Lucene search
K

3808 matches found

Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-15286 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.5.32 - Incorrect Authorization to Authenticated (Contributor+) Post Publication

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up to, and including, 3.5.32 due to a misconfigured capability check on the 'getitemspermissioncheck' function permission callback of the...

4.3CVSS0.00268EPSS
Exploits0References4
OSV
OSV
added last week2 views

PYSEC-2026-941 `CHECK` fail via inputs in `SdcaOptimizer`

Impact Inputs densefeatures or examplestatedata not of rank 2 will trigger a CHECK fail in SdcaOptimizer. python import tensorflow as tf tf.rawops.SdcaOptimizer sparseexampleindices=4 tf.random.uniform5,5,5,3, dtype=tf.dtypes.int64, maxval=100, sparsefeatureindices=4 tf.random.uniform5,5,5,3,...

4.8CVSS7AI score0.0044EPSS
Exploits1References7
OSV
OSV
added last week4 views

PYSEC-2026-1038 TensorFlow vulnerable to segfault in `QuantizedRelu` and `QuantizedRelu6`

Impact If QuantizedRelu or QuantizedRelu6 are given nonscalar inputs for minfeatures or maxfeatures, it results in a segfault that can be used to trigger a denial of service attack. python import tensorflow as tf outtype = tf.quint8 features = tf.constant28, shape=4,2, dtype=tf.quint8 minfeatures...

5.9CVSS5.9AI score0.00423EPSS
Exploits0References7
CVE
CVE
added 2026/07/06 1:10 p.m.16 views

CVE-2026-7185

CVE-2026-7185 concerns TAO 2.0 suite web features for file management/upload that suffer a validation vulnerability allowing an attacker with access to the feature to attempt to access file system resources outside the intended scope. Affected: TAO 2.0 web components handling file operations. Roo...

6CVSS5.8AI score0.00292EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 1:10 p.m.37 views

CVE-2026-7185 Unauthorized access to files in T-Systems products

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...

6CVSS0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 1:10 p.m.5 views

EUVD-2026-41874

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...

6CVSS5.8AI score0.00292EPSS
Exploits0References1
Fedora
Fedora
added 2026/07/04 12:51 a.m.9 views

[SECURITY] Fedora 44 Update: openvpn-2.7.5-1.fc44

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

6AI score
Exploits0
NVD
NVD
added 2026/07/01 6:16 p.m.8 views

CVE-2026-57737

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta LTD Shortcodes and extra features for Phlox theme allows DOM-Based XSS. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.16...

6.5CVSS0.00139EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/01 5:41 p.m.10 views

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.21 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.21...

6.5CVSS5.9AI score0.00139EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54834

Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description The application is susceptible to user enumeration via authentication-related features. During password reset and username reminder operations, the system provides different responses depending on whether the...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54866

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Improper input validation in the Fleet policy management functionality allows an authenticated user to submit specially crafted input. This can lead to a denial of service, rendering the Fleet...

6.5CVSS5.8AI score0.00281EPSS
Exploits0References5
Fedora
Fedora
added 2026/06/27 12:56 a.m.18 views

[SECURITY] Fedora 43 Update: lighttpd-1.4.84-1.fc43

lighttpd pronounced /lighty/ is a secure, fast, compliant, and very flexible web server that has been optimized for high-performance environments. lighttpd uses memory and CPU efficiently and has lower resource use than other popular web servers. Its advanced feature-set FastCGI, CGI, Auth,...

5.7AI score
Exploits0
OSV
OSV
added 2026/06/26 6:24 p.m.5 views

MAL-2026-6531 Malicious code in @appupdate/cdn-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 445a7b613694730e29915d732e3df0700d145622b279b62b0a141c76211e6f14 Package @appupdate/cdn-sync ships as a thin koffi wrapper around prebuilt Go cgo native libraries 12MB linux.so, 11MB darwin.dylib for x64/arm64. The...

5.9AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 12:9 p.m.7 views

Security Bulletin: IBM Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063)

Summary There is a vulnerability in the immutable library which affects IBM WebSphere Application Server Liberty with the openapi-3.0, openapi-3.1, mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0 mpOpenAPI-3.1, mpOpenAPI-4.0 or mpOpenAPI-4.1 feature enabled. Following IBM Engineering...

9.8CVSS5.8AI score0.00978EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.4 views

org.keycloak.keycloak-services: Improper Access Control on Keycloak Server when the account Account API feature is disabled

When Keycloak is started with --features-disabled=account,account-api, the Account REST API is only partially disabled. Five endpoints under the versioned path /account/v1alpha1 remain fully functional — including both read and write operations — because they lack the checkAccountApiEnabled gate...

5.4CVSS5.8AI score0.00232EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 9:16 a.m.4 views

UBUNTU-CVE-2026-53142

In the Linux kernel, the following vulnerability has been resolved: drm/xe/display: fix oops in suspend/shutdown without display The xe driver keeps track of whether to probe display, and whether display hardware is there, using xe-info.probedisplay. It gets set to false if there's no display aft...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 8:38 a.m.1 views

CVE-2026-53142 drm/xe/display: fix oops in suspend/shutdown without display

In the Linux kernel, the following vulnerability has been resolved: drm/xe/display: fix oops in suspend/shutdown without display The xe driver keeps track of whether to probe display, and whether display hardware is there, using xe-info.probedisplay. It gets set to false if there's no display aft...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/25 8:38 a.m.32 views

CVE-2026-53142 drm/xe/display: fix oops in suspend/shutdown without display

In the Linux kernel, the following vulnerability has been resolved: drm/xe/display: fix oops in suspend/shutdown without display The xe driver keeps track of whether to probe display, and whether display hardware is there, using xe-info.probedisplay. It gets set to false if there's no display aft...

0.00122EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52238

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the xe driver during suspend or shutdown when no display is present. The driver uses the xe-info.probe display variable to track display hardware...

5.5CVSS6.2AI score0.00122EPSS
Exploits0References19
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: BPF: Do not allow BPF test infra to emit invalid GSO types to the stack. Yinhao et al. reported that their fuzzer tool was able to trigger the skbwarnbadoffload function from netifskbfeatures - gsofeaturescheck. When a BPF progra...

5.5CVSS5.7AI score0.00161EPSS
Exploits0References2
Rows per page
Query Builder