Lucene search
+L

4747 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/25 11:6 p.m.9 views

CVE-2026-43920

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...

6.9CVSS6AI score0.00545EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/25 5:17 p.m.5 views

ALPINE-CVE-2026-56123

socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read...

9.8CVSS6AI score0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 3:24 p.m.22 views

CVE-2026-57454

Vim vulnerability CVE-2026-57454 affects 9.2.0320–9.2.0679. A crafted undo or swap file can store a virtual-text property with offset/length outside the line’s property data. On restore/display, Vim converts the offset to a pointer and reads the virtual text without bounds checking, causing an ou...

6.8CVSS5.8AI score0.00119EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:17 p.m.5 views

CVE-2026-54836

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5...

9.3CVSS5.9AI score0.00229EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 8:0 a.m.35 views

CVE-2026-46752 Apache Kvrocks: Stack buffer overflow in Lua bit.tohex()

Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

10CVSS0.00395EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 7:59 a.m.28 views

CVE-2026-54226 Apache Kvrocks: RESTORE IntSet Integer Overflow Leads to Remote DoS

A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.6.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

6.4CVSS0.00349EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 7:59 a.m.12 views

CVE-2026-54226

CVE-2026-54226 — Apache Kvrocks (RESTORE IntSet Integer Overflow) * Affects Kvrocks versions 2.6.0 through 2.15.0. The entry title indicates an integer overflow in RESTORE IntSet that can lead to a remote DoS. The fix is to upgrade to version 2.16.0. No exploitation details or in-the-wild status ...

6.4CVSS5.8AI score0.00349EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 4:34 a.m.113 views

CVE-2026-3176

GitLab EE contained a vulnerability CVE-2026-3176 where an authenticated user with limited permissions could access project information due to insufficient authorization checks. Affected releases: GitLab EE 18.6 up to but not including 18.11.6; 19.0 up to but not including 19.0.3; 19.1 up to but ...

3.1CVSS5.9AI score0.00182EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52504

Name of the Vulnerable Software and Affected Versions socat versions 1.8.0.0 through 1.8.1.1 Description A heap-based buffer overflow exists in the SOCKS5 DOMAINNAME reply parser during proxy connection setup. The issue stems from a sign-extension flaw where the domain name length byte is read as...

9.8CVSS6.6AI score0.00308EPSS
Exploits0References21
CVE
CVE
added 2026/06/24 9:26 p.m.27 views

CVE-2026-52794

Sentry CVE-2026-52794 describes a ReDoS in the event ingestion pipeline affecting versions from 24.4.0 through 26.5.2, where a regex on attacker-controlled fields can cause excessive CPU time. The flaw has a CVSSv3.1 base score of 7.5 (High) with network attack vector and no privileges required. ...

7.5CVSS5.8AI score0.00267EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/24 5:35 p.m.7 views

CVE-2026-48704 Warp Markdown notebook links may open executable local files

Warp is an agentic development environment. From 0.2023.10.24.08.03.stable00 until 0.2026.05.06.15.42.stable01, Warp may open executable local files through the operating system default file handler. A malicious Markdown document or project can contain a local-file link that appears as normal...

8.8CVSS5.9AI score0.00255EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-54517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, in...

5.3CVSS6.1AI score0.00237EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 7:26 p.m.37 views

CVE-2026-54326

Pi HTML exports in Pi (pi-coding-agent) from versions 0.74.0–0.78.0 do not consistently reject unsafe Markdown link and image URL schemes, with C0 control characters in the URL scheme able to bypass checks. This can lead to a Cross-Site Scripting (XSS) risk in the exported static HTML if untruste...

2.5CVSS5.8AI score0.00132EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 6:10 p.m.49 views

CVE-2026-54321 Daytona: Public sandbox previews remain accessible for up to one hour after being made private

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. From 0.101.0 until 0.184.0, sandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached...

7CVSS0.00249EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 5:56 p.m.4 views

CVE-2026-45135 Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files

Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct fla...

8.1CVSS6.6AI score0.00399EPSS
Exploits1References3
NVD
NVD
added 2026/06/23 4:16 p.m.16 views

CVE-2025-62180

Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs...

7.1CVSS0.00215EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 2:37 p.m.6 views

BIT-APISIX-2026-49230 Apache APISIX: Authentication bypass in jwe-decrypt

Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. This issue affects Apache APISIX: from 3.8.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

9.1CVSS5.8AI score0.00224EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2026/06/22 11:7 p.m.11 views

adb-wifi-qr (=0.2.0), autonet-computer (>=0.1.2 <=0.1.3) +77 more potentially affected by CVE-2026-48487 via zeroconf (>=0.102.0 <=0.149.12)

zeroconf PYPI version =0.102.0, =0.1.2, =0.4.3.0, =1.4.0, =0.3.0, =1.1.0, =0.0.11, =0.1.24, =0.2.6, =2023.9.0, =0.1.688, =0.1.754 and more Source cves: CVE-2026-48487 Source advisory: SNYK:PYTHON-ZEROCONF-17423205...

5.7AI score0.00318EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:47 p.m.5 views

CVE-2026-9071

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...

7.5CVSS5.9AI score0.00314EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/06/22 2:31 p.m.15 views

CVE-2023-33854

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data are affected (versions 4.8, 5.0, 5.1, 5.2, 5.3). The issue allows an authenticated user to bypass client-side validation and manipulate input data via man-in-the-middle techniques. Underlying impact is HIGH for integrity, with ...

5.3CVSS5.9AI score0.00188EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder