Lucene search
K

198 matches found

EUVD
EUVD
added 6 days ago7 views

EUVD-2026-39492

pnpm Vulnerable to Arbitrary File Write/Delete via Malicious Patch File Path Traversal...

7.3CVSS5.8AI score0.0027EPSS
Exploits1References2
NVD
NVD
added 2026/06/25 6:16 p.m.8 views

CVE-2026-50014

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected...

7.3CVSS0.0018EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/24 6:49 a.m.9 views

EUVD-2026-38714

The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: 1 an MD5 hash fallback in getdirectorybyhash that allows any post to be used as a member directory ...

8.8CVSS5.9AI score0.00499EPSS
Exploits0References10
CVE
CVE
added 2026/06/23 5:52 p.m.9 views

CVE-2026-52845

Summary (CVE-2026-52845): Caddy 2.11.x contains a bypass in forward_auth copy_headers where, prior to 2.11.4, the exact client-supplied header was deleted but HTTP header names are later normalized to CGI variables, allowing an underscore alias to collide with a trusted header in FastCGI backends...

8.1CVSS5.9AI score0.00246EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/06/23 5:47 p.m.24 views

CVE-2026-52846

Summary: CVE-2026-52846 affects Caddy's stripHTML template function, which cannot reliably strip certain malformed HTML (e.g., <img src=x onerror=alert()>). This can bypass tag-stripping and may enable client-side XSS when untrusted strings are rendered as HTML. The issue originates in func...

4.2CVSS5.8AI score0.00153EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2026/06/23 5:47 p.m.5 views

CVE-2026-52846

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as img src=x onerror=alert, can bypass the tag-stripping logic, potentially leaving dangerous...

4.2CVSS5.8AI score0.00153EPSS
Exploits1
NVD
NVD
added 2026/06/17 10:54 a.m.7 views

CVE-2026-46914

Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...

7.1CVSS0.0015EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-50021

Name of the Vulnerable Software and Affected Versions Oracle Solaris version 11.4 Description An issue exists in the Filesystem component of Oracle Solaris. A low-privileged attacker with logon access to the infrastructure where the system executes can compromise the environment. Successful...

7.1CVSS5.9AI score0.0015EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-50075

Name of the Vulnerable Software and Affected Versions Oracle Solaris version 11.4 prior to SRU93 Description An issue exists in the Remote Administration Daemon that allows an unauthenticated attacker with network access via HTTPS to compromise the system. Successful exploitation can lead to...

10CVSS5.3AI score0.00307EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/12 2:14 p.m.8 views

EUVD-2026-36442

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol key check, sandbox...

8.7CVSS5.2AI score0.00266EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.8 views

CVE-2026-34281

Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the...

6.5CVSS7.3AI score0.00116EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-9807

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed a blocked Project Access Token to continue accessing private resources due to incorrect authorization...

4.3CVSS5.5AI score0.00193EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 4:26 p.m.6 views

CVE-2026-28735

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying the scope parameter in the GitHub authorization URL...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/22 10:28 a.m.10 views

EUVD-2026-31431

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persistent notification message between the server deleting...

6.5CVSS5.8AI score0.00172EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/22 10:22 a.m.20 views

CVE-2026-5740 Unauthenticated WebSocket binary frame causes denial of service in Mattermost Server

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

7.5CVSS0.00327EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.6.0 and earlier 11.6.x series, 11.5.3 and earlier 11.5.x series, 11.4.4 and earlier 11.4.x series, as well as 10.11.14 and earlier 10.11.x series. Thes...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.8 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 11:2 a.m.10 views

CVE-2026-45218 WordPress WP Travel plugin <= 11.4.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a through = 11.4.0...

7.7CVSS5.8AI score0.00209EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 9:31 p.m.4 views

EUVD-2026-24339

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials...

9.8CVSS5.8AI score0.00312EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 9:16 p.m.7 views

CVE-2026-34281

Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the...

6.5CVSS0.00116EPSS
Exploits0References1
Rows per page
Query Builder