Lucene search
+L

4991 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/19 4:44 p.m.9 views

CVE-2017-20278

Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. Attackers can send GET requests to the all-recipes endpoint with malicious SQL payloads in the...

8.8CVSS6AI score0.00237EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/19 4:44 p.m.9 views

EUVD-2017-19005

Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. Attackers can send GET requests to the all-recipes endpoint with malicious SQL payloads in the...

8.8CVSS6AI score0.00237EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/19 9:14 a.m.4 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nginx: nginx-1.30.3-2.hum1 aarch64, x8664 nginx-all-modules-1.30.3-2.hum1 noarch nginx-core-1.30.3-2.hum1 aarch64, x8664 nginx-filesystem-1.30.3-2.hum1 noarch nginx-mod-devel-1.30.3-2.hum1 aarch6...

9.2CVSS6.1AI score0.03552EPSS
Exploits1References4
NVD
NVD
added 2026/06/19 3:16 a.m.14 views

CVE-2026-8806

Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service DoS condition in the affected product by continuously sending a large number of communication packets to t...

8.7CVSS0.00367EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 2:31 a.m.54 views

CVE-2026-8806 Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series FX5-ENET/IP Ethernet module

Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service DoS condition in the affected product by continuously sending a large number of communication packets to t...

8.7CVSS0.00367EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50959

Name of the Vulnerable Software and Affected Versions JoomRecipe version 1.0.3 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. This is achieved by sending GET requests to the 'all-recipes' endpoint...

8.8CVSS6AI score0.00237EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/06/18 1:3 p.m.7 views

WordPress Intranet & Private Site – All-In-One Intranet plugin <= 1.8.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by dodoh4t in WordPress Plugin Intranet & Private Site All-In-One Intranet versions = 1.8.1...

7.5CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/18 12:11 a.m.16 views

EUVD-2026-37831

A critical remote code execution RCE vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This advisory also applies to all CPS versions The identified vulnerability also impacts Windchill and...

9.3CVSS6.3AI score0.01247EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/18 12:11 a.m.8 views

CVE-2026-12569

A critical remote code execution RCE vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This advisory also applies to all CPS versions The identified vulnerability also impacts Windchill and...

9.3CVSS6.3AI score0.01247EPSS
Exploits0References2Affected Software2
RedHat Linux
RedHat Linux
added 2026/06/17 1:20 a.m.7 views

kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A race condition exists in the SCTPSENDALL path where a cached list entry is not properly revalidated after the socket lock is temporarily released. This allows a local attacker or a remote attacker v...

7.8CVSS5.8AI score0.00104EPSS
Exploits0References5
Drupal
Drupal
added 2026/06/17 12:0 a.m.11 views

Formatter Field - Critical - PHP object injection - SA-CONTRIB-2026-048

The Formatter Field module provides a mechanism for specifying a formatter and formatter settings to be used for displaying a field, on a per-entity basis. formatterfield stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can...

9.8CVSS5.9AI score0.00386EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50596

Name of the Vulnerable Software and Affected Versions langchain4j-mariadb versions prior to 1.2.1-beta8 langchain4j-mariadb versions prior to 1.5.1-beta11 langchain4j-mariadb versions prior to 1.11.8-beta19 langchain4j-mariadb versions prior to 1.16.3-beta26 langchain4j-pgvector versions prior to...

7.6CVSS6.2AI score0.00348EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50582

Name of the Vulnerable Software and Affected Versions Drupal Formatter Field versions 0.0.0 through 2.0.0 Description Improperly controlled modification of dynamically-determined object attributes in the Formatter Field module allows for Object Injection. This occurs because the module stores dat...

6.1AI score0.00386EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.24 views

PT-2026-50611

Name of the Vulnerable Software and Affected Versions Flag attendance field versions 0.0.0 through 1.2 Description An Object Injection issue exists in the Flag attendance field module due to the improper control of modification of dynamically-determined object attributes. The module stores data a...

6.1AI score0.00307EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/16 4:8 p.m.15 views

EUVD-2026-37129

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS5.3AI score0.00193EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/16 2:33 p.m.31 views

Microsoft Security Advisory CVE-2026-45491 – .NET Tampering Vulnerability

Executive Summary Microsoft is releasing this security advisory to provide information about a vulnerability in System.Formats.Tar. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A tampering vulnerability exists in the...

6.2CVSS5.6AI score0.00388EPSS
Exploits0References5Affected Software3
NVD
NVD
added 2026/06/16 12:16 p.m.17 views

CVE-2026-8484

A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and application crashes DoS. All versions are believed to be vulnerable. This project is unmaintained at...

4.8CVSS0.0014EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 10:32 a.m.10 views

EUVD-2026-37064

A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and application crashes DoS. All versions are believed to be vulnerable. This project is unmaintained at...

4.8CVSS5.6AI score0.0014EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 10:32 a.m.40 views

CVE-2026-8484

The CVE-2026-8484 entry describes a heap buffer overflow in the Jansi JNI"ioctl()" wrapper caused by missing size verification of the argument array before the system call. Affected software is Jansi (JNI wrapper) and, per sources, all versions are believed vulnerable. Consequences stated are hea...

4.8CVSS5.7AI score0.0014EPSS
Exploits0References2
OSV
OSV
added 2026/06/13 8:38 a.m.5 views

CVE-2026-11624

The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users had no way to validate the origin's host. In v0.25.0, a new "--allowed-hosts" flag was introduced...

9.4CVSS5.9AI score0.00153EPSS
Exploits0References4
Rows per page
Query Builder