Lucene search
K

13601 matches found

Cvelist
Cvelist
added 2026/06/24 11:14 p.m.38 views

CVE-2026-39951 Cacti: Stored SQL Injection via graph_name_regexp in Reports feature

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...

7.6CVSS0.00221EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/24 11:14 p.m.4 views

CVE-2026-39951

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...

8.8CVSS5.9AI score0.00221EPSS
Exploits0
CVE
CVE
added 2026/06/24 4:28 p.m.10 views

CVE-2026-52978

The CVE-2026-52978 entry concerns the Linux kernel PSP subsystem. The vulnerability arises because certain netlink operations (dev-set and key-rotate) modify shared device state without requiring CAP_NET_ADMIN; access is only checked by psp_dev_check_access() which validates netns membership. The...

5.7AI score0.00173EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/24 4:16 p.m.6 views

Deserialization of Untrusted Data

Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the ApplyFeatureView handler of registryserver.py, which calls FeatureView.fromproto and deserializes the feature view's embedded user-defined function before the appl...

9.8CVSS6.2AI score0.00862EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in qBittTorrent

All versions of the qBittorrent client up to 4.5.5 use default credentials when the web user interface is enabled. Administrators are not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and...

9.8CVSS6AI score0.00908EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: sched: actife: initialize struct tcife to fix KMSAN kernel-infoleak. This issue was fixed by using the syzbot tool to detect and address the KMSAN kernel-infoleak. In tcfifedump, the variable ‘opt’ was partially initialized...

5.9AI score0.00189EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in the guest XSAVE state whenever XFDi=1 When loading the guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, the disabled features in XSTATEBV are cleared to ensure tha...

5.5CVSS5.9AI score0.00198EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/24 2:49 p.m.15 views

CVE-2026-56121 Feast < 0.63.0 Unauthenticated RCE via ApplyFeatureView gRPC Deserialization

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The userdefinedfunction.body field of an OnDemandFeatureView spec is decoded from...

9.8CVSS6.8AI score0.00862EPSS
Exploits1References4
NVD
NVD
added 2026/06/24 7:16 a.m.9 views

CVE-2026-9619

The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00307EPSS
Exploits0References6
CVE
CVE
added 2026/06/24 5:33 a.m.11 views

CVE-2026-9619

CVE-2026-9619 affects the Reviews and Rating – Docplanner WordPress plugin, vulnerable in all versions up to 1.1.4 due to insufficient authorization checks for an action (sync_reviews AJAX). This allows authenticated users with subscriber-level access and above to trigger outbound scraping, write...

4.3CVSS5.7AI score0.00307EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 5:33 a.m.9 views

EUVD-2026-38666

The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS5.7AI score0.00307EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51698

Name of the Vulnerable Software and Affected Versions Reviews and Rating – Docplanner plugin for WordPress versions prior to 1.1.5 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Authenticated attackers wi...

4.3CVSS5.6AI score0.00307EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.18 views

PT-2026-51837

Name of the Vulnerable Software and Affected Versions Feast versions prior to 0.63.0 Description An unsafe deserialization issue exists in the registry server that allows unauthenticated or unauthorized attackers to achieve remote code execution. By sending a crafted gRPC request, an attacker can...

9.8CVSS6.3AI score0.00862EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.11 views

IBM WebSphere Application Server Liberty 17.0.0.3 < 26.0.0.7 (7277536)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7277536 advisory. - IBM WebSphere Application Server Liberty is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled. CWE:...

7.5CVSS6.1AI score0.00472EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 9:17 p.m.9 views

CVE-2026-54516

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...

5.3CVSS0.00282EPSS
Exploits0References5
Chainguard
Chainguard
added 2026/06/23 8:21 p.m.8 views

CVE-2026-41579 vulnerabilities

Vulnerabilities for packages: buildah, gpu-operator, sriov-network-device-plugin-fips, prometheus-podman-exporter-fips, sriov-network-device-plugin, k8s-device-plugin-fips, rancher-agent, k8s-device-plugin, node-feature-discovery, podman, buildah-fips, podman-fips, nvidia-container-toolkit,...

3.3CVSS6.1AI score0.00222EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:21 p.m.11 views

GHSA-XJVP-4FHW-GC47 vulnerabilities

Vulnerabilities for packages: buildah, gpu-operator, sriov-network-device-plugin-fips, prometheus-podman-exporter-fips, sriov-network-device-plugin, k8s-device-plugin-fips, rancher-agent, k8s-device-plugin, node-feature-discovery, podman, buildah-fips, podman-fips, nvidia-container-toolkit,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/23 8:20 p.m.10 views

GHSA-XJVP-4FHW-GC47 vulnerabilities

Vulnerabilities for packages: podman, nvidia-container-toolkit, cadvisor, node-feature-discovery, sriov-network-device-plugin, rancher, rancher-agent, k8s-device-plugin, buildah...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/23 8:20 p.m.14 views

CVE-2026-41579 vulnerabilities

Vulnerabilities for packages: podman, nvidia-container-toolkit, cadvisor, node-feature-discovery, sriov-network-device-plugin, rancher, rancher-agent, k8s-device-plugin, buildah...

3.3CVSS6.1AI score0.00222EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51599

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.21.0 through 2.21.3 jackson-databind versions 3.0.0 through 3.1.3 Description An issue exists in the POJOPropertiesCollector. renameProperties function where a property with @JsonProperty"renamed" on the getter and...

5.3CVSS5.8AI score0.00282EPSS
Exploits0References13
Rows per page
Query Builder