Lucene search
K

3043 matches found

Cvelist
Cvelist
added 2026/05/27 7:58 a.m.32 views

CVE-2026-40845 Authenticated SQLi in devices_configuration view

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devicesconfiguration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS0.00262EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 7:57 a.m.8 views

CVE-2026-40839 Authenticated SQLi in getComponentScalings function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 7:53 a.m.30 views

CVE-2026-40828 Authenticated SQLi in DeleteSysLogEntry function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

7CVSS0.00295EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 7:48 a.m.9 views

EUVD-2026-32121

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files mb24configetTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 4:28 a.m.9 views

CVE-2026-9236

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmaccampaignsaction function. This makes it...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

WordPress plugin CM Ad Changer 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.22 views

PT-2026-43857

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the slub allocator where the krealloc and kvrealloc functions can cause data loss or buffer overflows. This occurs during the reallocation fallback path when forcing a...

5.5CVSS6.2AI score0.00133EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect setting of the EXT4GETBLOCKSCONVERT flag when ext4 divides a partition without...

5.8AI score0.00123EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the krealloc function in Slub, causing data loss and buffer overflow issues during NUMA migration...

6AI score0.00133EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.13 views

CVE-2026-45990

slub: fix data loss and overflow in krealloc...

5.9AI score0.00133EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 2:16 p.m.20 views

CVE-2026-48134

When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to...

5.6CVSS0.04356EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 12:57 p.m.11 views

EUVD-2026-31821

When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to...

5.6CVSS5.8AI score0.04356EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 12:57 p.m.41 views

CVE-2026-48134

The CVE-2026-48134 issue affects Check Point’s UserCheck Portal when the DLP blade is active, applying to UserCheck’s Web Portal UserChoice input handling. The root cause is an input-handling flaw that could allow an attacker with access to the UserCheck Ask page to manipulate stored DLP/UserChec...

5.6CVSS5.8AI score0.04356EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 12:57 p.m.15 views

CVE-2026-48134 SQL injection issue in UserCheck Portal when DLP Software Blade is active

When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to...

5.6CVSS5.8AI score0.04356EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 12:57 p.m.8 views

CVE-2026-48134

When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to...

5.6CVSS5.8AI score0.04356EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

Check Point Security Gateway 安全漏洞

Check Point Security Gateway is a series of network security gateway devices developed by Check Point in Israel. There is a security vulnerability in Check Point Security Gateway, which stems from an input processing issue in the UserCheck Web Portal during the DLP activation process. This...

5.6CVSS5.8AI score0.04356EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.22 views

PT-2026-43238

Name of the Vulnerable Software and Affected Versions Security Gateway affected versions not specified Description An input-handling issue exists in the UserChoice flow of the UserCheck Web Portal when DLP is active. An attacker with access to the UserCheck Ask page can manipulate stored...

5.6CVSS5.9AI score0.04356EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/25 8:44 a.m.16 views

CVE-2026-28380

A flaw was found in Grafana. An authenticated user with editor privileges could exploit a Broken Access Control BAC vulnerability in the Snapshot API. This flaw allows an editor to delete any dashboard snapshot, even those they do not have explicit read or write access to, leading to unauthorized...

6.5CVSS5.7AI score0.00227EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/21 7:29 p.m.16 views

EUVD-2026-31333

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.8AI score0.00192EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/21 7:29 p.m.6 views

CVE-2026-4843

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.8AI score0.00192EPSS
Exploits0References3
Rows per page
Query Builder