Lucene search
K

1340 matches found

Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45258

In wlan STA driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480851; Issue ID: MSV-6338...

5.9AI score0.00102EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.16 views

PT-2026-45485

Summary Type: Authorization bypass enabling destructive action. The DELETE /workspaces/workspace id endpoint is gated only by require workspace memberworkspace id default min role="member". Any member of the workspace can issue a single DELETE to wipe the entire workspace, including every project...

8.1CVSS5.8AI score0.00041EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.20 views

PT-2026-45592

In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00075EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 12:0 a.m.11 views

PUB-A-495883315

In writeAocCommand of AocAudioCodec.cpp, there is a possible memory safety issue due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS5.9AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 12:0 a.m.11 views

PUB-A-481274735

In checkSsrcCollisionOnRcv of RtpSession.cpp, there is a possible memory safety issue due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

7.5CVSS5.9AI score0.00211EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 12:0 a.m.12 views

PUB-A-481345618

In RtcpHeader::decodeRtcpHeader, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

4.3CVSS5.9AI score0.00169EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 1:7 p.m.24 views

CVE-2026-45620

Technical details for CVE-2026-45620 are not publicly available in the provided connected documents. Monitor for updates.

5.3CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.15 views

PT-2026-44796

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the update site editor homepage function in all versions up to, and including, 1.0.271. This makes it possible for unauthenticated attackers to...

5.3CVSS5.8AI score0.00356EPSS
Exploits0References7
OSV
OSV
added 2026/05/28 5:37 p.m.9 views

GHSA-MJ4X-VF5C-5XG8 compliance-trestle Profile Import has an Arbitrary File Read via trestle:// URI and Relative Path Traversal

Summary The compliance-trestle library's profile import mechanism resolves trestle:// URIs and relative file paths by joining them with trestleroot and calling .resolve, but performs no boundary check to ensure the resolved path stays within the trestle workspace. An attacker can craft a maliciou...

6.9CVSS5.9AI score0.00061EPSS
Exploits0References4
CVE
CVE
added 2026/05/28 4:29 p.m.30 views

CVE-2026-9097

CVE-2026-9097 affects Casdoor

9.8CVSS5.7AI score0.00405EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 12:30 a.m.14 views

EUVD-2026-32678

The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 3.4.7. This makes it possible for authenticated...

4.3CVSS5.9AI score0.00275EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-45953

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix IO hang with degraded array with llbitmap When llbitmap bit state is still...

5.5CVSS5.9AI score0.00121EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 5:9 p.m.40 views

CVE-2026-45717 Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameters including host, port, and URL.

Budibase is an open-source low-code platform. Prior to 3.38.1, Budibase exposes a REST API for datasource management. The route PUT /api/datasources/:datasourceId is registered in the authorizedRoutes group with TABLE/READ permission. This is the same authorization level as the read endpoint GET...

8.8CVSS0.00251EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 7:13 a.m.34 views

CVE-2026-41704 Compromised VM can make arbitrary blobstore deletes

AgentClienthandlemethod lines 264-303 processes every NATS reply. It calls injectcompilelog line 273 on every response, which reads response'value''result''compilelogid' line 332-338 and passes it to downloadanddeleteblob. Separately, any response containing 'exception' goes through formatexcepti...

6.8CVSS0.00083EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-43545

The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the downgrade jquery version function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References7
CVE
CVE
added 2026/05/26 8:19 p.m.21 views

CVE-2026-42337

CVE-2026-42337 : MaxKB (open-source AI assistant) versions 2.8.0 and earlier are affected by a broken access control in the OSS file service URL fetch API (chat/api/oss/get_url). The endpoint uses the application_id from the URL path without validating ownership, allowing operations under other a...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.12 views

CVE-2026-47070

Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackneyh3.erl passes the original request headers unchanged to the redirect target without performing any cross-origin check. When a client issues an HTTP/3 request...

6.1CVSS5.8AI score0.00348EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/26 5:43 p.m.19 views

EUVD-2026-31944

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

9.8CVSS5.8AI score0.00364EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 4:16 p.m.17 views

CVE-2026-40564

Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...

6.5CVSS0.0049EPSS
Exploits3References2
UbuntuCve
UbuntuCve
added 2026/05/26 4:16 p.m.14 views

CVE-2026-48683

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in the NetFlow v9 data flowset processor. In src/netflowplugin/netflowv9collector.cpp, the Data template branch lines 1695-1702 iterates over flow records without performing a per-iteration bounds check agains...

6.5CVSS5.9AI score0.00331EPSS
Exploits0References6
Rows per page
Query Builder