Lucene search
+L

530 matches found

NVD
NVD
added 2026/07/10 6:16 p.m.9 views

CVE-2026-56667

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL Login V2 OIDC and SAML FailedPrecondition error paths return loginSettings.defaultRedirectUri to router.push without applying the isSafeRedirectUri check, allowing an organization or instance administrator to store a...

7.3CVSS0.00225EPSS
Exploits0References3
OSV
OSV
added 2026/07/10 5:46 p.m.3 views

CVE-2026-56668 ZITADEL: Unauthorized Token Privilege Escalation in OAuth2 Token Exchange

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that requested scopes remain within the original token's...

8.1CVSS6.1AI score0.00231EPSS
Exploits0References5
CVE
CVE
added 2026/07/10 5:21 p.m.12 views

CVE-2026-56664

ZITADEL’s external JWT Identity Provider validation (internal/idp/providers/jwt/session.go) did not enforce maximum token age (missing iat) in tokens, allowing arbitrarily old tokens from a trusted issuer to pass authentication. Affected: ZITADEL core platform; vulnerable code path in the JWT IdP...

4.2CVSS6.1AI score0.00203EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/09 7:55 a.m.6 views

EUVD-2026-42537

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.3.7. This is due to the plugin not properly verifying that a user is authorized to perform an...

5.3CVSS5.9AI score0.00323EPSS
Exploits0References10
NVD
NVD
added 2026/07/06 12:16 p.m.10 views

CVE-2025-15668

A vulnerability was identified in GPAC up to b40ce70f5. This issue affects the function sgpddelentry of the file src/isomedia/boxcodebase.c of the component MP4Box. Such manipulation of the argument data leads to heap-based buffer overflow. Local access is required to approach this attack. The...

4.8CVSS0.00124EPSS
Exploits0References8
CVE
CVE
added 2026/07/06 11:45 a.m.11 views

CVE-2025-15668

GPAC MP4Box contains a heap-based overflow in sgpd_del_entry (src/isomedia/box_code_base.c). Local access is required. The exploit is publicly available; a patch is identified as f29f955f2a3b5e8e507caad3e52319f961bf37bf. Affected version range is GPAC up to b40ce70f5. Remediation is to apply the ...

4.8CVSS6.1AI score0.00124EPSS
Exploits0References8
OSV
OSV
added 2026/07/06 11:45 a.m.4 views

CVE-2025-15668 GPAC MP4Box box_code_base.c sgpd_del_entry heap-based overflow

A vulnerability was identified in GPAC up to b40ce70f5. This issue affects the function sgpddelentry of the file src/isomedia/boxcodebase.c of the component MP4Box. Such manipulation of the argument data leads to heap-based buffer overflow. Local access is required to approach this attack. The...

4.8CVSS6.1AI score0.00124EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52327

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the network PHY subsystem where the sfp bus del upstream function is not called during a probe failure path. This results in the sfp-bus retaining a dangling upstream...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References14
NVD
NVD
added 2026/06/24 5:17 p.m.8 views

CVE-2026-52949

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttmboshrink infinite LRU walk on backup failure Apply the same fix as b2ed01e7ad "drm/ttm: Fix ttmboswapout infinite LRU walk on swapout failure" to the ttmboshrink path. Move delbulkmove from before the backup to...

5.5CVSS0.00112EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 4:28 p.m.13 views

CVE-2026-52949

In CVE-2026-52949, the Linux kernel DRM/TTM component ttm_bo_shrink() was fixed to prevent an infinite LRU walk on backup failure. The patch mirrors the prior ttm_bo_swapout() fix: move del_bulk_move from before the backup to after success, and switch to using ttm_resource_del_bulk_move_unevictab...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51843

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/ttm component where a backup failure can lead to an infinite LRU Least Recently Used walk within the ttm bo shrink function. This occurs because the del bulk...

5.9AI score0.00112EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 a.m.12 views

CVE-2026-36800

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindIndex parameter of the formIPMacBindDel function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.14 views

CVE-2026-11533

A security vulnerability has been detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to...

5.5CVSS5.5AI score0.0023EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 12:11 p.m.11 views

EUVD-2026-35414

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use listdelrcu for netlink hooks nftnetdevunregisterhooks and nftunregisterflowtablenethooks need to use listdelrcu, this list can be walked by concurrent dumpers. Add a new helper and use it consistently...

5.3AI score0.00119EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.25 views

PT-2026-47761

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter nf tables component where the functions nft netdev unregister hooks and nft unregister flowtable net hooks fail to use list del rcu. This is problematic...

9.8CVSS5AI score0.00457EPSS
Exploits2References75
NVD
NVD
added 2026/06/08 5:16 p.m.12 views

CVE-2026-11533

A security vulnerability has been detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to...

5.5CVSS0.0023EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 4:30 p.m.12 views

EUVD-2026-35130

A security vulnerability has been detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to...

5.5CVSS5.1AI score0.0023EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:30 p.m.7 views

CVE-2026-11533

A security vulnerability has been detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to...

5.5CVSS5.1AI score0.0023EPSS
Exploits0References6
CVE
CVE
added 2026/06/08 4:30 p.m.26 views

CVE-2026-11533

The CVE-2026-11533 entry concerns imvks786 student_management_system (up to commit 9599b560ad3c3b83e75d328b76bedcd489ef1f46). A vulnerability in the file /see.php of the Student Deletion Endpoint allows manipulation of the del parameter to bypass authorization, with remote exploitation possible. ...

5.5CVSS5.1AI score0.0023EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/08 4:30 p.m.44 views

CVE-2026-11533 imvks786 student_management_system Student Deletion Endpoint see.php improper authorization

A security vulnerability has been detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to...

5.5CVSS0.0023EPSS
Exploits0References6
Rows per page
Query Builder