Lucene search
K

87121 matches found

EUVD
EUVD
added 2026/04/24 4:8 p.m.7 views

EUVD-2026-25576

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the...

9.8CVSS5.4AI score0.00254EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/24 3:48 p.m.3 views

CVE-2026-39920

BridgeHead FileStore versions prior to 24A released in early 2024 expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console...

9.8CVSS5.9AI score0.0054EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/24 3:48 p.m.4 views

CVE-2026-39920 BridgeHead FileStore < 24A Apache Axis2 Default Credentials RCE

BridgeHead FileStore versions prior to 24A released in early 2024 expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console...

9.8CVSS5.9AI score0.0054EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/24 2:35 p.m.6 views

EUVD-2026-25463

In the Linux kernel, the following vulnerability has been resolved: can: gw: fix OOB heap access in cgwcsumcrc8rel cgwcsumcrc8rel correctly computes bounds-safe indices via calcidx: int from = calcidxcrc8-fromidx, cf-len; int to = calcidxcrc8-toidx, cf-len; int res = calcidxcrc8-resultidx, cf-len...

5.5AI score0.00262EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/24 2:35 p.m.31 views

CVE-2026-31570 can: gw: fix OOB heap access in cgw_csum_crc8_rel()

In the Linux kernel, the following vulnerability has been resolved: can: gw: fix OOB heap access in cgwcsumcrc8rel cgwcsumcrc8rel correctly computes bounds-safe indices via calcidx: int from = calcidxcrc8-fromidx, cf-len; int to = calcidxcrc8-toidx, cf-len; int res = calcidxcrc8-resultidx, cf-len...

8.8CVSS0.00262EPSS
Exploits0References8
CVE
CVE
added 2026/04/24 2:35 p.m.28 views

CVE-2026-31570

CVE-2026-31570 relates to the Linux kernel CAN gateway module. The vulnerability is an OOB heap access in cgw_csum_crc8_rel(), caused by looping and writing using raw s8 indices (from_idx/to_idx/result_idx) instead of the precomputed bounds-safe values (from/to/res). calc_idx() yields bounds-safe...

8.8CVSS5.5AI score0.00262EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/04/24 2:25 p.m.5 views

SUSE-SU-2026:1617-1 Security update for cups

This update for cups fixes the following issues: - CVE-2026-34980: Shared PostScript queue lets anonymous Print-Job requests reach lp code execution over the network bsc1261569. - CVE-2026-34990: Local print admin token disclosure using temporary printers bsc1261568...

7.8CVSS6AI score0.00502EPSS
Exploits2References5
OSV
OSV
added 2026/04/24 12:30 p.m.4 views

GHSA-MR6M-XJ7V-3CV3 Apache ActiveMQ Vulnerable to Code Injection

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...

8.8CVSS6.4AI score0.0098EPSS
Exploits0References4
NVD
NVD
added 2026/04/24 12:17 p.m.6 views

CVE-2026-4313

AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaScript execution in the victim's browser. Critically, this...

2.4CVSS0.0059EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/24 11:5 a.m.4 views

CVE-2026-4313

AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaScript execution in the victim's browser. Critically, this...

2.4CVSS5.9AI score0.0059EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/24 11:5 a.m.4 views

CVE-2026-4313 Stored XSS in AdaptiveGRC

AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaScript execution in the victim's browser. Critically, this...

2.4CVSS5.9AI score0.0059EPSS
Exploits0References2
CVE
CVE
added 2026/04/24 11:5 a.m.7 views

CVE-2026-4313

CVE-2026-4313 affects AdaptiveGRC. The issue is a stored XSS vulnerability in text-type fields across forms, where an authenticated attacker can replace a field value in an HTTP POST request. The server’s improper parameter validation can lead to arbitrary JavaScript execution in the victim’s bro...

2.4CVSS5.9AI score0.0059EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/24 11:5 a.m.28 views

CVE-2026-4313 Stored XSS in AdaptiveGRC

AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaScript execution in the victim's browser. Critically, this...

2.4CVSS0.0059EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/24 10:16 a.m.4 views

CVE-2026-41044

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...

6.5AI score0.0098EPSS
Exploits0References2Affected Software3
Debian CVE
Debian CVE
added 2026/04/24 10:16 a.m.6 views

CVE-2026-41044

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...

8.8CVSS6.6AI score0.0098EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/04/24 10:16 a.m.106 views

Black-Oracle

🖤 BLACK ORACLE 🖤 «The Eye That Sees Through Digital...

5.7AI score
Exploits0
OSV
OSV
added 2026/04/24 8:51 a.m.4 views

BIT-RCLONE-2026-41176 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.8CVSS5.4AI score0.34734EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/24 7:45 a.m.32 views

CVE-2025-11762 HubSpot All-In-One Marketing - Forms, Popups, Live Chat <= 11.3.32 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure

The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/admin/class-adminconstants.php file. This makes it possible for authenticated attackers, with...

4.3CVSS0.00193EPSS
Exploits0References3
CVE
CVE
added 2026/04/24 7:45 a.m.18 views

CVE-2025-11762

The CVE-2025-11762 entry concerns the HubSpot All-In-One Marketing – Forms, Popups, Live Chat WordPress plugin. Affected versions are up to and including 11.3.32. The issue is a Sensitive Information Exposure vulnerability in leadin/public/admin/class-adminconstants.php, allowing authenticated at...

4.3CVSS5.2AI score0.00193EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/24 5:29 a.m.5 views

CVE-2026-5347

The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...

5.3CVSS5.8AI score0.00323EPSS
Exploits0References7
Rows per page
Query Builder