Lucene search
K

3339 matches found

NVD
NVD
added yesterday6 views

CVE-2026-48313

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read and limited write access. An attacker could exploit this vulnerability to access sensitive...

9.3CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-48285

CVE-2026-48285 affects ColdFusion versions 2025.9, 2023.20 and earlier. It describes a Server-Side Request Forgery (SSRF) that can bypass security features and grant unauthorized read access without user interaction. The Bug’s scope is reported as changed, and the CVSS v3.1 base score is 8.6 (HIG...

8.6CVSS5.8AI score
Exploits0References1Affected Software1
CVE
CVE
added yesterday8 views

CVE-2026-48283

CVE-2026-48283 affects ColdFusion versions 2025.9, 2023.20 and earlier. The vulnerability is an Unrestricted Upload of File with Dangerous Type (CWE-434) that can lead to arbitrary code execution in the context of the current user. Exploitation requires no user interaction and is network‑visible;...

10CVSS6.4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 5 days ago33 views

WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.19.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Vimalatithyan S. Technieum in WordPress Plugin Email Marketing for WooCommerce by Omnisend versions = 1.19.0...

5.4CVSS5.8AI score0.00275EPSS
Exploits0Affected Software1
NVD
NVD
added 6 days ago7 views

CVE-2026-40082

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing sessionregenerateid after login, leading to Session Fixation. sessionregenerateid is NOT called after successful login. The login flow at authlogin.php:203-207 directly sets $SESSIONSESSUSER...

5.4CVSS0.00183EPSS
Exploits1References3
CVE
CVE
added 6 days ago8 views

CVE-2026-12921

In DAQFactory by AzeoTech, versions 21.1 and earlier have a Use After Free vulnerability in a component accessible via specially crafted .ctl files, which can lead to code execution. The CVSSv4.0 metrics indicate a HIGH base score (8.4) with a LOCAL attack vector, LOW attack complexity, and user ...

8.4CVSS5.9AI score0.0014EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-52615

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Description The Custom MCP feature, used for executing OS commands like launching local MCP servers, is unsandboxed. Due to a minimal authentication and authorization model lacking role-based access control, and...

9.8CVSS6AI score0.00727EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 2:16 p.m.10 views

CVE-2026-48137

There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially...

9.8CVSS0.00549EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in PostgresSQL 11

An information leak was discovered in PostgreSQL versions prior to 13.2, before 12.6, and before 11.11. A user with UPDATE permission but without SELECT permission for a specific column could create queries that, under certain circumstances, might reveal values from that column in error messages...

4.3CVSS6.1AI score0.01187EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module that serves as a dependency without checking whether any other dependent modules are still loaded, leading to a “use-after-free” scenario. This could allow arbitrary code to be...

8.2CVSS7AI score0.01152EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in exempi

The XMP Toolkit version 2020.1 and earlier versions is affected by a memory corruption vulnerability, which may lead to the execution of arbitrary code within the context of the current user. User interaction is required to exploit this vulnerability...

7.8CVSS8.1AI score0.03234EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 12:0 a.m.18 views

CVE-2026-38714

CVE-2026-38714 affects InHand Networks IR912 and IR915 devices (firmware v1.0.0.r20042 and earlier). A command-injection flaw exists in the Python configuration function, allowing remote attackers to execute arbitrary commands as root via a crafted input. Documents do not specify exploited vector...

9.8CVSS6AI score0.01316EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-39557

Unauthenticated PHP Object Injection in NeoBeat = 1.7 versions...

8.1CVSS0.00395EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.27 views

CVE-2026-45436 WordPress WPBakery Page Builder plugin <= 8.7.2 - Broken Access Control vulnerability

Subscriber Broken Access Control in WPBakery Page Builder = 8.7.2 versions...

6.5CVSS0.00304EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.12 views

PT-2026-50564

Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.16.0 Steeltoe affected versions not specified Description TypeBot contains an Insecure Direct Object Reference IDOR issue—a flaw where an application provides direct access to objects based on user-supplied...

7.1CVSS5.2AI score0.00202EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/16 11:52 a.m.5 views

CVE-2026-12326 Memory safety bugs fixed in Firefox 152 and Thunderbird 152

Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.8AI score0.00251EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.9 views

PT-2026-50087

Unauthenticated Privilege Escalation in Support Board 3.8.9 versions...

9.8CVSS5.2AI score0.00345EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 8:18 p.m.8 views

EUVD-2026-36837

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

6.5CVSS5.2AI score0.00144EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.5 views

EUVD-2026-36815

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 4:28 p.m.10 views

CVE-2026-49294

Valhalla (open source routing engine) versions ≤ 3.6.3 are affected by a reflected XSS in the JSONP callback parameter. The input is reflected into the JavaScript response without validation or encoding, enabling an attacker to craft a URL whose callback contains arbitrary JavaScript. If a victim...

6.1CVSS5.1AI score0.00149EPSS
Exploits0References1
Rows per page
Query Builder