Lucene search
K

80 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-41272

The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...

7.5CVSS5.9AI score0.0082EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 10:54 a.m.9 views

CVE-2026-46872

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Install. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle...

9CVSS0.00277EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/17 9:5 a.m.8 views

Vulnerabilities in Oracle VM VirtualBox

Oracle has identified several vulnerabilities in Oracle VM VirtualBox version 7.2.8. These vulnerabilities are located in various components of Oracle VM VirtualBox 7.2.8, including the Shared Folders and the VMSVGA device. An attacker with low to high privileges and access to the underlying...

7.5CVSS5.5AI score0.00167EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:36 a.m.10 views

EUVD-2026-36702

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS5.3AI score0.00284EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/10 11:41 a.m.8 views

mysql: Information Schema unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with...

4.3CVSS7.1AI score0.00243EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/04 7:31 p.m.8 views

CVE-2026-41522 Iris has an Improper Authorization issue

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS5.6AI score0.00246EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 5:47 a.m.6 views

BIT-JRE-2026-21925

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and...

4.8CVSS7.3AI score0.00212EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the madvise IOCTL in the drm xe driver not verifying the patindex boundary. This could lead to...

7.1CVSS5.8AI score0.00118EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.11 views

PT-2026-38246

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.22 Description A time-of-check/time-of-use TOCTOU race condition exists in the OpenShell filesystem bridge. This issue allows attackers to use symlink swaps during filesystem operations to bypass sandbox...

8.3CVSS6AI score0.00208EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.4 views

PT-2026-34796

In versions 8.4.0, 8.3.2, 8.2.2, 8.1.3, 8.0.4, 7.13.6, 7.12.7, 7.11.7, and 7.10.10, the endpoints /api/apps/logs and /api/apps/:id/logs have a typo in the required permission check, allowing authenticated users without the proper permissions to read apps-engine logs...

4.3CVSS5.8AI score0.00182EPSS
Exploits0References4
CNVD
CNVD
added 2026/04/22 12:0 a.m.5 views

Oracle VM VirtualBox Core Component Memory Corruption Vulnerability

Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. A memory corruption vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle memory operations and...

5CVSS7.9AI score0.00096EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

Oracle VM VirtualBox 安全漏洞

Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. A memory corruption vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle memory operations and...

5CVSS5.8AI score0.00096EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.10 views

Ghost SQL注入漏洞

Ghost is a hosting service developed by the Ghost open-source project. Versions of Ghost from 3.24.0 to 6.19.0 have SQL injection vulnerabilities. These vulnerabilities stem from unvalidated code, which may allow unauthorized attackers to execute arbitrary reads from the database...

9.4CVSS6.3AI score0.69996EPSS
Exploits7References4
NVD
NVD
added 2026/01/20 10:16 p.m.12 views

CVE-2026-21971

Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft component: Purchasing. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM...

5.4CVSS0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.3 views

Oracle Utilities Applications security vulnerabilities

Oracle Utilities Applications is a technology platform for the utilities industry developed by Oracle, a company in the United States. Vulnerabilities exist in versions 4.4.0.3.0.0, 4.5.0.0.0, 4.5.0.1.1, 4.5.0.1.3, 4.5.0.2.0, 25.4, and 25.10 of the Oracle Utilities Application Framework. These...

5.4CVSS7.1AI score0.0018EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.4 views

Oracle PeopleSoft security vulnerabilities

Oracle PeopleSoft is a corporate human capital management solution developed by Oracle Corporation in the United States. This product offers functions such as human capital management, financial management, and supplier relationship management. PeopleSoft Enterprise HCM Human Resources is one of...

6.1CVSS7.1AI score0.0019EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/15 1:13 p.m.5 views

EUVD-2026-2803

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

5CVSS6.1AI score0.00027EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-1934

Malicious code in bioql PyPI...

7.1CVSS6.8AI score0.00412EPSS
Exploits0References2
NVD
NVD
added 2025/09/09 5:15 p.m.5 views

CVE-2025-54249

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate server-side requests and bypass security controls...

6.5CVSS0.01811EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/16 12:0 a.m.3 views

Claude Code 操作系统命令注入漏洞

Claude Code is an open source proxy coding tool from Anthropic. An operating system command injection vulnerability exists in versions of Claude Code prior to 1.0.4, which stems from an overly broad list of allowed security commands that could lead to unacknowledged file reads and network transfe...

7.5CVSS7.7AI score0.00431EPSS
Exploits0References2
Rows per page
Query Builder