Lucene search
+L

733 matches found

Microsoft Security Update
Microsoft Security Update
added 2026/05/12 5:0 p.m.18 views

2026-05 Dynamic Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems (KB5087544)

2026-05 Dynamic Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems KB5087544...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.18 views

CVE-2026-42051

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0...

5.3CVSS5.7AI score0.00193EPSS
Exploits0References1
Circl
Circl
added 2026/05/10 2:48 p.m.30 views

CVE-2022-50954

creationtimestamp| type| source ---|---|--- 2026-05-10 14:48:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mliywj5zzg2i...

6.9CVSS5.8AI score0.00385EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/09 3:39 a.m.6 views

CVE-2026-42174

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

5.3CVSS5.7AI score0.00237EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/09 3:39 a.m.11 views

EUVD-2026-28890

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

5.3CVSS5.7AI score0.00237EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/09 3:39 a.m.11 views

CVE-2026-42174 Kirby: User avatar creation, replacement and deletion are not gated by user update permissions

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

5.3CVSS5.7AI score0.00237EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/09 3:37 a.m.74 views

CVE-2026-42051 Kirby: System API endpoint leaks license data and installed version to authenticated users

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0...

5.3CVSS0.00193EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/09 3:37 a.m.8 views

CVE-2026-42051 Kirby: System API endpoint leaks license data and installed version to authenticated users

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0...

5.3CVSS5.7AI score0.00193EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/05 6:10 p.m.17 views

Cross-site Request Forgery (CSRF)

Overview jupyterhub is a JupyterHub: A multi-user server for Jupyter notebooks Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the handling of HTTP form endpoints when requests with the Sec-Fetch-Mode: no-cors header are incorrectly treated as same-origin,...

9.6CVSS5.7AI score0.00159EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/05 12:28 p.m.9 views

CVE-2026-28510

eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...

5.9CVSS5.8AI score0.00254EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 12:28 p.m.4 views

CVE-2026-28510 elabftw allows MFA bypass during login

eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...

5.9CVSS5.9AI score0.00254EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

eLabFTW 安全漏洞

eLabFTW is an open-source experimental data hosting platform developed by eLabFTW. This platform runs on the Linux system and supports the storage of various types of objects. Versions of eLabFTW 5.4.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the login process...

5.9CVSS5.9AI score0.00254EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.14 views

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2026-120 (ALASKERNEL-5.4-2026-120)

The version of kernel installed on the remote host is prior to 5.4.302-223.469. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2026-120 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short...

7.8CVSS6.9AI score0.96267EPSS
Exploits230References14
Snyk
Snyk
added 2026/05/04 7:58 p.m.9 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the process for managing user avatars due to insufficient authorization checks. An attacker can gain unauthorized access to create, replace, or delete user avatars by leveraging file permissions without the...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.6 views

Oracle Linux 8 : libxml2 (ELSA-2026-11349)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-11349 advisory. - Fix CVE-2025-9714 RHEL-119279 - Fix CVE-2025-32415 RHEL-100177 - Fix CVE-2025-7425 RHEL-102797 - Fix CVE-2025-6021 RHEL-96498 - Fix CVE-2025-49794 RHEL-96398...

9.1CVSS6AI score0.01067EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2026/04/27 7:36 p.m.14 views

CVE-2026-6741 LatePoint <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute method of the connect-customer-to-wp-user ability, which only requires...

8.8CVSS5.2AI score0.00293EPSS
Exploits1References6
OSV
OSV
added 2026/04/27 1:14 p.m.6 views

JLSEC-2026-190

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h of the component File Handler. The manipulation leads to heap-based buffer overflow. It is possibl...

4.8CVSS5.1AI score0.00261EPSS
Exploits1References6
OSV
OSV
added 2026/04/27 1:14 p.m.8 views

JLSEC-2026-188

Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product...

8.4CVSS6.3AI score0.00273EPSS
Exploits0References2
OSV
OSV
added 2026/04/25 5:49 a.m.5 views

OESA-2026-2057 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability classified as critic...

8.8CVSS5.1AI score0.00482EPSS
Exploits2References3
Debian CVE
Debian CVE
added 2026/04/20 11:19 p.m.6 views

CVE-2026-35587

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery SSRF vulnerability exists in the Glances IP plugin due to improper validation of the publicapi configuration parameter. The value of publicapi is used directly in outbound HTTP...

8.8CVSS5.7AI score0.00396EPSS
Exploits1
Rows per page
Query Builder