Lucene search
K

1691 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/21 10:44 a.m.7 views

CVE-2026-0393

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...

6.9CVSS5.8AI score0.00244EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.16 views

Netatalk 操作系统命令注入漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.1.0 to 4.4.2 of Netatalk have a vulnerability related to operating system command injection. This vulnerability stems fr...

6.7CVSS6.1AI score0.0013EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15, and Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Mitigation is only applied to cBPF programs loaded by unprivileged users. Support for eBPF programs loaded by unprivileged users is typically disabled. This means that only cBPF programs need to be mitigated for BHB...

5.5CVSS6.1AI score0.00158EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2, where its configuration file, known as grub.cfg, is created with the wrong permission set, allowing non-privileged users to read its contents. This represents a minor confidentiality issue, as those users could potentially access any encrypted passwords contained i...

3.3CVSS6AI score0.00319EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/20 12:0 a.m.8 views

FreeBSD Security Advisory - FreeBSD-SA-26:18.setcred

FreeBSD Security Advisory - The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the...

7.8CVSS6AI score0.00409EPSS
Exploits1
EUVD
EUVD
added 2026/05/19 9:24 a.m.17 views

EUVD-2026-30864

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...

5.9CVSS5.9AI score0.00404EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.14 views

PT-2026-41435

WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...

6.4CVSS5.9AI score0.00243EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/15 8:2 p.m.38 views

CVE-2026-44721 Open WebUI: Stored XSS via Model Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a stored cross-site scripting XSS vulnerability that allows any authenticated user with model creation permission workspace.models to execute arbitrary JavaScript in the browser of a...

7.3CVSS0.00308EPSS
Exploits1References1
NVD
NVD
added 2026/05/13 4:16 p.m.8 views

CVE-2026-42780

A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS0.00886EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/12 2:21 p.m.10 views

CVE-2025-40899

A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victim views the...

8.9CVSS5.8AI score0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 7:48 a.m.14 views

CVE-2026-6247

The CVE concerns the WordPress plugin scratchblocks for WP (versions up to 1.0.1). It is vulnerable to a Stored Cross-Site Scripting (XSS) flaw via the 'element' attribute of the scratchblocks shortcode. Exploitation requires authenticated access at Contributor level or higher , and an attacker c...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 3:31 a.m.15 views

EUVD-2026-29359

SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...

3.4CVSS5.9AI score0.00173EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:20 a.m.8 views

CVE-2026-40131

SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...

3.4CVSS5.9AI score0.00173EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.20 views

PT-2026-39924

SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...

3.4CVSS5.9AI score0.00173EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/11 8:27 p.m.9 views

CVE-2026-44286

FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery SSRF vulnerability allows attackers or authenticated users with App editing privileges to send arbitrary HTTP requests to internal/private network addresses. The fetchData function i...

2.3CVSS5.9AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/11 8:27 p.m.17 views

CVE-2025-67887

1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privilege...

9.8CVSS6AI score0.01549EPSS
Exploits4References1
Vulnrichment
Vulnrichment
added 2026/05/11 2:40 p.m.10 views

CVE-2026-34087 Users API leaks whether privileged users have their user groups disabled for lack of 2FA

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth. This issue affects OATHAuth: from before 1.43.7, 1.44.4, 1.45.2...

5.1CVSS5.8AI score0.00267EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 2:40 p.m.39 views

CVE-2026-34087 Users API leaks whether privileged users have their user groups disabled for lack of 2FA

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth. This issue affects OATHAuth: from before 1.43.7, 1.44.4, 1.45.2...

5.1CVSS0.00267EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 2:40 p.m.17 views

CVE-2026-34087

CVE-2026-34087 affects Wikimedia Foundation OATHAuth. The connected documents confirm the issue is an exposure of sensitive information to an unauthorized actor, with affected OATHAuth versions listed as before 1.43.7, 1.44.4, 1.45.2. The exploitation status is not provided in the sources. There ...

7.5CVSS5.8AI score0.00267EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/08 11:16 p.m.15 views

CVE-2026-44286

FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery SSRF vulnerability allows attackers or authenticated users with App editing privileges to send arbitrary HTTP requests to internal/private network addresses. The fetchData function i...

2.3CVSS0.00228EPSS
Exploits0References2
Rows per page
Query Builder