Lucene search
+L

4810 matches found

CVE
CVE
added 2026/05/22 2:6 p.m.34 views

CVE-2026-8347

The CVE-2026-8347 entry affects Concrete CMS 9.5.0 and earlier, where the Express association Reorder dialog is vulnerable to IDOR and wrong-authorization-level handling, enabling cross-entity state tampering under view-only permissions. The issue is triggered by reliance on Express entity orderi...

4.3CVSS5.8AI score0.00175EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/22 5:16 a.m.20 views

CVE-2026-44409

There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk of information disclosure...

7.5CVSS0.00216EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:49 a.m.8 views

CVE-2026-44409

There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk of information disclosure...

5.7CVSS5.8AI score0.00216EPSS
Exploits0References2
CVE
CVE
added 2026/05/22 3:49 a.m.38 views

CVE-2026-44409

Technical details about CVE-2026-44409 are not publicly available in the provided documents. No explicit affected versions, root cause specifics, exploit information, or mitigations are present. Monitor for updates from vendors and security feeds.

7.5CVSS5.8AI score0.00216EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 3:5 a.m.17 views

Malicious code in @shwfed/nuxt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87ac343d6f89a601749bb115fa6902e7d39c71a0a6469690ecef56e9ea8a135e @shwfed/nuxt is published as a Nuxt UI module but contains undocumented build-hook code that, when a consumer integrates the module and runs a build...

5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.16 views

PT-2026-42777

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...

5.9CVSS5.8AI score0.00346EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Dell ECS 访问控制错误漏洞

Dell ECS is an enterprise-level object storage solution from the American company Dell. Versions 3.5 and 3.6 of Dell ECS contain access control vulnerability issues. This vulnerability stems from improper access control in the identity and access management module, which may allow remote...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: hibernate (UTSA-2026-016690)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016690 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...

6.5CVSS6.8AI score0.02126EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/21 7:29 p.m.6 views

CVE-2026-4843

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.8AI score0.00192EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/21 7:29 p.m.10 views

CVE-2026-4843 GSheet For Woo Importer <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Reset

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.8AI score0.00192EPSS
Exploits0References2
CVE
CVE
added 2026/05/21 7:29 p.m.23 views

CVE-2026-4843

The CVE-2026-4843 entry concerns the WordPress plugin “GSheet For Woo Importer.” All versions up to 2.3.1 are affected by a missing capability check in process_ajax_restore_action(), enabling authenticated users with Subscriber-level access or higher to delete the plugin’s Google Sheets API token...

4.3CVSS5.8AI score0.00192EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in glib2.0

A flaw was discovered in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability enables a local attacker to...

3.7CVSS5.8AI score0.0037EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The supported versions affected by this vulnerability are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK:...

3.7CVSS6.7AI score0.0104EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Networking. The supported versions affected by this vulnerability include Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle...

6.1CVSS5.6AI score0.00261EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The supported versions affected by this vulnerability include Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0....

7.4CVSS6.9AI score0.00911EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/19 10:19 a.m.11 views

Insufficient Granularity of Access Control

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Insufficient Granularity of Access Control via the user handler in the resource account service. An attacker...

5.3CVSS5.9AI score0.0037EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.15 views

SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2026:1955-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1955-1 advisory. This update for java-180-openjdk fixes the following issues - CVE-2026-22007: APIs in the specified component can lead to an...

7.5CVSS5.9AI score0.00702EPSS
Exploits0References22
NVD
NVD
added 2026/05/18 8:16 p.m.19 views

CVE-2026-21789

HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios...

4.6CVSS0.00122EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/18 7:17 p.m.10 views

CVE-2026-21789

HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios...

4.6CVSS5.8AI score0.00122EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/18 7:17 p.m.10 views

CVE-2026-21789 HCL Connections is vulnerable to broken access control

HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios...

4.6CVSS5.8AI score0.00122EPSS
Exploits0References1
Rows per page
Query Builder