Lucene search
K

26552 matches found

CVE
CVE
added 2026/06/15 2:23 p.m.65 views

CVE-2026-5038

MULTER CVE-2026-5038 affects multer’s diskStorage: versions 2.0.0-alpha.1–2.1.1 and 3.0.0-alpha.1 are vulnerable. The root cause is that Readable.pipe() does not propagate the stream destroy signal to the underlying fs.WriteStream, allowing aborted or malformed multipart uploads to leave orphaned...

7.5CVSS5.3AI score0.00278EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/15 12:16 p.m.26 views

CVE-2026-34030

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and...

6.9CVSS0.00327EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/15 10:5 a.m.9 views

EUVD-2026-36713

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and...

6.9CVSS5.4AI score0.00327EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49299

Name of the Vulnerable Software and Affected Versions SNMP4J-Agent version 3.8.3 Description A remote attacker can execute arbitrary code through the snmp4jCfgStoragePath component. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

9.8CVSS5.7AI score0.00515EPSS
Exploits1References3
CVE
CVE
added 2026/06/15 12:0 a.m.17 views

CVE-2025-68713

Rakuten Send Anywhere for Android (com.estmob.android.sendanywhere, version 23.2.9) is affected. A vulnerability allows untrusted applications with no permissions to trigger arbitrary file downloads into the app’s scoped storage, with downloaded items appearing in the app’s trusted Received inter...

8CVSS6.1AI score0.00284EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49242

Name of the Vulnerable Software and Affected Versions multer versions 2.0.0-alpha.1 through 2.1.1 multer version 3.0.0-alpha.1 Description A Denial of Service issue exists when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the Readable.pipe...

7.5CVSS5.3AI score0.00278EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49201

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and...

6.9CVSS5.3AI score0.00327EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.28 views

CVE-2026-39006

An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component...

0.00515EPSS
Exploits1References1
CVE
CVE
added 2026/06/15 12:0 a.m.18 views

CVE-2026-39006

CVE-2026-39006 concerns SNMP4J-Agent 3.8.3 where a remote attacker can execute arbitrary code via the snmp4jCfgStoragePath component. Documented impact is critical (CVSS v3.1: 9.8) with network discovery and no user interaction required; exploitation status is not provided in the supplied sources...

9.8CVSS6AI score0.00515EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49282

Name of the Vulnerable Software and Affected Versions Rakuten Send Anywhere File Transfer for Android version 23.2.9 Description An issue in the application allows untrusted apps without permissions to force arbitrary file downloads into the app's scoped storage. These files then appear in the...

8CVSS6.5AI score0.00284EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.34 views

CVE-2025-68713

An issue was discovered in Rakuten Send Anywhere File Transfer for Android com.estmob.android.sendanywhere 23.2.9. The vulnerability allows untrusted applications with no permissions to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's...

0.00284EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensiti...

6.8CVSS5.9AI score0.00291EPSS
Exploits0References3
NVD
NVD
added 2026/06/13 7:16 a.m.16 views

CVE-2026-9109

The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API Translation Storage in all versions up to, and including, 2.31 due to insufficient input sanitization and output escaping...

7.2CVSS0.00316EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/13 6:0 a.m.30 views

CVE-2026-9061 Agile Store Locator < 1.6.9 - Admin+ Stored XSS via logo_name

The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store Locator WordPress plugin before 1.6.9 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks...

0.00145EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/13 5:32 a.m.7 views

CVE-2026-9109 GPTranslate <= 2.31 - Unauthenticated Stored Cross-Site Scripting via REST API Translation Storage

The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API Translation Storage in all versions up to, and including, 2.31 due to insufficient input sanitization and output escaping...

7.2CVSS5.5AI score0.00316EPSS
Exploits0References12
EUVD
EUVD
added 2026/06/13 5:32 a.m.14 views

EUVD-2026-36642

The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API Translation Storage in all versions up to, and including, 2.31 due to insufficient input sanitization and output escaping...

7.2CVSS5.6AI score0.00316EPSS
Exploits0References12
Fedora
Fedora
added 2026/06/13 1:13 a.m.15 views

[SECURITY] Fedora 44 Update: collectd-5.12.0-64.fc44

collectd is a daemon which collects system performance statistics periodically and provides mechanisms to store the values in a variety of ways, for example in RRD files...

5.3AI score
Exploits0
Fedora
Fedora
added 2026/06/13 1:13 a.m.15 views

[SECURITY] Fedora 44 Update: varnish-8.0.2-1.fc44

This is Varnish Cache, a high-performance HTTP accelerator. Varnish Cache stores web pages in memory so web servers don=E2=80=99t have to create the same web page over and over again. Varnish Cache serves pages much faster than any application server; giving the website a significant speed up...

9.8CVSS5.4AI score0.00202EPSS
Exploits1
EUVD
EUVD
added 2026/06/13 12:34 a.m.11 views

EUVD-2026-36628

Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content...

5.3CVSS5.2AI score0.00183EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.16 views

PT-2026-49081

Name of the Vulnerable Software and Affected Versions GPTranslate – Multilingual AI Translation for WordPress versions prior to 2.32 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting. Attackers can retrieve a...

7.2CVSS5.6AI score0.00316EPSS
Exploits0References18
Rows per page
Query Builder