Lucene search
K

7328 matches found

vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.7 views

@join-com/jest-matchers (>=1.0.0 <=1.0.1), jest-expect (=0.0.1) +1 more potentially affected by unknown CVE via fixed-round (=1.0.2)

fixed-round NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on fixed-round and may be impacted: - @join-com/jest-matchers =1.0.0, =0.0.1, =0.0.2 Source cves: unknown CVE Source advisory: SNYK:JS-FIXEDROUND-16754972...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.8 views

@join-com/jest-matchers (>=1.0.0 <=1.0.1), jest-expect (=0.0.1) +1 more potentially affected by unknown CVE via fixed-round (=1.0.2)

fixed-round NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on fixed-round and may be impacted: - @join-com/jest-matchers =1.0.0, =0.0.1, =0.0.2 Source cves: unknown CVE Source advisory: SNYK:JS-FIXEDROUND-16754804...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.6 views

@join-com/jest-matchers (>=1.0.0 <=1.0.1) potentially affected by unknown CVE via jest-expect (=0.0.1)

jest-expect NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on jest-expect and may be impacted: - @join-com/jest-matchers =1.0.0, =1.0.1 Source cves: unknown CVE Source advisory: SNYK:JS-JESTEXPECT-16755085...

5.5AI score
Exploits0
Cvelist
Cvelist
added 2026/05/13 2:22 p.m.29 views

CVE-2020-37218 Joomla com_hdwplayer 4.2 SQL Injection via search.php

Joomla comhdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hdwplayersearch parameter. Attackers can submit POST requests with crafted SQL payloads in the...

8.8CVSS0.0027EPSS
Exploits0References4
Circl
Circl
added 2026/05/12 2:4 p.m.22 views

CVE-2026-28374

creationtimestamp| type| source ---|---|--- 2026-05-12 14:04:59+00:00| seen| https://bsky.app/profile/releaseport.com/post/3mlnxgmxk2c23 2026-05-13 00:10:05+00:00| seen| https://bsky.app/profile/releaseport.com/post/3mlozakkufh2g...

4.3CVSS5.7AI score0.00198EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/10 12:43 p.m.33 views

CVE-2021-47930 Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthenticated

Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can send POST requests to the combaforms component with malicious JSON payloads in the 'id' field...

8.8CVSS0.00309EPSS
Exploits0References3
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/07 12:0 a.m.5 views

[20260702] - Core - Incorrect Access Control in com_contact vcf download

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

8.8CVSS6AI score0.0024EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/05/06 9:55 a.m.8 views

EUVD-2026-27655

A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting .example.com, any XYZ.example.com where xyz is a valid name can be used...

6.9CVSS5.8AI score0.00238EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2026/05/06 12:0 a.m.11 views

Agentic Vulnerability Reasoning on Windows COM Binaries

Windows Component Object Model COM services run with elevated privileges and are widely accessible to authenticated users, making race conditions in these binaries a critical surface for local privilege escalation. We present SLYP, an end-to-end agentic pipeline that discovers race condition...

5.7AI score
Exploits0
Circl
Circl
added 2026/04/30 8:49 a.m.6 views

CVE-2026-37572

creationtimestamp| type| source ---|---|--- 2026-04-30 08:49:10+00:00| seen| https://gist.github.com/sgInnora/5aa1682c359a4f4ced53fc2408936e82...

4.8AI score
Exploits0References1
OSV
OSV
added 2026/04/15 10:5 p.m.5 views

MAL-2026-2901 Malicious code in env_express (npm)

envexpress is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper.com/b/ZK45J and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

5.5AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/15 7:22 p.m.7 views

CVE-2026-20806

Access of resource using incompatible type 'type confusion' in Windows COM allows an authorized attacker to disclose information locally...

5.5CVSS5.7AI score0.00341EPSS
Exploits0References1
NVD
NVD
added 2026/04/14 6:17 p.m.2 views

CVE-2026-32162

Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally...

8.4CVSS0.02034EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 4:57 p.m.29 views

CVE-2026-20806 Windows COM Server Information Disclosure Vulnerability

...

5.5CVSS0.00341EPSS
Exploits0References1
CVE
CVE
added 2026/04/14 4:57 p.m.45 views

CVE-2026-20806

CVE-2026-20806 is a Windows COM vulnerability described as a type confusion in resource access that can let an authorized, locally authenticated attacker disclose data. The CVE is referenced across multiple sources (NVD, Red Hat, NCSC, CIRCL) with the same description of a local information discl...

5.5CVSS5.6AI score0.00341EPSS
Exploits0References1Affected Software11
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32591

The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's surbma-bookingcom shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS5.9AI score0.00152EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.13 views

Microsoft Windows COM 安全漏洞

Microsoft Windows COM is a technology developed by Microsoft Corporation in the United States, aimed at software reuse. COM is described as a platform-independent, distributed, object-oriented system used for creating interactive binary software components. There are security vulnerabilities in...

5.5CVSS5.8AI score0.00341EPSS
Exploits0References1
OSV
OSV
added 2026/04/10 8:49 a.m.1 views

BIT-JOOMLA-2026-21631 Joomla! Core - [20260303] - XSS vector in com_associations comparison view

Lack of output escaping leads to a XSS vector in the multilingual associations component...

8.4CVSS5.8AI score0.00216EPSS
Exploits1References3
CVE
CVE
added 2026/04/09 5:48 p.m.9 views

CVE-2026-35207

In dde-control-center (Deepin Desktop Environment), the plugin-deepinid insecurely skipped TLS certificate verification when fetching user avatars from openapi.deepin.com and similar providers. Prior to version 6.1.80, this allowed a (MITM) attacker to intercept traffic, potentially replace the a...

5.4CVSS5.9AI score0.00148EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.7 views

CVE-2026-35178

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an...

9.8CVSS6.5AI score0.00491EPSS
Exploits0References1
Rows per page
Query Builder