Lucene search
K

230 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/23 4:5 p.m.5 views

CVE-2026-56113

dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTIONPDEXCLUDE and both preferred and valid lifetimes set to zero. Attackers actin...

6CVSS5.9AI score0.00175EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 4:5 p.m.33 views

CVE-2026-56113 dhcpcd Heap Use-After-Free in dhcp6_deprecateaddrs via DHCPv6 RENEW

dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTIONPDEXCLUDE and both preferred and valid lifetimes set to zero. Attackers actin...

6CVSS0.00175EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-51564

Name of the Vulnerable Software and Affected Versions Bootimus versions 0.1.0 through 0.1.70 dhcpcd versions 1.0 through 10.3.2 Description Bootimus contains a broken access control issue where the JWTMiddleware function in internal/auth/auth.go fails to inspect the is admin flag. This allows...

8.8CVSS5.8AI score0.00307EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51562

Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.3 Description A heap use-after-free issue exists where unauthenticated attackers on the same link can crash the daemon. This occurs when a crafted DHCPv6 RENEW reply is sent containing an RFC6603 OPTION PD EXCLUDE...

6.5CVSS5.8AI score0.00175EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51563

Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.2 Description A one-byte stack out-of-bounds write exists in the dhcp6 makemessage function within src/dhcp6.c. Unauthenticated attackers on the same link can trigger this by serializing an oversized RFC6603 OPTIO...

6.5CVSS5.9AI score0.00175EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.8 views

openSUSE 16 Security Update : syft (openSUSE-SU-2026:20928-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20928-1 advisory. Changes in syft: - Update to version 1.45.0: Added Features - Add support for ZapAddOns as jar files 4654 4932 @douglasclarke - MySQL binary classifier...

9.8CVSS5.7AI score0.01323EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 5:58 p.m.8 views

GHSA-H64W-W9PR-82M4 ExifReader is vulnerable to denial of service via crafted ICC `mluc` tag

Impact When parsing an image with an embedded ICC profile that contains a crafted multiLocalizedUnicodeType mluc tag, ExifReader can be made to allocate memory proportional to attacker-controlled fields in the tag rather than to the actual size of the input. Processing such an image causes...

8.7CVSS5.9AI score0.00528EPSS
Exploits0References6
NVD
NVD
added 2026/05/27 7:16 a.m.15 views

CVE-2026-8903

The Two-factor authentication formerly IP Vault plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the ipvsavechanges function. This makes it possible for unauthenticated attackers to...

4.3CVSS0.00139EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.13 views

CVE-2026-8903 Two-factor authentication (formerly IP Vault) <= 2.1 - Cross-Site Request Forgery to Settings Update

The Two-factor authentication formerly IP Vault plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the ipvsavechanges function. This makes it possible for unauthenticated attackers to...

4.3CVSS5.7AI score0.00139EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-016807)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016807 advisory. An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class...

9.1CVSS5.9AI score0.19396EPSS
Exploits10References4
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.9 views

CVE-2026-4062

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'objectids' and 'excludeobjectids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...

7.5CVSS6AI score0.00328EPSS
Exploits0References1
NVD
NVD
added 2026/05/02 12:16 p.m.45 views

CVE-2026-4062

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'objectids' and 'excludeobjectids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...

7.5CVSS0.00328EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/02 11:16 a.m.74 views

CVE-2026-4062 Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'object_ids' Parameter

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'objectids' and 'excludeobjectids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...

7.5CVSS0.00328EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/02 11:16 a.m.4 views

CVE-2026-4062 Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'object_ids' Parameter

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'objectids' and 'excludeobjectids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...

7.5CVSS6AI score0.00328EPSS
Exploits0References5
CVE
CVE
added 2026/05/02 11:16 a.m.26 views

CVE-2026-4062

The Geo Mashup plugin for WordPress (up to version 1.13.18) is vulnerable to a Time-Based SQL Injection via the object_ids and exclude_object_ids parameters. The root cause is insufficient escaping on user-supplied values: esc_sql() is ineffective in the unquoted IN(...) / NOT IN(...) SQL context...

7.5CVSS6AI score0.00328EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/02 11:16 a.m.22 views

EUVD-2026-26780

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'objectids' and 'excludeobjectids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...

7.5CVSS6AI score0.00328EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/02 11:16 a.m.3 views

CVE-2026-4062

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'objectids' and 'excludeobjectids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...

7.5CVSS6AI score0.00328EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/17 9:58 p.m.12 views

OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows

Summary Channel setup catalog lookups could include untrusted workspace plugin shadows. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Channel setup could resolve a workspace plugin shadow before a bundled channel plugin, causing setup-ti...

8.8CVSS5.7AI score0.00386EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/13 7:22 p.m.12 views

FITS GZIP decompression bomb in Pillow

Impact Pillow did not limit the amount of GZIP-compressed data read when decoding a FITS image, making it vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service OOM crash or severe performance degradation...

8.7CVSS5.8AI score0.00671EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/01 8:54 a.m.8 views

CLSA-2026-1775033648 postgresql-jdbc: Fix of CVE-2022-21724

CVE-2022-21724: ensure arbitrary classes can't be passed instead of SocketFactory, SSLSocketFactory, CallbackHandler, HostnameVerifier - Restore testing from previous spec versions, exclude broken tests...

9.8CVSS7.2AI score0.0301EPSS
Exploits1References1
Rows per page
Query Builder