Lucene search
K

1816 matches found

RedHat Linux
RedHat Linux
added 2026/06/17 1:24 p.m.7 views

kernel: geneve: Fix use-after-free in geneve_find_dev().

A use-after-free vulnerability exists in the Linux kernel. When devnet is dismantled, the geneveexitbatchrtnl function calls unregisternetdevicequeue for each device in the network namespace. Later, when the device is freed, it is still linked to the backend UDP socket in the network namespace...

7.8CVSS5.3AI score0.00227EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/06/16 6:59 p.m.5 views

NPM: n8n: NoSQL Injection in MongoDB Node Find And Replace Operation

NPM: n8n: NoSQL Injection in MongoDB Node Find And Replace Operation vulnerability discovered by ? in WordPress Npm n8n versions 2.24.0...

7.7CVSS5.9AI score0.0026EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 6:59 p.m.21 views

n8n: NoSQL Injection in MongoDB Node Find And Replace Operation

Impact An authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing unintended documents to be matched and overwritten with...

7.7CVSS5.3AI score0.0026EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/16 6:49 a.m.12 views

EUVD-2026-37040

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...

8.8CVSS5.8AI score0.00347EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-50179

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description An authenticated user with workflow edit access can provide a malicious filter value within the MongoDB node's Find And Replace operation. Because the value is not validated before being used as a query...

7.7CVSS5.8AI score0.0026EPSS
Exploits0References6
NVD
NVD
added 2026/06/09 9:17 p.m.17 views

CVE-2025-71319

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS0.0064EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:46 p.m.7 views

CVE-2026-46299

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix held lock freed on hfsplusfillsuper hfsplusfillsuper calls hfsfindinit to initialize a search structure, which acquires tree-treelock. If the subsequent call to hfspluscatbuildkey fails, the function jumps to the...

7CVSS5.4AI score0.00091EPSS
Exploits0References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

TencentOS Server 4: vim (TSSA-2026:0317)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0317 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

5.3CVSS6.1AI score0.00917EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.9 views

CVE-2026-3369

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.4CVSS5.7AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.13 views

CVE-2026-6539

Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through...

4.6CVSS5.5AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.9 views

CVE-2026-33208

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the /config/ /find-in-config endpoint in Roxy-WI fails to sanitize the user-supplied words parameter before embedding it into a shell command string that is subsequently executed on a...

8.8CVSS6.2AI score0.0066EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 3:34 p.m.16 views

CVE-2026-44656

A flaw was found in Vim, an open-source command-line text editor. An attacker who controls the contents of a file can exploit an OS command injection vulnerability in Vim's :find command-line completion. This occurs when the path option, which can be set from a modeline, contains backtick-enclose...

5.3CVSS5.6AI score0.00917EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/04 1:22 p.m.11 views

CVE-2019-25733 NetShareWatcher 1.5.8.0 SEH Buffer Overflow

NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft a payload with overwritten SEH and NSEH pointers through the Restrictions custom filter field to...

8.6CVSS6.6AI score0.00148EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:22 p.m.6 views

CVE-2019-25733

NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft a payload with overwritten SEH and NSEH pointers through the Restrictions custom filter field to...

8.6CVSS6.6AI score0.00148EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/04 1:22 p.m.40 views

CVE-2019-25733 NetShareWatcher 1.5.8.0 SEH Buffer Overflow

NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft a payload with overwritten SEH and NSEH pointers through the Restrictions custom filter field to...

8.6CVSS0.00148EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/04 1:22 p.m.10 views

EUVD-2019-20169

NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft a payload with overwritten SEH and NSEH pointers through the Restrictions custom filter field to...

8.6CVSS6.6AI score0.00148EPSS
Exploits0References4
CVE
CVE
added 2026/06/04 1:22 p.m.17 views

CVE-2019-25733

NetShareWatcher 1.5.8.0 contains a structured exception handler (SEH) buffer overflow in which a malicious input in the Restrictions custom filter field can overwrite SEH/NSEH pointers and cause code execution when Find is invoked. This is a local vulnerability with high impact (CVSSv3.1/8.4, CVS...

8.6CVSS6.6AI score0.00148EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.15 views

CVE-2026-38945

Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary code via a crafted path that matches the improperly terminated search criteria of rvia's Java search using the find command...

7.8CVSS6.2AI score0.00799EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 1:33 p.m.10 views

OESA-2026-2472 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

7CVSS6.2AI score0.00917EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/05/28 8:12 p.m.15 views

CVE-2025-69600

Command injection in Raynet rvia RayVentory Scan Engine 12.6 Update 8 and previous versions allows adversaries to execute commands via getconfig, upload, inventory, and oracle options...

7.8CVSS5.9AI score0.00826EPSS
Exploits2References1
Rows per page
Query Builder