Lucene search
+L

25837 matches found

euvd
euvd
added 2026/07/08 7:36 a.m.8 views

EUVD-2026-42203

The application opens a PDF, but the cloud-like appearance of the construction process lacks proper setting of an upper limit and consistency checks. Out-of-bounds access to the underlying array is exposed, ultimately leading to a crash of the application...

7.8CVSS6AI score0.00116EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/08 7:36 a.m.7 views

CVE-2026-57251

The application opens a PDF, but the cloud-like appearance of the construction process lacks proper setting of an upper limit and consistency checks. Out-of-bounds access to the underlying array is exposed, ultimately leading to a crash of the application...

7.8CVSS6AI score0.00116EPSS
Exploits0References2Affected Software2
euvd
euvd
added 2026/07/08 7:36 a.m.6 views

EUVD-2026-42195

After JavaScript resetting the form, the synchronization process lacks re-entry protection and object lifecycle verification, resulting in the failure of the control pointer during the traversal process. After the pointer fails, it still continues to dereference, causing the application to crash...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1
nvd
nvd
added 2026/07/08 5:16 a.m.13 views

CVE-2026-14158

The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widgetlogicvisualcheckvisibility function. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action...

8.8CVSS0.00516EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/07/08 4:30 a.m.6 views

CVE-2026-14158

The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widgetlogicvisualcheckvisibility function. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action...

8.8CVSS6.3AI score0.00516EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.7 views

PT-2026-56621

Name of the Vulnerable Software and Affected Versions CAXperts UPVWebServices versions 2.4.2212.603 through 2.7.6 UDiTH Portal versions 2026.0.0 through 2026.2.0 Description An authenticated remote user can invoke an administrative API endpoint intended for privileged users. Due to missing...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.7 views

PT-2026-56566

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.8 Description Message trace destination checks are not consistently applied to messages arriving through leafnode connections. This allows a leafnode operator to send trac...

6.5CVSS6.1AI score0.00308EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.9 views

PT-2026-56334

Name of the Vulnerable Software and Affected Versions xorg-server versions prior to 21.2.24 xwayland versions prior to 24.1.13 Description Local attackers with an X connection can cause a heap buffer overflow by providing PCX fonts to the X server. This occurs due to missing glyph boundary checks...

8.5CVSS6.3AI score0.00212EPSS
Exploits0References42
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.15 views

PT-2026-56347

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description Insufficient object type and argument checks occur when the application opens a PDF file and JavaScript writes annotation attributes. This leads to damage in the internal...

7.8CVSS6AI score0.00116EPSS
Exploits0References5
cert
cert
added 2026/07/08 12:0 a.m.5 views

Adalo Database API Enables Cross-App User Data Extraction via Over-Fetching and Missing Authorization Controls

Overview Adalo’s no‑code application platform exposes complete user records through its database API for all applications built on both V1 and V2. Due to a platform-level flaw, authenticated users can retrieve full user data belonging to any Adalo application, regardless of configuration. This...

7.5CVSS5.9AI score0.00303EPSS
Exploits0
attackerkb
attackerkb
added 2026/07/07 10:47 p.m.6 views

CVE-2026-55078

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.17.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, POST /api/v2/files converts zip uploads to tar in memory via CreateTarFromZip, which enforced a per-entry size limit but no...

6.5CVSS6AI score0.00602EPSS
Exploits0References7Affected Software1
redhat
redhat
added 2026/07/07 8:2 p.m.4 views

kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()

A flaw was found in the Linux kernel's Direct Rendering Manager DRM Graphics Execution Manager GEM component. This vulnerability arises from an inconsistent calculation of plane dimensions, which can lead to incorrect memory allocation checks. A local attacker could exploit this by creating a...

7.8CVSS6.7AI score0.00139EPSS
Exploits0References5
nvd
nvd
added 2026/07/07 7:16 p.m.11 views

CVE-2026-48958

An improper access check allows unauthorized users to create custom fields via webservices endpoints...

8.8CVSS0.00262EPSS
Exploits0References1
nvd
nvd
added 2026/07/07 7:16 p.m.7 views

CVE-2026-48947

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS0.00197EPSS
Exploits0References1
euvd
euvd
added 2026/07/07 6:38 p.m.6 views

EUVD-2026-42074

The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings,...

8.7CVSS6AI score0.00343EPSS
Exploits0References4
euvd
euvd
added 2026/07/07 5:41 p.m.9 views

EUVD-2026-42072

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect follows the Location: header and prepareheadersandcb re-merges the caller's headers argument into the new request, without checking whether...

7.1CVSS6AI score0.0026EPSS
Exploits0References5
cve
cve
added 2026/07/07 5:31 p.m.10 views

CVE-2026-48955

The CVE concerns Joomla! Core, specifically the com_workflow component. Affected: Joomla core workflows. Root cause: improper access check allows unauthorized users to access workflow stage and transition information. Impact: disclosure of workflow stage/transition details due to weak access cont...

6.5CVSS6AI score0.00208EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/07/07 3:16 p.m.6 views

CVE-2026-14535

A flaw was found in the fickling library, versions up to and including 0.1.11. A logic error in the security analysis passes allows an attacker to bypass intended safety checks during pickle deserialization. This vulnerability enables the invocation of arbitrary standard library modules, leading ...

9.8CVSS6AI score0.00321EPSS
Exploits1References7
nvd
nvd
added 2026/07/06 11:16 p.m.9 views

CVE-2026-53643

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the canalwaysaccess module flag which grants all staff access to certain...

8.7CVSS0.00226EPSS
Exploits0References1
nvd
nvd
added 2026/07/06 11:16 p.m.9 views

CVE-2026-53640

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, low-privileged staff accounts may read sensitive data via admin API endpoints that lack permission checks. While sibling write endpoints correctly enforce fine-grained permissions, the corresponding...

2.3CVSS0.00226EPSS
Exploits0References1
Rows per page
Query Builder