Lucene search
+L

7592 matches found

ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2024-58367

SurrealDB versions before 2.0.4 fail to properly enforce field permissions during SELECT, UPDATE, and DELETE operations, allowing authorized users to access unauthorized field values through various query techniques. Attackers can exploit SELECT VALUE operations, field aliasing, function argument...

7.1CVSS5.2AI score
Exploits0References3
Nuclei
Nuclei
added yesterday69 views

Navigate CMS 2.9.4 - Server-Side Request Forgery

Navigate CMS 2.9.4 is susceptible to server-side request forgery via feedparser class. This can allow a remote attacker to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter, thus enabling possible theft of sensitive information, data...

4.9CVSS5.5AI score0.22903EPSS
Exploits6References5
CVE
CVE
added 2 days ago33 views

CVE-2026-45260

Pimcore WebDAV MOVE vulnerability (CVE-2026-45260) enables remote asset deletion/overwrite due to missing authentication in the WebDAV controller and Tree::move() path. The WebDAV endpoint at /asset/webdav{path} proceeds to mutate assets before validating the current user or permissions, and Asse...

8.1CVSS5.3AI score0.00427EPSS
Exploits0References4
CVE
CVE
added 2 days ago13 views

CVE-2026-63308

Helm

5.3CVSS5.4AI score0.00234EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2 days ago12 views

kernel: xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete

A flaw was found in the Linux kernel's xfrm IPSec framework subsystem. This vulnerability, a use-after-free, occurs when the system incorrectly manages memory related to security policies, specifically during the deletion of xfrmstate lists. An attacker with local access could exploit this flaw b...

7.8CVSS6.3AI score0.0013EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-60806

Helm through 4.2.3, fixed in commit ba6c9a2, contains a denial of service vulnerability in the Files.Lines template helper in pkg/engine/files.go that allows attackers to trigger an index out of range panic by including zero-length byte slices in chart files. Attackers can include empty files in...

5.3CVSS5.3AI score0.00234EPSS
Exploits0References4
OSV
OSV
added 3 days ago4 views

CVE-2026-44174 Kirby: Arbitrary Method Call via REST API search and collection query endpoints

Kirby is an open-source content management system. Prior to 4.9.1 and 5.4.1, Kirby did not validate the model attributes that were used in its collection queries, allowing attackers to include arbitrary model methods in their queries. This includes methods with sensitive data such as password...

8.7CVSS5.5AI score0.0028EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago63 views

Micro Focus UCMDB - Remote Code Execution

Micro Focus UCMDB is susceptible to remote code execution. Impacted products include Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions, and Operations Bridge containerized 2020.05, 2019.08, 2019.0...

10CVSS7.2AI score0.74232EPSS
Exploits3References5
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-44745

Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refreshtoken grant performs a non-atomic read, validate, revoke, and mint sequence on the oauthRefreshToken row, allowing...

8.1CVSS6.1AI score0.00413EPSS
Exploits0References3
OSV
OSV
added 4 days ago4 views

DEBIAN-CVE-2026-61865

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the hough lines operation: when a specific operation fails, a small memory leak occurs...

2.1CVSS6.1AI score0.00102EPSS
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-61866

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob operations, causing resource exhaustion...

7.5CVSS0.00187EPSS
Exploits0References2
NVD
NVD
added 4 days ago5 views

CVE-2026-61864

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in color transformation to the log colorspace: when the operation fails, a small amount of memory is not released...

2.9CVSS0.00102EPSS
Exploits0References2
NVD
NVD
added 4 days ago9 views

CVE-2026-61865

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the hough lines operation: when a specific operation fails, a small memory leak occurs...

2.9CVSS0.00102EPSS
Exploits0References2
OSV
OSV
added 4 days ago6 views

DEBIAN-CVE-2026-61859

ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths that are otherwise disallowed by the configured security policy...

4.8CVSS6.1AI score0.00124EPSS
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-61859

ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths that are otherwise disallowed by the configured security policy...

4.8CVSS0.00124EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-44614

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the hough lines operation: when a specific operation fails, a small memory leak occurs...

2.9CVSS6.1AI score0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-61859 ImageMagick before 7.1.2-26 Policy Bypass via script operation

ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths that are otherwise disallowed by the configured security policy...

4.8CVSS0.00124EPSS
Exploits0References2
OSV
OSV
added 4 days ago4 views

CVE-2026-61859 ImageMagick before 7.1.2-26 Policy Bypass via script operation

ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths that are otherwise disallowed by the configured security policy...

4.8CVSS6.1AI score0.00124EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-44609

ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths that are otherwise disallowed by the configured security policy...

4.8CVSS6.1AI score0.00124EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 4 days ago10 views

CVE-2026-61859

ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths that are otherwise disallowed by the configured security policy...

4.8CVSS6.1AI score0.00124EPSS
Exploits0References2
Rows per page
Query Builder