Lucene search
K

351 matches found

Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-54209

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An inappropriate implementation in the Sharing feature allows a remote attacker who has already compromised the renderer process to leak cross-origin data. This is achieved b...

6.5CVSS5.9AI score0.00288EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52126

Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description An issue exists where the software fails to properly verify cryptographic signatures, allowing authenticated remote attackers to execute arbitrary code in the context of SYSTEM. The flaw ...

7.2CVSS7.4AI score0.00376EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in the 389-DS-base

A access control bypass vulnerability was discovered in version 389-ds-base. This issue arises from improper handling of filters, which can lead to incorrect results. However, further analysis revealed that it actually constitutes an access control bypass. This vulnerability could allow any remot...

7.5CVSS6.8AI score0.01394EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 5:33 a.m.9 views

EUVD-2026-37038

The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the getsubmissioncontent AJAX endpoint lacking a capability check to verify that a user has permission to access the requested form submission data. This makes it...

6.5CVSS5.4AI score0.00238EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/10 10:3 p.m.31 views

CVE-2026-53461 ImageMagick: Out-of-bounds write in ICON decoder due to incorrect loop

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, an incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash. This issue has been patched in versions 6.9.13-50 and...

7.5CVSS0.00353EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 11:16 p.m.5 views

DEBIAN-CVE-2026-10942

Inappropriate implementation in UI in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via a malicious file. Chromium security severity: High...

7.8CVSS5.4AI score0.00124EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 12:31 a.m.16 views

EUVD-2026-33792

In validateNode of ResourceTypes.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00079EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-45870

Name of the Vulnerable Software and Affected Versions openSeaChest version 25.05.3 Description Out of bounds write and read operations occur when using the --showSCSIDefects command. This issue allows for writing defect information out of bounds when processing very large defect lists, which can ...

1.8CVSS5.8AI score0.00102EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/27 3:33 p.m.12 views

EUVD-2026-32284

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix re-decryption of RESPONSE packets If a RESPONSE packet gets a temporary failure during processing, it may end up in a partially decrypted state - and then get requeued for a retry. Fix this by just discarding the packe...

5.8AI score0.00457EPSS
Exploits0References6
CVE
CVE
added 2026/05/27 12:0 a.m.19 views

CVE-2025-68712

SpSoft AppLock (com.sp.protector.free) v7.9.40 for Android is affected. A local attacker with physical access can bypass fingerprint/PIN due to a custom overlay that does not consistently enforce authentication. Cascading interface flows and exposed routes via ads or browser intents allow exiting...

5.5CVSS5.8AI score0.00136EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/20 3:37 p.m.15 views

wger: cross-tenant account deletion / deactivation / activation by gym.manage_gym + gym=None

Summary GHSA-mhc8-p3jx-84mm CVE-2026-43948 reported that wger's resetuserpassword and gympermissionsuseredit views in wger/gym/views/user.py performed a gym-scope authorization check using Django ORM object comparison if request.user.userprofile.gym != user.userprofile.gym which silently passes...

9.9CVSS5.7AI score0.00371EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/14 12:32 p.m.7 views

CVE-2026-4029

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...

7.5CVSS5.8AI score0.0041EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.14 views

PT-2026-40909

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...

7.5CVSS5.7AI score0.0041EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:18 p.m.11 views

CVE-2026-7431

An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section...

7.8CVSS5.8AI score0.00284EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/05 4:49 p.m.43 views

EUVD-2026-27470

Jupyter Server: Path Traversal via incorrect startswith root directory check allows access to sibling directories...

7.6CVSS5.8AI score0.00583EPSS
Exploits2References1
OSV
OSV
added 2026/04/22 5:16 p.m.4 views

UBUNTU-CVE-2026-35346

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

3.3CVSS5.8AI score0.00175EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/22 12:30 p.m.4 views

EUVD-2026-24723

Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider...

5CVSS5.8AI score0.00225EPSS
Exploits0References2
NVD
NVD
added 2026/04/22 10:16 a.m.7 views

CVE-2026-33259

Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider...

5CVSS0.00225EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 5:5 p.m.5 views

CVE-2026-40584

RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web/api/genericapi.py. Because the code removes elements from a list while iterating over it, entries...

6.9CVSS5.8AI score0.00276EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/20 6:30 p.m.3 views

kernel: Linux kernel: Information disclosure in efivarfs via incorrect error propagation

A flaw was found in the efivarfs component of the Linux kernel. This vulnerability, an information disclosure issue, arises from incorrect error handling in the efivarentryget function. An unprivileged local attacker can exploit this by reading from efivarfs, potentially causing uninitialized...

7.8CVSS5.6AI score0.0012EPSS
Exploits0References5
Rows per page
Query Builder