Lucene search
K

70986 matches found

Vulnrichment
Vulnrichment
added 2026/05/20 2:22 p.m.10 views

CVE-2026-9084 MISP OIDC authentication bypass via automatic email-based account linking under insecure IdP configurations

MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid...

6CVSS5.8AI score0.00182EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/20 2:16 p.m.7 views

CVE-2026-22554

MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability...

7.8CVSS5.9AI score0.002EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 2:16 p.m.4 views

UBUNTU-CVE-2026-22554

MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability...

7.8CVSS6AI score0.002EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:58 p.m.7 views

CVE-2026-22554

MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability...

7.8CVSS6AI score0.002EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/20 1:58 p.m.40 views

CVE-2026-22554

MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability...

7.8CVSS0.002EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 1:58 p.m.16 views

CVE-2026-22554

MediaInfoLib from MediaArea is affected by a channel-splitting heap-based buffer overflow. The CVSSv3.1 base score is 7.8 (HIGH) with LOCAL attack vector, requiring user interaction and exposing high impact to confidentiality, integrity, and availability. No patch/version details or remediation a...

7.8CVSS6AI score0.002EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:9 p.m.11 views

CVE-2026-45584

Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network...

8.1CVSS6.1AI score0.00852EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/20 12:47 p.m.13 views

jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

7.5CVSS5.7AI score0.0077EPSS
Exploits0References6
Rapid7 Blog
Rapid7 Blog
added 2026/05/20 12:15 p.m.9 views

Operationalizing CTEM Faster: Build Surface Command Dashboards in Minutes

Modern attack surfaces don’t sit still. Cloud expansion, SaaS sprawl, identity complexity, and shadow IT are continuously reshaping organizational risk. For security leaders, visibility isn’t the challenge anymore, but actually operationalizing that visibility is. Surface Command was built to uni...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/05/20 8:23 a.m.11 views

EUVD-2026-31072

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

9.3CVSS6AI score0.00338EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in openimageio

A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially crafted targa file can lead to out-of-bound read and write operations on the process stack, which can result in arbitrary code execution. An attacker can provide a malicious file...

8.1CVSS7.9AI score0.0104EPSS
Exploits1References2
NVD
NVD
added 2026/05/20 4:16 a.m.13 views

CVE-2026-9010

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

7.5CVSS0.00366EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/20 4:10 a.m.11 views

kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. A local attacker with privileges on the host system could exploit a vulnerability in how KVM handles shadow page table entries SPTEs during memory-mapped I/O MMIO operations. By manipulating guest page table entrie...

8.1CVSS5.8AI score0.00184EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/20 3:2 a.m.8 views

SUSE CVE-2025-4922

Nomad Community and Nomad Enterprise “Nomad” prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14...

8.1CVSS6AI score0.00484EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/20 3:2 a.m.9 views

SUSE CVE-2025-6014

Vault and Vault Enterprise's “Vault” TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

6.5CVSS5.9AI score0.00356EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 2:27 a.m.6 views

CVE-2026-9010

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

7.5CVSS5.9AI score0.00366EPSS
Exploits0References3
CVE
CVE
added 2026/05/20 2:27 a.m.17 views

CVE-2026-9010

The CVE concerns the Boost plugin for WordPress, affected through time-based SQL Injection in the plugin’s handling of the current_url and user_name parameters. Vulnerable in versions up to and including 2.0.3 due to insufficient escaping of user-supplied inputs and inadequate preparation of exis...

7.5CVSS5.9AI score0.00366EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/20 2:27 a.m.42 views

CVE-2026-9010 Boost <= 2.0.3 - Unauthenticated Blind SQL Injection via Multiple Parameters

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

7.5CVSS0.00366EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 2:16 a.m.18 views

CVE-2026-7472

The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of escsql without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit and...

4.9CVSS0.00448EPSS
Exploits0References9
NVD
NVD
added 2026/05/20 2:16 a.m.12 views

CVE-2026-43619

Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...

7.2CVSS0.00136EPSS
Exploits0References3
Rows per page
Query Builder