Lucene search
K

203483 matches found

CVE
CVE
added 2026/06/24 1:20 p.m.95 views

CVE-2026-57294

CVE-2026-57294 affects Jenkins EC2 Fleet Plugin version 4.2.3.539.v8fedff2a_81c3 and earlier, where a missing permission check allows an attacker with Overall/Read to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, potentially capturi...

5.4CVSS5.8AI score0.00161EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.5 views

CVE-2026-57292

A cross-site request forgery CSRF vulnerability in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS5.8AI score0.00101EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.32 views

CVE-2026-57291

Missing permission checks in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

0.00145EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:20 p.m.12 views

CVE-2026-57291

CVE-2026-57291 affects Jenkins Gitee Plugin (version 1288.v18b_deb_c9069b_ and earlier). The issue is missing permission checks in the plugin, allowing attackers with Overall/Read permissions to connect to an attacker-controlled URL using attacker-controlled credentials IDs obtained through anoth...

5.4CVSS5.8AI score0.00145EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:20 p.m.13 views

CVE-2026-57292

The CVE-2026-57292 entry concerns the Jenkins Gitee Plugin (affected versions include 1288.v18b_deb_c9069b_ and earlier). The vulnerability is a cross-site request forgery (CSRF) that allows an attacker to cause the plugin to connect to an attacker-specified URL using attacker-specified credentia...

5.4CVSS5.8AI score0.00101EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.31 views

CVE-2026-57292

A cross-site request forgery CSRF vulnerability in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

0.00101EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.7 views

EUVD-2026-38773

A cross-site request forgery CSRF vulnerability in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS5.8AI score0.00101EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.9 views

EUVD-2026-38772

Missing permission checks in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS5.8AI score0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 11:53 a.m.9 views

EUVD-2026-38738

Capgo before 12.128.2 contains a broken object level authorization BOLA vulnerability in the POST /build/start/:jobId and POST /build/cancel/:jobId endpoints. The handlers authorize the request based only on the attacker-controlled appid supplied in the request body and never verify that the jobI...

7.6CVSS6.1AI score0.00176EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/24 11:46 a.m.4 views

LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents

A flaw was found in LibreOffice. A remote attacker could exploit this out-of-bounds write vulnerability by tricking a user into opening a specially crafted OOXML Office Open XML document with mismatched encryption salt parameters. This could lead to a denial of service DoS, making the application...

7.8CVSS5.9AI score0.00078EPSS
Exploits0References5
OSV
OSV
added 2026/06/24 8:0 a.m.5 views

CURL-CVE-2026-8924 trailing dot domain super cookie

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set "super cookies" that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/06/24 5:33 a.m.7 views

EUVD-2026-38687

The Image Sizes on Demand plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Server Variable in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS6AI score0.00168EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 5:33 a.m.12 views

CVE-2026-8622

The CVE-2026-8622 entry concerns the WordPress plugin Image Sizes on Demand (versions affected: all up to and including 1.3). The vulnerability is a Reflected Cross-Site Scripting (XSS) via the PHP_SELF server variable caused by insufficient input sanitization and output escaping. It allows unaut...

6.1CVSS6AI score0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.30 views

CVE-2026-8628 EntreDroppers <= 1.1.2 - Reflected Cross-Site Scripting via PHP_SELF Parameter

The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

6.1CVSS0.00205EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 5:33 a.m.7 views

EUVD-2026-38655

The Osiris Signature Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS5.8AI score0.00135EPSS
Exploits0References5
Veracode
Veracode
added 2026/06/24 5:32 a.m.9 views

Out Of Band Data Exfiltration

Claude Code is vulnerable to Out-of-Band Data Exfiltration. The vulnerability is due to the pre-approval of the hostname huggingface.co as a bare hostname for the WebFetch tool, where any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission...

9.1CVSS5.9AI score0.00403EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/24 5:17 a.m.8 views

CVE-2026-12846

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS0.00427EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/24 4:42 a.m.4 views

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...

9.8CVSS6.8AI score0.00563EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/24 4:20 a.m.4 views

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...

9.8CVSS6.8AI score0.00563EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/24 3:34 a.m.8 views

CVE-2026-12847

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS6.2AI score0.00427EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder