Lucene search
K

303660 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:9 p.m.10 views

CVE-2026-35266

Vulnerability in Oracle REST Data Services component: Core. Supported versions that are affected are 24.2.0-26.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks require human interaction...

7.9CVSS5.5AI score0.00115EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.8 views

CVE-2024-47269

Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...

4.9CVSS5.5AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:48 p.m.7 views

CVE-2024-36315

Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and potentially disclose sensitive information, potentially resulting in loss of confidentiality...

5.7CVSS5.4AI score0.00135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:48 p.m.9 views

CVE-2024-58343

Vision Helpdesk before 5.7.0 patched in 5.6.10 allows attackers to read user profiles via modified serialized cookie data to visclientid...

4.3CVSS5.5AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:48 p.m.8 views

CVE-2024-30151

HCL BigFix Service Management SX is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system...

8.3CVSS5.5AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:48 p.m.6 views

CVE-2024-54011

Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and...

6.5CVSS5.5AI score0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:48 p.m.8 views

CVE-2024-43384

A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer...

8CVSS5.5AI score0.0034EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/05 6:44 p.m.30 views

CVE-2026-46396 HAX CMS has a stored XSS via <iframe> that allows access to sensitive client-side data and account takeover

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page ...

9.3CVSS0.0023EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 6:44 p.m.24 views

CVE-2026-46396

CVE-2026-46396 stems from a stored XSS in HAX CMS prior to 26.0.0, caused by improper sanitization of elements that permit javascript: in the src attribute. When a victim views a page containing such an iframe, arbitrary JavaScript can execute in the browser context, enabling access to sensitive...

9.3CVSS5.5AI score0.0023EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 6:44 p.m.11 views

CVE-2026-46396 HAX CMS has a stored XSS via <iframe> that allows access to sensitive client-side data and account takeover

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page ...

9.3CVSS5.5AI score0.0023EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 6:44 p.m.11 views

EUVD-2026-34891

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page ...

9.3CVSS5.5AI score0.0023EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/05 6:31 p.m.29 views

CVE-2026-5411 WP Captcha PRO <= 5.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the saveajax function of the licensing module,...

8.8CVSS0.00449EPSS
Exploits0References2
NVD
NVD
added 2026/06/05 6:17 p.m.12 views

CVE-2026-50733

Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval, allowing arbitrary JavaScript execution. The flaw affects every render path - the live preview window.eval and presentation mode plus HTML export the bundled WaveDrom.ProcessAll/ev...

8.8CVSS0.00362EPSS
Exploits0References3
OSV
OSV
added 2026/06/05 6:11 p.m.10 views

GHSA-P462-PRXW-MJX4 NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over the network by unauthenticated attacker)

Summary The Binary Stream Capture BSC component exposes an unauthenticated HTTP API for dynamically creating packet capture “handlers.” Because the code blindly trusts path‑related form fields, a remote client can: - Bypass the configured log root and direct BSC to log to arbitrary filesystem...

9.1CVSS6AI score0.00163EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/05 6:10 p.m.6 views

CVE-2026-46389

UDS Identity Config builds the Keycloak configuration image realm, plugins, theme, truststore, JARs consumed by UDS Core's Identity deployment. In versions 0.11.0 through 0.26.0, a logic error in the client-kubernetes-secret Keycloak client authenticator shipped by uds-identity-config and consume...

10CVSS5.4AI score0.00341EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/05 5:49 p.m.8 views

CVE-2026-50733 Markdown Preview Enhanced Arbitrary Code Execution via WaveDrom eval()

Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval, allowing arbitrary JavaScript execution. The flaw affects every render path - the live preview window.eval and presentation mode plus HTML export the bundled WaveDrom.ProcessAll/ev...

8.8CVSS5.8AI score0.00362EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/05 5:49 p.m.10 views

EUVD-2026-34870

Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval, allowing arbitrary JavaScript execution. The flaw affects every render path - the live preview window.eval and presentation mode plus HTML export the bundled WaveDrom.ProcessAll/ev...

8.8CVSS5.8AI score0.00362EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/05 5:49 p.m.7 views

CVE-2025-71318 NetMan 204 Missing Authentication for Administrative Functions

NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...

9.8CVSS5.5AI score0.00533EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/05 5:49 p.m.7 views

CVE-2025-71318

NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...

9.8CVSS5.5AI score0.00533EPSS
Exploits0References3
NVD
NVD
added 2026/06/05 5:16 p.m.11 views

CVE-2026-48111

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an off-by-one out-of-bounds read vulnerability in the ParseDepedencyExpression function of the UEFI firmware image parserCPP/7zip/Archive/UefiHandler.cpp. The function validates an attacker-controlled opco...

7.1CVSS0.00225EPSS
Exploits1References1
Rows per page
Query Builder