Lucene search
+L

339 matches found

attackerkb
attackerkb
added 2 days ago3 views

CVE-2026-48351

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require use...

7.5CVSS6.1AI score0.00407EPSS
Exploits0References2
cvelist
cvelist
added last week33 views

CVE-2026-54801

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the we...

8.6CVSS0.0034EPSS
Exploits0References1
redhat
redhat
added 2026/07/09 8:19 a.m.8 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.2AI score0.0052EPSS
Exploits0References8
nvd
nvd
added 2026/07/09 8:16 a.m.7 views

CVE-2026-31981

A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...

5.9CVSS0.00142EPSS
Exploits0References1
osv
osv
added 2026/07/08 7:42 p.m.3 views

CVE-2026-59802 PasswordPusher < 2.8.1 - Redirect-Based XSS via data URI in URL Push Payload

PasswordPusher before 2.8.1 accepts data URI schemes in URL push payloads due to insufficient validation in the validurl function. Attackers can create malicious pushes containing data:text/html URIs that execute arbitrary JavaScript in victims' browsers when clicked, enabling phishing and...

6.3CVSS6.3AI score0.00192EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.9 views

PT-2026-56062

Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.65.1 Description Langroid is a framework for building large-language-model-powered applications. The SQLChatAgent component implements a SQL-injection mitigation that uses a raw-text regex blocklist DANGEROUS SQL...

9.3CVSS6.2AI score0.00646EPSS
Exploits0References14
github
github
added 2026/07/02 5:42 p.m.9 views

Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read

Summary SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses the canonical PostgreSQL filesystem-disclosure family pgreadfile, pgstatfile, pglslogdir,...

8.7CVSS6.1AI score0.00686EPSS
Exploits0References3Affected Software1
euvd
euvd
added 2026/07/02 12:34 p.m.8 views

EUVD-2026-41368

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS6AI score0.00542EPSS
Exploits0References2
nvd
nvd
added 2026/06/29 11:16 p.m.9 views

CVE-2026-7656

The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6nbr.c handlerainput, handlensinput, handlenainput used an incorrect boolean expression that combined the RFC 4861 validity checks with the ICMPv6 code check using the wrong operator precedence: the form was 'length/hop/source/target checks...

8.1CVSS0.00205EPSS
Exploits1References2
redhat
redhat
added 2026/06/11 1:40 p.m.10 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.7AI score0.0052EPSS
Exploits0References8
vulnrichment
vulnrichment
added 2026/06/11 5:3 a.m.11 views

CVE-2026-40994 Wss4jSecurityInterceptor disables WS-I BSP validation by default

Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...

8.2CVSS5.3AI score0.00229EPSS
Exploits0References1
cve
cve
added 2026/06/09 11:47 p.m.101 views

CVE-2026-41696

Spring Data MongoDB CVE-2026-41696 affects multiple versions (5.0.0–5.0.5; 4.5.0–4.5.11; 4.4.0–4.4.14; 4.3.0–4.3.16; 4.2.0–4.2.15; 4.1.0–4.1.14; 4.0.0–4.0.15; 3.4.0–3.4.19). The issue is insufficient validation of bound parameters in repository query methods annotated with @Query that use regex b...

5.9CVSS5.5AI score0.00262EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.16 views

PT-2026-47823

Name of the Vulnerable Software and Affected Versions NETGEAR JR6150 affected versions not specified Description Insufficient input validation allows users connected to local WiFi networks to execute operating system commands. This issue was identified through firmware emulation in a controlled...

8CVSS5.8AI score0.00289EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.11 views

PT-2026-47538

SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has a low impact on integrity and does not affect the confidentiality and availability of th...

4.3CVSS5.5AI score0.00109EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/06/09 12:0 a.m.15 views

WordPress plugin WP Emoticon Rating 跨站请求伪造漏洞

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. The WP Emoticon Rating plugin has a cross-site reques...

6.1CVSS5.8AI score0.0012EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/08 11:0 a.m.8 views

CVE-2026-50752

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could all...

7.4CVSS5.8AI score0.04859EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/08 12:0 a.m.11 views

PT-2026-47708

CVE-2024-56121 - OpenSSL: Improper Certificate Validation Weakness CVE ID :CVE-2024-56121 Published : June 8, 2026, 10:16 a.m. | 44 minutes ago Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the link for more...

5.3AI score
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/07 12:0 a.m.19 views

PT-2026-47277

Name of the Vulnerable Software and Affected Versions Check Point Security Gateways and Check Point Spark Firewall affected versions not specified Description A weakness in the certificate validation logic of the deprecated IKEv1 Internet Key Exchange version 1 key exchange allows an...

7.4CVSS5.7AI score0.04859EPSS
Exploits0References34
redhatcve
redhatcve
added 2026/06/05 7:42 p.m.12 views

CVE-2025-52606

HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expecte...

4.3CVSS5.4AI score0.00169EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:25 p.m.13 views

CVE-2026-44737

grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails to properly validate and sanitize user input in the dataheadertitle parameter. As a result,...

6.2CVSS5.4AI score0.00256EPSS
Exploits0References1
Rows per page
Query Builder