Lucene search
+L

3066 matches found

redhatcve
redhatcve
added 2026/06/05 7:14 p.m.14 views

CVE-2026-4094

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'adminhead' function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Contributor-lev...

8.1CVSS5.4AI score0.00273EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:12 p.m.10 views

CVE-2026-44609

Local privilege escalation due to EXE hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.15051.93227...

7.3CVSS7.2AI score0.00106EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/05 12:0 a.m.19 views

PT-2026-47066

Name of the Vulnerable Software and Affected Versions WPvivid Backup & Migration versions prior to 0.9.129 Description The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress allows authenticated attackers with Administrator-level access and above to delete arbitrary...

3.8CVSS5.6AI score0.00263EPSS
Exploits0References12
nvd
nvd
added 2026/06/04 2:16 p.m.15 views

CVE-2026-40605

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows authenticated API access to delete directories outside the configured cache path. This can cause arbitrary data loss and...

7.1CVSS0.00303EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/04 12:50 p.m.12 views

CVE-2026-40605 Tautulli Vulnerable to Authenticated Path Traversal in Cache Deletion API

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows authenticated API access to delete directories outside the configured cache path. This can cause arbitrary data loss and...

7.1CVSS5.9AI score0.00303EPSS
Exploits0References2
euvd
euvd
added 2026/06/04 12:50 p.m.12 views

EUVD-2026-34256

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows authenticated API access to delete directories outside the configured cache path. This can cause arbitrary data loss and...

7.1CVSS5.9AI score0.00303EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/04 12:50 p.m.43 views

CVE-2026-40605 Tautulli Vulnerable to Authenticated Path Traversal in Cache Deletion API

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows authenticated API access to delete directories outside the configured cache path. This can cause arbitrary data loss and...

7.1CVSS0.00303EPSS
Exploits0References2
cve
cve
added 2026/06/04 12:50 p.m.18 views

CVE-2026-40605

CVE-2026-40605 concerns Tautulli, a Python-based tool for Plex Media Server. A path traversal vulnerability existed in the cache deletion API prior to version 2.17.1, allowing an authenticated user to delete directories outside the configured cache path, which could lead to arbitrary data loss an...

7.1CVSS5.9AI score0.00303EPSS
Exploits0References2
osv
osv
added 2026/06/04 12:50 p.m.4 views

CVE-2026-40605 Tautulli Vulnerable to Authenticated Path Traversal in Cache Deletion API

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows authenticated API access to delete directories outside the configured cache path. This can cause arbitrary data loss and...

7.1CVSS6AI score0.00303EPSS
Exploits0References4
euvd
euvd
added 2026/06/03 7:26 p.m.15 views

EUVD-2026-34173

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.15051.93227...

7.3CVSS5.8AI score0.00106EPSS
Exploits0References1
cve
cve
added 2026/06/03 7:26 p.m.23 views

CVE-2026-42061

CVE-2026-42061 describes a local privilege escalation caused by excessive permissions granted to child processes in Acronis DeviceLock DLP (Windows) prior to build 9.0.15051.93227 . Affected component and root cause are stated, with the CVSSv3 score reported as 7.3 (High) and attack vector LOCAL,...

7.3CVSS7.1AI score0.00106EPSS
Exploits0References1
euvd
euvd
added 2026/06/03 7:25 p.m.13 views

EUVD-2026-34171

Local privilege escalation due to EXE hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.15051.93227...

7.3CVSS5.8AI score0.00106EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/03 12:0 a.m.8 views

Acronis DeviceLock DLP 代码问题漏洞

Acronis DeviceLock DLP is a terminal security protection system developed by the Swiss company Acronis. It is designed to control access to peripherals and prevent data breaches. Versions of Acronis DeviceLock DLP prior to 9.0.15051.93227 contained code vulnerabilities, specifically an EXE...

7.3CVSS7.3AI score0.00106EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/03 12:0 a.m.11 views

Acronis DeviceLock DLP 安全漏洞

Acronis DeviceLock DLP is a terminal security system developed by the Swiss company Acronis. It is designed to control access to peripherals and prevent data breaches. Versions of Acronis DeviceLock DLP prior to 9.0.15051.93227 contained security vulnerabilities. These vulnerabilities stemmed fro...

7.3CVSS7.3AI score0.00106EPSS
Exploits0References1
nessus
nessus
added 2026/06/03 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-45990

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: slub: fix data loss and overflow in krealloc Commit 2cd8231796b5 mm/slub: allow to set node...

5.5CVSS6.2AI score0.00133EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/02 7:27 p.m.8 views

CVE-2021-4479

Dräger Atlan A350 software versions 1.00 through 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can transmit malformed data to overload th...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References4Affected Software1
vulnrichment
vulnrichment
added 2026/06/02 7:27 p.m.9 views

CVE-2021-4479 Dräger Atlan A350 1.00 <= 1.01 DoS via Medibus Interface

Dräger Atlan A350 versions 1.00 up to and including 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can transmit malformed data to overload...

6.3CVSS5.4AI score0.00241EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/02 4:1 p.m.18 views

CVE-2026-48134

When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to...

5.6CVSS5.8AI score0.04356EPSS
Exploits0References1
snyk
snyk
added 2026/05/29 10:9 p.m.11 views

Sequence of Processor Instructions Leads to Unexpected Behavior

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Sequence of Processor Instructions Leads to Unexpected Behavior through the fielddelete process. An attacker can permanently remove...

7.1CVSS5.8AI score0.00029EPSS
Exploits0References3
osv
osv
added 2026/05/29 10:9 p.m.11 views

GHSA-XW54-C3MX-9PM3 Admidio: Any logged-in user can delete inventory fields via `mode=field_delete` — incomplete fix of #2024

Summary Commit d37ca6b27b9674238e58491cf7ba292e66898f15 "Delete item not check admin rights 2024", 2026-04-12 added a missing isAdministratorInventory gate to case 'itemdelete': in modules/inventory.php. The same fix was not applied to the sibling case 'fielddelete': handler, which destroys an...

6.5CVSS5.8AI score0.00029EPSS
Exploits0References2
Rows per page
Query Builder