Lucene search
K

766 matches found

Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.19 views

PT-2026-45650

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description A stored Cross-Site Scripting XSS issue in Kiteworks Secure Data Forms allows an authenticated attacker to execute arbitrary JavaScript code within the sessions of other users. Recommendations Upda...

5.4CVSS5.9AI score0.00136EPSS
Exploits0References4
OSV
OSV
added 2026/05/27 3:16 p.m.8 views

UBUNTU-CVE-2026-44838

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

5.3CVSS5.8AI score0.0025EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 5:31 a.m.21 views

CVE-2026-8898

CVE-2026-8898 concerns the WordPress plugin Events In City with versions up to and including 3.0. The vulnerability is a Stored Cross-Site Scripting issue arising from insufficient input sanitization and output escaping in the org_event_scode() function, where user-supplied shortcode attributes (...

6.4CVSS6AI score0.00235EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-43644

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Input Data Manipulation.This issue affects Ads by WPQuads: from n/a through = 3.0.2...

6.5CVSS5.8AI score0.00248EPSS
Exploits0References2
CVE
CVE
added 2026/05/25 2:58 p.m.31 views

CVE-2026-42782

CVE-2026-42782 affects Apache Syncope 3.0–3.0.16, 4.0–4.0.5, and 4.1.0, caused by improper isolation that lets an administrator with sufficient entitlements load a malicious Groovy class whose static initializer reaches a non-sandboxed execution path. Remediation is to upgrade to 4.0.6 or 4.1.1, ...

7.2CVSS6AI score0.00652EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-42784

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - rust-sequoia-openpgp - None Ubuntu Linux - openpgp: Don't imply missing key flags from key type CVE-2026-42784 Note that Nessus relies on the...

5.8AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-42783

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - rust-sequoia-openpgp - None Ubuntu Linux - openpgp: Don't imply missing key flags from key type CVE-2026-42783 Note that Nessus relies on the...

5.8AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-kramdown (UTSA-2026-016646)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016646 advisory. The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as...

9.8CVSS7.4AI score0.0456EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/21 2:36 p.m.8 views

WordPress Location Weather – WordPress Weather Forecast, AQI, Temperature and Weather Widget plugin <= 3.0.2 - Missing Authorization to Authenticated (Contributor+) Block Settings Modification and Cache Purging vulnerability

Missing Authorization to Authenticated Contributor+ Block Settings Modification and Cache Purging vulnerability discovered by momopon1415 in WordPress Plugin Location Weather versions = 3.0.2...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/18 12:0 a.m.41 views

CVE-2026-26462

Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...

0.00318EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-8162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a...

7.5CVSS5.5AI score0.00279EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 12:32 p.m.14 views

EUVD-2026-29457

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Retrieve Embedded Sensitive Data.This issue affects WP EasyPay: from n/a through = 4.3.0...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 10:16 a.m.7 views

DEBIAN-CVE-2026-8159

[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-39996

Name of the Vulnerable Software and Affected Versions multiparty versions prior to 4.3.0 Description A denial of service issue exists due to regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload containing a long header value can cause...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-39998

Name of the Vulnerable Software and Affected Versions multiparty versions 4.2.3 and earlier Description A denial of service occurs due to an uncaught exception during the parsing of multipart/form-data requests. When a request contains a Content-Disposition header with a filename parameter...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References8
NVD
NVD
added 2026/05/07 12:16 p.m.58 views

CVE-2026-41643

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during th...

7.5CVSS0.00503EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-38473

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

8.2CVSS5.5AI score0.00435EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/05 6:46 p.m.36 views

CVE-2026-30923 libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

8.2CVSS0.00435EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/05/04 5:0 a.m.10 views

CVE-2026-7734

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefixsid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from...

7.5CVSS5.6AI score0.00464EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.9 views

PT-2026-36779

Name of the Vulnerable Software and Affected Versions osrg GoBGP versions prior to 4.4.0 Description A remote attack can be launched against the parseRibEntry function in the pkg/packet/mrt/mrt.go file, which may lead to an integer underflow. Integer underflow occurs when an arithmetic operation...

7.5CVSS7.1AI score0.00454EPSS
Exploits0References20
Rows per page
Query Builder