Lucene search
K

11261 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/23 12:8 p.m.5 views

CVE-2026-44089

Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing...

9.4CVSS5.9AI score0.0023EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51620

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.5.0 Description A missing authorization issue allows a user with permissions to edit other users to reset the two-factor authentication 2FA of a superadmin. Recommendations Update to version 8.5.0...

5.8CVSS5.9AI score0.00019EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51619

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.0 Description Improper access control in the CSV user import functionality allows a user with only the import permission to bypass user-edit authorization. By uploading a CSV file in update mode, an attacker can...

6.5CVSS5.9AI score0.00037EPSS
Exploits0References4
OSV
OSV
added 2026/06/22 2:35 p.m.2 views

OPENSUSE-SU-2026:21017-1 Security update for python-click

This update for python-click fixes the following issue - CVE-2026-7246: Arbitrary command execution via command injection in click.edit bsc1263898...

7.2CVSS5.9AI score0.0081EPSS
Exploits1References2
OSV
OSV
added 2026/06/22 2:28 p.m.2 views

SUSE-SU-2026:22321-1 Security update for python-click

This update for python-click fixes the following issue - CVE-2026-7246: Arbitrary command execution via command injection in click.edit bsc1263898...

7.2CVSS5.9AI score0.0081EPSS
Exploits1References3
CVE
CVE
added 2026/06/22 1:40 p.m.34 views

CVE-2026-6062

CVE-2026-6062 affects Mattermost versions 11.7.x ≤ 11.7.0, 11.6.x ≤ 11.6.2, 11.5.x ≤ 11.5.5, and 10.11.x ≤ 10.11.17. The issue is a logic flaw where the system fails to validate channel ownership of an existing subscription before applying edits, enabling an authenticated attacker to hijack subsc...

6.4CVSS5.9AI score0.00153EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/22 1:40 p.m.7 views

EUVD-2026-38250

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 Fail to validate channel ownership of an existing subscription before applying edits which allows an authenticated attacker to hijack subscriptions from channels they have no access to via a crafted PUT...

6.4CVSS5.9AI score0.00153EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:40 p.m.3 views

CVE-2026-6062

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 Fail to validate channel ownership of an existing subscription before applying edits which allows an authenticated attacker to hijack subscriptions from channels they have no access to via a crafted PUT...

6.4CVSS5.9AI score0.00153EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 1:40 p.m.36 views

CVE-2026-6062 IDOR in Jira plugin subscription edit endpoint

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 Fail to validate channel ownership of an existing subscription before applying edits which allows an authenticated attacker to hijack subscriptions from channels they have no access to via a crafted PUT...

6.4CVSS0.00153EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/22 10:59 a.m.7 views

kernel: net/sched: act_pedit: extend the writable skb range per key

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

7.8CVSS5.8AI score0.00259EPSS
Exploits9References6
RedHat Linux
RedHat Linux
added 2026/06/22 4:4 a.m.8 views

kernel: net/sched: act_pedit: extend the writable skb range per key

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

7.8CVSS5.8AI score0.00259EPSS
Exploits9References6
RedHat Linux
RedHat Linux
added 2026/06/22 1:58 a.m.6 views

kernel: net/sched: act_pedit: extend the writable skb range per key

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

7.8CVSS5.8AI score0.00259EPSS
Exploits9References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51293

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description Multiple core controllers and model capture paths accept client-controlled request fields, including primary keys id and ownership or scope foreign keys such as event id, org id, user id, sharin...

9.4CVSS6AI score0.00362EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51314

Name of the Vulnerable Software and Affected Versions Mattermost version 11.7.0 Mattermost version 11.6.2 Mattermost version 11.5.5 Mattermost version 10.11.17 Description An issue exists where the system fails to validate channel ownership of an existing subscription before applying edits. This...

6.4CVSS5.8AI score0.00153EPSS
Exploits0References6
NVD
NVD
added 2026/06/21 2:16 p.m.10 views

CVE-2026-56396

phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser and updateUserRights endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edituser permission can set issuperadmin flag or grant arbitrary rights to escalate to SuperAdm...

8.8CVSS0.00251EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/21 1:27 p.m.9 views

EUVD-2026-38162

phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser and updateUserRights endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edituser permission can set issuperadmin flag or grant arbitrary rights to escalate to SuperAdm...

8.8CVSS6AI score0.00251EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Ansible

A flaw was discovered in Ansible Engine when using Ansible Vault to edit encrypted files. When a user executes “ansible-vault edit”, another user on the same computer can read the old and new secrets. This occurs because the secrets are created in a temporary file using mkstemp, and after the fil...

4.7CVSS6.6AI score0.00374EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2026/06/19 12:0 a.m.6 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel: drm/amd/display: Do not skip unrelated mode changes in DSC validation CVE-2026-31488 kerne...

9.8CVSS6.4AI score0.00353EPSS
Exploits9References18
CVE
CVE
added 2026/06/18 6:7 a.m.15 views

CVE-2026-55745

CVE-2026-55745 affects Cotonti 1.0.0 (master, commit f43f1fc3) in the Personal File Storage (PFS) module. The vulnerability arises in modules/pfs/inc/pfs.editfolder.php, where the folder update action (a=update) updates metadata (title, description, public/gallery flags) without calling cot_check...

5.4CVSS5.4AI score0.00116EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 5:34 a.m.11 views

EUVD-2026-37848

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.6. This is due to missing or incorrect nonce validation on the replacefile function. This makes it...

4.3CVSS5.3AI score0.00157EPSS
Exploits1References6
Rows per page
Query Builder