Lucene search
K

158559 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.9 views

CVE-2026-44166

Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When th...

7.6CVSS5.4AI score0.00247EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.11 views

CVE-2026-8899

The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'thumbnails' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on the shortcode's 'width' and 'height' attributes in the athnthumbnail...

6.4CVSS5.7AI score0.00198EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.17 views

CVE-2026-7330

The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This is due to insufficient input sanitization on the 'url' POST parameter in the aalurlstatssaveaction function and a complete absence of output escaping in...

7.2CVSS5.7AI score0.00366EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.14 views

CVE-2026-7853

A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /autoreboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made...

10CVSS8.2AI score0.01515EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-41431

Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...

8CVSS5.7AI score0.00199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.11 views

CVE-2026-41904

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...

7.6CVSS5.3AI score0.00171EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.8 views

CVE-2026-33233

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with...

7.6CVSS5.7AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40344

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write...

8.8CVSS5.8AI score0.00418EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 3:49 p.m.9 views

OESA-2026-2576 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: A flaw was found in Samba's certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and...

9.8CVSS6.5AI score0.12797EPSS
Exploits9References5
OSV
OSV
added 2026/06/05 3:48 p.m.9 views

OESA-2026-2575 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: A flaw was found in Samba's certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and...

9.8CVSS6.5AI score0.12797EPSS
Exploits9References5
OSV
OSV
added 2026/06/05 3:48 p.m.14 views

OESA-2026-2574 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: A flaw was found in Samba's certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and...

9.8CVSS6.5AI score0.12797EPSS
Exploits9References5
NVD
NVD
added 2026/06/05 11:16 a.m.21 views

CVE-2026-21034

Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration...

4.8CVSS0.00084EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 10:15 a.m.13 views

EUVD-2026-34806

Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration...

4.8CVSS5.4AI score0.00084EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:15 a.m.7 views

CVE-2026-21034

Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration...

4.8CVSS5.5AI score0.00084EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/05 10:15 a.m.42 views

CVE-2026-21034

Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration...

4.8CVSS0.00084EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 10:15 a.m.9 views

CVE-2026-21034

Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration...

4.8CVSS5.4AI score0.00084EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 10:15 a.m.27 views

CVE-2026-21034

The CVE-2026-21034 issue affects Samsung Auto: improper export of Android components in Samsung Auto prior to version 3.1.2.61 on Android 15 and 3.2.0.38 on Android 16 allows a local attacker to change audio configurations. The connected sources confirm the affected product (Samsung Auto) and the...

4.8CVSS5.5AI score0.00084EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.20 views

PT-2026-46924

Name of the Vulnerable Software and Affected Versions Samsung Auto versions prior to 3.1.2.61 in Android 15 Samsung Auto versions prior to 3.2.0.38 in Android 16 Description Improper export of android application components allows a local attacker to change the audio configuration. Recommendation...

4.8CVSS5.9AI score0.00084EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.8 views

SAMSUNG Auto Android 安全漏洞

Samsung Auto Android is a mobile screen mirroring and intelligent driving assistant platform developed by South Korea’s Samsung Corporation for use in vehicle scenarios. There were security vulnerabilities in versions prior to 3.1.2.61 of Samsung Auto Android 15, as well as versions prior to...

4.8CVSS5.4AI score0.00084EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.13 views

PT-2026-46338

Unauthenticated Local File Inclusion in Deliciosa = 1.10.0 versions...

8.1CVSS5.2AI score0.00435EPSS
Exploits0References3
Rows per page
Query Builder