Lucene search
K

21902 matches found

CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

SAP S/4HANA OData Service 安全漏洞

The SAP S/4HANA OData Service is an enterprise system data interface and service integration component provided by SAP, a German company. There is a security vulnerability in the SAP S/4HANA OData Service Manage Reference Equipment, which stems from the lack of authorization checks. This...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.7 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilities stemmed fr...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2026/04/14 12:0 a.m.14 views

PHP Composer -- Multiple vulnerabilities

Composer project reports: Fixed command injection via malicious Perforce reference GHSA-gqw4-4w2p-838q / CVE-2026-40261 Fixed command injection via malicious Perforce repository definition GHSA-wg36-wvj6-r67p / CVE-2026-40176...

8.8CVSS6AI score0.01688EPSS
Exploits4References1
NVD
NVD
added 2026/04/13 9:16 p.m.3 views

CVE-2026-33740

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...

5.4CVSS0.00211EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/13 8:37 p.m.2 views

CVE-2026-33740 EspoCRM: Email importEml can import and delete another user's attachment by raw fileId

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...

5.4CVSS5.8AI score0.00211EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/13 8:37 p.m.2 views

CVE-2026-33740

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...

5.4CVSS5.8AI score0.00211EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/13 8:37 p.m.17 views

CVE-2026-33740 EspoCRM: Email importEml can import and delete another user's attachment by raw fileId

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...

5.4CVSS0.00211EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/13 8:37 p.m.8 views

EUVD-2026-22098

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...

5.4CVSS5.8AI score0.00211EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.6 views

CVE-2026-33702

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference IDOR vulnerability in the Learning Path progress saving endpoint. The file lpajaxsaveitem.php accepts a uid user ID parameter directly from $REQUEST and uses it t...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References1
OSV
OSV
added 2026/04/13 6:24 p.m.2 views

MINI-6FH5-77HF-6294

Bulletin has no description...

7.5CVSS5.7AI score0.00349EPSS
Exploits0
Circl
Circl
added 2026/04/13 6:1 p.m.1 views

CVE-2026-30804

creationtimestamp| type| source ---|---|--- 2026-04-13 18:01:43+00:00| seen| Telegram/mgx4OESgILIX0WlIlJJnUrKrutJBiy7rqG6NL0bWgANWmeU 2026-04-13 18:20:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjfi7bk2e52m...

8.6CVSS4.8AI score0.00432EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/13 4:16 p.m.96 views

Exploit for CVE-2026-6227

CVE-2026-6227: Local File Inclusion in BackWPup !CVSShttps...

5.8AI score0.01312EPSS
Exploits1
Snyk
Snyk
added 2026/04/13 3:25 p.m.7 views

Malicious Package

Overview portal-common-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/04/13 2:16 p.m.2 views

CVE-2026-31414

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackexpect: use expect-helper Use expect-helper in ctnetlink and /proc to dump the helper name. Using nfcthelp without holding a reference to the master conntrack is unsafe. Use exp-master-helper in ctnetlink pa...

9.8CVSS0.00381EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/13 1:21 p.m.35 views

CVE-2026-31414 netfilter: nf_conntrack_expect: use expect->helper

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackexpect: use expect-helper Use expect-helper in ctnetlink and /proc to dump the helper name. Using nfcthelp without holding a reference to the master conntrack is unsafe. Use exp-master-helper in ctnetlink pa...

9.8CVSS0.00381EPSS
Exploits0References6
OSV
OSV
added 2026/04/13 1:20 p.m.1 views

JLSEC-2026-90

Poppler is a PDF rendering library. Versions prior to 25.06.0 use std::atomicint for reference counting. Because std::atomicint is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue...

6.9CVSS5.8AI score0.00371EPSS
Exploits1References7
Patchstack
Patchstack
added 2026/04/13 8:37 a.m.4 views

WordPress BuddyPress Groupblog plugin <= 1.9.3 - Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR vulnerability

Authenticated Subscriber+ Privilege Escalation to Administrator via Group Blog IDOR vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin BuddyPress Groupblog versions = 1.9.3...

8.8CVSS5.8AI score0.00406EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/04/13 2:55 a.m.124 views

sigma-audit

Sigma Stack Audit Full-spectrum security audit combining five...

9.1CVSS5.8AI score0.99621EPSS
Exploits58
OSV
OSV
added 2026/04/13 2:32 a.m.2 views

MINI-WG89-M8Q4-HXVJ

Bulletin has no description...

6.1CVSS5.7AI score0.0029EPSS
Exploits0
OSV
OSV
added 2026/04/13 2:32 a.m.3 views

MINI-P6FV-34J8-VPG5

Bulletin has no description...

5.5CVSS5.7AI score0.0029EPSS
Exploits0
Rows per page
Query Builder