Lucene search
+L

3437 matches found

CVE
CVE
added yesterday6 views

CVE-2026-12283

CVE-2026-12283 affects Amazon Athena Query Federation's Synapse connector (aws-athena-query-federation) v2022.20.1–v2026.19.1. The issue is improper neutralization of elements in an SQL command within the Synapse connector, which could let an authenticated remote user execute injected read-only S...

6.8CVSS6AI score
Exploits0References3
Nuclei
Nuclei
added yesterday23 views

Masteriyo LMS <= 1.7.2 - Unauthenticated Privilege Escalation

The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the updateloggedinuser function in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers t...

9.8CVSS8.3AI score0.02112EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday39 views

Broadstreet WordPress plugin - Reflected XSS

Broadstreet WordPress plugin 1.51.8 contains a reflected XSS caused by unsanitised and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires victim interaction. id: CVE-2025-4652 info: name: Broadstreet WordPress plugin -...

6.1CVSS5.1AI score0.00464EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday54 views

Mail Mint < 1.19.5 - Unauthenticated Email Disclosure

Mail Mint WordPress plugin 1.19.5 contains an information disclosure vulnerability caused by lack of authorization in a REST API endpoint, letting unauthenticated users retrieve email addresses of blog users, exploit requires no authentication. id: CVE-2026-2025 info: name: Mail Mint 1.19.5 -...

7.5CVSS5.2AI score0.01379EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday18 views

WeGIA <= 3.6.4 - Remote Code Execution

WeGIA = 3.6.5 contains a remote code execution caused by improper validation of backup file names in the database restoration functionality, letting attackers with administrative access execute arbitrary OS commands id: CVE-2026-28409 info: name: WeGIA = 3.6.4 - Remote Code Execution author:...

10CVSS6.6AI score0.03315EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 3 days ago14 views

dd-trace-rb: Improper parsing of W3C baggage headers may lead to DoS

Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...

6.1AI score0.00106EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 3 days ago11 views

Security Bulletin: Vulnerability in libxml2 affects IBM Cloud Pak System[CVE-2025-6021]

Summary A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. Vulnerability was addressed in IBM Cloud Pak System version 2.3.6.1, and IBM Cloud Pak System version 2.3.5.1. Vulnerability Details...

7.5CVSS7AI score0.01067EPSS
Exploits1Affected Software4
CVE
CVE
added 4 days ago12 views

CVE-2026-15738

The CVE-2026-15738 issue affects the AWS Load Balancer Controller prior to version 3.4.2, where incorrect behavior order in Gateway API listener-rule generation can let an authenticated remote user intercept, spoof, or deny another namespace’s gRPC traffic on a shared Gateway via a crafted HTTPRo...

8.5CVSS6.2AI score0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-15643 AWS HealthLake MCP Server SSRF via Pagination URL

AWS HealthLake MCP Server awslabs.healthlake-mcp-server is a Model Context Protocol server that enables AI assistants to interact with AWS HealthLake FHIR datastores. A server-side request forgery in the pagination handling component in AWS awslabs.healthlake-mcp-server before 0.0.14 on all...

9.2CVSS0.0022EPSS
Exploits0References2
CVE
CVE
added 5 days ago14 views

CVE-2026-15516

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-15516 for affected versions, impact, and remediation.

6.3CVSS5.8AI score0.00274EPSS
Exploits0References6
OSV
OSV
added 6 days ago4 views

CVE-2026-15488 hcr707305003 shiroiAdmin FileController.php upload unrestricted upload

A vulnerability was determined in hcr707305003 shiroiAdmin 1.1/1.3. Affected is the function FileController::upload of the file app/common/controller/FileController.php. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit...

6.9CVSS6.7AI score0.00291EPSS
Exploits0References9
CVE
CVE
added 6 days ago16 views

CVE-2026-15475

Summary: CVE-2026-15475 affects MiniTool Partition Wizard (up to v13.6), specifically the Signed Kernel Driver pwdrvio.sys. A manipulation of an unknown function in pwdrvio.sys leads to improper access controls. The attack is local. Publicly available exploit suggests potential use in attacks. A ...

5.3CVSS5.7AI score0.00105EPSS
Exploits0References6
Snyk
Snyk
added 2026/07/10 10:28 p.m.4 views

Open Redirect

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Open Redirect via the redirect-intended process. An attacker can redirect users to arbitrary external websites by manipulating the Referer header during the user edit flow...

6.1CVSS6.2AI score0.00232EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/10 7:54 p.m.7 views

CVE-2026-59180

A flaw was found in Apprise, an open-source library for sending notifications. HTTP-based notification plugins and HTTP attachment and configuration loaders in Apprise, prior to version 1.11.0, automatically follow HTTP redirects. During these redirects, user-configured authentication headers and...

3.1CVSS6.1AI score0.00195EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/10 7:41 p.m.31 views

CVE-2026-55461 Snipe-IT: Open Redirect After User Edit

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url-previous from the attacker-controlled Referer header into Laravel’s intended URL session value and later uses redirect-intended... when redirectoption=back is submitted, allowing Snipe-IT to be used a...

6.1CVSS0.00232EPSS
Exploits0References3
Snyk
Snyk
added 2026/07/10 4:35 p.m.7 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through the image process in open-sse/translator/concerns/image.js. An attacker can access internal-only HTTP services by...

7.4CVSS6.1AI score0.00154EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/10 12:24 p.m.7 views

CVE-2026-55170

A flaw was found in OpenFGA, an authorization/permission engine. When using MySQL as the datastore, and authorization decisions depend on case-sensitive user strings, the system may incorrectly treat case-distinct values e.g., 'user:Alice' and 'user:alice' as equivalent. This can lead to improper...

5.4CVSS6AI score0.00248EPSS
Exploits0References8
NVD
NVD
added 2026/07/10 8:16 a.m.6 views

CVE-2026-40009

Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to internalauditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10,...

6.5CVSS0.00209EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/10 7:19 a.m.8 views

CVE-2026-40454

Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users...

7.5CVSS6.1AI score0.00278EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/10 4:0 a.m.34 views

CVE-2026-15330 zhayujie CowAgent Vision Tool vision.py _download_to_data_url server-side request forgery

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...

7.5CVSS0.00352EPSS
Exploits0References9
Rows per page
Query Builder