Lucene search
+L

17 matches found

RedhatCVE
RedhatCVE
added 2026/06/22 1:54 p.m.9 views

CVE-2026-47210

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. This sandbox escape vulnerability allows an attacker to execute arbitrary code in the host process. This occurs when untrusted code is executed with asynchronous async support on runtimes that expose WebAssembly...

9.8CVSS6.1AI score0.00507EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/10 1:37 p.m.12 views

@hulumi/policies bypasses policy packs with a forged Pulumi-URN logical name

Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-693 Protection Mechanism Failure Summary Pulumi gives every cloud resource a structured URN that includes the resource's type chain hulumi:baseline:aws:SecureBucket$aws:s3/bucketV2:BucketV2 and the logical name the develope...

5.5AI score0.00052EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48475

Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-693 Protection Mechanism Failure Summary Pulumi gives every cloud resource a structured URN that includes the resource's type chain hulumi:baseline:aws:SecureBucket$aws:s3/bucketV2:BucketV2 and the logical name the develope...

8.4CVSS5.5AI score0.00052EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.10 views

CVE-2026-8327

Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass. The user-profile edit controller passes the entire raw POST array to UserInfo::update without field whitelisting resulting in password change without requiring the current...

5.3CVSS5.5AI score0.00182EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 9:15 p.m.10 views

CVE-2026-8327 Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass.

Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass. The user-profile edit controller passes the entire raw POST array to UserInfo::update without field whitelisting resulting in password change without requiring the current...

5.3CVSS5.8AI score0.00182EPSS
Exploits0References1
OSV
OSV
added 2026/05/21 9:15 p.m.2 views

CVE-2026-8327 Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass.

Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass. The user-profile edit controller passes the entire raw POST array to UserInfo::update without field whitelisting resulting in password change without requiring the current...

5.3CVSS6AI score0.00182EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/02 9:43 p.m.5 views

CVE-2026-23417

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF component. This vulnerability occurs because the BPFST | BPFPROBEMEM32 immediate stores are not correctly handled by the constant blinding mechanism. As a result, user-controlled 32-bit immediate values can remain unblinded in...

5.5CVSS5.9AI score0.00116EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.4 views

CVE-2026-31857

Craft is a content management system CMS. Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig...

9.3CVSS5.9AI score0.00665EPSS
Exploits0References1
OSV
OSV
added 2026/03/11 2:56 p.m.8 views

GHSA-FP5J-J7J4-MCXC CraftCMS has an RCE vulnerability via relational conditionals in the control panel

A Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig rendering function with escaping disabled. Any authenticated Control...

9.3CVSS5.9AI score0.00665EPSS
Exploits0References4
CVE
CVE
added 2025/09/04 5:15 p.m.442 views

CVE-2025-32312

CVE-2025-32312 affects Android’s PackageParser.java, specifically the function createIntentsList. Root cause: unsafe deserialization that bypasses lazy bundle hardening, allowing modified data to flow to the next process. Impact: local privilege escalation with no additional privileges required; ...

7.8CVSS6.3AI score0.00092EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/03/07 9:15 a.m.5 views

CVE-2022-0440

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog ie DISALLOWUNFILTEREDHTML, DISALLOWFILEEDIT and DISALLOWFILEMODS...

7.2CVSS7.1AI score0.0142EPSS
Exploits2References2
Debian
Debian
added 2022/01/23 7:9 p.m.184 views

[SECURITY] [DLA 2884-1] wordpress security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2884-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta January 17, 2022 https://wiki.debian.org/LTS -...

8.8CVSS8.3AI score0.97795EPSS
Exploits15
OpenVAS
OpenVAS
added 2022/01/11 12:0 a.m.23 views

Debian: Security Advisory (DSA-5039-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.6AI score0.97795EPSS
Exploits15References4
OSV
OSV
added 2022/01/06 11:15 p.m.2 views

DEBIAN-CVE-2022-21663

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

7.2CVSS7.4AI score0.03695EPSS
Exploits1References1
0day.today
0day.today
added 2021/04/09 12:0 a.m.66 views

Google Chrome SimplfiedLowering Integer Overflow Exploit

This Metasploit module exploits an issue in Google Chrome versions before 87.0.4280.88 64 bit. The exploit makes use of an integer overflow in the SimplifiedLowering phase in turbofan. It is used along with a typer hardening bypass using ArrayPrototypeShift to create a JSArray with a length of -1...

6.5CVSS7.7AI score0.99595EPSS
Exploits14
ripstech
ripstech
added 2020/01/21 6:27 a.m.55 views

WordPress <= 5.2.3: Hardening Bypass

WordPress Hardening Mechanisms WordPress per default allows users with the administrator role to install plugins and even edit the .php files of plugins from within the admin dashboard. Although this allows for the easy modification of plugins and themes, it also allows malicious administrators t...

6.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2015/09/22 12:17 p.m.5 views

flash-plugin: information leaks and hardening bypass fixed in APSB15-23

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service vector-length corruption ...

10CVSS5.9AI score0.19871EPSS
Exploits1References5
Rows per page
Query Builder