Lucene search
K

11096 matches found

CVE
CVE
added 2026/05/15 2:36 a.m.13 views

CVE-2023-31316

CVE-2023-31316 affects the AMD Secure Processor (ASP) and Video Core Next (VCN) firmware. The root cause is improper preservation of hardware configuration state during a power save/restore operation, allowing a local attacker who can write outside the trusted memory range (TMR) to alter VCN firm...

7.1CVSS5.9AI score0.00095EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/15 2:25 a.m.9 views

CVE-2021-26380

A compromised Trusted OS TOS driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity...

1.8CVSS5.8AI score0.00102EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/15 2:25 a.m.7 views

CVE-2021-26380

A compromised Trusted OS TOS driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity...

1.8CVSS5.8AI score0.00102EPSS
Exploits0References3
CVE
CVE
added 2026/05/15 2:25 a.m.19 views

CVE-2021-26380

CVE-2021-26380 affects a compromised Trusted OS (TOS) driver. The vulnerability could allow a malformed call to cause memory access outside the intended range, potentially impacting system integrity. The base CVSS score is 1.8 (LOW) with local attack vector and high privileges required, and no us...

1.8CVSS5.8AI score0.00102EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.10 views

CVE-2026-44196

Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authentication TOTP requirement entirely. Although, an attacker...

9.1CVSS5.8AI score0.00299EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.12 views

PT-2026-41316

Name of the Vulnerable Software and Affected Versions Microsoft APM versions 0.5.4 through 0.12.4 Description Two primitive integrators in apm-cli use Path.glob and Path.rglob to enumerate package files and Path.read text to read matches, which transparently follows symbolic links. A symlink with...

7.4CVSS5.8AI score0.00654EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

AMD Graphics Driver 输入验证错误漏洞

The AMD Graphics Driver is an integrated graphics driver developed by American semiconductor company AMD. The AMD Graphics Driver has a vulnerability related to input validation errors. This vulnerability arises from the possibility of abnormal calls being made by the driver, which may lead to...

1.8CVSS5.8AI score0.00102EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.14 views

PT-2026-41240

Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor ASP could allow an attacker with the ability to write outside the trusted memory range TMR to change the execution flow of the Video Core Next VCN firmware potentially...

7.1CVSS5.9AI score0.00095EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.8 views

GitHub CLI 安全漏洞

GitHub CLI is an open-source command-line interface for GitHub. Versions of GitHub CLI from 1.6.0 to 2.92.0 contained a security vulnerability. This vulnerability stemmed from the lack of cleaning terminal control sequences when processing GitHub Actions workflow logs. It could allow attackers to...

3.5CVSS5.9AI score0.002EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.19 views

OpenMRS 代码注入漏洞

OpenMRS is an open-source electronic health record system developed by OpenMRS Inc. Versions of OpenMRS from 2.7.0 to 2.7.9 and before 2.8.6 have a code injection vulnerability. This vulnerability arises from the ConceptReferenceRangeUtility.evaluateCriteria method, which evaluates condition...

9.1CVSS5.9AI score0.00317EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 9:7 p.m.7 views

CVE-2026-44427

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ tha...

5.8AI score0.00409EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/14 8:29 p.m.8 views

@budibase/server (>=3.32.1 <=3.38.1), @builders-of-stuff/svelte-sui-wallet-adapter (>=0.6.6 <=2.1.0) +65 more potentially affected by CVE-2026-42573 via svelte (>=5.0.0-next.1 <=5.55.5)

svelte NPM version =5.0.0-next.1, =3.32.1, =0.6.6, =4.0.0-alpha.1, =4.0.0-alpha.1, =0.1.0, =0.0.1, =1.3.0, =0.1.4, =0.0.20, =0.15.0, =1.1.0-beta.0, =5.0.0-next.80, =5.0.0-test.1 and more Source cves: CVE-2026-42573 Source advisory: SNYK:JS-SVELTE-16697541...

5.3CVSS5.4AI score0.00319EPSS
Exploits0
CVE
CVE
added 2026/05/14 5:48 p.m.13 views

CVE-2025-15024

The CVE-2025-15024 entry concerns the Library Automation System from Yordam Information Technology (library management software). Affected versions are 19.5 up to but not including 22.1. The vulnerability is described as an improper control of code generation, i.e., a Code Injection issue that en...

8.8CVSS5.8AI score0.00246EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/14 4:38 p.m.13 views

CVE-2026-44348

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...

2.5CVSS5.7AI score0.00096EPSS
Exploits0
Patchstack
Patchstack
added 2026/05/14 4:17 p.m.7 views

NPM: n8n Has an Arbitrary File Read via Git Node

NPM: n8n Has an Arbitrary File Read via Git Node vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...

6AI score0.00632EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/14 4:17 p.m.9 views

NPM: n8n: HTTP Request Node Pagination Prototype Pollution to RCE

NPM: n8n: HTTP Request Node Pagination Prototype Pollution to RCE vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...

6AI score0.00632EPSS
Exploits1References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 3:43 p.m.11 views

Security Bulletin: Multiple vulnerabilities have been addressed in IBM Aspera Shares

Summary Multiple vulnerabilities have been addressed in IBM Aspera Shares Version 1.11.2 Vulnerability Details CVEID:CVE-2026-33168 DESCRIPTION: Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a...

8.7CVSS6.2AI score0.0061EPSS
Exploits0Affected Software5
EUVD
EUVD
added 2026/05/14 1:8 p.m.21 views

EUVD-2026-28800

Absinthe: Quadratic fragment-name uniqueness check...

8.7CVSS5.8AI score0.00624EPSS
Exploits1References5
CVE
CVE
added 2026/05/14 12:59 p.m.16 views

CVE-2025-15025

CVE-2025-15025 : In the Library Automation System, versions prior to 22.1 (from 21.6) are affected by an authorization bypass via a User-Controlled key, leading to exploitation of trusted identifiers. The issue is described as an IDOR-style authorization bypass with high impact (confidentiality, ...

8.8CVSS5.8AI score0.00298EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 12:31 p.m.36 views

CVE-2025-12008 IDOR in APPYAP's Yaay Social Media App

Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and Information Inc. Yaay Social Media App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Yaay Social Media App: from 3.8.0 through 24102025...

8.8CVSS0.00242EPSS
Exploits0References1
Rows per page
Query Builder