Lucene search
+L

420 matches found

Veracode
Veracode
added 2 days ago6 views

Improper Enforcement Of Security Policy

github.com/forgekeep/nebula-mesh is vulnerable to Improper Enforcement of Security Policy. The vulnerability is due to the Web UI host-creation endpoint hardcoding a 24-hour enrollment token lifetime instead of enforcing the configured server-wide or per-network enrollment token TTL, which allows...

5.3AI score
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago7 views

CVE-2026-47995

Technical details such as affected versions, vulnerable components, exploit methods, or remediation steps are not provided in the supplied documents. Monitor for updates from Adobe/NVD for concrete technical information.

8.1CVSS6.1AI score0.00269EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/10 5:16 a.m.10 views

CVE-2026-21046

Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code...

8.4CVSS0.00096EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/10 4:58 a.m.5 views

CVE-2026-21043

Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege...

6.7CVSS5.9AI score0.00129EPSS
Exploits0References2
CVE
CVE
added 2026/07/10 4:58 a.m.9 views

CVE-2026-21040

CVE-2026-21040 affects IAFDService; the root cause is improper access control that allows local privileged attackers to use the privileged APIs prior to SMR Jul-2026 Release 1. Documented impact includes access to high-privilege APIs with local execution, and no exploitation or remediation steps ...

6.9CVSS5.9AI score0.00099EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49992

Name of the Vulnerable Software and Affected Versions Oracle Siebel CRM versions 17.0 through 26.5 Description An issue exists in the EAI component of the Siebel CRM Integration product. A low privileged attacker with network access via HTTP can exploit this flaw to compromise the system,...

9CVSS5.9AI score0.00403EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/09 6:30 p.m.10 views

EUVD-2026-35617

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00307EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 5:22 p.m.21 views

CVE-2025-54509

CVE-2025-54509 describes improper access control for the IOMMU register interface, potentially allowing a privileged attacker using the AMD secure processor (ASP) to cause non-coherent accesses and induce loss of integrity. The vulnerability stems from access control weaknesses in the IOMMU regis...

4CVSS5.5AI score0.00127EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 5:22 p.m.10 views

EUVD-2025-210086

Improper access control for register interface in the input-output memory management unit IOMMU could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor ASP potentially resulting in loss of integrity...

4CVSS5.5AI score0.00127EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 4:48 p.m.31 views

CVE-2026-47948 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 a.m.14 views

CVE-2026-41722

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations...

8CVSS5.2AI score0.00302EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-48050

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-48055

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-48049

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00307EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.8 views

CVE-2026-11199

Inappropriate implementation in WebRTC in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network position to leak cross-origin data via malicious network traffic. Chromium security severity: Medium...

5.8AI score0.00189EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

WordPress plugin SMTP2GO for WordPress – Email Made Easy 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

4.3CVSS5.9AI score0.0025EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

WordPress plugin 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

4.3CVSS5.8AI score0.00232EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/15 2:48 a.m.34 views

EUVD-2023-35620

Improper validation in Power Management Firmware PMFW may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability...

6.8CVSS5.8AI score0.00112EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 2:48 a.m.91 views

CVE-2023-31309

Improper validation in Power Management Firmware PMFW may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability...

6.8CVSS0.00112EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

AMD OverDrive 安全漏洞

AMD OverDrive is a tool provided by American semiconductor company AMD that supports the management and configuration of overclocking settings for CPUs, GPUs, and RAM. There is a security vulnerability in AMD OverDrive, which stems from improper input validation. This vulnerability could allow...

4.6CVSS5.8AI score0.00108EPSS
Exploits0References1
Rows per page
Query Builder