Lucene search
+L

9931 matches found

CVE
CVE
added 2026/06/25 1:12 p.m.16 views

CVE-2026-56042

The CVE-2026-56042 entry concerns the WordPress plugin “Advanced Order Export For WooCommerce” (WooCommerce) with versions

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53241

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: dummy: fix UMP event stack overread The dummy sequencer port forwards events by copying an incoming struct sndseqevent into a stack temporary, rewriting source and destination, and dispatching the temporary to...

5.8AI score0.00127EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.9 views

CVE-2026-53193

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Forcibly close timer instances at closing When sndtimer object is freed via sndtimerfree and still pending sndtimerinstance objects are assigned to the timer object, it tries to unlink all instances and just set NULL...

7.8CVSS5.6AI score0.00141EPSS
Exploits0
NVD
NVD
added 2026/06/24 5:17 p.m.12 views

CVE-2026-53068

In the Linux kernel, the following vulnerability has been resolved: drm/komeda: fix integer overflow in AFBC framebuffer size check The AFBC framebuffer size validation calculates the minimum required buffer size by adding the AFBC payload size to the framebuffer offset. This addition is performe...

7.1CVSS0.00117EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 5:17 p.m.6 views

CVE-2026-52963

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...

5.5CVSS0.00128EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 4:28 p.m.14 views

CVE-2026-52964

Summary of CVE-2026-52964 : A flaw in the Linux kernel’s ALSA USB-audio path (USB MIDI 2.0 endpoint parser) fails to validate descriptor lengths for the MIDI 2.0 endpoint, allowing a malformed device to cause out-of-bounds reads on baAssoGrpTrmBlkID[] due to walking endpoint extras before verifyi...

5.5CVSS5.7AI score0.00127EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/24 4:28 p.m.3 views

CVE-2026-52963 ALSA: usb-audio: Bound MIDI endpoint descriptor scans

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References11
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: Check the event before enabling it to avoid a General Protection Fault GPF. On AMD machines, cpuc-eventsidx can become NULL due to a subtle race condition with NMI-throttle-x86pmustop. Check if the event is NULL in...

5.9AI score0.00173EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: fixed a memory leak in acp3x pdm DMA operations...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fixed potential OOB access in audio mixer handling. In the audio mixer handling code of the ctxfi driver, the conf field is used as a loop index, and it’s referenced in the index callback functions amixerindex and...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.15 views

Astra Linux – Vulnerability in gst-plugins-ugly1.0

GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may va...

7.8CVSS7.7AI score0.00773EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 7:14 a.m.36 views

CVE-2026-52922 batman-adv: dat: handle forward allocation error

In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadvdatforwarddata calls pskbcopyforclone to duplicate an skb for each DHT candidate, but does not check the return value before passing it to batadvsendskbprepareunicast4addr...

7.5CVSS0.00394EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/06/24 7:14 a.m.8 views

CVE-2026-52922

In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadvdatforwarddata calls pskbcopyforclone to duplicate an skb for each DHT candidate, but does not check the return value before passing it to batadvsendskbprepareunicast4addr...

7.5CVSS5.7AI score0.00394EPSS
Exploits0
EUVD
EUVD
added 2026/06/24 5:33 a.m.9 views

EUVD-2026-38663

The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the cf7cdbajaxdeleteuser function in versions up to, and including, 1.0.0. The handler is registered against both wpajaxcf7cdbdelete and...

5.3CVSS6AI score0.00295EPSS
Exploits0References4
Drupal
Drupal
added 2026/06/24 12:0 a.m.8 views

Advanced Content Feedback (aka admin_feedback) - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-051

This module enables you to collect feedback from your site visitors on content pages, presenting Yes/No buttons and providing dashboards for administrators to review the responses. The module doesn't sufficiently sanitize several administrator-configured response messages the "Yes response", "No...

6.1CVSS5.8AI score0.00181EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51671

Name of the Vulnerable Software and Affected Versions Advanced Contact Form 7 - Compact DB versions prior to 1.0.1 Description Unauthenticated attackers can delete arbitrary contact form submission entries stored in the wp cf7cdb data table. This occurs because the cf7cdb ajax delete user functio...

5.3CVSS5.9AI score0.00295EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/06/23 4:41 p.m.8 views

WordPress Advanced Contact Form 7 – Compact DB plugin <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion vulnerability discovered by Eason - The University of Sydney in WordPress Plugin Advanced Contact Form 7 – Compact DB versions = 1.0.0...

5.3CVSS5.9AI score0.00295EPSS
Exploits0References1Affected Software1
Redos
Redos
added 2026/06/23 12:0 a.m.9 views

ROS-20260623-73-0002

The vulnerability of the ASF plugin for the Gstreamer multimedia framework is related to insufficient data validation. Exploiting this vulnerability allows an attacker to execute arbitrary code...

7.8CVSS6.1AI score0.00773EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51590

Name of the Vulnerable Software and Affected Versions GStreamer gst-plugins-bad affected versions not specified Description A flaw in the gst-plugins-bad package occurs when processing a specially crafted H.264 video file containing malformed Multiview Video Coding MVC or Scalable Video Coding SV...

4.4CVSS5.8AI score0.00119EPSS
Exploits0References31
NVD
NVD
added 2026/06/22 6:16 p.m.11 views

CVE-2026-56109

The Advanced Linux Sound Architecture ALSA library before 1.2.16.1 contains a double-free vulnerability in parsedef in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array configuration blocks, parsedef...

7CVSS0.00138EPSS
Exploits0References4
Rows per page
Query Builder