Lucene search
K

9840 matches found

Vulnrichment
Vulnrichment
added 2026/05/10 12:12 p.m.10 views

CVE-2022-50963 uBidAuction 2.0.1 myAuctions active Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...

6.1CVSS5.7AI score0.00247EPSS
Exploits0References4
CVE
CVE
added 2026/05/10 12:12 p.m.15 views

CVE-2022-50963

uBidAuction 2.0.1 has a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The filter parameters date_created, date_from, date_to, and created_at are not properly sanitized, allowing remote attackers to inject scripts via crafted GET requests that execut...

6.1CVSS5.7AI score0.00247EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/09 1:5 a.m.13 views

CVE-2026-43459

A flaw was found in the Linux kernel's sound subsystem ASoC. When a sound card is unbound while an audio stream is active, a timing issue can lead to a use-after-free vulnerability. This occurs because certain resources are freed before all pending operations are completed. A local attacker could...

7.3CVSS5.8AI score0.00113EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/08 8:1 p.m.13 views

Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels

Deactivated Channel Members Retain Full Access to Group/DM Channels Affected Component Channel membership authorization check: - backend/openwebui/models/channels.py lines 663-673, isuserchannelmember - Used at 15 locations in backend/openwebui/routers/channels.py Affected Versions Current main...

5.4CVSS5.8AI score0.00178EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/08 7:21 p.m.10 views

CVE-2026-43321

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. This vulnerability arises from the kernel's failure to correctly identify and mark active registers during indirect jump operations within the BPF program execution. An attacker could potentially exploit this to manipula...

7.8CVSS5.8AI score0.00121EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 5:8 p.m.25 views

GHSA-QWFW-GGXW-577C ex_webrtc client-role handshake is missing DTLS peer fingerprint validation

Summary Missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with...

8.7CVSS6AI score0.00255EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-39291

Name of the Vulnerable Software and Affected Versions Elixir WebRTC versions prior to 0.15.1 Elixir WebRTC versions prior to 0.16.1 Description Missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. When acting as th...

8.7CVSS5.9AI score0.00255EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.12 views

PT-2026-39278

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description In the self-hosted artificial intelligence platform Open WebUI, the is user channel member function fails to verify the is active field when checking channel membership. When a user is removed fro...

5.4CVSS5.8AI score0.00178EPSS
Exploits1References7
Snyk
Snyk
added 2026/05/07 7:43 p.m.9 views

Active Debug Code

Overview Affected versions of this package are vulnerable to Active Debug Code via the Installer process. An attacker can access sensitive server configuration, environment variables, filesystem paths, and loaded PHP extensions by sending an unauthenticated GET request with the phpinfo parameter...

6.9CVSS5.8AI score0.0024EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/07 6:0 p.m.8 views

Rails: Active Support: Active Support: Denial of Service via large scientific notation strings

A flaw was found in Active Support, a toolkit of support libraries for Ruby on Rails. A remote attacker can exploit this vulnerability by providing specially crafted strings containing scientific notation e.g., "1e10000" to number helpers. This input causes the BigDecimal component to expand into...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/05/07 5:29 p.m.16 views

Rails: Active Support: Active Support: Denial of Service via large scientific notation strings

A flaw was found in Active Support, a toolkit of support libraries for Ruby on Rails. A remote attacker can exploit this vulnerability by providing specially crafted strings containing scientific notation e.g., "1e10000" to number helpers. This input causes the BigDecimal component to expand into...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/05/07 5:29 p.m.16 views

Important: Red Hat Security Advisory: Satellite 6.17.8 Async Update

A new release is now available for Red Hat Satellite 6.17 for RHEL 9. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs...

9.8CVSS7.2AI score0.00812EPSS
Exploits3References16
RedHat Linux
RedHat Linux
added 2026/05/07 5:9 p.m.27 views

Important: Red Hat Security Advisory: Satellite 6.18.5 Async Update

A new release is now available for Red Hat Satellite 6.18 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS7.5AI score0.09436EPSS
Exploits3References23
RedHat Linux
RedHat Linux
added 2026/05/07 5:9 p.m.9 views

Rails: Active Support: Active Support: Denial of Service via large scientific notation strings

A flaw was found in Active Support, a toolkit of support libraries for Ruby on Rails. A remote attacker can exploit this vulnerability by providing specially crafted strings containing scientific notation e.g., "1e10000" to number helpers. This input causes the BigDecimal component to expand into...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References11
The Hacker News
The Hacker News
added 2026/05/07 11:33 a.m.19 views

ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories

Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like...

10CVSS6.5AI score0.03678EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2026/05/07 8:3 a.m.9 views

Prometheus Azure AD remote write OAuth client secret exposed via config API

...

7.5CVSS5.8AI score0.00326EPSS
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2026/05/07 12:0 a.m.44 views

VulnCheck KEV: CVE-2026-40466

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

8.8CVSS6.4AI score0.04783EPSS
In wildExploits13References19
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.22 views

RHEL 9 : Satellite 6.18.5 Async Update (Important) (RHSA-2026:14835)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14835 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity t...

9.8CVSS7.2AI score0.09436EPSS
Exploits3References32
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.15 views

RHEL 9 : Satellite 6.17.8 Async Update (Important) (RHSA-2026:14873)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14873 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity t...

9.8CVSS6.9AI score0.00812EPSS
Exploits3References22
Snyk
Snyk
added 2026/05/06 8:44 p.m.9 views

SQL Injection

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to SQL Injection in the setTokenData function when OAuth token fields are interpolated into a SQL statement without proper escaping. An attacker can execut...

7.7CVSS6.1AI score0.00212EPSS
Exploits0References2
Rows per page
Query Builder