Lucene search
K

1359 matches found

EUVD
EUVD
added 2 days ago7 views

EUVD-2026-42010

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...

6AI score0.0014EPSS
Exploits0References1
CVE
CVE
added 2 days ago15 views

CVE-2026-10834

CVE-2026-10834 affects the WP Travel Engine WordPress plugin prior to 6.8.1. The issue arises from insufficient validation of the source of a user-supplied profile image path before moving the file, enabling authenticated users with subscriber-level access and above to relocate arbitrary files wi...

6AI score0.0014EPSS
Exploits0References1
OSV
OSV
added 6 days ago2 views

OPENSUSE-SU-2026:21222-1 Security update for systemd

This update for systemd fixes the following issues: Changes in systemd: - Better handle TLS allocation failure bsc1254924. - Disable mounting debugfs by default jscPED-8812. - Import commit 9e8b5afe0fb2061f4a17a3022469dd62f2683960 bsc1267647 bsc1267644 bsc1262305 bsc1263117. - Move systemd-pcrloc...

6AI score
Exploits0References12
OSV
OSV
added last week3 views

GHSA-V5FF-XMFP-P245 electerm has Command Injection in File System Operations (rmrf, mv, cp)

Impact A command injection vulnerability exists in electerm's file system operations rmrf, mv, cp in src/app/lib/fs.js. These functions construct shell commands by interpolating file paths directly into command strings without escaping shell metacharacters. Vulnerable functions: - rmrf - Uses rm...

8.8CVSS6.2AI score0.00072EPSS
Exploits0References3
EUVD
EUVD
added last week7 views

EUVD-2026-41215

Craft CMS: Authorization bypass in entries/move-to-section via missing target-section save check...

6CVSS5.8AI score0.00273EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-50282

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/02 12:31 a.m.7 views

EUVD-2026-41210

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS6.5AI score0.00601EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 12:16 a.m.7 views

CVE-2026-50280

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 and above prior to 5.9.21, the EntriesController::actionMoveToSection endpoint gates the destination section only by viewEntries:$section-uid rather than requiring saveEntries permission the source entry is separately checked via...

6CVSS0.00273EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.14 views

PT-2026-55266

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.20 Craft CMS versions 4.0.0-RC1 through 4.17.13 Description An authorization issue exists where a forced folder move can delete a conflicting destination folder even if the user lacks the required...

7.1CVSS6AI score0.00207EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/01 11:43 p.m.35 views

CVE-2026-50280 Craft CMS: Authorization bypass in `entries/move-to-section` via missing target-section save check

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 and above prior to 5.9.21, the EntriesController::actionMoveToSection endpoint gates the destination section only by viewEntries:$section-uid rather than requiring saveEntries permission the source entry is separately checked via...

6CVSS0.00273EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 11:43 p.m.17 views

CVE-2026-50280

Craft CMS contains an authorization bypass in the entries/move-to-section endpoint (EntriesController::actionMoveToSection). In versions 5.0.0-RC1 through below 5.9.21, destination section gate relies only on viewEntries:$section->uid instead of requiring saveEntries permission; source entry p...

6CVSS5.7AI score0.00273EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 11:16 p.m.7 views

CVE-2026-14439

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS0.00601EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 1:32 p.m.33 views

CVE-2026-53332 slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd

In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd When the remoteproc starts in parallel with the NGD driver being probed, or the remoteproc is already up when the PDR lookup is being registered, or in the...

0.00168EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/01 1:32 p.m.6 views

EUVD-2026-40962

In the Linux kernel, the following vulnerability has been resolved: schedext: Don't warn on NULL cgrpmovingfrom in scxcgroupmovetask A WARN fires when systemd's user manager writes "+cpu +memory +pids" to its own subtreecontrol while a schedext scheduler is loaded: WARNING: at...

5.8AI score0.00168EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/07/01 1:32 p.m.4 views

CVE-2026-53328

In the Linux kernel, the following vulnerability has been resolved: schedext: Don't warn on NULL cgrpmovingfrom in scxcgroupmovetask A WARN fires when systemd's user manager writes "+cpu +memory +pids" to its own subtreecontrol while a schedext scheduler is loaded: WARNING: at...

5.7AI score0.00168EPSS
Exploits0
EUVD
EUVD
added 2026/06/30 4:30 a.m.7 views

EUVD-2026-40253

The PixMagix – WordPress Image Editor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.2 via the moveimageonserver function. This makes it possible for authenticated attackers, with author-level access and above, to write files with...

6.5CVSS5.9AI score0.00541EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:39 p.m.7 views

CVE-2026-44732

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, OpenProject exposes a document update endpoint used to modify existing documents. The target document is loaded with visibility checks and then updated. During update, attacker-controlled attributes are...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/25 1:41 p.m.17 views

CVE-2026-47152

CVE-2026-47152 affects EmberZNet v9.0.2 and earlier. A malformed Level Control Move command (from a device already joined to the network, impacting devices that support the Level Control cluster) can trigger a divide-by-zero fault, terminating the process. Impact is aligned with the CVSS data: hi...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/24 6:32 p.m.4 views

EUVD-2026-38833

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttmboswapout infinite LRU walk on swapout failure When ttmttswapout fails, the current code calls ttmresourceaddbulkmove followed by ttmresourcemovetolrutail to restore the resource's bulkmove membership. However,...

5.8AI score0.00167EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:28 p.m.6 views

CVE-2026-52965

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttmboswapout infinite LRU walk on swapout failure When ttmttswapout fails, the current code calls ttmresourceaddbulkmove followed by ttmresourcemovetolrutail to restore the resource's bulkmove membership. However,...

5.8AI score0.00167EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder