Lucene search
K

3541 matches found

Debian CVE
Debian CVE
added 2 days ago5 views

CVE-2026-61465

ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of...

4.8CVSS6.1AI score0.00105EPSS
Exploits0
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-57216 RabbitMQ: AMQP 1.0, AMQP 0-9-1, Stream Protocol loopback enforcement can lead to remote guest sessions due to listener-address loopback checks

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a loopback-restricted user such as guest to connect remotely when traffic is accepted through a trusted PROXY-protocol path and the backend...

6.8CVSS0.00341EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-42869

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

7.7CVSS6.1AI score0.00215EPSS
Exploits0References1
CVE
CVE
added 4 days ago21 views

CVE-2026-54004

CVE-2026-54004 affects Kirby CMS. Prior to version 4.9.4 and 5.4.4, when content.fileRedirects is enabled, clean file URLs for files stored in top-level draft pages could be redirected to physical media URLs without verifying draft page permissions or preview tokens, potentially disclosing draft ...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 4 days ago3 views

Slackware Linux 15.0 / current xorg-server Multiple Vulnerabilities (SSA:2026-189-03)

The version of xorg-server installed on the remote host is prior to 1.20.14 / 21.1.24 / 21.1.4 / 24.1.13. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-189-03 advisory. New xorg-server packages are available for Slackware 15.0 and -current to fix security...

9CVSS6.1AI score0.00212EPSS
Exploits0References3
CVE
CVE
added 5 days ago5 views

CVE-2026-59820

LiteLLM is a proxy AI gateway. A path traversal flaw existed in LiteLLM Skills archive extraction prior to version 1.83.7-stable, where uploaded skill ZIPs could write outside the intended extraction directory when an authenticated user accessed LLM API routes or held a key with /v1/skills, anthr...

6.5CVSS5.9AI score0.00323EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42305

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...

9.2CVSS5.9AI score0.00358EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-55417 Chevereto private profile setting leaks username on /json endpoint

Chevereto is a self-hosted media-sharing platform. Starting in version 3.7.5 and prior to version 4.5.4, when a user enables the private profile option, visiting their profile HTML route /username correctly returns 404. However, the /json AJAX listing endpoint does not apply the same check. An...

6.9CVSS0.00249EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-14868

The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gai...

8.4CVSS5.9AI score0.0005EPSS
Exploits0References2
CVE
CVE
added last week8 views

CVE-2026-53643

FOSSBilling (free/open-source billing and client management system) is affected in versions prior to 0.8.0. The vulnerability arises from a combination of a can_always_access module flag that grants broad access to certain modules and insufficient permission checks or unsafe parameter handling on...

8.7CVSS6AI score0.00226EPSS
Exploits0References1
NVD
NVD
added last week9 views

CVE-2026-9181

Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow overwriting sensitive files on the system. Abuse of this...

9.8CVSS0.00727EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-9181

Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow overwriting sensitive files on the system. Abuse of this...

9.8CVSS6AI score0.00727EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 3:17 p.m.13 views

CVE-2025-53830

CVE-2025-53830 affects Anti-Virus for ownCloud prior to version 1.2.3 and corresponding ownCloud 10 releases prior to 10.15.3. The issue is a Server-Side Request Forgery (SSRF) vulnerability that could be exploited within the anti-virus integration for file storage, synchronization, and sharing. ...

9.1CVSS6AI score0.00257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55967

Name of the Vulnerable Software and Affected Versions ArcGIS Server versions prior to 12.1 Description An unauthenticated attacker can exploit a directory traversal issue by sending crafted path parameters. This allows the attacker to access sensitive files on the system. Directory traversal is a...

9.8CVSS6AI score0.00727EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:19 p.m.15 views

CVE-2026-26307

CVE-2026-26307 affects Gitea versions before 1.25.5. The vulnerability arises because the git grep searches do not enforce a timeout, allowing expensive searches to consume server resources and cause a DoS condition. Affected component: the Git subsystem within Gitea (as noted in multiple sources...

7.5CVSS6AI score0.00466EPSS
Exploits0References4
NVD
NVD
added 2026/07/02 12:16 a.m.7 views

CVE-2026-50279

Craft CMS is a content management system CMS. IN versions 5.0.0-RC1 and above prior to 5.9.21, theEntriesController::actionSaveEntry performs entry-edit permission checks before request-controlled author changes are applied to the model, allowing for authorship spoofing. The subsequent author...

7.6CVSS0.00245EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-14390

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

9.6CVSS6.2AI score0.00235EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 11:16 p.m.4 views

DEBIAN-CVE-2026-14430

Integer overflow in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00291EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 11:16 p.m.3 views

DEBIAN-CVE-2026-14404

Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00202EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 3:19 p.m.28 views

CVE-2026-58029

CVE-2026-58029 affects Wikimedia Foundation MediaWiki and enables a full account takeover via BotPasswords and OAuth through action=changeauthenticationdata. Affected versions are MediaWiki: before 1.46.0, 1.45.4, 1.44.6, 1.43.9. The issue involves the API and Special pages: ApiChangeAuthenticati...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder