Lucene search
K

17350 matches found

NVD
NVD
added yesterday5 views

CVE-2026-14439

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-14406

Out of bounds read in V8 in Google Chrome prior to 150.0.7871.46 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Medium...

5.9CVSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-53334

A flaw was found in the Linux kernel's Data Access Monitor DAMON reclaim and Least Recently Used LRU sort mechanisms. This vulnerability arises from an incorrect assumption that a memory allocation will always succeed. If the allocation fails, a NULL pointer is dereferenced, which can lead to...

5.8AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-56152

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS5.8AI score
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-13602

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: The payment integration plugins Stripe included in the core system, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect,...

9.4CVSS6AI score
Exploits0References2Affected Software1
EUVD
EUVD
added yesterday6 views

EUVD-2026-40995

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: The payment integration plugins Stripe included in the core system, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect,...

9.4CVSS6AI score
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-5120

A Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026 could allow a user to access unauthorized data from another user...

8.1CVSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-40956

A Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026 could allow a user to access unauthorized data from another user...

8.1CVSS5.8AI score
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-1239

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the 'ninja-forms-views/token/refresh' REST callback in all versions up to, and including, 3.14.1. This makes it possible for...

7.5CVSS0.0026EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday13 views

Team WordPress Plugin (TLP Team) <= 5.0.9 - SQL Injection

Team WordPress plugin = 5.0.11 contains a SQL injection caused by improper sanitization and escaping of a parameter in an AJAX action accessible to unauthenticated users, letting remote attackers execute arbitrary SQL commands. id: CVE-2025-14124 info: name: Team WordPress Plugin TLP Team = 5.0.9...

8.6CVSS6.1AI score0.0156EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday10 views

WordPress Simple Job Board - Unauthorized Data Access

The Simple Job Board plugin for WordPress is vulnerable to unauthorized data access due to insufficient authorization checking in the fetchquickjob function in all versions up to and including 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be...

5.3CVSS6.8AI score0.00909EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday13 views

GeoServer Demo Request Endpoint - Server Side Request Forgery

It is possible to achieve Server Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. An unauthenticated user can supply a request that will be issued by the server, allowing enumeration of internal networks and, in the case of cloud instances, access to...

8.2CVSS7AI score0.01923EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday98 views

WP Umbrella Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion

The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute...

9.8CVSS8.1AI score0.15043EPSS
Exploits1References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-40768

Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Low...

5.8AI score0.00167EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago19 views

CVE-2026-13828

Inappropriate implementation in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago20 views

CVE-2026-13790

Side-channel information leakage in Scroll in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

0.00208EPSS
Exploits0References2
NVD
NVD
added 2 days ago6 views

CVE-2026-58448

yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that allows any authenticated user to access arbitrary process instance records by supplying a caller-controlled process-instance identifier to an unprotected endpoint lacking the @PreAuthorize annotation...

7.1CVSS0.00235EPSS
Exploits0References3
NVD
NVD
added 2 days ago7 views

CVE-2026-13207

FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by...

8.7CVSS0.00352EPSS
Exploits0References3
CVE
CVE
added 2 days ago8 views

CVE-2026-58448

yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that allows any authenticated user to access arbitrary process instance records by supplying a caller-controlled process-instance identifier to an unprotected endpoint lacking the @PreAuthorize annotation...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-13207 Frangoteam FUXA SCADA/HMI Authentication Bypass by Spoofing

FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by...

8.7CVSS0.00352EPSS
Exploits0References3
Rows per page
Query Builder