Lucene search
K

1841 matches found

CVE
CVE
added 2026/05/11 4:45 a.m.26 views

CVE-2026-8274

CVE-2026-8274 affects npitre cramfs-tools up to version 2.1. The vulnerability is in the Directory Handler’s cramfsck.c do_directory function and enables local path traversal. Exploitation requires local access; the vulnerability is disclosed publicly. A fix is available in version 2.2, with patc...

5.3CVSS5.6AI score0.00173EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017740)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017740 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Partition. Supported versions that are affected are 8.0.23 and prior. Easily exploitable...

4.9CVSS6.7AI score0.01283EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.11 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017705)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017705 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.23 and prior. Easily exploitable...

4.9CVSS6.7AI score0.01141EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/09 4:15 a.m.11 views

CVE-2026-42560 auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation

auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. ...

9.1CVSS5.7AI score0.00417EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/07 9:13 p.m.50 views

CVE-2026-41928 Vvveb < 1.0.8.2 Information Disclosure via Cron Controller

Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access the cron controller without authentication and retrieve the exposed secret key from the response,...

6.9CVSS0.00418EPSS
Exploits0References2
Talos
Talos
added 2026/05/07 12:0 a.m.9 views

Tp-Link AX53 v1.0 tmpServer opcode 0x436 stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2025-2302 Tp-Link AX53 v1.0 tmpServer opcode 0x436 stack-based buffer overflow vulnerability May 7, 2026 CVE Number CVE-2026-30814 SUMMARY A stack-based buffer overflow vulnerability exists in the tmpServer opcode 0x436 functionality of Tp-Link AX53 v1.0 1.3.1 Bui...

8CVSS6.4AI score0.00418EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/05/06 7:16 p.m.9 views

CVE-2026-7899

Out of bounds read and write in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00296EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 2:41 p.m.6 views

BIT-JAVA-2020-14581

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocol...

4.3CVSS6.7AI score0.03284EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.16 views

PT-2026-37990

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated...

3.1CVSS5.8AI score0.00601EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/05 9:31 p.m.7 views

EUVD-2024-55566

Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14...

5.8AI score0.00417EPSS
Exploits0References4
NVD
NVD
added 2026/05/05 8:16 p.m.20 views

CVE-2024-52911

Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14...

7.5CVSS0.00417EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/05/05 4:16 p.m.10 views

arthexis (>=0.2.6 <=0.8.0), cg-django-uaa (=2.1.9) +29 more potentially affected by CVE-2026-5766 via django (>=5.2.0 <=5.2.13)

django PYPI version =5.2.0, =0.2.6, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-5766 Source advisory: OSV:PYSEC-2026-54...

6.3CVSS7AI score0.00423EPSS
Exploits0
OSV
OSV
added 2026/05/05 3:51 p.m.10 views

JLSEC-2026-454 A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic....

A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocesstermcap of the file tinfo/parseentry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to...

4.8CVSS4.9AI score0.00165EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.15 views

PT-2026-38177

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description A use after free issue exists in ReadingMode. This allows a remote attacker who has already compromised the renderer process to execute arbitrary code within a sandbox by using a...

9.6CVSS6.2AI score0.00344EPSS
Exploits0References136
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.14 views

PT-2026-38131

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description A use after free issue in CSS allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw that occurs wh...

9.6CVSS6.2AI score0.00344EPSS
Exploits0References136
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37288

Name of the Vulnerable Software and Affected Versions s3-proxy versions prior to 0.0.0-20260424211602-1320e4abd46a Description Inconsistent URL path normalization and routing logic lead to authorization bypasses, allowing unauthenticated access to protected objects. The issues stem from a mismatc...

9.4CVSS5.8AI score0.00554EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-38143

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description An out of bounds read and write issue exists in GFX, which allows a remote attacker to perform arbitrary read and write operations via malicious network traffic. Recommendations Update ...

9.6CVSS6AI score0.00344EPSS
Exploits0References135
OSV
OSV
added 2026/05/04 3:31 a.m.7 views

GHSA-6RR6-V7CJ-MXPG Prefect Auth Bypass via endswith() Health Check Exemption

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public...

6.9CVSS5.7AI score0.00453EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.10 views

TOTOLINK N300RH 缓冲区错误漏洞

TOTOLINK N300RH is a long-range wireless router produced by TOTOLINK Corporation. The version TOTOLINK N300RH 3.2.4-B20220812 contains a buffer overflow vulnerability. This vulnerability arises from the loginauth function in the Parameter Handler component, where the handling of the Password...

10CVSS7.8AI score0.00606EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.7 views

PT-2026-36291

Name of the Vulnerable Software and Affected Versions Totolink A8000RU version 7.1cu.643 b20200521 Description An OS command injection issue exists in the CGI Handler component. A remote attacker can initiate an attack by manipulating the proto argument within the '/cgi-bin/cstecgi.cgi' endpoint...

10CVSS7.6AI score0.01823EPSS
Exploits0References17
Rows per page
Query Builder