Lucene search
K

46 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-6683

FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes nfatent - 2 to be zero during write/sync operations. This maps to CWE-369 Divide By Zero. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 4.6, Medium. Network-delivered...

4.6CVSS0.00205EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-41431

Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...

8CVSS5.7AI score0.00199EPSS
Exploits0References1
OSV
OSV
added 2026/06/02 1:37 p.m.6 views

OPENSUSE-SU-2026:20880-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2026-3219: concatenated tar and ZIP files are handled as ZIP files, resulting in possibly obfuscated malicious code bsc1262429. - CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation,...

5.3CVSS6.3AI score0.0039EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-43389

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mm: memfdluo: always dirty all folios A dirty folio is one which has been written to. A clea...

5.5CVSS5.7AI score0.00107EPSS
Exploits0References2
CVE
CVE
added 2026/04/22 7:45 a.m.15 views

CVE-2026-4133

The TextP2P Texting Widget WordPress plugin (versions ≤ 1.7) is vulnerable to Cross-Site Request Forgery due to missing nonce validation in imTextP2POptionPage(). The settings form (line 314) lacks wp_nonce_field(), and the POST handler (line 7) does not call check_admin_referer() or wp_verify_no...

4.3CVSS5.7AI score0.00156EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.24 views

PT-2026-34184

Name of the Vulnerable Software and Affected Versions Zero Motorcycles firmware versions 44 and prior Description An issue in the Bluetooth pairing process allows an attacker in close proximity to forcibly pair a device with the motorcycle while it is in pairing mode. Once paired, the attacker ca...

6.4CVSS5.8AI score0.00134EPSS
Exploits0References5
OSV
OSV
added 2026/03/10 10:16 p.m.6 views

CVE-2026-28806

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...

9.4CVSS5.9AI score0.0041EPSS
Exploits0References2
OSV
OSV
added 2026/03/03 6:9 p.m.5 views

GHSA-7XHJ-55Q9-PC3M OpenClaw's hook transform module path allows traversal and arbitrary JavaScript module loading

Summary OpenClaw hook mapping transforms could be loaded via absolute paths or .. traversal, allowing arbitrary JavaScript module loading/execution in the gateway process when an attacker can modify hooks configuration. Affected Versions - Affected: = 2.0.0-beta3 and = 2026.2.13 - Fixed: 2026.2.1...

8.3CVSS6.2AI score0.00439EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/01/07 9:20 a.m.4 views

CVE-2025-14465 Sticky Action Buttons <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update

The Sticky Action Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the sabsoptionspageformsubmit function. This makes it possible for unauthenticated attackers to update plug...

4.3CVSS4.9AI score0.00112EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.7 views

PT-2025-44953

The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the manage page function. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS5.3AI score0.00142EPSS
Exploits0References5
NVD
NVD
added 2025/10/30 10:15 p.m.18 views

CVE-2024-13996

Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a result, any pre-existing sessions including those potentially controlled by an attacker remained valid after a credential update. This insufficient session...

9.8CVSS0.00964EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-5294

Malware in sbrugna...

9.3CVSS7.6AI score0.01242EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-26918

Malware in sbrugna...

6.8CVSS6.6AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2002-0670

Malware in sbrugna...

7.5CVSS6.4AI score0.04273EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-27897

Malicious code in bioql PyPI...

6.5CVSS7.6AI score0.00644EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-39075

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00251EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-48191

Malicious code in bioql PyPI...

8.8CVSS7.3AI score0.0089EPSS
Exploits2References2
CVE
CVE
added 2025/08/11 6:0 a.m.15 views

CVE-2025-7965

CVE-2025-7965 concerns the WordPress CBX Restaurant Booking plugin (versions up to 1.2.1). The vulnerability is a missing CSRF check when updating settings, which could let a logged-in attacker perform admin-level changes via a CSRF attack. The CVSS 3.1 base metrics indicate a medium severity (4....

4.3CVSS7AI score0.00139EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/04 12:0 a.m.6 views

PT-2025-23761 · WordPress · Filterprovider

Name of the Vulnerable Software and Affected Versions: File Provider versions 1.2.3 and earlier Description: The issue is related to the lack of a CSRF check when updating settings in the File Provider WordPress plugin. This could allow attackers to make a logged-in admin change the settings via ...

4.3CVSS5.3AI score0.00145EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 9:29 a.m.6 views

CVE-2024-5570

The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

6.5CVSS6.6AI score0.00547EPSS
Exploits2References1
Rows per page
Query Builder