Lucene search
+L

1108 matches found

CVE
CVE
added 2 days ago14 views

CVE-2026-13042

Technical details about CVE-2026-13042 are not publicly available in the provided documents; monitor for updates.

7.2CVSS6.2AI score0.00247EPSS
Exploits0References8
OSV
OSV
added 2026/07/08 10:9 a.m.10 views

RHSA-2026:36343 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.7 security update

Bulletin has no description...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References22
NVD
NVD
added 2026/06/30 8:17 p.m.9 views

CVE-2026-12084

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

7.5CVSS0.00162EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-515 Ray Path Traversal vulnerability

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here:...

9.3CVSS7AI score0.81512EPSS
Exploits22References7
OSV
OSV
added 2026/06/28 8:44 a.m.3 views

SUSE-SU-2026:22380-1 Security update for loupe

This update for loupe fixes the following issue - CVE-2025-58160: tracing-subscriber: untrusted input containing ANSI escape sequences can lead to terminal manipulation bsc1249009. Changes for loupe: - Update to version 48.2: - Check if the is-hidden property is available before reading it. -...

2.3CVSS5.8AI score0.00303EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51074

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description The NetNamedPipe transport in CoreWCF allows local interception of traffic. This occurs because the transport accepts attachments to pre-existing named pipe instances...

6.5CVSS6AI score0.00088EPSS
Exploits0References13
EUVD
EUVD
added 2026/06/18 11:29 a.m.14 views

EUVD-2026-37878

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg befor...

8.8CVSS5.7AI score0.00477EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2026/06/18 11:29 a.m.17 views

CVE-2026-8461 Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg befor...

8.8CVSS5.7AI score0.00477EPSS
Exploits3References1
CVE
CVE
added 2026/06/15 8:19 p.m.18 views

CVE-2026-49068

The CVE concerns the WordPress Coupon Affiliates plugin (versions

7.5CVSS5.2AI score0.00386EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.12 views

CVE-2026-42570

A flaw was found in devalue, a JavaScript library used for serializing values. Due to quirks in some JavaScript engines, the devalue.parse function could be exploited by a remote attacker when deserializing specially crafted sparse arrays. This could lead to excessive memory consumption, resultin...

7.5CVSS5.4AI score0.00393EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/06/09 12:45 p.m.9 views

WordPress Coupon Affiliates plugin <= 7.8.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Stefano in WordPress Plugin Coupon Affiliates versions = 7.8.1...

7.5CVSS5.5AI score0.00386EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/07 3:15 a.m.11 views

CVE-2026-11452 GL.iNet GL-MT3000 SET_USER_PWD glc FUN_0042e200 command injection

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....

7.5CVSS6.8AI score0.01681EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/07 3:0 a.m.12 views

EUVD-2026-34982

A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument mediadir can lead to command injection. It is possible to launch the attack remotely. Upgrading to version...

7.5CVSS7.2AI score0.02027EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.12 views

CVE-2026-5529

A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now...

5.3CVSS5.2AI score0.00273EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.15 views

Fedora 44 : libre (2026-837d6ef455)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-837d6ef455 advisory. libre v4.8.1 2026-05-28 - fmt/pl: add plstriphtml - sys/fs: add getpwuid fallback for fsgethome - tls: remove unused include rsa.h - ice: check source addres...

5.6AI score
Exploits0References1
EUVD
EUVD
added 2026/05/31 2:28 a.m.16 views

EUVD-2026-33483

The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References3
CVE
CVE
added 2026/05/31 2:28 a.m.26 views

CVE-2026-8382

The CVE-2026-8382 entry describes an authorization bypass in the WordPress plug‑in Advanced Custom Fields (ACF) for all versions up to 6.8.1. The vulnerability arises because the plugin does not properly verify that a user is authorized to perform an action, enabling unauthenticated attackers to ...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.18 views

PT-2026-45169

The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References4
OSV
OSV
added 2026/05/29 1:35 p.m.12 views

OESA-2026-2500 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References2
Microsoft KB
Microsoft KB
added 2026/05/26 12:0 a.m.69 views

May 26, 2026-KB5092430 Cumulative Update Preview for .NET Framework 3.5 and 4.8.1 for Windows 11, version 24H2

None None...

6.1AI score
Exploits0
Rows per page
Query Builder