Lucene search
K

4571 matches found

Nuclei
Nuclei
added 8 hours ago15 views

Chef Automate < 4.13.295 — SQL Injection

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token. id: CVE-2025-8868 info...

9.8CVSS6.1AI score0.22827EPSS
Exploits0References2
Nuclei
Nuclei
added 8 hours ago35 views

WordPress Cookie Information/Free GDPR Consent Solution <2.0.8 - Cross-Site Scripting

WordPress Cookie Information/Free GDPR Consent Solution plugin prior to 2.0.8 contains a cross-site scripting vulnerability via the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to...

6.1CVSS6.5AI score0.01601EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday50 views

WP GDPR Compliance < 1.4.3 - Unauthenticated Call Any Action or Update Any Option

The WP GDPR Compliance plugin allows unauthenticated users to execute any action and update any database value. This vulnerability is due to the lack of proper validation in the Includes/Ajax.php file. id: CVE-2018-19207 info: name: WP GDPR Compliance 1.4.3 - Unauthenticated Call Any Action or...

9.8CVSS7.1AI score0.87294EPSS
Exploits4References2
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-42708

An Out-of-bounds Write vulnerability in the http-gatekeeper http-gk of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a...

6.9CVSS6AI score0.00474EPSS
Exploits0References2
CVE
CVE
added 5 days ago14 views

CVE-2026-57021

The CVE-2026-57021 entry describes an Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) component of Juniper Networks Junos OS on SRX Series. A network-based, unauthenticated attacker can trigger the flaw by sending specially formatted requests when remote-access VPN with pre-log...

6.9CVSS6AI score0.00474EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 5 days ago14 views

How GitHub gave every repository a durable owner

GitHub has over 14,000 repositories across our primary internal GitHub organization. As of early 2025, there were over 11,000 non-archived repositories, the vast majority of which with no clear owner. For repositories attached to production services, we have historically had robust durable...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-6352

A flaw was found in GitLab Enterprise Edition EE. An authenticated user with auditor-level access could modify compliance violation records. This was possible due to improper authorization on certain GraphQL operations, allowing them to bypass intended access controls...

2.7CVSS5.9AI score0.00264EPSS
Exploits0References6
NVD
NVD
added 6 days ago10 views

CVE-2026-6352

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS0.00264EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42408

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS6AI score0.00264EPSS
Exploits0References3
CVE
CVE
added 6 days ago83 views

CVE-2026-6352

GitLab EE contains an authorization flaw in GraphQL operations that could allow an authenticated user with auditor-level access to modify compliance violation records. Affected versions include all 18.2-era releases before 18.11.7, all 19.0-era releases before 19.0.4, and all 19.1-era releases be...

2.7CVSS6AI score0.00264EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-6352 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS0.00264EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56614

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.2 through 18.11.6 GitLab EE versions 19.0 through 19.0.3 GitLab EE versions 19.1 through 19.1.1 Description An improper authorization issue exists in certain GraphQL operations that could allow an authenticated user with...

2.7CVSS6.1AI score0.00264EPSS
Exploits0References7
FreeBSD
FreeBSD
added 6 days ago3 views

Gitlab -- Vulnerabilities

Gitlab reports: Cross-site Scripting issue in vulnerability evidence table renderer impacts GitLab EE HTML Injection in wiki markup rendering impacts GitLab CE/EE Insufficiently Protected Credentials issue in repository mirroring impacts GitLab EE Improper Access Control issue in work items impac...

8.7CVSS5.9AI score0.00282EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-56318

Capgo before 12.128.2 contains an information disclosure vulnerability in the /private/validatepasswordcompliance endpoint that returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated attackers can enumerate valid organization UUIDs by observi...

6.9CVSS0.00261EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 10:8 p.m.6 views

CVE-2026-56318

Capgo before 12.128.2 contains an information disclosure vulnerability in the /private/validatepasswordcompliance endpoint that returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated attackers can enumerate valid organization UUIDs by observi...

6.9CVSS5.8AI score0.00261EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 10:8 p.m.13 views

CVE-2026-56318

Capgo before 12.128.2 is affected by an information disclosure vulnerability in /private/validate_password_compliance that lets unauthenticated attackers enumerate valid organization UUIDs via differing responses for malformed, non-existent, and existing IDs. Impact is confidentiality exposure; r...

6.9CVSS5.8AI score0.00261EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.35 views

CVE-2026-56318 Capgo - Information Disclosure via /private/validate_password_compliance Endpoint

Capgo before 12.128.2 contains an information disclosure vulnerability in the /private/validatepasswordcompliance endpoint that returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated attackers can enumerate valid organization UUIDs by observi...

6.9CVSS0.00261EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 8:17 p.m.2 views

DEBIAN-CVE-2026-53287

In the Linux kernel, the following vulnerability has been resolved: audit: fix incorrect inheritable capability in CAPSET records auditlogcapset records the effective capability set into the inheritable field due to a copy-paste error. Every CAPSET audit record therefore reports cappi process...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 9:16 p.m.2 views

DEBIAN-CVE-2026-6412

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

4.3CVSS5.8AI score0.00074EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 8:38 p.m.9 views

EUVD-2026-39560

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

2.3CVSS5.8AI score0.00074EPSS
Exploits0References2
Rows per page
Query Builder