Lucene search
+L

35998 matches found

EUVD
EUVD
added 9 hours ago3 views

EUVD-2026-45096

OpenClaw before 2026.6.5 could forward Authorization headers during MCP SSE redirects. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization. Impact depends on the operator's...

6.5CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-44925

A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library,...

8.8CVSS6.4AI score
Exploits0References2
Nuclei
Nuclei
added yesterday37 views

Leantime < 2.4 - Authenticated SQL Injection

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

6.5CVSS6.6AI score0.01872EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday38 views

Broadstreet WordPress plugin - Reflected XSS

Broadstreet WordPress plugin 1.51.8 contains a reflected XSS caused by unsanitised and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires victim interaction. id: CVE-2025-4652 info: name: Broadstreet WordPress plugin -...

6.1CVSS6.1AI score0.00464EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday52 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Users Alerts feature /index.php?module=usersalerts/usersalerts of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". id:...

5.4CVSS6.3AI score0.00929EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday1429 views

Microsoft FrontPage Extensions - Information Disclosure

Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /vtibin/ virtual directory. id: CVE-2000-0114 info: name: Microsoft FrontPage Extensions - Information Disclosure author: r3naissance,matejsmycka severity...

5CVSS6.1AI score0.47595EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday50 views

Joomla! Component Property - Local File Inclusion

A directory traversal vulnerability in the Real Estate Property comproperties component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1875 info: name: Joomla...

7.5CVSS6.2AI score0.15722EPSS
Exploits1References5
EUVD
EUVD
added yesterday5 views

EUVD-2026-44862

Loki queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy...

7.5CVSS6.1AI score0.00263EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-15921

Node Version Manager nvm is a POSIX-compliant shell function for managing multiple node.js versions. In versions 0.32.1 through 0.40.5, nvm ls-remote and other commands that refresh remote LTS aliases, such as nvm install --lts parse the node.js mirror's index.tab and use each release's LTS...

3.1CVSS0.00225EPSS
Exploits0References2
OSV
OSV
added 2 days ago3 views

CVE-2026-53514 Better Auth: Unauthorized invitation acceptance via unverified email match in organization plugin

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, and in 1.6.14 and later when invitation IDs can be obtained outside the invited mailbox and requireEmailVerificationOnInvitation: true is not enabled, the organization plugin's acceptInvitation,...

7.7CVSS6.1AI score0.00202EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2 days ago4 views

CVE-2026-48805

A flaw was found in Twig, a template language for PHP. Deprecated internal wrappers in the src/Resources/core.php file do not correctly forward the sandbox state. This allows legacy function calls, such as twigarraysome, to bypass security restrictions imposed by the sandbox. An attacker could...

9.1CVSS6AI score0.00276EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago36 views

CVE-2026-58559

DoS vulnerability in the vibration service. Impact: Successful exploitation of this vulnerability may affect availability...

6.5CVSS0.00142EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-58559

CVE-2026-58559 describes a DoS vulnerability in the vibration service. According to the sources, the vulnerability impacts availability and has a CVSS v3.1 vector of AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (base score 6.5, MEDIUM). The attack is described as NETWORK-based with LOW complexity and requ...

6.5CVSS6.1AI score0.00142EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-44665

DoS vulnerability in the vibration service. Impact: Successful exploitation of this vulnerability may affect availability...

6.5CVSS6.1AI score0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago36 views

CVE-2026-58558

Permission control vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

7.8CVSS0.00084EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-44664

Permission control vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

7.8CVSS6.1AI score0.00084EPSS
Exploits0References2
CVE
CVE
added 2 days ago8 views

CVE-2026-58556

Technical details (affected product/version/root cause/remediation) are not publicly available in the provided documents. Monitor for updates.

5.1CVSS6.1AI score0.0008EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-44663

Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect availability...

5.1CVSS6.1AI score0.0008EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-58556

Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect availability...

5.1CVSS0.0008EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-44660

Design defect vulnerability in Expedition mode. Impact: Successful exploitation of this vulnerability may affect availability...

4.8CVSS6.1AI score0.0007EPSS
Exploits0References1
Rows per page
Query Builder