Lucene search
K

607 matches found

EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43640

Insufficient Technical Documentation vulnerability in Apache Tomcat since the requirements to securely configure the EncryptInterceptor were not clearly documented. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.13 through 9.0.119, from...

9.1CVSS6.1AI score0.00368EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-43093

vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions:...

6.1AI score0.0032EPSS
Exploits0References2
OSV
OSV
added 6 days ago3 views

CVE-2026-58590 FlowDrop - Moderately critical - Access bypass - SA-CONTRIB-2026-068

Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0...

5.4CVSS6.1AI score0.0023EPSS
Exploits0References5
NVD
NVD
added 2026/07/08 12:17 p.m.12 views

CVE-2026-41042

Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via H2's INIT parameter. Vulnerability in Apache Gravitino. This issue affects Apache Gravitino: before 1.2.1. Users are recommended to upgrade to version...

9.1CVSS0.00285EPSS
Exploits0References2
NVD
NVD
added 2026/07/05 10:16 p.m.12 views

CVE-2026-59520

Cross-Site Request Forgery CSRF vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16...

4.3CVSS0.001EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:5 p.m.40 views

CVE-2026-13376 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in spamBlocker Module

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS spamBlocker module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-1071. This issue affects Fireware OS 12.0 up to and...

4.8CVSS0.00158EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:5 p.m.5 views

CVE-2026-13374

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS ConnectWise Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13937. This issue affects Firewar...

4.8CVSS5.7AI score0.00158EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/30 5:16 p.m.11 views

CVE-2026-10653

The Zephyr netbuf library lib/netbuf/buf.c manipulated both of its reference counts -- the per-header buf-ref and the per-data-block refcount at the start of each variable/heap data allocation -- with plain non-atomic C operators buf-ref++, if --buf-ref 0, if --refcount. The API is documented as...

8.1CVSS0.00237EPSS
Exploits1References2
NVD
NVD
added 2026/06/30 1:18 p.m.9 views

CVE-2026-44946

A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service ACS handler did not enforce one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,...

9.5CVSS0.00291EPSS
Exploits0References1
NVD
NVD
added 2026/06/20 7:16 p.m.16 views

CVE-2026-56347

AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields that execute for all site...

6.1CVSS0.00167EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/19 3:0 a.m.7 views

CVE-2026-56132

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS6.1AI score0.00107EPSS
Exploits0
NVD
NVD
added 2026/06/17 2:17 p.m.13 views

CVE-2026-54814

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109...

8.1CVSS0.00337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.12 views

CVE-2026-47902

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this iss...

6.2CVSS5.5AI score0.00153EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 11:16 p.m.10 views

DEBIAN-CVE-2026-47712

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.formatpatchoutdir=... derives each patch filename from the commit's subject line. Prior to this fix, getsummary only replaced spaces with dashes ...

3.3CVSS5.5AI score0.00139EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.9 views

CVE-2026-42680

Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1...

9.8CVSS5.4AI score0.00331EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 10:16 a.m.14 views

CVE-2026-8916

Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6a148635...

6.1CVSS0.00103EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 9:43 a.m.7 views

CVE-2026-47306

Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads. This issue affects rlottie: before e2d19e3b150e0e4a9586fa90b56fd3061cc98945...

6.1CVSS5.8AI score0.00103EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 12:11 p.m.34 views

CVE-2026-9509 Uncaught exception vulnerability in Suprema's BioStar

An unhandled exception in Suprema BioStar 2 Server, versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remote attacker to cause a denial of service DoS by sending HTTP POST requests to the ‘/api/migration’ endpoint. This request triggers a failure that halts critical processes,...

8.7CVSS0.00351EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-45571

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted...

5.4CVSS5.8AI score0.00297EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-43648

Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through = 2.14.16...

7.5CVSS5.8AI score0.00246EPSS
Exploits0References2
Rows per page
Query Builder