Lucene search
K

6694 matches found

NVD
NVD
added yesterday3 views

CVE-2026-57364

Improper Validation of Specified Quantity in Input vulnerability in WPDeveloper Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More better-payment allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Better Payment – Instant Payments,...

6.5CVSS0.00351EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday68 views

GeoServer and GeoTools - Remote Code Execution

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

9.8CVSS7.2AI score0.99813EPSS
Exploits25References3
Nuclei
Nuclei
added 3 days ago61 views

Versa Concerto Actuator Endpoint - Authentication Bypass

An authentication bypass vulnerability affected the Spring Boot Actuator endpoints in Versa Concerto due to improper handling of the X-Real-Ip header.Attackers could access restricted endpoints by omitting this header.The issue allowed unauthorized access to sensitive functionality, highlighting...

9.2CVSS7.1AI score0.83479EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in fury_frontend-andes-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29bea4f118854efa6568545722d7210a76e06e64cad4036e0cc0b45c45aafe37 The package's postinstall hook auto-executes index.js on npm install. The script collects the installer's OS username os.userInfo, current working...

6AI score
Exploits0References2
EUVD
EUVD
added last week7 views

EUVD-2026-42033

Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liman MYS: before release.Master.1107...

8.3CVSS5.9AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/05 12:15 p.m.9 views

EUVD-2026-41754

A flaw has been found in AIAnytime Awesome-MCP-Server up to a884bb51bcd99e08e14fd712c749d55d9d9a13ab. Affected by this issue is some unknown functionality of the file mcp-wiki/src/mcpwiki/server.py of the component mcp-wiki/wiki-summary. This manipulation of the argument url causes server-side...

6.5CVSS5.5AI score0.00231EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/05 12:0 p.m.6 views

EUVD-2026-41752

A vulnerability was detected in code-projects Real State Services 1.0. Affected by this vulnerability is an unknown functionality of the file /addprojectsale.php. The manipulation of the argument amen results in sql injection. The attack can be launched remotely...

7.5CVSS5.9AI score0.00269EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.14 views

PT-2026-55777

Name of the Vulnerable Software and Affected Versions SourceCodester Online Boat Reservation System version 1.0 Description An issue exists in an unknown functionality that allows a remote attacker to cause session expiration. Recommendations At the moment, there is no information about a newer...

6.5CVSS6.7AI score0.00209EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.8 views

PT-2026-55735

Name of the Vulnerable Software and Affected Versions code-projects Assessment Management version 1.0 Description A remote cross-site scripting issue exists in the admin/view-users.php file. This occurs when the User argument is manipulated, allowing an attacker to execute malicious scripts in th...

4.8CVSS5.9AI score0.00347EPSS
Exploits0References11
NVD
NVD
added 2026/07/02 3:16 p.m.7 views

CVE-2026-12167

The Minifilter communication port for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropriate access restrictions...

7.8CVSS0.0011EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 2:35 p.m.10 views

EUVD-2026-41376

The Minifilter communication port for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropriate access restrictions...

7.8CVSS5.8AI score0.00169EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/29 6:45 a.m.8 views

CVE-2026-13544

A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project wa...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/06/25 8:39 a.m.2 views

CVE-2026-53237 gpio: mvebu: fix NULL pointer dereference in suspend/resume

In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix NULL pointer dereference in suspend/resume mvebupwmsuspend and mvebupwmresume are called for all GPIO banks during suspend/resume, but not all banks have PWM functionality. GPIO banks without PWM have mvchip-mvpw...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References8
OSV
OSV
added 2026/06/17 4:43 a.m.8 views

MAL-2026-5981 Malicious code in metrics-probe-64b2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cae901b673ee21724897f69c782eb2808c55c2722bacc9912a4a3e60f7019883 package.json declares a postinstall hook "postinstall": "node run.js" that executes run.js automatically on every npm install. run.js imports os, fs,...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/17 12:0 a.m.7 views

RLSA-2026:26180 Moderate: mysql:8.4 security update

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. Security Fixes: mysql:...

6.5CVSS8AI score0.00323EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.19 views

PT-2026-49301

Name of the Vulnerable Software and Affected Versions Kandji Agent versions prior to 4.7.55374 Description A client validation gap in the software allows a local attacker to escalate privileges and invoke restricted agent functionality. Recommendations Update to version 4.7.55374 or later...

8.4CVSS5.2AI score0.00118EPSS
Exploits0References9
NVD
NVD
added 2026/06/12 8:16 p.m.15 views

CVE-2026-54358

An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within their own...

7.5CVSS0.00229EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 7:34 p.m.24 views

CVE-2026-54358

The CVE concerns MISP where an organization administrator can target site administrator accounts within the same organization via the administrative email function due to a faulty authorization check that fails to exclude site-admin recipients from queries. This allows privileged account-manageme...

7.5CVSS5.4AI score0.00229EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48970

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An incorrect authorization issue allows an organization administrator to target site administrator accounts within the same organization using the administrative email functionality. The system...

7.5CVSS5.1AI score0.00229EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.11 views

CVE-2026-9210

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

7.1CVSS5.4AI score0.00216EPSS
Exploits0References1
Rows per page
Query Builder