Lucene search
K

45 matches found

CVE
CVE
added 2026/07/03 5:23 p.m.25 views

CVE-2026-14631

Vulnerability overview: CVE-2026-14631 affects webpack-dev-server up to version 5.2.5. An unauthenticated peer sending a normal HTTP request with a malformed Host header or a WebSocket upgrade to /ws with a malformed Origin header triggers an uncaught exception in the host-validation path, crashi...

5.3CVSS6AI score0.00308EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/03 5:23 p.m.42 views

CVE-2026-14631 webpack-dev-server vulnerable to denial of service via a malformed Host or Origin header

webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header or a WebSocket upgrade to the default /ws endpoint with a malformed Origin header. The malformed value causes an uncaught...

5.3CVSS0.00308EPSS
Exploits0References2
OSV
OSV
added 2026/07/03 5:0 p.m.4 views

CVE-2026-14620 webpack-dev-server vulnerable to cross-site request forgery via internal developer endpoints

webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any websi...

4.7CVSS6.1AI score0.00116EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 5:29 p.m.19 views

CVE-2026-57700 WordPress OMGF Pro plugin <= 5.2.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through 5.2.6...

10CVSS0.00373EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-45267

Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been patched in version 5.2.6...

6.5CVSS5.3AI score0.00291EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 4:40 p.m.14 views

CVE-2026-45267 Nextcloud: Missing permission check for from submissions

Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been patched in version 5.2.6...

6.5CVSS5.7AI score0.00291EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.17 views

PT-2026-45477

Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been patched in version 5.2.6...

6.5CVSS5.7AI score0.00291EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/26 2:8 p.m.12 views

CVE-2026-41401 libyang - Heap Use-After-Free Write in XML Metadata Parsing

libyang before 5.2.6 contains a heap use-after-free write vulnerability in lydparsersetdataflags that incorrectly updates metadata list pointers when freeing non-head default metadata entries. Attackers can trigger this vulnerability by submitting crafted YANG XML documents with specific metadata...

7.1CVSS5.9AI score0.00519EPSS
Exploits0References4
CVE
CVE
added 2026/05/26 2:8 p.m.63 views

CVE-2026-41401

CVE-2026-41401 affects libyang prior to 5.2.6, where a heap-use-after-free occurs in lyd_parser_set_data_flags due to incorrect updates to metadata list pointers when freeing non-head default metadata entries. This can be triggered by submitting crafted YANG XML documents with specific metadata a...

7.1CVSS5.9AI score0.00519EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/05 3:30 p.m.6 views

WordPress Ninja Tables – Easy Data Table Builder plugin <= 5.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Table Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Table Creation vulnerability discovered by nquangit - Techlab Corporation in WordPress Plugin Ninja Tables versions = 5.2.6...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/12 2:23 a.m.3 views

CVE-2026-1537

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadstep function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vie...

5.3CVSS5.5AI score0.00244EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/12 2:23 a.m.5 views

CVE-2026-1537 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Missing Authorization to Booking Details Exposure

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadstep function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vie...

5.3CVSS5.5AI score0.00244EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004088)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004088 advisory. An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2usb.c driver...

4.9CVSS6.5AI score0.00762EPSS
Exploits1References17
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004061)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004061 advisory. An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in shownumastats because NUMA fault statisti...

5.4CVSS6.5AI score0.00313EPSS
Exploits0References6
Circl
Circl
added 2025/10/10 11:11 a.m.7 views

CVE-2025-52635

creationtimestamp| type| source ---|---|--- 2025-10-10 11:11:48+00:00| seen| Telegram/U6-OpfEB8PA8JmfNuGIjjqscc7fjmIVPnKg9RJrQefpg5Q...

9.8CVSS4.8AI score0.00247EPSS
Exploits0
NVD
NVD
added 2025/10/03 7:15 p.m.25 views

CVE-2025-47213

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

5.1CVSS0.00439EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 6:11 p.m.5 views

EUVD-2025-32331

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

5.1CVSS6.4AI score0.00356EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 6:10 p.m.5 views

EUVD-2025-32370

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

5.1CVSS6.4AI score0.00439EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.8 views

PT-2025-40568

Name of the Vulnerable Software and Affected Versions QNAP versions prior to 5.2.6.3195 build 20250715 Description A flaw exists where a remote attacker with administrator privileges can trigger a denial-of-service DoS condition due to a NULL pointer dereference. Recommendations Update to QTS...

5.1CVSS6.5AI score0.00356EPSS
Exploits0References3
Snyk
Snyk
added 2025/05/28 6:41 p.m.2 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect through the returnUrl parameter. An attacker can redirect users to malicious websites by crafting a URL that, when clicked, leads to an arbitrary external site. Remediation Upgrade mautic/core-lib to version 5.2.6, 6.0.2 o...

5.4CVSS7AI score0.00204EPSS
Exploits0References2
Rows per page
Query Builder