Lucene search
K

7622 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-53236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks...

5.5CVSS6AI score0.00128EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/26 12:0 a.m.26 views

CVE-2026-50767

A stored cross-site scripting XSS vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field checkinmsg...

0.00196EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/26 12:0 a.m.7 views

CVE-2026-50767

A stored cross-site scripting XSS vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field checkinmsg...

5.8AI score0.00196EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 12:0 a.m.6 views

CVE-2026-50767

A stored cross-site scripting XSS vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field checkinmsg...

5.4CVSS5.8AI score0.00196EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/25 11:23 p.m.8 views

CVE-2026-13083

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...

6.9CVSS5.7AI score0.00176EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 4:16 p.m.30 views

CVE-2026-9099

Keycloak contains a flaw in GroupResource.addChild() in the Admin REST API where missing authorization allows an authenticated user with limited admin privileges to reparent any group. Under FGAPv2, a manager of a low-privilege group can reparent a highly privileged group (e.g., realm-admin) unde...

7.7CVSS5.8AI score0.00288EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:16 p.m.35 views

CVE-2026-9099 Keycloak: group-admin escalation to realm-admin

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 FGAPv2 is enabled, an attacker wi...

7.7CVSS0.00288EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 1:16 p.m.10 views

CVE-2026-56256

Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...

7.1CVSS0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52072

Name of the Vulnerable Software and Affected Versions Ghost versions 6.19.4 through 6.21.0 Description Insufficient validation of the client-supplied Content-Type on the Admin API file upload endpoint allows uploaded files to be served with an attacker-chosen content type when using S3 or GCS...

5.4CVSS5.5AI score0.00133EPSS
Exploits0References5
CVE
CVE
added 2026/06/23 4:14 p.m.17 views

CVE-2026-34917

CVE-2026-34917 affects Revive Adserver: low-privilege session IDs generated for the web admin console can be reused in the XML-RPC API, whose authentication is normally admin-restricted. This allowed scenario enables an attacker to gain unauthorized API access and potentially exploit API-level vu...

4.3CVSS5.8AI score0.0031EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.8 views

Oracle Solaris Critical Patch Update : jun2026_SRU11_4_93_221_2

The version of Solaris installed on the remote host is prior to 11.4.93.221.2. It is, therefore, affected by multiple vulnerabilities as referenced in the solaris11jun2026SRU114932212 advisory. - Vulnerability in the Oracle Solaris product of Oracle Systems component: Remote Administration Daemon...

10CVSS6AI score0.00307EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.18 views

PT-2026-51627

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Password-reset tokens are generated using the account-activation lifetime conf.Auth.ActivateCodeLives instead of the intended password-reset lifetime conf.Auth.ResetPasswordCodeLives. Because the token...

6.8CVSS5.9AI score0.00202EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/20 8:8 p.m.8 views

EUVD-2026-38135

GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization...

3.7CVSS5.8AI score0.00349EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: requires CAPNETADMIN to attach NGSM0710 ldisc. Any unprivileged user can attach to NGSM0710 ldisc, but it still requires CAPNETADMIN to create a GSM network. Additionally, it requires the initial namespace setting of...

5.5CVSS6.1AI score0.00236EPSS
Exploits1References2
NVD
NVD
added 2026/06/18 8:16 a.m.15 views

CVE-2026-55741

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the administration configuration handler. In system/admin/admin.config.php, the configuration update action 'a=update' processes POST data via cotconfigupdateoptions without calling cotcheckxg to validate...

8.8CVSS0.00176EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 10:54 a.m.9 views

CVE-2026-46978

Vulnerability in the Oracle Solaris product of Oracle Systems component: Remote Administration Daemon. The supported version that is affected is 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Solaris. While the vulnerabili...

10CVSS0.00307EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-50065

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Universal Work Queue versions 12.2.3 through 12.2.15 Description An issue exists in the Work Provider Site Level Administration component of the Oracle Universal Work Queue. A low privileged attacker with network...

7.5CVSS5.9AI score0.00311EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.25 views

PT-2026-50075

Name of the Vulnerable Software and Affected Versions Oracle Solaris version 11.4 prior to SRU93 Description An issue exists in the Remote Administration Daemon that allows an unauthenticated attacker with network access via HTTPS to compromise the system. Successful exploitation can lead to...

10CVSS5.3AI score0.00307EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/15 12:0 p.m.11 views

EUVD-2016-10896

WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScrip...

7.2CVSS5.3AI score0.00245EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 9:57 a.m.41 views

CVE-2026-11860 Insecure Deserialisation via Plaintext HTTP leading to Remote Code Execution in Quick.CMS

Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization is performed without proper validation or class...

7.5CVSS0.00235EPSS
Exploits0References2
Rows per page
Query Builder