Lucene search
K

3465 matches found

CVE
CVE
added 2026/05/27 12:15 p.m.26 views

CVE-2026-45873

CVE-2026-45873 concerns Linux kernel netfilter nft_set_rbtree. The issue arises from partial overlap detection for anonymous sets where adjacent intervals omit end elements, allowing overlaps such as A-B and A-C with C

5.5CVSS5.8AI score0.00156EPSS
Exploits0References8Affected Software1
GithubExploit
GithubExploit
added 2026/05/27 9:11 a.m.122 views

Exploit for SQL Injection in Drupal

CVE-2026-9082 Passive checker for CVE-2026-9082 / SA-CORE-2...

9.8CVSS6.1AI score0.84631EPSS
Exploits14
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-43740

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter component within the nft set rbtree function. The partial overlap detection logic for anonymous sets incorrectly skips checks on start elements due to an...

6.9CVSS5.5AI score0.00156EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-45873

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the e...

5.5CVSS6.2AI score0.00156EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.11 views

CVE-2026-45873

netfilter: nftsetrbtree: check for partial overlaps in anonymous sets...

5.8AI score0.00156EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.12 views

CVE-2026-41147

NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...

8.7CVSS5.8AI score0.00349EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 12:19 p.m.7 views

OPENSUSE-SU-2026:20812-1 Security update for cups

This update for cups fixes the following issues - CVE-2026-27447: Authorization bypass via case-insensitive group-member lookup bsc1261572. - CVE-2026-34978: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss bsc1261571. - CVE-2026-34979: Heap overflow in getoption...

7.8CVSS6.5AI score0.00502EPSS
Exploits8References16
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 5:57 p.m.14 views

Malicious code in @dreamlake/lakeshore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ef6f14503697000ebd139364326d859a625a27a669e6f53b3e7a9388c3b0b25 On install, dist/cli/daemon/install.js fetches content from https://pub-c0109e197b4a4d1abe5884ac4dd3a023.r2.dev — an anonymous Cloudflare R2 bucket —...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 12:12 a.m.11 views

Malicious code in loading-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 640bfe1e0b6627e78ec34ef2d97df0d5d29d912446883f284c15935cc8f6f996 Package advertises itself via a verbatim copy of pino's README, docs/, and index.d.ts TypeScript types and documentation are pino's, but index.js doe...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/05/23 12:12 a.m.8 views

MAL-2026-4600 Malicious code in loading-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 640bfe1e0b6627e78ec34ef2d97df0d5d29d912446883f284c15935cc8f6f996 Package advertises itself via a verbatim copy of pino's README, docs/, and index.d.ts TypeScript types and documentation are pino's, but index.js doe...

5.8AI score
Exploits0References3
NVD
NVD
added 2026/05/22 10:16 p.m.23 views

CVE-2026-41147

NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...

8.7CVSS0.00349EPSS
Exploits0References3
CVE
CVE
added 2026/05/22 9:45 p.m.30 views

CVE-2026-41147

CVE-2026-41147 (NukeViet CMS) is a stored XSS issue affecting NukeViet CMS versions up to 4.5.08, caused by insufficient server-side input sanitization in the Request class. The app relies on client-side filtering for user-submitted HTML, which can be bypassed by altering HTTP requests. Attackers...

8.7CVSS5.8AI score0.00349EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/22 9:45 p.m.25 views

CVE-2026-41147 NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input sanitization in Request class

NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...

8.7CVSS0.00349EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.17 views

PT-2026-42729

Name of the Vulnerable Software and Affected Versions Easy Elements for Elementor – Addons & Website Templates versions prior to 1.4.6 Description An issue exists in the easyel handle register function where the wp ajax nopriv eel register AJAX handler processes the custom meta POST array. The...

8.8CVSS5.7AI score0.00541EPSS
Exploits1References10
GithubExploit
GithubExploit
added 2026/05/21 10:42 a.m.280 views

Exploit for CVE-2026-9082

CVE-2026-9082 — Drupal Core PostgreSQL SQL Injection PoC...

6.5CVSS6.2AI score0.84631EPSS
Exploits14
The Hacker News
The Hacker News
added 2026/05/21 3:44 a.m.19 views

Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

Drupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-2026-9082, carries a CVSS score of 6.5 o...

6.5CVSS6.4AI score0.84631EPSS
Exploits14
Fedora
Fedora
added 2026/05/21 1:28 a.m.18 views

[SECURITY] Fedora 43 Update: proftpd-1.3.9a-2.fc43

ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...

8.1CVSS5.8AI score0.00455EPSS
Exploits0
Fedora
Fedora
added 2026/05/21 12:57 a.m.15 views

[SECURITY] Fedora 44 Update: proftpd-1.3.9a-2.fc44

ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...

8.1CVSS5.8AI score0.00455EPSS
Exploits0
OSV
OSV
added 2026/05/20 6:8 p.m.7 views

DRUPAL-CORE-2026-004

Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL...

9.8CVSS6.4AI score0.84631EPSS
Exploits14References1
OSV
OSV
added 2026/05/20 11:55 a.m.5 views

BIT-DISCOURSE-2026-32244 Discourse: Cached outdated summaries can leak removed content

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4, 2026.3.1,...

5.3CVSS5.8AI score0.00233EPSS
Exploits0References2
Rows per page
Query Builder