Lucene search
K

85 matches found

NVD
NVD
added 2026/06/24 9:16 p.m.8 views

CVE-2026-49277

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat does not revoke OAuth bearer or refresh tokens when a user is deactivated. A deactivated user can continue using an existing OAuth...

2.3CVSS0.00215EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 10:16 p.m.14 views

CVE-2026-34657

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to...

5.5CVSS0.00178EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 9:21 p.m.38 views

CVE-2026-34711 CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require...

7.5CVSS0.0043EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 9:21 p.m.30 views

CVE-2026-34712

CVE-2026-34712 affects CAI Content Credentials components [email protected] and c2pa-v0.80.1 (and earlier). The issue is Improper Input Validation, causing a crash and a denial-of-service condition; exploitation does not require user interaction and can be conducted remotely via network. CVSSv3.1 ba...

7.5CVSS5.5AI score0.00407EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-48287

Name of the Vulnerable Software and Affected Versions CAI Content Credentials versions [email protected] and earlier CAI Content Credentials versions c2pa-v0.80.1 and earlier Description An uncontrolled resource consumption issue allows an attacker to exhaust system resources, leading to an...

6.2CVSS5.2AI score0.00153EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/01 5:49 p.m.10 views

CVE-2026-40990 Unbounded cache for function definitions

OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6...

5.7CVSS5.8AI score0.00211EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2026/05/30 12:34 a.m.9 views

CVE-2026-42506 affecting package docker-buildx for versions less than 0.14.0-13

CVE-2026-42506 affecting package docker-buildx for versions less than 0.14.0-13. A patched version of the package is available...

6.1CVSS5.8AI score0.00188EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/25 7:26 p.m.8 views

CVE-2026-24546 WordPress GamiPress plugin <= 7.6.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ruben Garcia GamiPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GamiPress: from n/a through 7.6.3...

5.3CVSS5.8AI score0.00295EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.19 views

PT-2026-42223

Name of the Vulnerable Software and Affected Versions XWiki Platform versions prior to 16.10.17 XWiki Platform versions prior to 17.4.9 XWiki Platform versions prior to 17.10.3 XWiki Platform versions prior to 18.1.0-rc-1 Description The 'POST /wikis/wikiName' API executes a XAR import without...

9.3CVSS5.8AI score0.00594EPSS
Exploits1References7
PostrgeSql
PostrgeSql
added 2026/05/14 12:0 a.m.25 views

Vulnerability in core server (CVE-2026-6478)

PostgreSQL discloses MD5-hashed passwords via covert timing channel Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all...

8.2CVSS5.9AI score0.00558EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.8 views

PT-2026-35899

Name of the Vulnerable Software and Affected Versions WebFlux server application affected versions not specified Description A WebFlux server application that processes multipart requests creates temporary files for parts larger than 10 K. Under certain conditions, these temporary files may not b...

6.5CVSS5.8AI score0.00344EPSS
Exploits0References14
EUVD
EUVD
added 2026/04/16 8:53 p.m.7 views

EUVD-2026-23308

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...

8.7CVSS6.1AI score0.00342EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/15 9:6 a.m.4 views

CVE-2026-3505 Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion.

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...

8.7CVSS5.8AI score0.00758EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.9 views

PT-2026-28738

Name of the Vulnerable Software and Affected Versions D-Link DIR-513 version 1.10 Description A flaw exists in the formSetEmail function within the /goform/formSetEmail file of the D-Link DIR-513. Manipulating the curTime argument can lead to a stack-based buffer overflow. This issue is remotely...

9CVSS6.3AI score0.00764EPSS
Exploits1References13
CVE
CVE
added 2026/03/25 4:33 p.m.15 views

CVE-2026-3988

GitLab CVE-2026-3988 affects GitLab CE/EE prior to 18.8.7, 18.9 prior to 18.9.3, and 18.10 prior to 18.10.1. The issue stems from improper input validation in GraphQL request processing, allowing an unauthenticated attacker to cause a denial of service by making the GitLab instance unresponsive. ...

7.5CVSS5.8AI score0.00478EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/17 7:49 p.m.6 views

GHSA-6GX3-4362-RF54 astral-tokio-tar insufficiently validates PAX extensions during extraction

Impact In versions 0.5.6 and earlier of astral-tokio-tar, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser differential, for example by having...

6.3CVSS5.8AI score0.00249EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/10 7:33 p.m.4 views

CVE-2026-21348 Substance3D - Modeler | Out-of-bounds Read (CWE-125)

Substance3D - Modeler versions 1.22.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that ...

5.5CVSS5.4AI score0.00151EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/01/28 8:32 a.m.5 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume th...

8.1CVSS5.9AI score0.00414EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/24 3:17 p.m.7 views

CVE-2026-24565

Insertion of Sensitive Information Into Sent Data vulnerability in bPlugins B Accordion b-accordion allows Retrieve Embedded Sensitive Data.This issue affects B Accordion: from n/a through = 2.0.2...

6.5CVSS5.9AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.4 views

Ubiquiti多款产品 安全漏洞

Ubiquiti airFiber and others are products of Ubiquiti USA. ubiquiti airFiber is a point-to-point wireless platform. ubiquiti airMAX AC is an outdoor wireless broadband device. ubiquiti airMAX airFiber AF60-XG is an outdoor wireless broadband device. A security vulnerability exists in various...

5.4CVSS7.7AI score0.00269EPSS
Exploits0References2
Rows per page
Query Builder