Lucene search
K

6835 matches found

CVE
CVE
added 2026/04/07 4:42 p.m.32 views

CVE-2026-32588

The CVE affects Apache Cassandra (versions 4.0, 4.1, 5.0). A vulnerability in the Cassandra Query Language (CQL) path allows an authenticated user to repeatedly change passwords (ALTER ROLE) and trigger expensive authentication-table reads/writes, causing increased query latency and potential Den...

6.5CVSS5.8AI score0.00533EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 4:42 p.m.1 views

CVE-2026-32588 Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing

Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue...

5.8AI score0.00533EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/02 1:4 p.m.14 views

CVE-2026-2699

Customer Managed ShareFile Storage Zones Controller SZC allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution...

9.8CVSS6.1AI score0.49424EPSS
Exploits1References2
Cisco
Cisco
added 2026/04/01 4:0 p.m.36 views

Cisco Integrated Management Controller Authentication Bypass Vulnerability

A vulnerability in the change password functionality of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. This vulnerability is due to incorrect handling of password change requests. An...

9.8CVSS6AI score0.00991EPSS
Exploits0References1
NVD
NVD
added 2026/03/31 6:16 a.m.6 views

CVE-2026-1877

The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'apsoptionspage' function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

6.1CVSS0.00198EPSS
Exploits0References3
ICS
ICS
added 2026/03/31 6:0 a.m.6 views

Anritsu Remote Spectrum Monitor

RISK EVALUATION Successful exploitation of this vulnerability could allow attackers with network access to alter operational settings, obtain sensitive signal data, or disrupt device availability. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

9.3CVSS5.8AI score0.00387EPSS
Exploits0References11
NVD
NVD
added 2026/03/27 6:16 p.m.6 views

CVE-2025-15617

Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUBTOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits...

8.3CVSS0.00387EPSS
Exploits1References2
CVE
CVE
added 2026/03/27 11:46 a.m.13 views

CVE-2026-4309

CVE-2026-4309 concerns NEC Platforms, Ltd. Aterm Series devices with a Missing Authorization vulnerability. The available documents state that an attacker can retrieve specific device information and alter settings over the network. The CVSS metrics indicate a Network attack vector, high attack c...

6.5CVSS5.9AI score0.00142EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-4948

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus Desktop Bus setters, setZoneSetting...

5.5CVSS5.5AI score0.00118EPSS
Exploits0References4
CVE
CVE
added 2026/03/26 10:30 p.m.36 views

CVE-2026-34352

TigerVNC prior to version 1.16.2 contains a permission issue in x0vncserver (Image.cxx) that allows other users to observe or manipulate the screen and can cause a crash. The issue is described as incorrect permissions on Image.cxx in x0vncserver. Affected product is TigerVNC (x0vncserver). The c...

9.8CVSS5.8AI score0.00247EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/24 3:16 p.m.5 views

CVE-2026-27654

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...

8.8CVSS0.21621EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.7 views

PT-2026-26039

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the...

7.1CVSS5.9AI score0.00178EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/13 9:31 p.m.6 views

EUVD-2026-11766

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...

5.3CVSS5.8AI score0.0035EPSS
Exploits0References6
NVD
NVD
added 2026/03/10 5:38 p.m.9 views

CVE-2026-27686

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

5.9CVSS0.00215EPSS
Exploits0References2
Microsoft KB
Microsoft KB
added 2026/03/10 2:0 p.m.13 views

KB5077474 - Description of the security update for SQL Server 2016 SP3 GDR: March 10, 2026

KB5077474 - Description of the security update for SQL Server 2016 SP3 GDR: March 10, 2026 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains...

8.8CVSS5.8AI score0.02044EPSS
Exploits0
CVE
CVE
added 2026/03/10 12:18 a.m.14 views

CVE-2026-27684

CVE-2026-27684 affects SAP NetWeaver Feedback Notifications Service. An authenticated attacker can exploit a SQL injection by supplying input that is directly concatenated into SQL queries, enabling manipulation of WHERE clause logic. This can lead to unauthorized access to or modification of dat...

6.4CVSS6AI score0.00267EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.4 views

CVE-2026-28438

CocoIndex is a data transformation framework for AI. Prior to version 0.3.34, the Doris target connector didn't verify the configured table name before creating some SQL statements ALTER TABLE. So, in the application code, if the table name is provided by an untrusted upstream, it expose...

9.8CVSS5.8AI score0.00282EPSS
Exploits0References1
NVD
NVD
added 2026/03/06 7:15 a.m.11 views

CVE-2026-28438

CocoIndex is a data transformation framework for AI. Prior to version 0.3.34, the Doris target connector didn't verify the configured table name before creating some SQL statements ALTER TABLE. So, in the application code, if the table name is provided by an untrusted upstream, it expose...

9.8CVSS0.00282EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/06 6:39 a.m.3 views

CVE-2026-28438 CocoIndex Doris target connector didn't verify table name when constructing ALTER TABLE statements

CocoIndex is a data transformation framework for AI. Prior to version 0.3.34, the Doris target connector didn't verify the configured table name before creating some SQL statements ALTER TABLE. So, in the application code, if the table name is provided by an untrusted upstream, it expose...

6.9CVSS5.8AI score0.00282EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/06 6:39 a.m.29 views

CVE-2026-28438 CocoIndex Doris target connector didn't verify table name when constructing ALTER TABLE statements

CocoIndex is a data transformation framework for AI. Prior to version 0.3.34, the Doris target connector didn't verify the configured table name before creating some SQL statements ALTER TABLE. So, in the application code, if the table name is provided by an untrusted upstream, it expose...

6.9CVSS0.00282EPSS
Exploits0References2
Rows per page
Query Builder