Lucene search
+L

384 matches found

CVE
CVE
added yesterday10 views

CVE-2026-60024

The CVE pertains to the Joomla extension Events Booking, where prior versions up to 5.8.0 allow unauthenticated users to upload media assets by default. The affected component is the Events Booking plugin for Joomla (joomdonation.com). The root cause is an insecure default configuration that perm...

5.3AI score
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-58149

Joomla extension Events Booking (joomdonation.com) is affected by CVE-2026-58149: unauthenticated user enumeration that can reveal usernames and email addresses. Affected versions are

5.3AI score
Exploits0References1
OSV
OSV
added 4 days ago4 views

JLSEC-2026-701

In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 wolfSSL 5.8.2 and earlier is...

7.5CVSS6.1AI score0.00126EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.11 views

Podman 1.8.1 < 5.8.4 / 6.0.0 Host Environment Variable Leak (GHSA-4hq8-gpf5-8p68)

The version of Podman installed on the remote host is prior to 5.8.4 / 6.0.0. It is, therefore, affected by an information disclosure vulnerability. - Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains an environment variable with just a...

7.5CVSS6.2AI score0.0026EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 8:33 a.m.7 views

EUVD-2026-41270

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS5.8AI score0.00441EPSS
Exploits0References10
Chainguard
Chainguard
added 2026/07/01 2:16 p.m.13 views

GHSA-3PP7-M8F5-89GX vulnerabilities

Vulnerabilities for packages: firefox-esr, firefox...

5.3AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/27 1:52 a.m.8 views

SUSE CVE-2026-57231

Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that variable from the host into the container. This is made worse by the fact that using an asterisk wi...

7.5CVSS5.8AI score0.0026EPSS
Exploits0References6
CVE
CVE
added 2026/06/26 4:29 p.m.28 views

CVE-2026-57231

CVE-2026-57231 affects Podman versions 1.8.1 through 5.8.4, where a container image with an Env entry having only a key (and using the * wildcard) can cause host environment variables to be leaked into the container at run time. The PTSecurity document confirms the issue is addressed in Podman 5....

7.5CVSS5.8AI score0.0026EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.12 views

CVE-2026-42570

A flaw was found in devalue, a JavaScript library used for serializing values. Due to quirks in some JavaScript engines, the devalue.parse function could be exploited by a remote attacker when deserializing specially crafted sparse arrays. This could lead to excessive memory consumption, resultin...

7.5CVSS5.4AI score0.00393EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.12 views

EulerOS 2.0 SP13 : xz (EulerOS-SA-2026-2319)

According to the versions of the xz packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an...

6.3CVSS5.8AI score0.00351EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.12 views

CVE-2026-5529

A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now...

5.3CVSS5.2AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.10 views

CVE-2026-39349

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

2.7CVSS5.5AI score0.00112EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.13 views

SAMSUNG Members 安全漏洞

Samsung Members is a community platform app developed by South Korea’s Samsung Corporation. Versions of Samsung Members prior to 5.8.01.5 contained security vulnerabilities. These vulnerabilities were due to improper input validation, which could allow local attackers to use Samsung Members...

7.1CVSS5.5AI score0.00105EPSS
Exploits0References1
Rosalinux
Rosalinux
added 2026/06/01 11:45 a.m.17 views

Advisory ROSA-SA-2026-3306

Component: PHP 7.4.33 OS: ROSA-CHROME Affected versions: = php-7.4.33-13 Affected versions: php-7.4.33-13 CVE-ID: CVE-2024-5458 BDU-ID: 2024-04846 CVE-Crit: Medium CVE-DESCRIPTION: The vulnerability in the filtervar function of the PHP interpreter involves insufficient validation of data...

5.3CVSS5.8AI score0.12117EPSS
Exploits1
EUVD
EUVD
added 2026/05/19 4:21 p.m.15 views

EUVD-2026-30039

protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 3:3 p.m.8 views

JLSEC-2026-462

XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an Index that contained no Records, the resulting lzmaindex was left in a state where where a subsequent lzmaindexappend would allocate too little...

6.3CVSS6AI score0.00351EPSS
Exploits0References4
OSV
OSV
added 2026/05/04 9:26 a.m.13 views

CLSA-2026-1777306004 wireshark: Fix of CVE-2022-0586

CVE-2022-0586: fix infinite loop in RTMPT dissector rtmptgetamflength...

7.8CVSS5.8AI score0.0202EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/22 6:31 p.m.4 views

EUVD-2018-21789

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...

9.8CVSS6.7AI score0.00422EPSS
Exploits0References4
CVE
CVE
added 2026/04/22 2:56 p.m.9 views

CVE-2018-25261

CVE-2018-25261 concerns Iperius Backup 5.8.1, which contains a local buffer overflow in the structured exception handling (SEH) mechanism. A crafted file path in an external file location field during a backup job can trigger the overflow, enabling code execution with the application’s privileges...

8.6CVSS6.8AI score0.00205EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-33414

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in...

8.8CVSS6.1AI score0.00607EPSS
Exploits0References3
Rows per page
Query Builder