Lucene search
+L

359 matches found

cve
cve
added 4 days ago15 views

CVE-2026-15475

Summary: CVE-2026-15475 affects MiniTool Partition Wizard (up to v13.6), specifically the Signed Kernel Driver pwdrvio.sys. A manipulation of an unknown function in pwdrvio.sys leads to improper access controls. The attack is local. Publicly available exploit suggests potential use in attacks. A ...

5.3CVSS5.7AI score0.00105EPSS
Exploits0References6
cvelist
cvelist
added 5 days ago35 views

CVE-2026-11591 Widgets for Google Reviews <= 13.3 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fomo-title' and 'fomo-text' Parameters

The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...

4.4CVSS0.00251EPSS
Exploits0References10
osv
osv
added 2026/07/07 2:34 p.m.5 views

PYSEC-2026-1859 Malciously crafted QPY files can allows Remote Attackers to Cause Denial of Service in Qiskit

Impact A maliciously crafted QPY file containing a malformed symengine serialization stream as part of the larger QPY serialization of a ParameterExpression object can cause a segfault within the symengine library, allowing an attacker to terminate the hosting process deserializing the QPY payloa...

8.6CVSS5.9AI score0.0066EPSS
Exploits0References7
nuclei
nuclei
added 2026/07/02 9:36 a.m.14 views

Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...

9.8CVSS6.1AI score0.92161EPSS
Exploits1References4
nessus
nessus
added 2026/06/21 12:0 a.m.9 views

Fedora 43 : python3.13 (2026-2deb979d80)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2deb979d80 advisory. New Python release including bugfixes and security fixes. Tenable has extracted the preceding description block directly from the Fedora security...

9.1CVSS6.2AI score0.0079EPSS
Exploits0References6
nvd
nvd
added 2026/06/17 10:54 a.m.10 views

CVE-2026-46875

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Deployment Library. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise...

9.1CVSS0.00453EPSS
Exploits0References1
cgr
cgr
added 2026/06/16 8:22 p.m.11 views

CVE-2026-54277 vulnerabilities

Vulnerabilities for packages: apache-beam-python-3.12-sdk, py3-vllm-cuda-13.0, metaflow-service-fips, text-generation-inference, py3-vllm-cuda-12.9, authentik, request-1276, mlflow-fips, apache-beam-python-3.11-sdk, tritonserver-backend-vllm-cuda-12.9, py3.13-scanner-test-libraries-aiohttp, mlflo...

8.7CVSS6.1AI score0.00322EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/06/16 12:0 a.m.21 views

PT-2026-49980

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Install. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle...

9CVSS5.1AI score0.00277EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/16 12:0 a.m.31 views

PT-2026-49965

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Oracle Management Service component of the Oracle Enterprise Manager Base Platform. This flaw allows a...

9.8CVSS5.8AI score0.00508EPSS
Exploits0References3
euvd
euvd
added 2026/06/12 7:32 p.m.14 views

EUVD-2026-35397

TYPO3 CMS has Broken Access Control in its DataHandler...

5.3CVSS5.2AI score0.00238EPSS
Exploits0References6
nvd
nvd
added 2026/06/11 7:16 p.m.11 views

CVE-2026-45178

Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial ...

8.4CVSS0.00361EPSS
Exploits0References2
euvd
euvd
added 2026/06/11 1:47 p.m.11 views

EUVD-2026-36246

A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...

7CVSS5.5AI score0.00253EPSS
Exploits0References1
thn
thn
added 2026/06/09 4:39 p.m.14 views

Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code

Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963 , the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote code execution RCE o...

8.6AI score0.02042EPSS
Exploits0
attackerkb
attackerkb
added 2026/05/29 5:32 a.m.8 views

CVE-2025-14042

The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Project Details' custom field in Portfolio Items in all versions up to, and including, 13.4.1. This is due to insufficient input sanitization and output escaping on...

6.4CVSS6AI score0.00159EPSS
Exploits0References3
redhat
redhat
added 2026/05/20 8:32 a.m.14 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References8
osv
osv
added 2026/05/13 7:17 p.m.20 views

UBUNTU-CVE-2026-42577

Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100...

7.5CVSS5.8AI score0.00408EPSS
Exploits0References5
redhat
redhat
added 2026/05/13 8:8 a.m.18 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References8
nvd
nvd
added 2026/05/12 5:16 p.m.13 views

CVE-2026-20717

Improper input validation for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result...

6.9CVSS0.00099EPSS
Exploits0References1
fedora
fedora
added 2026/05/10 3:23 a.m.13 views

[SECURITY] Fedora 42 Update: prosody-13.0.5-1.fc42

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

7.5CVSS5.8AI score0.00348EPSS
Exploits0
debiancve
debiancve
added 2026/05/01 12:0 a.m.8 views

CVE-2026-43001

An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

8CVSS5.8AI score0.00446EPSS
Exploits1
Rows per page
Query Builder