Lucene search
K

1385 matches found

CVE
CVE
added 4 days ago6 views

CVE-2026-15374

Technical details beyond the initial description are not publicly available in the provided documents. Monitor for updates on CVE-2026-15374 affecting Eleveo Call Recording Software 9.7.0, specifically the /callrec/roleAddAction.do improper authorization vulnerability.

6.5CVSS6.3AI score0.00256EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago43 views

CVE-2026-59858 Vim: Arbitrary Code Execution via C Omni-Completion

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...

8.4CVSS0.00137EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago47 views

CVE-2026-59857 Vim: Out-of-bounds Write in SAL Soundfolding

Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spellsoundfoldsal in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen MAXWLEN, allowing reslen...

5.6CVSS0.00107EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago11 views

EUVD-2026-36117

Sharp Missing Authorization Check in Quick Creation Command Endpoints...

4.3CVSS5.9AI score0.00213EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 9:32 a.m.21 views

CVE-2026-12142

CVE-2026-12142 affects the NEX-Forms – Ultimate Forms Plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via the internal parameter named '_name[]' , present in all versions up to and including 9.2.2 . Root cause: insufficient input sanitization and output escaping, co...

7.2CVSS5.9AI score0.00304EPSS
Exploits0References14
CVE
CVE
added 2026/06/30 7:50 p.m.15 views

CVE-2026-11595

CVE-2026-11595 affects IBM WebSphere Application Server 9.0 and 8.5. The IBM Security Bulletin describes a path traversal vulnerability in the administrative console’s integrated help system that could allow a remote attacker to obtain sensitive information. Affected products/versions include Web...

7.5CVSS5.8AI score0.00474EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/30 7:47 p.m.7 views

EUVD-2026-40397

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system...

9.3CVSS5.6AI score0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 7:45 p.m.38 views

CVE-2026-11712 IBM WebSphere Application Server is affected by a cross-site scripting vulnerability

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system...

9.3CVSS0.00217EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 9:45 a.m.3 views

SUSE-SU-2026:2675-1 Security update for tomcat

This update for tomcat fixes the following issues Update to Tomcat 9.0.118: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165. -...

9.8CVSS5.9AI score0.01339EPSS
Exploits2References15
Fedora
Fedora
added 2026/06/28 12:58 a.m.8 views

[SECURITY] Fedora 44 Update: pgadmin4-9.16-1.fc44

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

9.5CVSS5.8AI score0.0071EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.7 views

Fedora 44 : pgadmin4 (2026-c248414214)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c248414214 advisory. Update to pgadmin-9.16. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

9.5CVSS5.8AI score0.0071EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 7:16 p.m.5 views

UBUNTU-CVE-2026-56766

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS6.6AI score0.01325EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 6:1 p.m.5 views

CVE-2026-56766

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS6.8AI score0.01325EPSS
Exploits2References3
CVE
CVE
added 2026/06/25 1:38 p.m.14 views

CVE-2026-47149

CVE-2026-47149 affects EmberZNet v9.0.2 and earlier: malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads, terminating the process. Impacts devices that have joined the network and support the Door Lock cluster. No information leakage to the sender was observ...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/25 1:38 p.m.5 views

EUVD-2026-39404

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devic...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 1:35 p.m.33 views

CVE-2026-47146 Color Control color-temperature assertion abort in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...

7.1CVSS0.00249EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 1:34 p.m.22 views

CVE-2026-47145

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can trigger asserts that terminate the process. The issue affects devices that already joined the network and that support the Color Control cluster. The problem is caused by malformed Color Control messages and results in an appli...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52476

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0670 Description The get text props function in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textprop T entries that follow. Because the count ...

6.1CVSS5.8AI score0.00113EPSS
Exploits0References5
Talos
Talos
added 2026/06/25 12:0 a.m.8 views

vtk vtk-dicom vtkDICOMItem::FindDataElementOrInsert heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the vtkDICOMItem::FindDataElementOrInsert functionality of vtk-dicom versions: 9.5.2. A specially crafted DICOM file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

8.1CVSS6.4AI score0.0032EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52403

Name of the Vulnerable Software and Affected Versions EmberZNet versions prior to 9.0.3 Description Malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write, which leads to process termination. This issue specifically affects devices that support the IAS Zone cluster...

7.1CVSS5.7AI score0.00217EPSS
Exploits0References4
Rows per page
Query Builder