Lucene search
K

477 matches found

ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-44454

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7 and 2.30.2, the dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a craft...

8.1CVSS6.6AI score0.02642EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/07/06 8:16 a.m.37 views

CVE-2026-56140 Apache Camel AWS2 SNS: An inbound Camel-namespace filter was added to Sns2HeaderFilterStrategy to align it with sibling components

Improper Input Validation vulnerability in Apache Camel AWS SNS component. The camel-aws2-sns component filters Camel headers through a component-specific HeaderFilterStrategy, Sns2HeaderFilterStrategy. Like the sibling Sqs2HeaderFilterStrategy, it originally configured only an outbound filter...

0.00427EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 8:38 a.m.5 views

EUVD-2026-39272

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: fix skackbacklog leak on failed handshake When vmcitransportrecvconnectingserver returns an error, vmcitransportrecvlisten calls vsockremovepending but never calls skacceptqremoved. This leaves skackbacklog incremente...

5.8AI score0.00128EPSS
Exploits0References8
NVD
NVD
added 2026/06/23 5:16 p.m.10 views

CVE-2026-44956

Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is stored in the details field of the userlog table. An admin user viewing the email content through userlog-details.php would have any malicious...

0.00339EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 4:14 p.m.23 views

CVE-2026-44956

Revive Adserver (Revive Adserver) is affected by a stored XSS vector where an attacker’s Full Name, injected into system-generated emails stored in the userlog.details field, can execute JavaScript when an admin views the content via userlog-details.php. Root cause: missing output sanitisation in...

5.8AI score0.00339EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:14 p.m.8 views

EUVD-2026-38510

A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent ownership...

4.3CVSS5.8AI score0.00235EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/06/23 4:14 p.m.38 views

CVE-2026-44956

Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is stored in the details field of the userlog table. An admin user viewing the email content through userlog-details.php would have any malicious...

0.00339EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:14 p.m.39 views

CVE-2026-44960

A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to th...

0.00339EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2026/06/23 12:0 a.m.5 views

libxslt security update

1.1.34-14.0.1.el98.1 - Fix memory leak in exclPrefixPush Orabug: 37871881 - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball 1.1.34-14.1 - Fix CVE-2025-10911 RHEL-171991 1.1.34-14.1 - Fix upgrade path for CVE-2023-40403 RHEL-82213 1.1.34-12.1 - Fix CVE-2023-40403...

5.5CVSS6.2AI score0.01092EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2026/06/22 12:31 p.m.6 views

Moderate: Red Hat Security Advisory: OpenShift Virtualization v4.19 Images

Red Hat OpenShift Virtualization release v4.19 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

6.1CVSS7.3AI score0.00263EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.9 views

SUSE SLES15 Security Update : hplip (SUSE-SU-2026:2380-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2380-1 advisory. This update for hplip fixes the following issues Update to HPLIP 3.26.4: Security issues: - CVE-2025-43023: weak code signing DSA k...

9.8CVSS6.4AI score0.01333EPSS
Exploits0References15
OSV
OSV
added 2026/06/11 7:16 a.m.25 views

MAL-2026-5594 Malicious code in 0x2ai-demo7x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7e956073a7db6057e4d42af462dba0299152ca992c113d74c715e90574d0efb On npm install, scripts/postinstall.cjs copies the package's payload/ tree into the installer's project root process.env.INITCWD, placing...

5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.10 views

CVE-2026-35586

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMINONLYCOREOPTIONS authorization set in setconfigvalue uses incorrect option names sslcert and sslkey, while the actual configuration option names are sslcertfile and sslkeyfile. This name mismatch...

6.8CVSS5.4AI score0.00142EPSS
Exploits1References1
CVE
CVE
added 2026/06/05 12:0 a.m.17 views

CVE-2020-25900

Affected software: HelloTalk (up to version 3.4.1). Vulnerability summary: The app stores full‑precision GPS coordinates even when a user intends to share only a country or city, and these coordinates are placed into a client‑side database that is stored on other users’ devices. The client databa...

5.3CVSS5.5AI score0.00201EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 4:17 p.m.12 views

OPENSUSE-SU-2026:20858-1 Security update for hplip

This update for hplip fixes the following issues: Changes in hplip: - Update to HPLIP 3.26.4 CVE-2026-8631: Fixed privileges escalation and/or arbitrary code execution via an integer overflow in the hpcups processing path bsc1266023 CVE-2026-8632: Fixed privileges escalation and/or arbitrary code...

9.8CVSS6.4AI score0.01333EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/05/28 8:12 a.m.14 views

CVE-2025-46284

A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to gain root privileges...

7CVSS5.8AI score0.00103EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 2:17 p.m.13 views

CVE-2026-45967

In the Linux kernel, the following vulnerability has been resolved: bpf: Return proper address for non-zero offsets in insn array The mapdirectvalueaddr function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later the resolvepseudoldimm64...

5.5CVSS0.00107EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-43834

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The map direct value addr function of the instruction array map incorrectly adds an offset to the resulting address. This occurs because the resolve pseudo ldimm64 function subsequently...

5.5CVSS5.2AI score0.00107EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43925

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A race condition exists in the amphion VPU driver within the Linux kernel. This occurs when v4l2 m2m ctx release frees the m2m ctx context while v4l2 m2m try run is attempting to call devic...

7.8CVSS5.9AI score0.00097EPSS
Exploits0
NVD
NVD
added 2026/05/26 10:16 p.m.24 views

CVE-2025-43290

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system...

5.5CVSS0.00129EPSS
Exploits0References3
Rows per page
Query Builder