Lucene search
+L

3209 matches found

Circl
Circl
added 2 days ago6 views

CVE-2026-54733

creationtimestamp| type| source ---|---|--- 2026-07-16 16:15:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqrn26pxli2a 2026-07-16 16:48:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqrou4dsoi2o 2026-07-17 17:12:45+00:00| seen|...

9.3CVSS4.8AI score0.00915EPSS
Exploits0References3
Circl
Circl
added 2 days ago6 views

CVE-2016-5181

creationtimestamp| type| source ---|---|--- 2026-07-16 13:00:04+00:00| seen| https://t.me/KaitNews/312 2026-07-17 00:00:51+00:00| seen| https://t.me/KaitNews/312...

6.1CVSS6.8AI score0.01978EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2 days ago5 views

openSUSE 16: helm / helm-bash-completion / helm-fish-completion / etc (openSUSE-SU-2026:21331-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:21331-1 advisory. This update for helm fixes the following issue - CVE-2026-48978: oras.land/oras-go/v2/registry/remote/auth: malicious registry can hijack Bearer token...

2.1CVSS6.2AI score
Exploits0References3
NVD
NVD
added 3 days ago7 views

CVE-2026-54560

Cloudreve is a self-hosted file management and sharing system. From 4.12.0 until 4.16.1, Cloudreve's OAuth access tokens are issued without the OAuth clientid claim, so the JWT verifier does not load token scopes into request context and RequiredScopes treats the request like non-scoped session...

7.6CVSS0.00247EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-44689

Cloudreve is a self-hosted file management and sharing system. From 4.12.0 until 4.16.1, Cloudreve's OAuth access tokens are issued without the OAuth clientid claim, so the JWT verifier does not load token scopes into request context and RequiredScopes treats the request like non-scoped session...

7.6CVSS6.1AI score0.00247EPSS
Exploits0References3
OSV
OSV
added 3 days ago4 views

CVE-2026-54560 Cloudreve: OAuth access tokens bypass scope enforcement due to missing client_id claim

Cloudreve is a self-hosted file management and sharing system. From 4.12.0 until 4.16.1, Cloudreve's OAuth access tokens are issued without the OAuth clientid claim, so the JWT verifier does not load token scopes into request context and RequiredScopes treats the request like non-scoped session...

7.6CVSS6.1AI score0.00247EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-44687

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, Cloudreve's remote download workflow accepts user-supplied URLs at POST /api/v4/workflow/download and passes them to the configured downloader without blocking loopback, localhost, IPv6 localhost, or...

6.5CVSS6.2AI score0.00231EPSS
Exploits0References3
CVE
CVE
added 3 days ago10 views

CVE-2026-54562

Cloudreve CVE-2026-54562 affects the self-hosted file management system. Prior to version 4.16.1, the remote download workflow at POST /api/v4/workflow/download passes user-supplied URLs to the downloader without blocking loopback/localhost/IPv6 localhost or redirect-to-loopback targets. This all...

6.5CVSS6.2AI score0.00231EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 3 days ago5 views

Oracle Linux 10 : postgresql16 (ELSA-2026-19010)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19010 advisory. 16.13-1.0.1 - Replace upstream reference Orabug: 37044148 Tenable has extracted the preceding description block directly from the Oracle Linux securi...

8.8CVSS6.8AI score0.01208EPSS
Exploits3References5
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-58475 Sustainable Irrigation Platform 5.2.16 Stored XSS via Program Name

Sustainable Irrigation Platform SIP through version 5.2.16 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject arbitrary JavaScript by supplying malicious script payloads within program names submitted via HTTP requests. Attackers can exploit the...

6.1CVSS0.00214EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

openSUSE 16 Security Update : tiff (openSUSE-SU-2026:21289-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21289-1 advisory. This update for tiff fixes the following issues - CVE-2026-12912: heap-based buffer overflow when processing crafted PixarLog-compressed TIFF...

7.8CVSS6.9AI score0.00553EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

openSUSE 16 Security Update : perl-DBI (openSUSE-SU-2026:21293-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21293-1 advisory. This update for perl-DBI fixes the following issues - CVE-2026-14380: unvalidated string eval interpolation of the Profile package name can lead...

9.1CVSS6.3AI score0.00498EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 4 days ago7 views

openSUSE 16: apache2-mod_php8 / php8 / php8-bcmath / php8-bz2 / php8-calendar / etc (openSUSE-SU-2026:21308-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21308-1 advisory. This update for php8 fixes the following issues - Update to versio 8.4.23 - CVE-2026-14355: The AES-WRAP-PAD algorithm implementation in OpenSSL...

5.6CVSS6.2AI score0.00306EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

openSUSE 16 Security Update : python-cryptography (openSUSE-SU-2026:21294-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21294-1 advisory. This update for python-cryptography fixes the following issues - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow shor...

9.3CVSS6.2AI score0.00359EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

openSUSE 16: agama / agama-autoinstall / agama-cli / agama-cli-bash-completion / etc (openSUSE-SU-2026:21292-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21292-1 advisory. This update for agama fixes the following issues - CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an...

9.3CVSS6.6AI score0.00359EPSS
Exploits0References21
Cvelist
Cvelist
added 5 days ago42 views

CVE-2026-13221 Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk

Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perlstudychunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored ...

0.00606EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 5 days ago5 views

Security update for agama (important)

openSUSE security update: security update for agama ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21292-1 Rating: important References: bsc1270526 bsc1270602 bsc1270678 bsc1270784 bsc1270850 bsc1270891 bsc1270992 Cross-References: CVE-2026-41677...

8.7CVSS6.5AI score0.00359EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 6 days ago9 views

openSUSE 16 Security Update : rust-keylime (openSUSE-SU-2026:21274-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21274-1 advisory. Update to version 0.2.9+49. Security issues fixed: - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on...

9.3CVSS6.3AI score0.00359EPSS
Exploits0References25
NVD
NVD
added 2026/07/10 10:16 p.m.8 views

CVE-2026-58503

Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeration could be performed via the resetpassword endpoint. This issue is fixed in versions 16.16.0 and 15.106.0...

6.9CVSS0.00354EPSS
Exploits0References7
OSV
OSV
added 2026/07/10 9:26 p.m.4 views

CVE-2026-42219 Frappe: Path Traversal via /backups Route

Frappe is a full-stack web application framework. Prior to 16.19.0 and 15.109.0, path traversal via downloadbackups was possible due to lack of hardening. This issue is fixed in versions 16.19.0 and 15.109.0...

6.9CVSS6.1AI score0.00457EPSS
Exploits0References11
Rows per page
Query Builder