Lucene search
+L

1128 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.10 views

CVE-2026-30810

Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800...

8.8CVSS5.5AI score0.00302EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/05 4:42 p.m.17 views

Klever-Go KVM: Unauthenticated remote node crash (nil-pointer DoS) in klever-go P2P transaction interceptor (txVersionChecker nil RawData) - potential chain halt

Summary Every transaction gossiped on the klever-go P2P network is decoded and validated synchronously inside the libp2p pubsub topic-validator callback. The validator txVersionChecker.CheckTxVersion dereferences tx.RawData.Version with no nil check. A protobuf Transaction whose embedded RawData...

5.5AI score0.00058EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.13 views

PT-2026-48345

Summary Every transaction gossiped on the klever-go P2P network is decoded and validated synchronously inside the libp2p pubsub topic-validator callback. The validator txVersionChecker.CheckTxVersion dereferences tx.RawData.Version with no nil check. A protobuf Transaction whose embedded RawData...

7.5CVSS5.5AI score0.00058EPSS
Exploits0References5
NVD
NVD
added 2026/06/04 5:16 p.m.17 views

CVE-2026-50076

Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present readResolve/readExternal hooks via...

9.1CVSS0.0052EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 4:9 p.m.41 views

CVE-2026-50076 Apache Fory: Java ReplaceResolverSerializer deserialization checks bypass

Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present readResolve/readExternal hooks via...

0.0052EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 4:9 p.m.45 views

CVE-2026-50076

CVE-2026-50076 affects the Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM. The issue is a deserialization flaw in the Java replace-resolve path that allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and to invoke classpath-present readResolve/r...

9.1CVSS5.8AI score0.0052EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.12 views

Apache Fory 安全漏洞

Apache Fory is a serialization framework developed by the Apache Foundation in the United States. Versions of Apache Fory prior to 1.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the deserialization of untrusted data in the Java replace-resolve path, which could allow...

9.1CVSS5.6AI score0.0052EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.28 views

PT-2026-46269

Name of the Vulnerable Software and Affected Versions Apache Fory fory-core versions prior to 1.1.0 Description Deserialization of untrusted data in the Java replace-resolve path on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks. B...

9.1CVSS5.5AI score0.0052EPSS
Exploits0References8
Packet Storm News
Packet Storm News
added 2026/06/03 12:0 a.m.38 views

Description-Code Inconsistency in Real-World MCP Servers: Measurement, Detection, and Security Implications

The Model Context Protocol MCP has emerged as a critical standard empowering Large Language Models LLMs to utilize external tools. In this ecosystem, LLMs rely on natural language descriptions provided by MCP servers to select and execute functions. This interaction implicitly assumes that tool...

6AI score
Exploits0
OSV
OSV
added 2026/06/02 5:45 p.m.9 views

OPENSUSE-SU-2026:20892-1 Security update for yq

This update for yq fixes the following issues: Changes in yq: - Fix multiple CVEs: CVE-2026-27136 GO-2026-5030 CVE-2026-25681 GO-2026-5029 CVE-2026-25680 GO-2026-5028 CVE-2026-42502 GO-2026-5027 CVE-2026-42506 GO-2026-5025 bsc1267053 CVE-2026-39821 GO-2026-5026 bsc1267199 - update to v4.53.2 Add...

9.6CVSS5.9AI score0.00874EPSS
Exploits1References17
GithubExploit
GithubExploit
added 2026/06/02 11:39 a.m.132 views

Exploit for CVE-2026-46243

CIFSwitch Checker - CVE-2026-46243 Checker para Linux que p...

7.8CVSS5.8AI score0.00353EPSS
Exploits4
GithubExploit
GithubExploit
added 2026/06/02 11:39 a.m.272 views

Exploit for CVE-2026-46243

CIFSwitch Checker - CVE-2026-46243 Checker para Linux que p...

7.8CVSS5.8AI score0.00353EPSS
Exploits4
NVD
NVD
added 2026/05/28 9:16 a.m.18 views

CVE-2026-9015

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

4.3CVSS0.003EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/05/28 7:43 a.m.10 views

CVE-2026-9015 Equalize Digital Accessibility Checker <= 1.42.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Accessibility Issue Modification via edac_insert_ignore_data AJAX Action

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

4.3CVSS5.8AI score0.003EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/28 7:43 a.m.13 views

CVE-2026-9015

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

4.3CVSS5.8AI score0.003EPSS
Exploits0References11
CVE
CVE
added 2026/05/28 7:43 a.m.21 views

CVE-2026-9015

The CVE-2026-9015 entry concerns the WordPress plugin Equalize Digital Accessibility Checker (WCAG/ADA/EAA/Section 508) with versions

4.3CVSS5.8AI score0.003EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

WordPress plugin Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.003EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.20 views

PT-2026-44220

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

4.3CVSS5.8AI score0.003EPSS
Exploits0References11
OSV
OSV
added 2026/05/27 9:3 p.m.10 views

GHSA-29FC-P6C4-24CG Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims

Description OidcTokenHandler is Symfony's built-in access-token handler for OpenID Connect: it validates a bearer JWT and returns the authenticated user identity. It delegates claim validation to the web-token/jwt-checker library's ClaimCheckerManager. OidcTokenHandler::verifyClaims registers...

7.1CVSS5.8AI score0.00232EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/27 9:3 p.m.18 views

Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims

Description OidcTokenHandler is Symfony's built-in access-token handler for OpenID Connect: it validates a bearer JWT and returns the authenticated user identity. It delegates claim validation to the web-token/jwt-checker library's ClaimCheckerManager. OidcTokenHandler::verifyClaims registers...

9.1CVSS5.8AI score0.00232EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder