Lucene search
K

5947 matches found

OSV
OSV
added 2026/06/08 5:34 p.m.13 views

OPENSUSE-SU-2026:20928-1 Security update for syft

This update for syft fixes the following issues: Changes in syft: - Update to version 1.45.0: Added Features - Add support for ZapAddOns as jar files 4654 4932 @douglasclarke - MySQL binary classifier should distinguish between MySQL Cluster ndb and MySQL 3297 4907 @witchcraze - Catalog...

9.8CVSS7.5AI score0.01312EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2026/06/08 5:5 p.m.14 views

Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)

Overview On June 8, 2026, Check Point published a security advisory for CVE-2026-50751, a critical authentication bypass vulnerability affecting Check Point Remote Access VPN, Mobile Access, and Spark Firewall products. The vulnerability affects deployments configured to use the deprecated IKEv1...

9.3CVSS6.2AI score0.70099EPSS
Exploits5
Patchstack
Patchstack
added 2026/06/08 3:7 p.m.8 views

WordPress kk blog card plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin kk blog card versions = 1.3...

6.4CVSS5.4AI score0.00181EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/08 3:4 p.m.10 views

WordPress Plugin Name: ePaperFlip Publisher plugin <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Plugin Name: ePaperFlip Publisher versions = 1...

6.4CVSS5.4AI score0.00192EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2026/06/08 2:17 p.m.24 views

Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups

Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol. The vulnerability, tracked as CVE-2026-50751 CVSS score: 9.3, is a case of a logic flow weakne...

9.3CVSS5.8AI score0.70099EPSS
Exploits5
OSV
OSV
added 2026/06/08 1:43 p.m.11 views

JLSEC-2026-598

An issue was discovered in yasm version 1.3.0. There is a use-after-free in error in modules/preprocs/nasm/nasm-pp.c...

5.5CVSS5.4AI score0.00317EPSS
Exploits1References4
NVD
NVD
added 2026/06/08 12:16 p.m.18 views

CVE-2026-50752

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could all...

7.4CVSS0.04859EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/08 11:0 a.m.51 views

CVE-2026-50752 Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could all...

7.4CVSS0.04859EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/08 11:0 a.m.10 views

CVE-2026-50752 Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could all...

7.4CVSS5.5AI score0.04859EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/08 10:30 a.m.37 views

CVE-2026-11506 CodeAstro Leave Management System search_staff_for_deletion.php sql injection

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/searchstafffordeletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to t...

6.5CVSS0.002EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.11 views

CodeAstro Leave Management System 注入漏洞

The CodeAstro Leave Management System is a vacation management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Leave Management System has a SQL injection vulnerability. This vulnerability stems from the handling of the leavetype parameter in the file /admin/deleteleavetype.php,...

6.5CVSS6.6AI score0.002EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.12 views

Code-Projects Simple Flight Ticket Booking System 注入漏洞

Code-Projects Simple Flight Ticket Booking System is a simple airline ticket booking system developed by Code-Projects. Version 1.0 of the code-projects Simple Flight Ticket Booking System has a vulnerability due to incorrect handling of the Username parameter in the POST Parameter Handler...

7.5CVSS7.5AI score0.00275EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.12 views

Code-Projects Online Music Site 注入漏洞

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of the Code-Projects Online Music Site has a vulnerability due to incorrect handling of the Category parameter in the file/Frontend/Search.php, which may lead to SQL injection attacks...

7.5CVSS7.5AI score0.0029EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.14 views

Check Point Quantum Security Gateway 授权问题漏洞

Check Point Quantum Security Gateway is a series of enterprise-level security gateway devices developed by the Israeli company Check Point. The Check Point Quantum Security Gateway has an authorization issue vulnerability, which stems from a defect in the certificate verification logic process...

9.3CVSS5.8AI score0.70099EPSS
Exploits5References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.17 views

SourceCodester Class and Exam Timetabling System 注入漏洞

SourceCodester Class and Exam Timetabling System is an open-source classroom and exam scheduling system developed by SourceCodester. Version 1.0 of the SourceCodester Class and Exam Timetabling System has a SQL injection vulnerability, which arises from incorrect handling of the parameter "sy" in...

7.5CVSS7.5AI score0.00275EPSS
Exploits0References1
CVE
CVE
added 2026/06/06 9:14 a.m.75 views

CVE-2026-10725

Protocol::HTTP2 for Perl (versions up to 1.12) is vulnerable to an HTTP/2 Bomb. The inbound HPACK path lacks a header-list size limit; headers_decode materialises a full key+value copy per indexed reference with no running size check, and stream_header_block_add appends every CONTINUATION frame u...

7.5CVSS5.7AI score0.00414EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.9 views

CVE-2026-7093

A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.12 views

CVE-2026-36618

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version unbound 1.22.0, aiding targeted attacks against known vulnerabilities...

4.3CVSS5.4AI score0.00159EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.12 views

CVE-2026-6202

A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be use...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.10 views

CVE-2026-37597

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/attendancelist.php...

2.7CVSS5.7AI score0.00186EPSS
Exploits0References1
Rows per page
Query Builder