Lucene search
K

15102 matches found

CNNVD
CNNVD
added 2026/05/04 12:0 a.m.7 views

Arelle 访问控制错误漏洞

Arelle is an open-source XBRL platform developed by Arelle Open Source. It supports data validation and integration. Versions of Arelle prior to 2.39.10 contained a security vulnerability related to access control. This vulnerability stemmed from the /rest/configure REST endpoint accepting plugin...

9.8CVSS6.2AI score0.00732EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.15 views

Yeapook WDR201A WiFi Extender 操作系统命令注入漏洞

The Yeapook WDR201A WiFi Extender is a wireless signal extension device from the Yeapook company. The Yeapook WDR201A WiFi Extender HW V2.1 version and FW LFMZX28040922V1.02 version have a vulnerability related to operating system command injection. This vulnerability stems from the sz11gChannel ...

9.3CVSS6.1AI score0.04983EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.15 views

PT-2026-36894

Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide hidden mail fields regex callback method reads an iteration count directly from user-supplied POST parameters...

8.7CVSS5.9AI score0.00435EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.9 views

RHCOS 6 : Red Hat OpenShift Enterprise 1.1.1 update (Moderate) (RHSA-2013:0582)

The remote Red Hat Enterprise Linux CoreOS 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0582 advisory. - rubygem-actionpack: Unsafe query generation CVE-2012-2660 - rubygem-activerecord: SQL injection when processing nested query...

7.5CVSS7.4AI score0.05673EPSS
Exploits14References45
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.8 views

Edimax BR-6428nC 注入漏洞

The Edimax BR-6428nC is a multi-functional wireless broadband router produced by Edimax Corporation. Versions of Edimax BR-6428nC prior to 1.16 contained a vulnerability. This vulnerability stemmed from an unknown function in the component’s Web Interface, specifically the file/goform/setWAN, whi...

6.5CVSS6.6AI score0.01543EPSS
Exploits0References2
OSV
OSV
added 2026/05/02 1:9 a.m.6 views

CLSA-2026-1777541445 bluez: Fix of 3 CVEs

CVE-2022-0204: fix heap overflow when appending prepare writes in gatt-server - CVE-2022-39176: fix not checking paramslen in AVRCP vendordep PDU handling - CVE-2022-39177: fix accepting invalid/malformed capabilities in AVDTP...

8.8CVSS6.1AI score0.01808EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.5 views

SUSE SLES12 Security Update : dovecot22 (SUSE-SU-2026:1641-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1641-1 advisory. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. - CVE-2025-59032:...

7.5CVSS5.8AI score0.0079EPSS
Exploits5References22
Snyk
Snyk
added 2026/05/01 9:27 p.m.9 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview astro-mcp-server is a MCP server for Astro ASO App Store Optimization data - Access keyword rankings, historical data, and app metrics Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' in t...

6.5CVSS6.9AI score0.00196EPSS
Exploits0References2
NVD
NVD
added 2026/05/01 7:16 p.m.7 views

CVE-2026-7591

A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection. The attac...

6.5CVSS0.00196EPSS
Exploits0References5
NVD
NVD
added 2026/05/01 3:16 p.m.8 views

CVE-2026-43019

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in setcigparamssync hciconn lookup and field access must be covered by hdev lock in setcigparamssync, otherwise it's possible it is freed concurrently. Take hdev lock to prevent hciconn from...

7.8CVSS0.00129EPSS
Exploits0References5
CVE
CVE
added 2026/05/01 2:15 p.m.21 views

CVE-2026-43019

The CVE-2026-43019 issue affects the Linux kernel Bluetooth HCI path, where hci_conn lookups and field access in set_cig_params_sync were not properly protected by the hdev lock, allowing a use-after-free when an hci_conn could be freed concurrently. The documented fix is to take the hdev lock to...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/01 2:15 p.m.33 views

CVE-2026-43019 Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in setcigparamssync hciconn lookup and field access must be covered by hdev lock in setcigparamssync, otherwise it's possible it is freed concurrently. Take hdev lock to prevent hciconn from...

7.8CVSS0.00129EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/01 2:15 p.m.5 views

CVE-2026-43019

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in setcigparamssync hciconn lookup and field access must be covered by hdev lock in setcigparamssync, otherwise it's possible it is freed concurrently. Take hdev lock to prevent hciconn from...

7.8CVSS5.7AI score0.00129EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/01 2:15 p.m.29 views

CVE-2026-43018 Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in hcileremoteconnparamreqevt hciconn lookup and field access must be covered by hdev lock in hcileremoteconnparamreqevt, otherwise it's possible it is freed concurrently. Extend the...

8.8CVSS0.00256EPSS
Exploits0References6
CVE
CVE
added 2026/05/01 2:15 p.m.16 views

CVE-2026-43018

The CVE-2026-43018 entry is confirmed: a Use-After-Free in Linux kernel Bluetooth HCI event handling (hci_le_remote_conn_param_req_evt) due to insufficient locking during hci_conn lookup/access. The vulnerability arises from hci_conn lookup and field access not always being protected by the hdev ...

8.8CVSS5.8AI score0.00256EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2026/05/01 2:15 p.m.7 views

CVE-2026-43018

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in hcileremoteconnparamreqevt hciconn lookup and field access must be covered by hdev lock in hcileremoteconnparamreqevt, otherwise it's possible it is freed concurrently. Extend the...

8.8CVSS5.7AI score0.00256EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.4 views

PT-2026-36299

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS6AI score0.00276EPSS
Exploits0References25
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.5 views

PT-2026-36536

Name of the Vulnerable Software and Affected Versions astro-mcp-server versions prior to 1.1.2 Description A flaw in the MCP Tool Query Construction component, specifically within a function in the src/index.ts file, allows for remote SQL injection. This occurs when the request.params.arguments...

6.5CVSS6.8AI score0.00196EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.9 views

Astro MCP Server 注入漏洞

Astro MCP Server is an app store optimized data query tool by Tim Broddin, an individual developer. An injection vulnerability exists in Astro MCP Server 1.1.1 and earlier versions, which stems from an unknown function in the src/index.ts file in the MCP Tool Query Construction component that...

6.5CVSS6.6AI score0.00196EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.5 views

PT-2026-36435

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the Bluetooth component. In the hci le remote conn param req evt function, the hci conn lookup and field access are not properly protected by the hde...

8.8CVSS5.8AI score0.00256EPSS
Exploits0References8
Rows per page
Query Builder