Lucene search
K

774 matches found

Microsoft Security Update
Microsoft Security Update
added yesterday6 views

2026-07 .NET 10.0.10 Security Update for x64 Server (KB5104034)

2026-07 .NET 10.0.10 Security Update for x64 Server KB5104034...

6.1AI score
Exploits0
NVD
NVD
added 6 days ago8 views

CVE-2026-59213

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, getallmodels handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of keybuilder, causing permission-filtered per-user model lists to share a stat...

5CVSS0.00273EPSS
Exploits1References4
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42521

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' attribute in all versions up to, and including, 10.10.2 due to insufficient input sanitization and output escaping...

6.4CVSS6.1AI score0.00256EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/08 12:9 a.m.131 views

CVE-2026-59997

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

4.2CVSS0.00177EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.9 views

PT-2026-56287

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.4 Description The scp utility may place a file in the parent directory of the intended destination when performing a copy operation between two remote destinations. Recommendations Update to version 10.4 or later...

6.5CVSS6.1AI score0.00241EPSS
Exploits0References21
ATTACKERKB
ATTACKERKB
added 2026/07/06 2:46 p.m.8 views

CVE-2025-53829

ownCloud is a file storage, synchronization, and sharing application. In ownCloud 10 prior to version 10.15.3, an attacker with administrative privileges can exploit a path traversal vulnerability in the system to execute arbitrary code. Upgrade ownCloud 10 to version 10.15.3 or later to receive ...

8CVSS6.2AI score0.00335EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/06 2:31 p.m.46 views

CVE-2025-53827 ownCloud Core: Updater has an exposed dangerous method or function

ownCloud Core is the server-side component of the file storage, synchronization, and sharing application ownCloud Classic. In versions prior to 10.15.3, the Updater on ownCloud 10 before 10.15.3 has an exposed dangerous method or function. Attackers with administrative privileges may leverage...

9.1CVSS0.00342EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 2:31 p.m.17 views

CVE-2025-53827

ownCloud Core Updater on versions prior to 10.15.3 exposes a dangerous method/function. Attackers with administrative privileges may leverage it to execute arbitrary code. The issue is fixed in 10.15.3 (CVSSv3.1: 9.1, CRITICAL; network, high impact on confidentiality, integrity, and availability).

9.1CVSS6.1AI score0.00342EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 10:59 p.m.8 views

EUVD-2026-39492

pnpm Vulnerable to Arbitrary File Write/Delete via Malicious Patch File Path Traversal...

7.3CVSS5.8AI score0.0027EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:50 p.m.6 views

CVE-2026-50573

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm install in non-frozen mode can accept new remote package content after detecting that the downloaded tarball does not match the integrity recorded in pnpm-lock.yaml. When a package is already locked with an integrity value, and the...

6.8CVSS5.9AI score0.00113EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/24 6:22 p.m.42 views

CVE-2026-48793 Jellyfin: Potential FFmpeg argument injection via unescaped subtitle file path

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal SubtitleEncoder.cs, line 382 interpolates the subtitle file path into FFmpeg...

8.8CVSS0.00357EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 1:41 p.m.3 views

CVE-2026-8823 User Manager can demote bot accounts to guest without bot-management permission

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669...

3.8CVSS6.1AI score0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 6:32 p.m.24 views

CVE-2026-12238 WP Go Maps <= 10.1.01 - Unauthenticated Arbitrary Record Creation

The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers ...

5.3CVSS0.00205EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 1:47 p.m.11 views

EUVD-2026-36246

A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...

7CVSS5.5AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 7:30 p.m.4 views

CVE-2026-45779 Open XDMoD Vulnerable to Unauthenticated SQL Injection Leading to Full Database Compromise

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and...

9.3CVSS6.2AI score0.00479EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.9 views

CVE-2026-1343

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are...

7.2CVSS5.5AI score0.00198EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.9 views

CVE-2026-42280

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...

7.1CVSS5.4AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 3:25 p.m.12 views

EUVD-2026-34097

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

8.4CVSS5.8AI score0.00343EPSS
Exploits0References1
Atlassian
Atlassian
added 2026/06/01 10:29 p.m.13 views

DoS (Denial of Service) io.netty:netty-codec Dependency in Bamboo Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows a...

7.5CVSS6.6AI score0.00887EPSS
Exploits1
NVD
NVD
added 2026/05/29 3:16 p.m.15 views

CVE-2026-4290

The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/userid REST API endpoint in all versions up to, and including, 10.6.0. This is due to the checkpermission callback unconditionally returning true and the Database::delete...

9.1CVSS0.00258EPSS
Exploits0References2
Rows per page
Query Builder