Lucene search
K

4622 matches found

Patchstack
Patchstack
added 2026/06/18 1:6 p.m.4 views

NPM: http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass

NPM: http-proxy-middleware router host+path substring matching allows Host-header-driven backend routing bypass vulnerability discovered by ? in WordPress Npm http-proxy-middleware versions = 0.16.0, 2.0.10...

8.6CVSS5.8AI score0.0034EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:1 p.m.4 views

NPM: Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory

NPM: Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory vulnerability discovered by ? in WordPress Npm chrome-devtools-mcp versions = 0.20.0, = 1.0.1...

6.1CVSS5.8AI score0.00077EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/17 1:49 p.m.10 views

EUVD-2025-210248

Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3...

7.3CVSS5.2AI score0.00178EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.9 views

CVE-2026-46880

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Enterprise Infrastructure Security. Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via JDENET to compromise ...

9.8CVSS0.00483EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.8 views

CVE-2026-46881

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Enterprise Infrastructure Security. Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via JDENET to compromise ...

9.8CVSS0.00473EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 9:43 p.m.24 views

CVE-2026-47277 Runtipi: Unauthenticated arbitrary file read through app-store logo symlinks

Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only...

6.5CVSS0.00399EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 5:16 p.m.10 views

CVE-2024-22451

Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution...

6.7CVSS0.00099EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 4:15 p.m.23 views

CVE-2026-42089

The CVE concerns yeoman-environment. Vulnerable versions 2.9.0 through 6.0.0 install missing local generator packages from attacker-controlled names without user confirmation, via installLocalGenerators() calling repository.install(). This can cause arbitrary package installation and code executi...

8.6CVSS5.9AI score0.00139EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/16 3:16 p.m.28 views

CVE-2024-22451

Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution...

6.7CVSS0.00099EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 10:16 a.m.11 views

CVE-2026-49772

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...

9.3CVSS0.00229EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-50019

Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Web Runtime Security component of JD Edwards EnterpriseOne Tools. An unauthenticated attacker with network access via HTTP can compromise the...

9.3CVSS5.9AI score0.00262EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36797

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service DoS condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/15 8:20 p.m.5 views

NPM: Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow

NPM: Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow vulnerability discovered by ? in WordPress Npm electron versions = 42.3.1, 42.3.3...

9.3CVSS6AI score0.00253EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/15 8:16 p.m.9 views

CVE-2026-41708

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service DoS condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is...

7.5CVSS0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 12:42 p.m.8 views

CVE-2026-5233 Missing Rate Limiting in Mia Technologies' Pizzy Library

Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

7.1CVSS5.2AI score0.00205EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 9:3 p.m.32 views

CVE-2026-53520 Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing. This issue has been patched in version 2.1.0...

6.5CVSS0.00282EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:52 p.m.32 views

CVE-2026-4870 Qiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions.

IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser...

7.5CVSS0.00268EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 2:10 p.m.14 views

CVE-2026-6211

CVE-2026-6211 affects Global IT Informatics Services Inc. WEOLL (2.0.9 prior to 3.2.45.33). Root cause: unrestricted upload of files with dangerous types, with ACLs not properly constraining the accessed functionality. Impact: high confidentiality and integrity risk (network-based, low privileges...

8.7CVSS5.3AI score0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:10 p.m.11 views

EUVD-2026-36437

Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEOLL: from 2.0.9 before 3.2.45.33...

8.7CVSS5.2AI score0.0021EPSS
Exploits0References1
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/12 12:0 a.m.8 views

SwiftNIO: Out-of-bounds write via ByteBuffer index and length UInt32 overflow

A program using swift-nio is vulnerable to a potential out-of-bounds write when attacker-controlled index or length values exceeding UInt32.max are passed to some ByteBuffer methods. This affects all swift-nio versions from 1.0.0 to 2.99.0. It is fixed in 2.100.0 and later releases...

5.2AI score0.00042EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder