Lucene search
+L

529711 matches found

nvd
nvd
added 6 hours ago6 views

CVE-2026-12979

The FunnelKit WordPress plugin before 3.15.0.6 does not validate a user-supplied path before deleting a file during a template-import operation, allowing users with administrator privileges to delete arbitrary .json files outside the intended directory through path traversal, which can disable...

5.5CVSS
Exploits0References1
cvelist
cvelist
added 7 hours ago9 views

CVE-2026-12979 FunnelKit < 3.15.0.6 - Admin+ Arbitrary File Deletion via Path Traversal in Template Importer

The FunnelKit WordPress plugin before 3.15.0.6 does not validate a user-supplied path before deleting a file during a template-import operation, allowing users with administrator privileges to delete arbitrary .json files outside the intended directory through path traversal, which can disable...

Exploits0References1
euvd
euvd
added 7 hours ago5 views

EUVD-2026-44882

The FunnelKit WordPress plugin before 3.15.0.6 does not validate a user-supplied path before deleting a file during a template-import operation, allowing users with administrator privileges to delete arbitrary .json files outside the intended directory through path traversal, which can disable...

5.5CVSS6.2AI score
Exploits0References1
cve
cve
added 7 hours ago9 views

CVE-2026-12979

The FunnelKit WordPress plugin before 3.15.0.6 does not validate a user-supplied path before deleting a file during a template-import operation, allowing users with administrator privileges to delete arbitrary .json files outside the intended directory through path traversal, which can disable...

5.5CVSS6.2AI score
Exploits0References1
nvd
nvd
added 12 hours ago4 views

CVE-2026-48863

A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processin...

7.5CVSS
Exploits0References4
nvd
nvd
added 12 hours ago6 views

CVE-2026-3842

A flaw was found in QEMU. This vulnerability allows a local attacker within a guest virtual machine to write data beyond its allocated memory. This occurs when cpuphysicalmemorymap returns a shorter length than expected, leading to an out-of-bounds write. Successful exploitation could result in...

7.8CVSS
Exploits0References3
nvd
nvd
added 12 hours ago6 views

CVE-2026-23538

A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...

7.5CVSS
Exploits0References4
euvd
euvd
added 12 hours ago7 views

EUVD-2026-44842

A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processin...

7.5CVSS6.2AI score
Exploits0References3
cve
cve
added 12 hours ago106 views

CVE-2026-48863

The CVE-2026-48863 issue is a stack-based buffer overflow in libsolv’s EdDSA verification when copying the EdDSA 's' MPI, caused by length handling. An adversary could craft an Ed25519 PGP signature with mismatched MPI lengths to trigger a denial of service in automated package/repo processing wo...

7.5CVSS6.2AI score
Exploits0References4
euvd
euvd
added 13 hours ago5 views

EUVD-2026-44840

A flaw was found in QEMU. This vulnerability allows a local attacker within a guest virtual machine to write data beyond its allocated memory. This occurs when cpuphysicalmemorymap returns a shorter length than expected, leading to an out-of-bounds write. Successful exploitation could result in...

7.8CVSS6.9AI score
Exploits0References2
redhat
redhat
added 13 hours ago5 views

kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock

A flaw was found in the Linux kernel's futex Fast Userspace Mutex requeue mechanism. When a non-top waiter attempts to requeue a Priority Inheritance PI futex it already owns, a NULL pointer dereference can occur. This issue, specifically within the removewaiter function during a self-deadlock...

6AI score0.00126EPSS
Exploits0References6
cvelist
cvelist
added 13 hours ago13 views

CVE-2026-23538 Feast: resource exhaustion via websocket endpoint

A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...

7.5CVSS
Exploits0References3
euvd
euvd
added 13 hours ago9 views

EUVD-2026-44838

A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...

7.5CVSS6.1AI score
Exploits0References3
cve
cve
added 13 hours ago20 views

CVE-2026-23538

The CVE affects Feast: Feast Feature Server /ws/chat accepts unauthenticated, persistent WebSocket connections. An attacker can open many concurrent connections to exhaust memory, CPU, and file descriptors, causing DoS. Affected software: Feast (Python SDK context cited by SNYK for Feast &gt;=0.1...

7.5CVSS6.1AI score
Exploits0References4
osv
osv
added 13 hours ago4 views

RLSA-2026:39868 Important: nodejs:24 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

8.1CVSS6.5AI score0.02806EPSS
Exploits1References16
rocky
rocky
added 13 hours ago3 views

python3.12 security update

An update is available for python3.12. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...

8.7CVSS6.1AI score0.00553EPSS
Exploits0
osv
osv
added 13 hours ago2 views

RLSA-2026:39893 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS6.1AI score0.00553EPSS
Exploits0References2
rocky
rocky
added 13 hours ago2 views

perl-XML-LibXML security update

An update is available for perl-XML-LibXML. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This module implements a Perl interface to the GNOME libxml2 library...

7.5CVSS6.1AI score0.00531EPSS
Exploits0
redhat
redhat
added yesterday4 views

net-imap: rubygem-net-imap: Net::IMAP: Denial of Service via malformed command input

A flaw was found in Net::IMAP, a Ruby client library for the Internet Message Access Protocol IMAP. This vulnerability allows a remote attacker to cause a denial of service by sending specially crafted input to certain Net::IMAP commands. When a raw string argument, derived from user-controlled...

2.1CVSS6AI score0.00239EPSS
Exploits0References5
cve
cve
added yesterday5 views

CVE-2026-52890

CVE-2026-52890 affects Wekan (open-source Kanban, Meteor-based) before version 9.31. A logged-in board member can insert an attachment via the DDP /attachments/insert method using attacker-controlled versions.original.path and versions.original.storage. The insert rule checks only board write acc...

7.1CVSS6.2AI score0.00074EPSS
Exploits0References3
Rows per page
Query Builder