Lucene search
+L

1013 matches found

Microsoft Security Update
Microsoft Security Update
added 2026/05/12 5:0 p.m.24 views

2026-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607 for x64 (KB5087065)

2026-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607 for x64 KB5087065...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/11 6:32 p.m.4 views

CVE-2026-42872 WeGIA: Reflected XSS in listar_arquivos_etapa.php

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a reflected Cross-Site Scripting XSS vulnerability exists in listaarquivosetapa.php due to improper handling of user-supplied input. The idprocesso parameter is directly embedded into the HTML without sanitization,...

6.1CVSS6.2AI score0.00178EPSS
Exploits0References3
CVE
CVE
added 2026/05/11 5:40 p.m.24 views

CVE-2026-42860

The CVE-2026-42860 issue affects Open edX Openedx Enterprise Service (edx-enterprise). From 7.0.2 through 7.0.4, the sync_provider_data endpoint retrieves SAML metadata from a URL stored in SAMLProviderConfig.metadata_source. An authenticated Enterprise Admin can PATCH this field to an arbitrary ...

8.5CVSS5.9AI score0.00301EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

Unity Linux 20.1060e / 20.1070e Security Update: apache-sshd (UTSA-2026-017596)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017596 advisory. A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port...

6.5CVSS7AI score0.03394EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/09 7:21 p.m.10 views

EUVD-2026-28930

phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed unauthenticated access to a legacy import feature. This issue has been patched in version 7.0.6...

9.4CVSS5.8AI score0.01173EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/09 7:21 p.m.38 views

CVE-2026-42569 phpvms: /importer authorization bypass causing full database wipe

phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed unauthenticated access to a legacy import feature. This issue has been patched in version 7.0.6...

9.4CVSS0.01173EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2026/05/08 8:21 p.m.7 views

wagtail-liveedit (=0.0.21), wagtail-modeltranslation (>=0.15.0 <=0.15.2) potentially affected by CVE-2026-44201 via wagtail (=7.0.0)

wagtail PYPI version =7.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on wagtail and may be impacted: - wagtail-liveedit =0.0.21 - wagtail-modeltranslation =0.15.0, =0.15.2 Source cves: CVE-2026-44201 Source advisory: SNYK:PYTHON-WAGTAIL-16624540...

5.3CVSS5.8AI score0.00256EPSS
Exploits0
OSV
OSV
added 2026/05/08 8:17 p.m.48 views

GHSA-C6WJ-9VCJ-75PJ Wagtail has improper permission handling when comparing revisions

Impact A CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. Patches Patched versions have been released as Wagtail 7.0...

6.5CVSS5.8AI score0.00204EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/08 2:22 a.m.10 views

SUSE CVE-2026-40197

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem...

7.1CVSS5.8AI score0.00299EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:22 a.m.10 views

SUSE CVE-2026-41648

Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provide a crafted image or backup tarball that when...

5.3CVSS5.7AI score0.00269EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.17 views

PT-2026-39235

Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 7.0.7 Wagtail versions prior to 7.3.2 Description Improper permission handling allows a CMS user with limited page access to copy a page they are not authorized to access to a site area where they do have permissions...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References5
NVD
NVD
added 2026/05/07 2:16 p.m.21 views

CVE-2026-41684

Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid...

6.5CVSS0.00408EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/07 1:9 p.m.33 views

CVE-2026-41685 Incus: Unbounded binary import disk exhaustion

Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and...

4.3CVSS0.00333EPSS
Exploits1References2
CVE
CVE
added 2026/05/07 1:9 p.m.16 views

CVE-2026-41685

CVE-2026-41685 affects Incus prior to 7.0.0 where authenticated users can trigger unbounded disk usage during binary import paths. The issue occurs because HTTP upload bodies are streamed into temporary host storage via io.Copy in multiple handlers (instance import, bucket backup import, volume b...

4.3CVSS5.7AI score0.00333EPSS
Exploits1References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/07 1:9 p.m.10 views

CVE-2026-41685

Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and...

4.3CVSS5.7AI score0.00333EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/05/07 1:8 p.m.9 views

CVE-2026-41684 Incus: Nil Dereferences on Restore via Malformed YAML

Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid...

6.5CVSS5.7AI score0.00408EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 1:5 p.m.5 views

CVE-2026-41648

Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provide a crafted image or backup tarball that when...

5.3CVSS5.7AI score0.00269EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/05/07 1:5 p.m.29 views

CVE-2026-41648 Incus: Unbounded YAML Metadata Decode via Parsing

Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provide a crafted image or backup tarball that when...

5.3CVSS0.00269EPSS
Exploits1References2
OSV
OSV
added 2026/05/07 1:2 p.m.2 views

CVE-2026-41647 Incus: Nil-Pointer Dereference via S3 Bucket Import

Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. This issue has been patched in version 7.0.0...

6.5CVSS5.9AI score0.00394EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

Incus 代码问题漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained code vulnerabilities. These vulnerabilities stemmed from the backup.GetInfo function’s trust inlining backup configurations, which allowed valid, inline configurations along with...

6.5CVSS5.8AI score0.00408EPSS
Exploits1References1
Rows per page
Query Builder