Lucene search
K

612 matches found

RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.14 views

CVE-2026-42540

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS5.5AI score0.00183EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-5833

A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up to 1.0.1. This impacts the function server.setRequestHandler of the file index.ts. Such manipulation of the argument Identifier leads to command injection. The attack must be carried out locally. The exploit has been...

5.3CVSS5.4AI score0.00647EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41073

RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet CSV/formula injection vulnerability. User-controlled data in spreadsheet exports is not sanitized before being written to the output file, which can caus...

4.6CVSS5.3AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.13 views

CVE-2026-45554

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside...

5.3CVSS5.5AI score0.00343EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 7:30 p.m.8 views

CVE-2026-45779 Open XDMoD Vulnerable to Unauthenticated SQL Injection Leading to Full Database Compromise

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and...

9.3CVSS6AI score0.00479EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 6:48 p.m.9 views

CVE-2024-54011

Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and...

6.5CVSS5.5AI score0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 6:26 p.m.7 views

CVE-2026-46394

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The application constructs shell command strings using unsanitized input and executes them via procopen. An...

7.7CVSS6.6AI score0.00768EPSS
Exploits1References2Affected Software1
The Hacker News
The Hacker News
added 2026/06/05 8:38 a.m.17 views

Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites

Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise. The vulnerability in question is CVE-2026-3300 CVSS score: 9.8, a remote code execution...

9.8CVSS6.9AI score0.40992EPSS
Exploits1
NVD
NVD
added 2026/06/04 10:16 p.m.15 views

CVE-2026-42539

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

6.5CVSS0.00232EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 8:57 p.m.32 views

CVE-2026-42540 IRIS has a Mass Assignment issue

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS0.00183EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/03 2:56 p.m.13 views

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user's token and get it, then read email, open files, browse t...

7.7CVSS5.8AI score0.00249EPSS
Exploits0
EUVD
EUVD
added 2026/06/02 5:12 p.m.11 views

EUVD-2026-33987

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor ResponseProcessor.parse does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expir...

6.9CVSS5.7AI score0.00169EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 3:25 p.m.10 views

EUVD-2026-33957

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log...

4.9CVSS5.8AI score0.00172EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.11 views

SUSE CVE-2026-10267

A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attacking locally is a requirement. The exploit has been released to the public and may be used for attack...

4.8CVSS5.4AI score0.00121EPSS
Exploits0References3
NVD
NVD
added 2026/06/02 12:16 a.m.15 views

CVE-2026-10528

A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking...

4.8CVSS0.00124EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/01 4:4 p.m.12 views

CVE-2026-44740 go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...

6.5CVSS5.7AI score0.00295EPSS
Exploits0References3
NVD
NVD
added 2026/05/25 9:16 p.m.18 views

CVE-2026-9503

A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwgnextentity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been releas...

4.8CVSS0.00143EPSS
Exploits0References7
Imperva Blog
Imperva Blog
added 2026/05/21 8:54 p.m.12 views

Imperva Customers Protected Against CVE-2026-9082 in Drupal Core

TL;DR:CVE-2026-9082 is a highly critical SQL injection vulnerability in Drupal core that can be exploited by unauthenticated users against Drupal sites using PostgreSQL. The vulnerability affects Drupal’s database abstraction API and can allow specially crafted requests to trigger arbitrary SQL...

9.8CVSS6.3AI score0.84631EPSS
Exploits13
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Git

Git is a version control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker could prepare a local repository in such a way that, when cloned, arbitrary code would be executed during the operation. This issue has been fixed in versions 2.45.1, 2.44.1,...

8.1CVSS7.2AI score0.01271EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 4:39 a.m.14 views

EUVD-2026-31061

A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available...

8.2CVSS5.7AI score0.00261EPSS
Exploits0References1
Rows per page
Query Builder