Lucene search
K

21901 matches found

Circl
Circl
added 2026/04/16 10:0 a.m.4 views

CVE-2026-33093

creationtimestamp| type| source ---|---|--- 2026-04-16 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03...

5.3CVSS5.7AI score0.00249EPSS
Exploits0References1
Circl
Circl
added 2026/04/16 5:17 a.m.10 views

GHSA-G596-MF82-W8C3

creationtimestamp| type| source ---|---|--- 2026-04-16 05:17:50+00:00| published-proof-of-concept| Telegram/TCjlHJMv9N6S0B2yz3RFhhjLUk96NJtTkRt7NB8H70qfRI 2026-04-23 05:18:40+00:00| seen| Telegram/x9tyUe3u3o8RRyRxn4MyOTn6X2M4g6ykuZunUy8vPfx8ng...

4.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/16 1:22 a.m.4 views

CVE-2026-34370

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated student to read the private course notes of any other user on the platform by manipulating t...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.5 views

PT-2026-33318

Name of the Vulnerable Software and Affected Versions Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder versions prior to 6.1.22 Description An Insecure Direct Object Reference IDOR exists due to missing authorization and ownership validation on a user...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.9 views

WordPress plugin Fluent Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/15 11:4 p.m.4 views

CVE-2026-6301

A type confusion flaw was found in the Turbofan component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495273999...

9.6CVSS5.7AI score0.00372EPSS
Exploits0References5
OSV
OSV
added 2026/04/15 10:19 p.m.6 views

CGA-9H58-32F2-4XV2

Bulletin has no description...

9.8CVSS5.7AI score0.03685EPSS
Exploits1
NVD
NVD
added 2026/04/15 9:17 p.m.3 views

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS0.01688EPSS
Exploits2References6
UbuntuCve
UbuntuCve
added 2026/04/15 9:17 p.m.5 views

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.1AI score0.01688EPSS
Exploits2References2
OSV
OSV
added 2026/04/15 9:17 p.m.8 views

UBUNTU-CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.1AI score0.01688EPSS
Exploits2References3
AlpineLinux
AlpineLinux
added 2026/04/15 8:56 p.m.3 views

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.2AI score0.01688EPSS
Exploits2
Debian CVE
Debian CVE
added 2026/04/15 8:56 p.m.4 views

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.3AI score0.01688EPSS
Exploits2
CVE
CVE
added 2026/04/15 8:56 p.m.15 views

CVE-2026-40261

CVE-2026-40261 affects the PHP package manager Composer. Affected are Composer versions 1.0–2.2.26 and 2.3–2.9.5, where Perforce::syncCodeBase() and Perforce::generateP4Command() construct shell commands by unsafe interpolation of input (sourceReference, source URL) into commands. This enables co...

8.8CVSS6.2AI score0.01688EPSS
Exploits2References6Affected Software1
Cvelist
Cvelist
added 2026/04/15 8:56 p.m.18 views

CVE-2026-40261 Composer has Command Injection via Malicious Perforce Reference

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS0.01688EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 8:56 p.m.4 views

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6AI score0.01688EPSS
Exploits4References3Affected Software1
OSV
OSV
added 2026/04/15 8:30 p.m.5 views

MINI-4FWM-6M54-JCJQ

Bulletin has no description...

7.1CVSS5.7AI score0.00193EPSS
Exploits0
Snyk
Snyk
added 2026/04/15 7:43 p.m.3 views

Improper Validation of Specified Quantity in Input

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input through the PdfReader object stream and xref stream parsers in pypdf/reader.py...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/15 7:43 p.m.6 views

pypdf has long runtimes for wrong size values in cross-reference and object streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. Patches This has been fixed in pypdf==6.10.1. Workarounds If you cannot upgrade yet,...

6.9CVSS5.7AI score0.00297EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/15 7:43 p.m.3 views

GHSA-JJ6C-8H6C-HPPX pypdf has long runtimes for wrong size values in cross-reference and object streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. Patches This has been fixed in pypdf==6.10.1. Workarounds If you cannot upgrade yet,...

5.3CVSS5.7AI score0.00297EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/15 6:24 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the query plugin. An attacker can gain unauthorized access to resources belonging to other organizations by executing VQL queries with their current ACL token, thereby inheriting their permissions across...

9.1CVSS5.7AI score0.00224EPSS
Exploits0References2
Rows per page
Query Builder