Lucene search
K

3774 matches found

NVD
NVD
added 18 minutes ago1 views

CVE-2026-41860

CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelpercreateasyncendpoint and sendhttpgetrequestsynchronous hard-code OpenSSL::SSL::VERIFYNONE, enabling an attacker to intercept traffic between bosh-monitor and the BOSH...

8.8CVSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-45903

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...

2.3CVSS5.8AI score0.00083EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2025-5085

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS6AI score0.00028EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago34 views

CVE-2025-5085 wp-nano-ad <= 1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting via blogrole_link Parameter

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS0.00028EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-45698

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole link’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS6AI score0.00028EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 3 days ago6 views

CVE-2026-9759

A flaw was found in the ROHC dissector in Wireshark. This issue occurs when malformed packets are decoded from a pcap file or the network, causing a NULL pointer dereference, resulting in a denial of service. Mitigation If the ROHC protocol dissector is not being used, it can be disabled via the...

5.5CVSS5.7AI score0.0001EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago12 views

The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass

The Plus Addons for Elementor plugin before version 4.1.7 allowed attackers to bypass authentication, gain admin access, and create accounts with elevated roles, even when registration was disabled and the Login widget was inactive. id: CVE-2021-24175 info: name: The Plus Addons for Elementor Pag...

9.8CVSS7.3AI score0.89621EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 5 days ago4 views

CVE-2026-5071 can: Local Denial of Service via SocketCAN Send

The SocketCAN implementation validates the length of a user-provided buffer containing a socketcanframe object using only a NETASSERT statement in zcansendtoctx before dereferencing it in socketcantocanframe. In production builds where assertions are disabled, a userspace application that control...

6.1CVSS5.9AI score0.00012EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-5071 can: Local Denial of Service via SocketCAN Send

The SocketCAN implementation validates the length of a user-provided buffer containing a socketcanframe object using only a NETASSERT statement in zcansendtoctx before dereferencing it in socketcantocanframe. In production builds where assertions are disabled, a userspace application that control...

6.1CVSS0.00012EPSS
Exploits0References1
OSV
OSV
added 6 days ago4 views

GHSA-8444-4FHQ-FXPQ PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default

Summary CVE-2026-44338 GHSA-6rmh-7xcm-cpxj documents that PraisonAI ships a code-generator praisonai.deploy.api.generateapiservercode that emits a Flask API server with authentication disabled by default. Users who follow the documented quickstart praisonai deploy --type api get a server that: -...

9.8CVSS6AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 6 days ago12 views

stigmem-node: Auth-disabled deployments may grant broad anonymous access outside loopback

Impact Stigmem nodes configured with authentication disabled could grant the anonymous identity broad read/write/federation capabilities if exposed outside a loopback-only local development environment. Impacted users are operators who intentionally disabled authentication while binding the node ...

5.8AI score
Exploits0References5Affected Software1
OSV
OSV
added 6 days ago2 views

GHSA-FP6W-8WPG-74G5 stigmem-node: Auth-disabled deployments may grant broad anonymous access outside loopback

Impact Stigmem nodes configured with authentication disabled could grant the anonymous identity broad read/write/federation capabilities if exposed outside a loopback-only local development environment. Impacted users are operators who intentionally disabled authentication while binding the node ...

9.2CVSS5.8AI score
Exploits0References5
OSV
OSV
added 6 days ago6 views

GHSA-8CPH-RGR4-G5VJ Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers

Impact Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL validation-error messages. An unauthenticated caller who knows only the public application id can iteratively send malformed queries to reconstruct...

6.9CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago4 views

PT-2026-45052

Summary CVE-2026-44338 GHSA-6rmh-7xcm-cpxj documents that PraisonAI ships a code-generator praisonai.deploy.api.generate api server code that emits a Flask API server with authentication disabled by default. Users who follow the documented quickstart praisonai deploy --type api get a server that:...

9.8CVSS6.2AI score0.00029EPSS
Exploits3References4
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-45015

Summary Gotenberg is vulnerable to a remote denial of service in multipart downloadFrom handling. A multipart request containing multiple downloadFrom entries causes concurrent goroutines to write to shared maps without synchronization. This can terminate the process with fatal error: concurrent...

7.5CVSS5.9AI score
Exploits0References4
RedhatCVE
RedhatCVE
added last week2 views

CVE-2025-71304

A flaw was found in the Linux kernel's Smack module. A local user with privileges to modify Smack's Domain of Interpretation DOI values could cause a denial of service. By writing a previously used DOI value to /smack/doi, networking for non-ambient labels becomes disabled. This prevents network...

5.8AI score0.00032EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added last week4 views

CVE-2026-44850 Portainer: Bind-mount restriction bypass via HostConfig.Mounts

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for...

8.5CVSS5.8AI score0.00032EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added last week7 views

CVE-2026-9434

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument wscDisabled leads to os command injection. The attack may be...

10CVSS7AI score0.01254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-46216

A flaw was found in the Linux kernel's drm/xe/hdcp module. When media Graphics Translation GT is disabled via configfs, a NULL pointer dereference can occur in the intelhdcpgsccheckstatus function. This can lead to a kernel pagefault error, resulting in a system crash and a Denial of Service DoS...

5.5CVSS5.8AI score0.00023EPSS
Exploits0References4
CVE
CVE
added last week9 views

CVE-2026-46173

CVE-2026-46173 concerns the Linux kernel. The issue arises when an already-exiting task oopses and make_task_dead() calls do_task_dead() with preemption enabled, while __schedule() must be called with preemption disabled. If a preempted oopsing task is still in the dead-state, finish_task_switch(...

7.8CVSS5.7AI score0.00016EPSS
Exploits0References6
Rows per page
Query Builder