Lucene search
+L

152 matches found

zeroscience
zeroscience
added 2 days ago32 views

SIP Sustainable Irrigation Platform 5.x (cli_control) Remote Code Execution

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

9.8CVSS6.1AI score0.05173EPSS
Exploits2
nvd
nvd
added 6 days ago4 views

CVE-2026-57218

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry or connection.updatesecret refresh to reduced scopes because existing consumers are not canceled or reauthorized at delivery time after...

6.5CVSS0.00321EPSS
Exploits1References6
cve
cve
added 2026/07/04 11:53 a.m.38 views

CVE-2026-53360

The CVE affects the Linux kernel KVM-SEV/SNP path: when GHCB v2+ is in use, an OOB/heap-privacy flaw arises because end_entry is validated only against VMGEXIT_PSC_MAX_COUNT (253) instead of the actual buffer size, allowing a guest to read/write adjacent kmalloc-cg-32 objects via VMGEXITs. This c...

6AI score0.00267EPSS
Exploits0References4
osv
osv
added 2026/07/04 11:53 a.m.3 views

CVE-2026-53360 KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State Change PSC requests rely...

6.7AI score0.00267EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/07/04 12:0 a.m.17 views

PT-2026-55698

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM SEV implementation where the software scratch area is not required to reside in the GHCB shared buffer when GHCB v2+ is used. This allows a malicious SNP guest...

6.2AI score0.00267EPSS
Exploits0References6
cve
cve
added 2026/06/24 4:29 p.m.17 views

CVE-2026-53033

CVE-2026-53033 affects the Linux kernel’s BPF sockmap path, causing a race in unix_stream_bpf_update_proto() that can yield a Use-After-Free when a BPF iterator updates a sockmap during a TCP state transition. The issue is resolved by taking the state lock for AF_UNIX iterations to keep the unix ...

7.8CVSS5.7AI score0.00133EPSS
Exploits0References9Affected Software1
osv
osv
added 2026/06/22 3:12 p.m.2 views

SUSE-SU-2026:22343-1 Security update for firewalld

This update for firewalld fixes the following issue - CVE-2026-4948: local unprivileged users can modify firewall state due to D-Bus setter mis-authorizations bsc1260903...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/09 6:0 a.m.9 views

CVE-2026-4986 WPForms Lite < 1.10.0.5 – Unauthenticated PayPal Webhook Forgery

The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions...

5.6AI score0.00197EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/06 12:43 a.m.17 views

CVE-2026-42543

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method GET to change state on the server. Version 2.4.28 contains a patch...

4.3CVSS5.4AI score0.00174EPSS
Exploits0References1
github
github
added 2026/06/05 9:43 p.m.13 views

Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known

Description Bugsink’s issue list supports bulk actions such as resolving or muting selected issues. In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiring those issues to...

3.1CVSS5.4AI score0.00147EPSS
Exploits0References4Affected Software1
redhatcve
redhatcve
added 2026/06/05 7:44 p.m.12 views

CVE-2026-0050

In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS5.6AI score0.00068EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/04 9:0 p.m.8 views

CVE-2026-42543

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method GET to change state on the server. Version 2.4.28 contains a patch...

5.7AI score0.00174EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/06/04 9:0 p.m.11 views

EUVD-2026-34329

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method GET to change state on the server. Version 2.4.28 contains a patch...

4.3CVSS5.7AI score0.00174EPSS
Exploits0References1
osv
osv
added 2026/06/04 9:0 p.m.3 views

CVE-2026-42543 IRIS has a Cross-Site Request Forgery (CSRF) issue

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method GET to change state on the server. Version 2.4.28 contains a patch...

4.3CVSS5.9AI score0.00174EPSS
Exploits0References4
euvd
euvd
added 2026/06/02 12:31 a.m.18 views

EUVD-2026-33779

In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS5.9AI score0.00068EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/01 9:14 p.m.9 views

CVE-2026-0050

In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS5.9AI score0.00068EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2026/06/01 9:14 p.m.10 views

CVE-2026-0050

In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00068EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/01 9:14 p.m.36 views

CVE-2026-0050

In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00068EPSS
Exploits0References1
osv
osv
added 2026/06/01 12:0 a.m.13 views

ASB-A-290364858

In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS5.9AI score0.00068EPSS
Exploits0References1
mscve
mscve
added 2026/05/28 8:5 a.m.9 views

Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()

...

5.5CVSS5.4AI score0.00123EPSS
Exploits0
Rows per page
Query Builder