untrusted inputs by network functions, which could allow remote attackers to...

6.5CVSS5.3AI score0.00176EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

WordPress plugin Constructor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.5AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Student-Management-System 授权问题漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. There is a vulnerability in the student-management-system’s authorization mechanism; this vulnerability stems from improper authentication of unknown functions, which may lead to remote attac...

7.5CVSS5.4AI score0.00498EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.17 views

PT-2026-45746

Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/ endpoints...

5.8AI score0.00442EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.8 views

AlmaLinux 9 : php:8.2 (ALSA-2026:22143)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:22143 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...

8.8CVSS5.9AI score0.0076EPSS
Exploits1References6
Rows per page
Query Builder