Lucene search
+L

4259 matches found

EUVD
EUVD
added 2026/05/07 2:59 a.m.18 views

EUVD-2026-28276

Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses...

5.2CVSS5.8AI score0.00285EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/05 8:58 a.m.20 views

CVE-2026-6238

A flaw was found in glibc GNU C Library. The deprecated functions nsprintrrf, nsprintrr, and fpnquery do not properly validate the length of RDATA Resource Record Data in a DNS Domain Name System response when processing specific record types like LOC, CERT, TKEY, or TSIG. A remote attacker could...

6.5CVSS5.8AI score0.00358EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.9 views

CVE-2026-7686

A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the file premium.preload.js of the component Legacy Premium Activation. Performing a manipulation results in improper access controls. Remote exploitation of the...

6.9CVSS5.7AI score0.00363EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.12 views

PT-2026-36989

Name of the Vulnerable Software and Affected Versions phpVMS versions 7.x through 7.0.5 Description A critical issue in the legacy importer component allows unauthenticated access to a deprecated import feature. A remote attacker can trigger internal processes to modify or delete application data...

9.4CVSS5.8AI score0.01173EPSS
Exploits1References16
CVE
CVE
added 2026/05/03 7:30 a.m.42 views

CVE-2026-7686

Eyeo Adblock Plus (Chrome) up to 4.36.2 contains a vulnerability in postMessage handling within premium.preload.js (Legacy Premium Activation). Exploitation allows improper access controls with remote execution; the attack is publicly disclosed. The vendor notes the legacy activation path is depr...

6.9CVSS5.7AI score0.00363EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-43041

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: qrtr: replace qrtrtxflow radixtree with xarray to fix memory leak radixtreecreate allocates and links intermediate nodes into the tree one by one. If a...

5.5CVSS6.2AI score0.00114EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/01 2:5 p.m.3 views

glibc: glibc: Application crash or uninitialized memory read via crafted DNS response

A flaw was found in glibc GNU C Library. The deprecated functions nsprintrrf, nsprintrr, and fpnquery do not properly validate the length of RDATA Resource Record Data in a DNS Domain Name System response when processing specific record types like LOC, CERT, TKEY, or TSIG. A remote attacker could...

6.5CVSS6.1AI score0.00358EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/04/30 2:30 a.m.7 views

SUSE CVE-2026-5435

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records...

5.3CVSS5.5AI score0.00237EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/04/30 2:30 a.m.7 views

SUSE CVE-2026-6238

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response,...

5.3CVSS5.8AI score0.00358EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/04/29 10:13 p.m.6 views

CVE-2026-7381

Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...

5.8CVSS5.3AI score0.00442EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/04/29 10:13 p.m.13 views

CVE-2026-7381

Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...

9.1CVSS5.5AI score0.00442EPSS
Exploits0
EUVD
EUVD
added 2026/04/29 10:13 p.m.4 views

EUVD-2026-26296

Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...

5.8CVSS5.3AI score0.00442EPSS
Exploits0References3
OSV
OSV
added 2026/04/29 10:13 p.m.4 views

CVE-2026-7381 Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting

Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...

9.1CVSS6AI score0.00442EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/04/29 9:53 p.m.11 views

Admidio Missing Minimum Administrator Check in Role Membership Removal

Summary Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses it. Any administrator can remove the last remaining other...

5.2CVSS5.4AI score0.00285EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/29 9:53 p.m.12 views

GHSA-C7XM-R6VJ-8VG6 Admidio Missing Minimum Administrator Check in Role Membership Removal

Summary Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses it. Any administrator can remove the last remaining other...

5.2CVSS5.7AI score0.00285EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.11 views

PT-2026-36018

Name of the Vulnerable Software and Affected Versions Plack::Middleware::XSendfile versions prior to 1.0053 Description Plack::Middleware::XSendfile allows the variation setting sendfile type to be controlled by the client via the X-Sendfile-Type header if it is not defined in the middleware...

9.1CVSS5.4AI score0.00442EPSS
Exploits0References18
OSV
OSV
added 2026/04/28 7:37 p.m.6 views

DEBIAN-CVE-2026-6238

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response,...

6.5CVSS5.8AI score0.00358EPSS
Exploits0References1
NVD
NVD
added 2026/04/28 7:37 p.m.19 views

CVE-2026-6238

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response,...

6.5CVSS0.00358EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/28 7:37 p.m.6 views

CVE-2026-6238

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response,...

6.5CVSS6.1AI score0.00358EPSS
Exploits0References3
OSV
OSV
added 2026/04/28 7:37 p.m.7 views

UBUNTU-CVE-2026-6238

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response,...

6.5CVSS5.8AI score0.00358EPSS
Exploits0References4
Rows per page
Query Builder