Lucene search
K

2085 matches found

OSV
OSV
added 2026/05/27 8:39 a.m.8 views

USN-8315-1 mediawiki vulnerabilities

It was discovered that MediaWiki incorrectly handled group membership visibility in the OATHAuth extension. An authenticated attacker could use this issue to determine if other users had two-factor authentication enabled. CVE-2026-34087 It was discovered that MediaWiki incorrectly handled...

7.5CVSS5.8AI score0.0029EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.13 views

CVE-2026-46092

wifi: rtw88: check for PCI upstream bridge existence...

5.8AI score0.00118EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43960

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A crash occurs in the probing routine of the rtw88 driver when the 8821CE device is installed on a system where the device i...

5.5CVSS6AI score0.00118EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-43827

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference count inconsistency occurs in the hfsplus module when the hfs bnode create function identifies that a node is already hashed. Instead of incrementing the reference count, the...

5.5CVSS5.4AI score0.00123EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/21 5:10 p.m.6 views

CVE-2026-48238

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobilemain.php where the id GET parameter is concatenated into the WHERE clause of a SELECT statement used as a ticket-existence sanity check without sanitization. Authenticated attackers can craft requests that alter...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/vmwgfx: Fixed a nullptr access in the cursor snooper. Checked that the resource, which is converted to a surface, exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid identifiers e.g...

6.7AI score0.00188EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: xhci: sideband: do not dereference a freed ring when removing a sideband endpoint. xhcisidebandremoveendpoint incorrectly assumes that the endpoint is running and has a valid transfer ring. Lianqin reported a crash during...

5.5CVSS5.8AI score0.00135EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in the 389-DS-base

When binding against a DN during authentication, the response from 389-ds-base will differ depending on whether the DN exists or not. This can be exploited by an unauthenticated attacker to check the existence of an entry in the LDAP database...

5.3CVSS5.7AI score0.01538EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/19 7:57 p.m.11 views

CVE-2026-8803

A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation causes use of weak hash. Remote exploitation of the attack is possible. The attack is considered to...

6.3CVSS5.3AI score0.00182EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 5:37 p.m.12 views

Malicious code in open-agents-ai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecd54a57bfc95ce17e9e2279808810d09bb3285a15af6198f9f40f7a8f5307f7 package.json declares both preinstall and postinstall lifecycle hooks that invoke curl, and ships dist/postinstall-daemon.cjs — a Node script that...

5.8AI score
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.19 views

PT-2026-41671

Name of the Vulnerable Software and Affected Versions opensourcepos Open Source Point of Sale versions prior to 3.4.3 Description A flaw in the Employee Login component allows for the use of a weak hash. The issue is located in the Login function within the app/Models/Employee.php file. This...

6.3CVSS5.8AI score0.00182EPSS
Exploits0References7
NVD
NVD
added 2026/05/12 10:16 p.m.15 views

CVE-2026-44306

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.21 and 6.15.0, responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-u...

5.3CVSS0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 9:30 p.m.40 views

CVE-2026-44306 Statamic: Email enumeration via forgot password endpoint

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.21 and 6.15.0, responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-u...

5.3CVSS0.00206EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:30 p.m.8 views

CVE-2026-44306

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.21 and 6.15.0, responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-u...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/11 8:25 p.m.14 views

CVE-2026-42885

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a common prefix e.g.,...

4.3CVSS0.00236EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 7:52 p.m.5 views

CVE-2026-42885

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a common prefix e.g.,...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/11 7:52 p.m.37 views

CVE-2026-42885 Audiobookshelf: Path prefix bypass in filesystem existence check leaks out-of-scope file existence

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a common prefix e.g.,...

4.3CVSS0.00236EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 7:52 p.m.18 views

CVE-2026-42885

CVE-2026-42885 : Audiobookshelf (self-hosted server) has a path-prefix bypass in the POST /api/filesystem/pathexists check. Before version 2.32.2, the code uses String.startsWith() to verify a resolved path is within a library folder, which fails for sibling directories with a shared prefix (for ...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.18 views

PT-2026-39750

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a common prefix e.g.,...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-39201

Name of the Vulnerable Software and Affected Versions SolidCAM-GPPL-IDE versions 1.0.0 through 1.0.1 Description The GpplDocumentLinkHandler resolves the filename directive in GPPL postprocessor files into clickable links. The handler accepts arbitrary absolute, relative, UNC, and subfolder paths...

5.1CVSS5.9AI score0.00454EPSS
Exploits0References5
Rows per page
Query Builder