Lucene search
+L

677 matches found

CVE
CVE
added 2 days ago77 views

CVE-2026-49854

Summary: Tornado’s optional native extension tornado.speedups mishandles the websocket_mask length, reading beyond a four-byte buffer when invoked through the XSRF token decoder with the extension active. This out-of-bounds access affects Tornado up to version 6.5.5 and is fixed in 6.5.6. Impact:...

5.3CVSS6.1AI score0.0045EPSS
Exploits0References4
OSV
OSV
added 2 days ago8 views

ROOT-OS-UBUNTU-2404-CVE-2025-40156 CVE-2025-40156 in rootio-linux - Patched by Root

Root has patched CVE-2025-40156 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.4AI score0.00183EPSS
Exploits0
Patchstack
Patchstack
added 2026/07/08 3:14 p.m.5 views

WordPress LatePoint plugin <= 5.6.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin LatePoint versions = 5.6.3...

9.3CVSS6.1AI score0.00291EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/07/03 7:53 a.m.40 views

CVE-2026-11398 LatePoint <= 5.6.1 - Missing Authorization to Unauthenticated Arbitrary Customer Data Modification via process_step_customer() Booking Form Customer Step

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS0.00338EPSS
Exploits0References10
CVE
CVE
added 2026/07/02 2:2 p.m.24 views

CVE-2026-9272

CVE-2026-9272 affects Progress Flowmon ADS prior to 12.5.6 and 13.0.5. An adversary authenticated as a low-privileged ADS user can send specially crafted requests that lead to unauthorized access to and modification of application data. The CVE’s metrics indicate HIGH impact on confidentiality, i...

8.7CVSS5.8AI score0.00247EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/02 12:17 p.m.5 views

CVE-2026-27433

Unauthenticated Broken Access Control in Motors = 5.6.80 versions...

6.5CVSS0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:14 a.m.36 views

CVE-2026-27433 WordPress Motors theme <= 5.6.80 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Motors = 5.6.80 versions...

6.5CVSS0.00253EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:14 a.m.9 views

CVE-2026-27433

Unauthenticated Broken Access Control in Motors = 5.6.80 versions...

6.5CVSS5.8AI score0.00253EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-55053

Name of the Vulnerable Software and Affected Versions WPIDE – File Manager & Code Editor versions prior to 3.5.7 Description An unauthenticated Cross Site Request Forgery CSRF issue exists. CSRF is a flaw that allows an attacker to trick a victim into performing actions they did not intend to do ...

8.8CVSS6AI score0.00142EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/07/01 12:46 p.m.5 views

WordPress LatePoint – Calendar Booking plugin for Appointments and Events plugin <= 5.6.3 - Authenticated (Custom+) Privilege Escalation to Administrator vulnerability

Authenticated Custom+ Privilege Escalation to Administrator vulnerability discovered by d.v4ns3c in WordPress Plugin LatePoint versions = 5.6.3...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 12:22 p.m.5 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities (CVE-2026-7246)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2026-7246 DESCRIPTION: Pallets Click, versions 8.3.2...

7.2CVSS6AI score0.0081EPSS
Exploits1Affected Software1
The Hacker News
The Hacker News
added 2026/06/27 12:19 p.m.17 views

OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards

OpenAI on Friday released three versions of GPT-5.6 , called Sol, Terra, and Luna , as a limited preview to a small number of companies as part of an ongoing engagement with the U.S. government. While Sol is the latest flagship model and the most powerful, Terra strikes a balance between efficien...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/06/26 2:52 p.m.8 views

EUVD-2026-39699

Unauthenticated SQL Injection in 워드프레스 결제 심플페이 = 5.5.6 versions...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/22 11:18 p.m.5 views

Improper Enforcement of Behavioral Workflow

Overview filament/filament is an A collection of full-stack components for accelerated Laravel app development. Affected versions of this package are vulnerable to Improper Enforcement of Behavioral Workflow through the improper handling of recovery codes in app-based multi-factor authentication...

9.1CVSS5.9AI score0.00193EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 p.m.8 views

CVE-2026-48166

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered email addresses. The impact is limited to disclosing whether ...

5.3CVSS0.0021EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 9:39 p.m.29 views

CVE-2026-48505

Filament’s MFA recovery-code handling (versions 4.0.0–4.11.5 and 5.6.5) allows the same recovery code to be reused under concurrent submissions. When recovery codes are enabled, an attacker with the user’s password and codes can establish multiple authenticated sessions per code, extending access...

7.4CVSS5.9AI score0.00193EPSS
Exploits0References1
Circl
Circl
added 2026/06/17 2:0 a.m.10 views

CVE-2026-50656

creationtimestamp| type| source ---|---|--- 2026-06-17 02:00:50+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3moh7qulrzn2n 2026-06-17 08:36:55+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/microsoft-security-advisory-av26-607 2026-06-17 10:00:59+00:00| seen|...

7.8CVSS7AI score0.03391EPSS
Exploits0References100
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50359

Unauthenticated PHP Object Injection in WP Activity Log = 5.6.3.1 versions...

9.8CVSS5.4AI score0.00661EPSS
Exploits1References3
NVD
NVD
added 2026/06/15 9:16 p.m.10 views

CVE-2026-40785

Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...

7.1CVSS0.00385EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/15 8:20 p.m.8 views

Incorrect Resource Transfer Between Spheres

Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres via SimpleAsyncHTTPClient. An attacker can obtain sensitive credentials by exploiting...

7.7CVSS5.9AI score0.00486EPSS
Exploits0References2
Rows per page
Query Builder