Lucene search
K

2993 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/14 3:27 a.m.14 views

CVE-2026-5361

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the updategallerydata function and improper output escaping in the galleryinit function. The...

6.4CVSS6AI score0.0035EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.32 views

CVE-2026-35062 iControl SOAP vulnerability

An authenticated iControl SOAP user may be able to obtain information of other accounts. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.1CVSS0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:12 p.m.8 views

CVE-2026-20916

An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.1CVSS6AI score0.00366EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/13 6:16 a.m.11 views

CVE-2026-32661

Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud SaaS version. If a remote attacker sends a specially crafted request to the product's web service, arbitrary code may be executed when the product is configured to run pop3wallpasswd wi...

9.8CVSS0.00472EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 12:48 a.m.10 views

EUVD-2026-29828

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...

8.4CVSS5.8AI score0.00135EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

F5 BIG-IP和F5 BIG-IQ 安全漏洞

F5 BIG-IP and F5 BIG-IQ are both products from the American company F5. F5 BIG-IP is an application delivery platform that integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IQ is a software-based cloud management solution. This...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 8:59 p.m.33 views

CVE-2026-33570 Subnet Solutions PowerSYSTEM Center Incorrect Authorization

PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions...

6.9CVSS0.00161EPSS
Exploits0References2
Microsoft KB
Microsoft KB
added 2026/05/12 2:0 p.m.52 views

KB5090354 - Description of the security update for SQL Server 2017 CU31: May 12, 2026

KB5090354 - Description of the security update for SQL Server 2017 CU31: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This...

8.8CVSS6.1AI score0.00555EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2026/05/12 2:0 p.m.17 views

KB5089900 - Description of the security update for SQL Server 2022 CU24: May 12, 2026

KB5089900 - Description of the security update for SQL Server 2022 CU24: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information...

8.8CVSS6.1AI score0.00555EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2026/05/12 2:0 p.m.12 views

KB5091223 - Description of the security update for SQL Server 2025 GDR: May 12, 2026

KB5091223 - Description of the security update for SQL Server 2025 GDR: May 12, 2026 Applies To SQL Server 2025 on Windows all editions, SQL Server 2025 on Linux all editions Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update Mo...

8.8CVSS6.1AI score0.00555EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2026/05/12 2:0 p.m.14 views

KB5091158 - Description of the security update for SQL Server 2022 GDR: May 12, 2026

KB5091158 - Description of the security update for SQL Server 2022 GDR: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information ​​​​​​​Information about protection and security Summary...

8.8CVSS6.1AI score0.00555EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2026/05/12 2:0 p.m.18 views

KB5090408 - Description of the security update for SQL Server 2019 GDR: May 12, 2026

KB5090408 - Description of the security update for SQL Server 2019 GDR: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information ​​​​​​​Information about protection and security Summary...

8.8CVSS6.1AI score0.00555EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-40308

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAP PERSISTENCE SESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the...

9.8CVSS5.8AI score0.00302EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/11 7:33 p.m.4 views

Access Control Bypass

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Access Control Bypass in the REST API upload process. An attacker can upload attachments to private issues without proper authorization by leveraging authenticated access to endpoints they are...

5.3CVSS5.8AI score0.00248EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 1:15 a.m.12 views

CVE-2026-8260

A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnapservice of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotel...

9CVSS7.6AI score0.00997EPSS
Exploits2References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/10 4:0 a.m.15 views

CVE-2026-7262

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...

6.3CVSS5.8AI score0.0078EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 1:35 p.m.9 views

CVE-2026-44338 PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution

PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow throug...

7.3CVSS5.8AI score0.26799EPSS
Exploits3References1
OSV
OSV
added 2026/05/08 5:47 a.m.9 views

BIT-JRE-2025-30761

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Scripting. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf and 11.0.27; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows...

5.9CVSS7.2AI score0.00551EPSS
Exploits0References6
OSV
OSV
added 2026/05/08 5:47 a.m.6 views

BIT-JRE-2025-30691

Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

4.8CVSS6.8AI score0.00522EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 5:46 a.m.8 views

BIT-JRE-2025-21587

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle...

7.4CVSS7.2AI score0.0073EPSS
Exploits0References4
Rows per page
Query Builder