Lucene search
K

9928 matches found

Cvelist
Cvelist
added yesterday22 views

CVE-2026-11610 389-ds-base: 389-ds-base: heap buffer overflow in sasl_io_recv() via padded sasl unbind

A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. After a successful SASL bind with integrity protection SSF 0, an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer...

8.8CVSS0.00549EPSS
Exploits0References19
Cvelist
Cvelist
added yesterday24 views

CVE-2026-34149 Coolify: Authenticated Host-Level RCE via Unescaped Database Credentials in Backup Jobs

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, DatabaseBackupJob interpolates user-controlled database credentials and MongoDB collection exclusion names into backup shell commands without adequate escaping, allowing an...

3.3CVSS0.00221EPSS
Exploits0References4
Cvelist
Cvelist
added yesterday22 views

CVE-2026-11328 Exclusive Addons for Elementor <= 2.7.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title parameter in all versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00239EPSS
Exploits0References3
CVE
CVE
added yesterday12 views

CVE-2026-11328

The CVE-2026-11328 vulnerability affects the WordPress plugin Exclusive Addons for Elementor, with Stored Cross-Site Scripting via the post title parameter in all versions up to 2.7.9.8. Root cause: insufficient input sanitization and output escaping. Impact: authenticated attackers (Contributor+...

6.4CVSS6.1AI score0.00239EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-56170

Name of the Vulnerable Software and Affected Versions 389 Directory Server 389-ds-base versions 1.3.2 through 11.12.4 Update1 389 Directory Server 389-ds-base versions 12.0 through 12.12 389 Directory Server 389-ds-base versions 2025.1 through 2026.2 Description A heap buffer overflow exists in t...

8.8CVSS6.1AI score0.00549EPSS
Exploits0References20
NVD
NVD
added 2 days ago6 views

CVE-2026-53644

FOSSBilling is a free, open-source billing and client management system. Versions 0.5.3 through 0.7.2 allow authenticated clients to both read and reset API key service secrets for orders that are no longer in an active state e.g., suspended, canceled. The root cause is missing order-state...

8.6CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-34599

CVE-2026-34599 affects Coolify prior to 4.0.0-beta.471. An authenticated user with team membership can trigger command injection in the GetLogs Livewire component because the public property $container is interpolated directly into shell commands (docker logs, docker service logs) without sanitiz...

8.8CVSS6.2AI score0.01385EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-42204 Coolify: Authenticated RCE via SHELL_SAFE_COMMAND_PATTERN regression → host root

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELLSAFECOMMANDPATTERN allowed ampersands in custom Docker Compose build, start, and pre/post-deployment command fields, allowing an...

8.8CVSS0.00359EPSS
Exploits0References4
NVD
NVD
added 2 days ago5 views

CVE-2026-14468

HashiCorp Terraform Enterprise contained an issue in its version control system VCS ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository content in ...

7.7CVSS0.00295EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2 days ago5 views

Coder vulnerable to denial of service via unbounded request body in AI Bridge provider endpoints

Summary AI Bridge provider handlers read request bodies with io.ReadAll without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory. Note: Exploitation requires authenticated access to the AI Bridge endpoints and the impact is...

6.5CVSS6AI score
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago6 views

Coder: Zip upload decompression lacks aggregate size limit, enabling denial of service

Summary POST /api/v2/files converts zip uploads to tar in memory via CreateTarFromZip, which enforced a per-entry size limit but no aggregate limit on total decompressed output, writing to an unbounded in-memory buffer. Note: Exploitation requires authenticated file-upload access and the impact i...

6.5CVSS6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago6 views

Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service

Summary NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a DataUpload message without an upper-bound check. Although the DRPC wire limit is 4 MiB, the FileSize value itself was unconstrained Impact An authenticated user able to...

4.9CVSS6AI score
Exploits0References3Affected Software1
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-41889

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...

8.5CVSS6AI score0.00407EPSS
Exploits0References1
Patchstack
Patchstack
added 2 days ago6 views

WordPress JSON API User plugin <= 4.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Yat in WordPress Plugin JSON API User versions = 4.1.0...

6.4CVSS5.9AI score0.00228EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2 days ago5 views

CVE-2026-9165 Stackrox: stackrox: unbounded graphql query depth allows authenticated denial of service

A flaw was found in Red Hat Advanced Cluster Security for Kubernetes RHACS. Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central...

7.7CVSS5.9AI score0.0026EPSS
Exploits0References4
NVD
NVD
added 2 days ago7 views

CVE-2024-6228

The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on t...

7.5CVSS0.00318EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-11962 FileOrganizer < 1.2.0 - Authenticated Arbitrary File Upload via elFinder File Operations

The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who have been granted file-manager access — which its premium add-on can extend to sub-administrator roles — to upload arbitrary PHP files and...

0.00435EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-55953

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...

8.5CVSS6AI score0.00407EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-41659

PHPIPAM is affected by an authenticated local file inclusion vulnerability that allows users with access to the API to execute/include arbitrary PHP files on the web server's file system. The API is not enabled by default on installations...

2.3CVSS6.1AI score0.00378EPSS
Exploits0References2
CVE
CVE
added 4 days ago23 views

CVE-2026-12194

PHPIPAM is affected by an authenticated local file inclusion vulnerability that can allow API-authenticated users to include arbitrary PHP files on the server filesystem. The API is not enabled by default on installations. The CVSS metrics indicate a low-severity issue with network access, low ef...

2.3CVSS6.1AI score0.00378EPSS
Exploits0References2
Rows per page
Query Builder