Lucene search
K

201 matches found

Nuclei
Nuclei
added 13 hours ago7 views

LeadConnector < 3.0.22 - Unauthenticated Arbitrary Data Write

LeadConnector WordPress plugin 3.0.22 contains a broken access control caused by missing authorization in a REST route, letting unauthenticated attackers overwrite existing data remotely, exploit requires no authentication. id: CVE-2026-1890 info: name: LeadConnector 3.0.22 - Unauthenticated...

5.3CVSS6.1AI score0.00645EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/08 3:22 p.m.4 views

kernel: gfs2: Fix use-after-free in iomap inline data write path

A flaw was found in the Linux kernel's GFS2 filesystem. This memory corruption vulnerability, a use-after-free, occurs in the iomap inline data write path. The issue arises because a data buffer is released prematurely while still being referenced, leading to a write to freed memory. This could...

7.8CVSS6.1AI score0.0031EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 1:47 p.m.3 views

kernel: gfs2: Fix use-after-free in iomap inline data write path

A flaw was found in the Linux kernel's GFS2 filesystem. This memory corruption vulnerability, a use-after-free, occurs in the iomap inline data write path. The issue arises because a data buffer is released prematurely while still being referenced, leading to a write to freed memory. This could...

7.8CVSS6.8AI score0.0031EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fixed a use-after-free in the iomap inline data write path The inline data buffer head dibh is released prematurely in gfs2iomapbegin via releasemetapath, while iomap-inlinedata still points to dibh-bdata. This causes a...

7.8CVSS6.4AI score0.0031EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.37 views

CVE-2026-9619 Reviews and Rating <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via sync_reviews AJAX Action

The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00307EPSS
Exploits0References6
NVD
NVD
added 2026/06/17 10:53 a.m.12 views

CVE-2026-46810

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: End User Self Service. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Identity...

6.5CVSS0.00272EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 12:18 p.m.45 views

CVE-2026-45984

The CVE-2026-45984 issue is a concrete Linux-kernel vulnerability in the GFS2 iomap inline data write path. A data buffer head (dibh) is released prematurely via release_metapath() in gfs2_iomap_begin(), while iomap-&gt;inline_data still references dibh-&gt;b_data, causing a use-after-free when i...

7.8CVSS5.9AI score0.0031EPSS
Exploits0References17Affected Software1
UbuntuCve
UbuntuCve
added 2026/05/22 12:0 a.m.13 views

CVE-2026-39834

When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation...

9.1CVSS5.9AI score0.00466EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: ext4: fixed the bug in ext4writepages We encountered the following issue: EXT4-fs error device loop0: ext4mbgeneratebuddy:1141: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free cls ------------ cut here...

5.5CVSS6.1AI score0.00283EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 2:0 p.m.36 views

CVE-2026-47100

CVE-2026-47100 affects Funnel Builder for WooCommerce Checkout (FunnelKit) prior to version 3.15.0.3. The vulnerability is a missing authorization flaw in the public checkout AJAX flow (update_order_review) that allows an unauthenticated attacker to invoke internal methods and write to the plugin...

8.7CVSS5.9AI score0.00457EPSS
In wildExploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/19 2:0 p.m.9 views

CVE-2026-47100

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...

8.7CVSS5.9AI score0.00457EPSS
Exploits1References4
NVD
NVD
added 2026/05/15 3:16 a.m.12 views

CVE-2025-54511

Improper handling of insufficient privileges in the AMD Secure Processor ASP could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability...

5.3CVSS0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/15 2:45 a.m.13 views

CVE-2025-54511

Improper handling of insufficient privileges in the AMD Secure Processor ASP could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 2:45 a.m.43 views

CVE-2025-54511

Improper handling of insufficient privileges in the AMD Secure Processor ASP could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability...

5.3CVSS0.00207EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 2:45 a.m.17 views

CVE-2025-54511

CVE-2025-54511 affects the AMD Secure Processor (ASP). The AMD bulletin and NVD entry state that improper handling of insufficient privileges could allow an attacker to provide an input value to a function without sufficient privileges and write data, potentially impacting integrity and availabil...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 2:45 a.m.15 views

EUVD-2025-209878

Improper handling of insufficient privileges in the AMD Secure Processor ASP could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 2:41 a.m.12 views

EUVD-2026-30500

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCOPYVFCHIPLETREGS to write invalid data to a remote Die, potentially resulting in unexpected behavior...

1.8CVSS5.8AI score0.00101EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.22 views

PT-2026-41254

Improper handling of insufficient privileges in the AMD Secure Processor ASP could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References2
Amd
Amd
added 2026/05/12 12:0 a.m.16 views

AMD Graphics Vulnerabilities – May 2026

CVE Details Refer to Glossary for explanation of terms CVE ID| CVE Description| CVSS Vector ---|---|--- CVE-2024-36323| Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine VM or a process to perform unauthorized access to the register space of the JPEG...

8.8CVSS6.4AI score0.00207EPSS
Exploits0
OSV
OSV
added 2026/05/06 2:46 p.m.12 views

BIT-JAVA-MIN-2026-21925

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and...

4.8CVSS6.5AI score0.00212EPSS
Exploits0References3
Rows per page
Query Builder