Lucene search
K

6843 matches found

RedhatCVE
RedhatCVE
added 2 days ago4 views

CVE-2026-14685

A flaw was found in HdrHistogram. A local attacker could exploit this vulnerability by manipulating the 'Count' argument within the recordValueWithCount function. This manipulation leads to a state issue, which could impact the integrity of data processing within the affected component. Mitigatio...

4.8CVSS5.8AI score0.00118EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-62659 Authenticated users can make unauthorized changes on NETGEAR WAX333 Access Points

A security flaw was discovered in the NETGEAR WAX333 Access Point that could allow someone already logged in and connected to the local network to make unauthorized changes to the device's settings...

6.8CVSS6.1AI score0.00187EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 6:16 p.m.16 views

CVE-2026-57960

Hi.Events through 1.9.0 public check-in list endpoints use shortid as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the shortid can call GET /api/public/check-in-lists/shortid/attendees t...

8.3CVSS0.00339EPSS
Exploits0References3
OSV
OSV
added 2026/06/18 8:59 p.m.2 views

SUSE-SU-2026:22166-1 Security update for sqlite3

This update for sqlite3 fixes the following issues Update to 3.53.2: - CVE-2026-11822: memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution bsc1268012. - CVE-2026-11824: heap-based...

8.5CVSS6.9AI score0.00175EPSS
Exploits0References5
OSV
OSV
added 2026/06/15 9:22 a.m.4 views

SUSE-SU-2026:22104-1 Security update for sqlite3

This update for sqlite3 fixes the following issues Update to 3.53.2: - CVE-2026-11822: memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution bsc1268012. - CVE-2026-11824: heap-based...

8.5CVSS7AI score0.00175EPSS
Exploits0References5
OSV
OSV
added 2026/06/12 8:55 a.m.4 views

SUSE-SU-2026:22134-1 Security update for sqlite3

This update for sqlite3 fixes the following issues Update to 3.53.2: - CVE-2026-11822: memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution bsc1268012. - CVE-2026-11824: heap-based...

8.5CVSS7AI score0.00175EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.11 views

CVE-2026-49498

Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username parameters in...

8.8CVSS5.7AI score0.00259EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 12:38 p.m.4 views

CVE-2026-49498 Ghidra 11.0 < 12.1 - SQL Injection in PostgreSQL Password Change via Unescaped Username

Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username parameters in...

8.7CVSS6AI score0.00259EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48552

Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp action handling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...

8.1CVSS5.4AI score0.00248EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 6:0 a.m.11 views

EUVD-2026-35351

The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions...

5.3CVSS5.6AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42812

In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. write.metadata.path is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a...

9.9CVSS5.6AI score0.00364EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.11 views

CVE-2026-40830

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS5.8AI score0.00295EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 8:47 p.m.13 views

GHSA-R2F4-FF2P-XC64 Pimcore Platform - SQL Injection in DataObject composite index handling during class definition import/save

My name is Oscar Uribe, Security Researcher at Fluid Attacks. I am reaching out because we have identified a security vulnerability in Pimcore 12.3.3 that we would like to report to you so we can coordinate a responsible disclosure together. As part of our standard disclosure measures, we follow ...

7CVSS6.3AI score0.00346EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.19 views

PT-2026-44219

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability check on the renderChartPages and uploadData functions, where the wp ajax visualizer-create-chart...

4.3CVSS5.9AI score0.00242EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/27 7:53 a.m.8 views

CVE-2026-40829 Authenticated SQLi in UpdateParam function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS6AI score0.00295EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 7:50 a.m.38 views

CVE-2026-40823 Authenticated SQLi in DevSerialReset function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can resu...

7CVSS0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-43564

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

7CVSS6AI score0.00239EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.8 views

ZTE ZXUniPOS NDS-LTE 安全漏洞

ZTE ZXUniPOS NDS-LTE is an operator network positioning platform developed by ZTE Corporation. ZTE ZXUniPOS NDS-LTE has a security vulnerability. This vulnerability stems from cross-site request forgery, which allows attackers to forge cross-site requests using authenticated user sessions, thereb...

5.3CVSS5.7AI score0.00109EPSS
Exploits0References2
NVD
NVD
added 2026/05/22 9:16 a.m.14 views

CVE-2026-8692

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

4.3CVSS0.00225EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/20 4:6 p.m.11 views

EUVD-2026-31131

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST...

10CVSS5.8AI score0.00835EPSS
Exploits1References1
Rows per page
Query Builder