Lucene search
K

82222 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/25 11:23 p.m.7 views

CVE-2026-13083

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...

6.9CVSS5.7AI score0.00176EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 11:23 p.m.18 views

CVE-2026-13083

CVE-2026-13083 concerns the Pen Drive report generator, where cluster-sourced data is rendered into HTML reports without proper escaping or sanitization, enabling stored XSS. An attacker with cluster administrator privileges can inject XSS payloads into cluster objects (e.g., ClusterVersion spec....

6.9CVSS5.7AI score0.00176EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/25 11:17 p.m.3 views

DEBIAN-CVE-2026-40084

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report formatfile Parameter, causing arbitrary file read. This vulnerability occurs in two stages. In the first stage stored injection, lib/htmlreports.php at...

6.5CVSS5.9AI score0.00324EPSS
Exploits1References1
NVD
NVD
added 2026/06/25 11:17 p.m.10 views

CVE-2026-40084

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report formatfile Parameter, causing arbitrary file read. This vulnerability occurs in two stages. In the first stage stored injection, lib/htmlreports.php at...

6.5CVSS0.00324EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/25 10:43 p.m.32 views

CVE-2026-40084 Cacti: Arbitrary File Read via Path Traversal in Report `format_file` Parameter

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report formatfile Parameter, causing arbitrary file read. This vulnerability occurs in two stages. In the first stage stored injection, lib/htmlreports.php at...

6.5CVSS0.00324EPSS
Exploits1References2
OSV
OSV
added 2026/06/25 10:34 p.m.14 views

GO-2026-5409 Grafana: SQL Expressions Read File From Disk in github.com/grafana/grafana

Grafana: SQL Expressions Read File From Disk in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

6.5CVSS5.9AI score0.00262EPSS
Exploits0References4
Wordfence Blog
Wordfence Blog
added 2026/06/25 7:2 p.m.29 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 15, 2026 to June 21, 2026)

Last week, there were 147 vulnerabilities disclosed in 127 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 85 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

6.3AI score
Exploits0
Circl
Circl
added 2026/06/25 5:15 p.m.6 views

CVE-2026-28701

creationtimestamp| type| source ---|---|--- 2026-06-25 17:15:07+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-04 2026-06-26 23:55:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpa5fuicyu2l 2026-06-27 00:00:43+00:00| seen|...

9.8CVSS5.8AI score0.00702EPSS
Exploits0References5
Circl
Circl
added 2026/06/25 5:45 a.m.6 views

CVE-2026-11379

creationtimestamp| type| source ---|---|--- 2026-06-25 05:45:29+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260625 2026-06-25 06:01:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp3qvr4vl42z 2026-06-25 12:00:27+00:00| seen|...

5.3CVSS5.8AI score0.00188EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52627

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. A path traversal issue allows for arbitrary file read through the Report format file parameter. The process occurs in two stages:...

6.5CVSS5.9AI score0.00324EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52630

Name of the Vulnerable Software and Affected Versions Pen Drive report generator affected versions not specified Description An issue exists where cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. This allows an attacker with cluster administrator...

6.9CVSS5.6AI score0.00176EPSS
Exploits0References11
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.10 views

Malicious code in rstreams-shard-util (npm)

The rstreams-shard-util npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

6.1AI score
Exploits0References3
Circl
Circl
added 2026/06/24 10:31 p.m.6 views

CVE-2026-45677

creationtimestamp| type| source ---|---|--- 2026-06-24 22:31:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp2xrisplq2o...

8.7CVSS5.8AI score0.00451EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 10:16 p.m.4 views

UBUNTU-CVE-2026-2050

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS7.6AI score0.00552EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/24 9:43 p.m.5 views

CVE-2026-2050

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS7.6AI score0.00552EPSS
Exploits0
NVD
NVD
added 2026/06/24 5:17 p.m.5 views

CVE-2026-52966

In the Linux kernel, the following vulnerability has been resolved: drm: Replace old pointer to new idr Commit 5e28b7b94408 introduced a logical error by failing to replace the newly generated IDR pointer to old id's pointer at the correct location within the "change handle" logic; this resulted ...

0.00186EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 4:28 p.m.13 views

CVE-2026-52959

The CVE-2026-52959 issue affects the Linux kernel SEV guest module. During an extended guest request (SVM_VMGEXIT_EXT_GUEST_REQUEST), get_ext_report() allocates a buffer for a host certificate blob and stores its size in report_req->certs_len. The host may return SNP_GUEST_VMM_ERR_INVALID_LEN ...

7.8CVSS5.9AI score0.00093EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:28 p.m.30 views

CVE-2026-52950 drm/xe/dma-buf: fix UAF with retry loop

In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: fix UAF with retry loop Retry doesn't work here, since bo will be freed on error, leading to UAF. However, now that we do the alloc & init before the attach, we can now combine this as one unit and have the init d...

7.8CVSS0.00132EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: dsa: Free routing table on probe failure If complete is set to true in dsatreesetup, it means that we are the last switch in the tree that is being probed successfully. We should then set up all switches along our probe path...

7.8CVSS6.2AI score0.0016EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: dm: fixed the unlocked test for dmsuspendedmd. The function dmblkreportzones checks whether the device is suspended using the dmsuspendedmd call. However, this function is called without holding any locks, so the device may be...

7.8CVSS5.7AI score0.0012EPSS
Exploits0References2
Rows per page
Query Builder