Lucene search
K

21905 matches found

OSV
OSV
added 2026/04/15 8:30 p.m.5 views

MINI-4FWM-6M54-JCJQ

Bulletin has no description...

7.1CVSS5.7AI score0.00193EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/15 7:43 p.m.6 views

pypdf has long runtimes for wrong size values in cross-reference and object streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. Patches This has been fixed in pypdf==6.10.1. Workarounds If you cannot upgrade yet,...

6.9CVSS5.7AI score0.00297EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/04/15 7:43 p.m.3 views

Improper Validation of Specified Quantity in Input

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input through the PdfReader object stream and xref stream parsers in pypdf/reader.py...

7.1CVSS5.8AI score0.00297EPSS
Exploits0References3
OSV
OSV
added 2026/04/15 7:43 p.m.3 views

GHSA-JJ6C-8H6C-HPPX pypdf has long runtimes for wrong size values in cross-reference and object streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. Patches This has been fixed in pypdf==6.10.1. Workarounds If you cannot upgrade yet,...

5.3CVSS5.7AI score0.00297EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/15 6:24 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the query plugin. An attacker can gain unauthorized access to resources belonging to other organizations by executing VQL queries with their current ACL token, thereby inheriting their permissions across...

9.1CVSS5.7AI score0.00224EPSS
Exploits0References2
OSV
OSV
added 2026/04/15 3:15 p.m.2 views

MINI-RR32-55GR-JPJP

Bulletin has no description...

6.2CVSS5.7AI score0.0018EPSS
Exploits0
OSV
OSV
added 2026/04/15 3:0 p.m.4 views

MINI-R9Q3-3757-5M3P

Bulletin has no description...

9.1CVSS5.7AI score0.01127EPSS
Exploits1
OSV
OSV
added 2026/04/15 1:15 p.m.7 views

ECHO-1C8B-6A01-2CFE

Bulletin has no description...

5.5CVSS5.7AI score0.00148EPSS
Exploits0References1
CVE
CVE
added 2026/04/15 10:21 a.m.9 views

CVE-2026-40737

The CVE concerns WordPress COMPE plugin

5.3CVSS5.8AI score0.00212EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/15 3:41 a.m.6 views

WordPress Avada (Fusion) Builder plugin <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object Reference vulnerability

Authenticated Subscriber+ Sensitive Information Exposure via Insecure Direct Object Reference vulnerability discovered by Webbernaut in WordPress Plugin Fusion Builder versions = 3.15.1...

4.3CVSS5.8AI score0.00269EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/15 3:17 a.m.4 views

MINI-CMMW-4R52-25V7

Bulletin has no description...

6.1CVSS5.7AI score0.0024EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/15 1:25 a.m.33 views

CVE-2026-1541 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object Reference

The Avada Fusion Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's fusiongetpostcustomfield function failing to validate whether metadata keys are protected underscore-prefixed. This makes it...

4.3CVSS0.00269EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/15 1:25 a.m.4 views

CVE-2026-1541 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object Reference

The Avada Fusion Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's fusiongetpostcustomfield function failing to validate whether metadata keys are protected underscore-prefixed. This makes it...

4.3CVSS5.7AI score0.00269EPSS
Exploits0References2
CNVD
CNVD
added 2026/04/15 12:0 a.m.7 views

Adobe Framemaker Out-of-Bounds Read Vulnerability (CNVD-2026-19997)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. Adobe Framemaker suffers from an out-of-bounds read vulnerability that could be exploited by an attacker to cause...

7.8CVSS6.2AI score0.00173EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.5 views

PT-2026-34562

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.10.1 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that results in long runtimes. This is achieved by using cross-reference streams with incorrect large /Size values or object...

6.9CVSS5.1AI score0.00297EPSS
Exploits0References17
Circl
Circl
added 2026/04/14 11:54 p.m.6 views

CVE-2017-8625

creationtimestamp| type| source ---|---|--- 2026-04-14 23:54:15+00:00| seen| https://gist.github.com/Jere7/d88eaa16f205413c550fd1409011e92c...

8.8CVSS7.3AI score0.15257EPSS
Exploits4References1
Github Security Blog
Github Security Blog
added 2026/04/14 11:42 p.m.7 views

Defense in Depth update for NuGet Client

Impact This update adds validation of the package ID and version during package download, in addition to the existing package signature validation. Patches NuGet The following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched: |Affected versions|Patched...

5.8AI score
Exploits0References3Affected Software3
NVD
NVD
added 2026/04/14 11:16 p.m.6 views

CVE-2026-33023

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. In versions 1.8.7 and prior, when built with the --with-gdk-pixbuf2 option, a use-after-free vulnerability exists in loadwithgdkpixbuf in loader.c. The cleanup path manually frees the sixelframet object and its interna...

7.8CVSS0.00289EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/14 10:49 p.m.8 views

WWBN AVideo has an IDOR in Live Restreams list.json.php Exposes Other Users' Stream Keys and OAuth Tokens

Summary The endpoint plugin/Live/view/Liverestreams/list.json.php contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user with streaming permission to retrieve other users' live restream configurations, including third-party platform stream keys and OAut...

6.5CVSS6AI score0.00269EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/04/14 10:16 p.m.7 views

CVE-2026-34370

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated student to read the private course notes of any other user on the platform by manipulating t...

6.5CVSS0.00227EPSS
Exploits0References2
Rows per page
Query Builder