Lucene search
K

123869 matches found

CVE
CVE
added 5 hours ago5 views

CVE-2026-12923

The Youtube Showcase plugin for WordPress (up to version 4.0.3) is vulnerable to an Arbitrary Function Call via the 'path' parameter in the emd_delete_file() AJAX handler (includes/common-functions.php). A user-supplied value is sanitized, has its trailing '_PLUGIN_DIR' stripped, and is then invo...

7.5CVSS5.9AI score
Exploits0References5
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-40878

UltraVNC through 1.8.2.2 contains an out-of-bounds read in the wide-string to multibyte conversion helper. In rfb/dh.cpp:204, the vncWc2Mb function passes a caller-supplied WCHAR pointer to wcslen before any bounds check. If the caller provides a wide-character buffer that is not properly...

4.3CVSS5.9AI score
Exploits0References2
CVE
CVE
added 6 hours ago3 views

CVE-2026-20460

The CVE-2026-20460 entry describes an information-disclosure flaw in a Modem component caused by improper input validation. An attacker-controlled rogue base station could trigger remote disclosure without needing user interaction or additional privileges. The vulnerability affects the Modem (spe...

6AI score
Exploits0References1
EUVD
EUVD
added 8 hours ago5 views

EUVD-2026-40449

ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext information from encrypted images...

6.3CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-40436

Capgo before 12.128.2 contains an information disclosure vulnerability in the /private/validatepasswordcompliance endpoint that returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated attackers can enumerate valid organization UUIDs by observi...

6.9CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago2 views

EUVD-2026-40696

Uninitialized Use in WebXR in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-40637

Insufficient policy enforcement in Payments in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score
Exploits0References3
CVE
CVE
added yesterday5 views

CVE-2026-13958

CVE-2026-13958 concerns Google Chrome on Windows prior to 150.0.7871.47 where an uninitialized use in the codecs component could allow a remote attacker to read potentially sensitive data from process memory via a crafted HTML page. This is the explicit vulnerability scenario described across mul...

6.5CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-56369

CVE-2026-56369 concerns ImageMagick prior to 7.1.2-22, where an information-disclosure vulnerability arises in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers could potentially recover plaintext from encrypted images because the nonce is reused in the CTR mode. The available...

6.3CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-56327

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.invite_user_to_org RPC that allows unauthenticated attackers to enumerate organization existence by observing distinct error responses. Attackers can call a SECURITY DEFINER function with a publishable API key to...

6.9CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-56318

Capgo before 12.128.2 is affected by an information disclosure vulnerability in /private/validate_password_compliance that lets unauthenticated attackers enumerate valid organization UUIDs via differing responses for malformed, non-existent, and existing IDs. Impact is confidentiality exposure; r...

6.9CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday2 views

CVE-2026-54517

A flaw was found in jackson-databind. A remote attacker can exploit this vulnerability due to an issue in how active-view @JsonView filters are applied. Specifically, setterless collections annotated with a restricted @JsonView can be populated from attacker-controlled JSON even when the active...

5.3CVSS5.7AI score0.00237EPSS
Exploits0References8
EUVD
EUVD
added yesterday4 views

EUVD-2025-210377

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

4.3CVSS5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-13455

A flaw was found in PostgreSQL Anonymizer. Unprivileged masked users can repeatedly call the anon.hash function to collect seed and hash output pairs. This allows an attacker to perform an offline brute-force attack to deduce the salt, potentially leading to information disclosure. Mitigation...

4.3CVSS5.6AI score
Exploits0References4
EUVD
EUVD
added yesterday4 views

EUVD-2026-40401

IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/buildpublictmp/ endpoints that allows an unauthenticated attacker to read build event data or cancel jobs using a valid job identifier, resulting in information disclosure and denial of service...

8.2CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-40398

IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system...

4.3CVSS5.8AI score
Exploits0References1
CVE
CVE
added yesterday15 views

CVE-2026-9836

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability...

3.5CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-40378

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability...

3.5CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday19 views

CVE-2026-9836 IBM DataStage Flow Designer application is affected by an information disclosure vulnerability

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability...

3.5CVSS
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-54475

A flaw was found in Apache ActiveMQ. Temporary destinations, which are designed to be private to a specific connection, can be accessed by other connections due to a missing authorization check. This allows an unauthorized connection to consume messages from another connection's temporary...

8.2CVSS5.6AI score
Exploits0References4
Rows per page
Query Builder