Lucene search
+L

1708 matches found

cve
cve
added 6 days ago10 views

CVE-2026-41154

CVE-2026-41154 : The issue affects the GPU DDK in the CMA Cleanup Path of AllocOSPages_Sparse. When indexing pages larger than 4kB in the sparse memory page-freeing logic, an incorrect buffer indexing leads to out-of-bounds (OOB) reads/writes in kernel memory, exposed to software running as a non...

7.8CVSS6.1AI score0.00131EPSS
Exploits0References1
drupal
drupal
added 2026/07/08 12:0 a.m.6 views

AI SEO/GEO Analyzer - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-076

The AI SEO/GEO Analyzer module generates SEO/GEO analysis reports by sending content of an entity including its comments to an LLM, then converts the model's Markdown response to HTML and stores it for display to privileged users. The generated HTML was rendered without passing through Drupal's...

5.4CVSS6AI score0.00274EPSS
Exploits0References2
drupal
drupal
added 2026/07/08 12:0 a.m.7 views

Ray Enterprise Translation - Moderately critical - Cross site request forgery - SA-CONTRIB-2026-071

The Lingotek Ray Enterprise Translation provides multilingual site management. The module fails to protect several state-changing administrative routes against Cross Site Request Forgery attacks. An attacker could trick a privileged user into visiting a crafted page that triggers actions such as...

4.3CVSS5.9AI score0.00118EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.13 views

PT-2026-56660

Name of the Vulnerable Software and Affected Versions Ray Enterprise Translation versions 0.0.0 through 4.0.4 Ray Enterprise Translation versions 4.1.0 through 4.1.4 Ray Enterprise Translation versions 11.0.0 through 11.0.4 Description Cross-Site Request Forgery CSRF occurs when a module fails to...

6.1AI score0.00118EPSS
Exploits0References3
osv
osv
added 2026/07/07 7:16 p.m.2 views

CVE-2026-48947

An improper access check allows privileged users to overwrite media files without editing permissions...

4.9CVSS6.1AI score
Exploits0References1
nvd
nvd
added 2026/07/07 7:16 p.m.7 views

CVE-2026-48947

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS0.00197EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/07 5:32 p.m.33 views

CVE-2026-48947 Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS0.00197EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/07 5:32 p.m.8 views

CVE-2026-48947

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS6AI score0.00197EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/07/07 5:32 p.m.7 views

EUVD-2026-42069

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS6AI score0.00197EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/07/07 5:32 p.m.6 views

CVE-2026-48947 Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS6AI score0.00197EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.6 views

PT-2026-56220

Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description An improper access check in the com media webservice endpoints allows privileged users to overwrite media files even if they lack the necessary editing permissions. Recommendations At th...

6.4CVSS6.1AI score0.00197EPSS
Exploits0References6
cve
cve
added 2026/07/02 11:5 p.m.25 views

CVE-2026-13384

CVE-2026-13384 is an Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent. An authenticated privileged user could remotely execute arbitrary code via specially crafted requests to the Management Web UI. Affected: Fireware OS 12.1–12.12 and 2025.1–2026.2. CVSS details indicate netwo...

8.6CVSS6.1AI score0.00546EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2026/07/01 5:16 p.m.20 views

CVE-2026-56149

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the...

4.9CVSS0.00324EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/01 2:48 p.m.35 views

CVE-2026-58036 Users API leaks whether privileged users have their user groups disabled for lack of 2FA

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php,...

2.1CVSS0.00243EPSS
Exploits0References1
nessus
nessus
added 2026/06/28 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks...

5.5CVSS6AI score0.00128EPSS
Exploits0References4
mscve
mscve
added 2026/06/27 8:6 a.m.8 views

tcp: restrict SO_ATTACH_FILTER to priv users

...

7CVSS5.8AI score0.00128EPSS
Exploits0
susecve
susecve
added 2026/06/26 2:8 a.m.8 views

SUSE CVE-2026-53249

In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPTSSRR and IPOPTLSRR options This patch restricts setting Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP options to users with CAPNETRAW capability. This prevents unprivileged...

5.8AI score0.00128EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/25 9:41 p.m.24 views

CVE-2020-37256 Grav - Cross-Site Scripting in Admin Plugin Page Editor

Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access...

5.4CVSS0.00167EPSS
Exploits0References2
debiancve
debiancve
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53236

In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks potential side-channel attack where an unprivileged application...

5.5CVSS5.7AI score0.00128EPSS
Exploits0
cve
cve
added 2026/06/25 8:39 a.m.21 views

CVE-2026-53236

CVE-2026-53236 affects the Linux kernel where a patch restricts SO_ATTACH_FILTER (cBPF) usage on TCP sockets to CAP_NET_ADMIN, mitigating a potential side-channel leaking TCP sequence/ACK data. Debian/Ubuntu entries show patches across newer kernel builds (e.g., Linux 6.1 series with 6.1.176-1~de...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder