Lucene search
K

231 matches found

NVD
NVD
added yesterday3 views

CVE-2026-57727

Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through = 6.0.13...

7.5CVSS0.00394EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/07 2:10 p.m.8 views

EUVD-2026-42044

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...

6.3CVSS6AI score0.00291EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.11 views

PT-2026-56197

Name of the Vulnerable Software and Affected Versions Django versions prior to 6.0.7 Django versions prior to 5.2.16 Description An issue exists where DomainNameValidator fails to prohibit newlines in domain names. While CharField strips newlines when used via a form field, other implementations...

6.1CVSS6.1AI score0.00217EPSS
Exploits0References64
Patchstack
Patchstack
added 2026/07/06 1:16 p.m.5 views

WordPress Kirki plugin <= 6.0.12 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin Kirki versions = 6.0.12...

9.8CVSS5.9AI score0.00564EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/07/03 6:30 p.m.23 views

CVE-2026-14604

Technical details about CVE-2026-14604 are not publicly available in the provided documents. Monitor for updates from official sources.

6.5CVSS6.3AI score0.00233EPSS
Exploits0References6
OSV
OSV
added 2026/06/24 6:48 p.m.4 views

DRUPAL-CONTRIB-2026-063

The Salesforce Suite of modules integrates Drupal with Salesforce. The Salesforce module does not properly validate the OAuth handshake during interactive authentication, allowing an attacker to hijack the authorization token and bind the site to an attacker's Salesforce account. This vulnerabili...

4.8CVSS5.7AI score0.00097EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 5:16 p.m.11 views

CVE-2026-42089

Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass...

8.6CVSS0.00139EPSS
Exploits1References3
OSV
OSV
added 2026/06/12 12:25 p.m.70 views

OESA-2026-2645 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability, which was classifie...

8.8CVSS4.6AI score0.00581EPSS
Exploits4References5
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

ESP-IDF 输入验证错误漏洞

ESP-IDF is an open-source development framework for Espressif’s SoCs, supported on Windows, Linux, and macOS. Versions 5.5.4 and 6.0 of ESP-IDF contain input validation vulnerabilities. These vulnerabilities stem from issues with the security service wrapper component in the esptee module, which...

9.3CVSS5.3AI score0.00126EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 7:15 p.m.9 views

CVE-2026-34710 Substance3D - Sampler | Out-of-bounds Write (CWE-787)

Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.1AI score0.00144EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 7:15 p.m.38 views

CVE-2026-34709 Substance3D - Sampler | Out-of-bounds Write (CWE-787)

Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-33565

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

3.3CVSS5.4AI score0.00094EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-28733

in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution...

6.5CVSS5.7AI score0.00131EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/04 2:30 a.m.14 views

SUSE CVE-2026-8404

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

5.9CVSS5.8AI score0.00285EPSS
Exploits0References5
Hacker One
Hacker One
added 2026/06/03 9:0 p.m.7 views

Revive Adserver: Missing ownership validation allows cross‑manager tracker–campaign linking

A vulnerability was reported in Revive Adserver version 6.0.7 and earlier that allowed a low-privileged user to link their trackers to campaigns owned by other managers on the same instance. This was due to a lack of proper ownership validation in the tracker-campaigns.php script, which handled t...

4.3CVSS5.9AI score0.00287EPSS
Exploits2
Debian CVE
Debian CVE
added 2026/06/03 1:16 p.m.29 views

CVE-2026-7666

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

3.1CVSS5.7AI score0.0015EPSS
Exploits0
NVD
NVD
added 2026/05/25 9:16 p.m.22 views

CVE-2026-24574

Cross-Site Request Forgery CSRF vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery. This issue affects Export WP Page to Static HTML/CSS: from n/a through 6.0.0...

6.5CVSS0.0014EPSS
Exploits0References1
OSV
OSV
added 2026/05/22 10:16 p.m.8 views

UBUNTU-CVE-2026-41074

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery CSRF vulnerability. An attacker who can induce a logged-in RT user to visit a malicious web page can trigger arbitrary state-changing actions in RT on that...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/22 9:12 p.m.14 views

EUVD-2026-31506

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery CSRF vulnerability. An attacker who can induce a logged-in RT user to visit a malicious web page can trigger arbitrary state-changing actions in RT on that...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References2
NVD
NVD
added 2026/05/19 4:16 a.m.12 views

CVE-2026-28751

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

3.3CVSS0.0012EPSS
Exploits0References1
Rows per page
Query Builder