Lucene search
K

14208 matches found

NVD
NVD
added 2026/06/26 9:16 p.m.10 views

CVE-2026-48770

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WMCOPYDATA message to Notepad++ using the COPYDATAFULLCMDLINE path. The handler appears to process COPYDATASTRUCT.lpData as an unbounded...

5CVSS0.00258EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/06/26 8:22 p.m.29 views

CVE-2026-48770 Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WMCOPYDATA message to Notepad++ using the COPYDATAFULLCMDLINE path. The handler appears to process COPYDATASTRUCT.lpData as an unbounded...

5CVSS0.00258EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:22 p.m.7 views

CVE-2026-48770

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WMCOPYDATA message to Notepad++ using the COPYDATAFULLCMDLINE path. The handler appears to process COPYDATASTRUCT.lpData as an unbounded...

5CVSS5.8AI score0.00258EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2026/06/26 8:22 p.m.91 views

CVE-2026-48770

Notepad++ prior to version 8.9.6.1 is affected by multiple issues arising from insecure handling of inter-process communication data. Specifically, a local attacker can trigger a denial of service (CVE-2026-48770) by sending a malformed WM_COPYDATA message where COPYDATA_FULL_CMDLINE is processed...

5CVSS5.8AI score0.00258EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2026/06/26 8:17 p.m.7 views

CVE-2026-44731

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks whether a given user ID corresponds to a valid account and discloses the user's full name, allowing an attacker to enumerate all existing user account...

4.3CVSS0.00186EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:41 p.m.7 views

CVE-2026-44731

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks whether a given user ID corresponds to a valid account and discloses the user's full name, allowing an attacker to enumerate all existing user account...

4.3CVSS5.8AI score0.00186EPSS
Exploits0References2Affected Software1
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.140 views

Oracle WebLogic Server - Remote Command Execution

Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised machine without entering necessary credentials. See...

10CVSS7.9AI score0.99997EPSS
Exploits43References5
SUSE CVE
SUSE CVE
added 2026/06/26 2:9 a.m.7 views

SUSE CVE-2026-53233

In the Linux kernel, the following vulnerability has been resolved: netdev: fix double-free in netdevnlbindrxdoit Sashiko flags that genlmsgreply always consumes the skb. The error path calls nlmsgfreersp so we can't jump directly to it. Let's not unbind, just propagate the error to the user. Thi...

5.8AI score0.00138EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39598

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...

9.2CVSS5.9AI score0.00242EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39577

A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import...

7.4CVSS6AI score0.00187EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 12:32 a.m.5 views

EUVD-2026-39576

Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...

6CVSS5.9AI score0.0021EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 12:32 a.m.7 views

EUVD-2025-210337

Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API...

9.3CVSS6AI score0.0046EPSS
Exploits1References3
NVD
NVD
added 2026/06/26 12:16 a.m.8 views

CVE-2026-9222

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...

9.2CVSS0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.15 views

PT-2026-52988

Name of the Vulnerable Software and Affected Versions DMP-5000 affected versions not specified Description Devices are shipped with a default administrative web account that utilizes weak authentication controls. These credentials are not required to be changed during the initial configuration or...

9.8CVSS5.8AI score0.00569EPSS
Exploits0References8
NVD
NVD
added 2026/06/25 10:17 p.m.8 views

CVE-2026-11703

Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...

7.5CVSS0.0021EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 10:16 p.m.7 views

CVE-2025-71327

Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API...

9.3CVSS0.0046EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 9:41 p.m.7 views

CVE-2025-71327

Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API...

9.3CVSS6AI score0.0046EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/25 9:41 p.m.25 views

CVE-2025-71327

Flowise has an authentication bypass in the unprotected /api/v1/account/register endpoint. Unauthenticated attackers can register arbitrary accounts and gain full API access without credentials. CVSS metrics are provided (v3.1: 9.1; v4.0: 9.3), indicating a critical impact on confidentiality and ...

9.3CVSS6AI score0.0046EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/25 9:16 p.m.22 views

CVE-2026-12992

Apicurio Registry is affected by an SSRF flaw in the WSDL handling path. The WSDLReaderAccessor constructs a wsdl4j WSDLReader without disabling javax.wsdl.importDocuments, and with the FULL VALIDITY rule enabled, a Developer-role user can upload a WSDL with attacker-controlled import locations, ...

7.4CVSS6AI score0.00187EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/25 9:16 p.m.7 views

CVE-2026-12992 Apicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validation

A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import...

7.4CVSS6AI score0.00187EPSS
Exploits0References2
Rows per page
Query Builder