Lucene search
K

361901 matches found

EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-40266

The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code...

8.4CVSS6AI score
Exploits0References2
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-40255

Multiple laser printers and MFPs multifunction printers which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed on the web browser of the user who accesses Web Image Monitor...

6.1CVSS6.3AI score
Exploits0References4
EUVD
EUVD
added 1 hour ago4 views

EUVD-2026-40256

RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. If a user loads a specially crafted save-file, arbitrary OS command may be executed...

8.4CVSS5.9AI score
Exploits0References4
EUVD
EUVD
added 1 hour ago6 views

EUVD-2026-40260

The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unserialize function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delet...

8CVSS6.5AI score
Exploits0References3
CVE
CVE
added 3 hours ago12 views

CVE-2026-12578

CVE-2026-12578 affects Delta Electronics DTM Soft and is associated with a deserialization of untrusted data that may allow arbitrary code execution. Connected sources describe the vulnerable component as part of DTM Soft, with exploitation potentially enabling privilege escalation and lateral mo...

8.4CVSS6AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 4 hours ago7 views

mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd

A flaw was found in MariaDB server. When the wsrepnotifycmd feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the...

10CVSS6.5AI score0.00447EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 4 hours ago7 views

Important: Red Hat Security Advisory: galera and mariadb11.8 security, bug fix, and enhancement update

An update for multiple packages is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

10CVSS6.3AI score0.00447EPSS
Exploits0References4
CVE
CVE
added 5 hours ago9 views

CVE-2026-56137

RPG MAKER MV and MZ (Gotcha Gotcha Games Inc.) have an OS command injection vulnerability. When a user loads a specially crafted save-file, arbitrary OS commands may be executed. Affected components and root cause are stated as OS command injection, with high impact (CVE-2026-56137). The supplied...

8.4CVSS7.2AI score
Exploits0References3
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-40253

The PixMagix – WordPress Image Editor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.2 via the moveimageonserver function. This makes it possible for authenticated attackers, with author-level access and above, to write files with...

6.5CVSS5.9AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 10 hours ago3 views

node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

A flaw was found in node-tar, a Node.js module for handling TAR archives. This vulnerability allows a remote attacker to bypass path traversal protections by crafting a malicious TAR archive. The security check for hardlink entries uses different path resolution logic than the actual hardlink...

8.2CVSS6.3AI score0.00519EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added yesterday7 views

Important: Red Hat Security Advisory: mariadb10.11 security, bug fix, and enhancement update

An update for mariadb10.11 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

10CVSS6.3AI score0.00447EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-11998

A flaw was found in AngularJS. The Strict Contextual Escaping SCE logic, designed to ensure only trusted values are used in security-sensitive contexts like resource URLs, can be bypassed. This bypass allows an attacker to use unsafe values as resource URLs, leading to arbitrary JavaScript...

7.6CVSS5.9AI score0.00222EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday5 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory...

8.1CVSS6AI score0.0045EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added yesterday2 views

perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access

A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to...

9.1CVSS5.9AI score0.00481EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added yesterday4 views

Important: Red Hat Security Advisory: perl-Archive-Tar security update

An update for perl-Archive-Tar is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.1CVSS6AI score0.00481EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday4 views

perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob

A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...

7.3CVSS6.1AI score0.00304EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added yesterday6 views

Important: Red Hat Security Advisory: perl-IO-Compress security update

An update for perl-IO-Compress is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.3CVSS6.2AI score0.00304EPSS
Exploits2References2
Cvelist
Cvelist
added yesterday20 views

CVE-2026-57955 SigNoz 0.130.1 - SQL Injection in Alert History Endpoints via Rule ID Parameter

SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by injecting URL-encoded quotes into the rule ID path parameter of the alert-history endpoints. Attackers can manipulate the unsanitized rule ID interpolated...

8.5CVSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-40166

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-40162

PhotoPrism before 260601-a7d098548 contains a broken access control vulnerability that allows authenticated non-admin users to modify other users' profile information by sending requests to arbitrary user endpoints. Attackers can exploit the missing session-to-user identifier validation in the PU...

5.3CVSS5.9AI score
Exploits0References3
Rows per page
Query Builder