Lucene search
+L

3399 matches found

Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.15 views

PT-2026-40127

Name of the Vulnerable Software and Affected Versions mem0 version 1.0.0 Description The server lacks authentication and authorization controls for its memory management API endpoints. This allows a remote attacker to send unauthenticated requests to modify, overwrite, or delete arbitrary memory...

7.5CVSS6.2AI score0.00372EPSS
Exploits0References7
CVE
CVE
added 2026/05/12 12:0 a.m.26 views

CVE-2026-31240

The mem0 1.0.0 server exposes memory-management endpoints without authentication/authorization. Specifically, PUT /memories/{memory_id} accepts unauthenticated requests, enabling an attacker to modify, overwrite, or delete memory records, causing unauthorized data manipulation and potential data ...

7.5CVSS5.9AI score0.00372EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017698)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017698 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.22 and prior. Difficult to exploit...

6.3CVSS6.7AI score0.01722EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/08 9:26 p.m.11 views

EUVD-2026-28836

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to insecure action lookup logic, an authenticated user can execute any Action class descendants of...

8.8CVSS5.7AI score0.00295EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.9 views

Avo 访问控制错误漏洞

Avo is an open-source Ruby on Rails management panel framework developed by Avo itself. Versions of Avo prior to 3.31.2 contained a security vulnerability related to access control. This vulnerability stemmed from insecure operation search logic in the ActionsController, allowing authenticated...

8.8CVSS5.7AI score0.00295EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

Roadiz Document base system 数据伪造问题漏洞

The Roadiz Document Base System is an open-source HTML template rendering system based on documents developed by Roadiz. Versions prior to 2.3.43, 2.5.45, 2.6.31, and 2.7.18 of the Roadiz Document Base System had data manipulation vulnerabilities. These vulnerabilities stemmed from the use of OID...

7.1CVSS5.7AI score0.00152EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-38767

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated...

5.3CVSS5.8AI score0.02253EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

plunk 数据伪造问题漏洞

Plunk is an open-source email sending and management platform developed by Plunk. Versions of Plunk prior to 0.9.0 contained a data manipulation vulnerability. This vulnerability stems from the /webhooks/sns endpoint accepting Amazon SNS notification payloads without verifying the SNS signature,...

9.1CVSS5.7AI score0.00127EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 3:16 p.m.14 views

UBUNTU-CVE-2026-41650

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...

6.1CVSS5.7AI score0.00238EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/07 1:13 p.m.31 views

CVE-2025-14341 Input Data Manipulation in DivvyDrive Information Technologies' DivvyDrive

Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before...

8.3CVSS0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/07 1:13 p.m.6 views

CVE-2025-14341 Input Data Manipulation in DivvyDrive Information Technologies' DivvyDrive

Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before...

8.3CVSS5.8AI score0.00221EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 1:13 p.m.17 views

CVE-2025-14341

DivvyDrive Information Technologies’ DivvyDrive contains a vulnerability (CVE-2025-14341) due to improperly controlled modification of dynamically-determined object attributes, causing Excessive Allocation/Resource Flooding. Affected versions are 4.8.2.19 prior to 4.8.3.2. The issue has NETWORK a...

8.3CVSS5.8AI score0.00221EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 6:0 a.m.11 views

RLSA-2026:13414 Important: tigervnc security update

Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients...

7.8CVSS5.9AI score0.0038EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

Admidio 数据伪造问题漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a data manipulation vulnerability. This vulnerability stemm...

8.2CVSS5.7AI score0.00191EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-38033

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Orac...

4.8CVSS6.2AI score0.00971EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/04 12:38 p.m.42 views

TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions

A flaw was found in TigerVNC's x0vncserver component. Due to incorrect permissions in the Image.cxx file, other users on the system can observe or manipulate the screen contents of a running session. This vulnerability could also lead to an application crash, resulting in a Denial of Service DoS...

9.8CVSS5.8AI score0.00247EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.11 views

Dolibarr ERP CRM 数据伪造问题漏洞

Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM prior to 23.0.2 contained a data manipulation vulnerability. This vulnerability stemmed from a function in the Online Signature Module’s htdocs/core/lib/security.lib.php...

6.3CVSS5.7AI score0.00145EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/01 8:39 p.m.8 views

CVE-2026-31719

A flaw was found in the krb5enc module of the Linux kernel's crypto subsystem. When performing asynchronous decryption, the krb5encdispatchdecrypt function incorrectly bypasses the integrity verification hash check. This issue occurs because the skcipher completion handler signals completion...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/30 2:11 p.m.7 views

CVE-2026-33454

A flaw was found in the Camel-Mail component. An attacker can exploit this by sending a specially crafted email to a mailbox monitored by a Camel application. Due to a missing inbound filter, malicious headers within the email are not properly filtered, allowing them to alter the behavior of othe...

9.4CVSS5.4AI score0.00621EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.10 views

WordPress plugin Five Star Restaurant Reservations 数据伪造问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.7AI score0.00185EPSS
Exploits0References1
Rows per page
Query Builder