Lucene search
K

19070 matches found

EUVD
EUVD
added 2026/06/30 6:0 a.m.6 views

EUVD-2026-40264

The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested groupid before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII name, email, phone, address, payment information from...

4.9CVSS5.8AI score0.00234EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53894

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description In the extract function of the Tarfile module, the filter parameter is not correctly handled when extracting hardlinks. This issue allows a system extracting content from untrusted tar files t...

2CVSS6AI score0.00235EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-53280

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iommu: Fix NULL group-domain dereference in pcidevresetiommudone Local sashiko review pointed it out that group-domain could be NULL when a default domain fails...

5.5CVSS6AI score0.00107EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-363 Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass

Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 root. This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted KERNELUID or KERNELGID value. The feature...

9.8CVSS6.2AI score0.00106EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-568 vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object

vllm-project vllm version 0.6.0 contains a vulnerability in the distributed training API. The function vllm.distributed.GroupCoordinator.recvobject deserializes received object bytes using pickle.loads without sanitization, leading to a remote code execution vulnerability. Maintainer perspective...

9.8CVSS7.4AI score
Exploits0References8
OSV
OSV
added 2026/06/29 6:2 a.m.4 views

BIT-GITLAB-2026-5796 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with Reporter-level group permissions to view package metadata from projects with the...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 6:2 a.m.5 views

BIT-GITLAB-2026-5309 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to read or modify another group's virtual registry cleanup policy settings without...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.13 views

PT-2026-53692

Name of the Vulnerable Software and Affected Versions AWS Application Load Balancer affected versions not specified Description Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer when AWS WAF is enabled may allow remote actors to bypass managed rule body inspection. B...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References10
CVE
CVE
added 2026/06/29 12:0 a.m.13 views

CVE-2026-51221

CVE-2026-51221 describes a buffer overflow in the Get_Attribute_List() function of the EIPStackGroup OpENer project (commit 76b95c) that can cause a Denial of Service when processing a crafted CPF packet. Affected component is the OpENer EIP stack; the root cause is a buffer overflow in the Get_A...

7.5CVSS6AI score0.00351EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/28 4:28 a.m.39 views

CVE-2026-10593 Remotely triggerable NULL-pointer dereference in Bluetooth LE Audio BAP unicast client QoS-state handling

The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicastclientepqosstate subsys/bluetooth/audio/bapunicastclient.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd through the...

6.5CVSS0.00185EPSS
Exploits1References2
NVD
NVD
added 2026/06/28 2:16 a.m.12 views

CVE-2026-58054

MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group gid 4 and its datahandler's verifyusergroup unconditionally returns true. An admin holding only the delegated user-management...

8.6CVSS0.00272EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/28 1:32 a.m.9 views

EUVD-2026-39974

MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group gid 4 and its datahandler's verifyusergroup unconditionally returns true. An admin holding only the delegated user-management...

8.6CVSS5.8AI score0.00272EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.45 views

CVE-2026-58054 MyBB - Privilege Escalation from Limited ACP User Management to Administrator

MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group gid 4 and its datahandler's verifyusergroup unconditionally returns true. An admin holding only the delegated user-management...

8.6CVSS0.00272EPSS
Exploits0References2
CVE
CVE
added 2026/06/28 1:32 a.m.37 views

CVE-2026-58054

MyBB 1.8.40 is affected: the limited Admin Control Panel user management can assign the Administrators group (gid 4) because verify_usergroup() unconditionally returns true. This enables escalation from delegated user-management to full Administrator permissions. The issue comes from the user mod...

8.6CVSS5.8AI score0.00272EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.12 views

PT-2026-53086

Name of the Vulnerable Software and Affected Versions MyBB version 1.8.40 Description An issue exists where users with limited Admin Control Panel ACP access can assign any usergroup to an account during creation or editing. This occurs because the verify usergroup function in the user module...

8.6CVSS5.8AI score0.00272EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53275

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv6: mcast: Fix use-after-free when processing MLD queries When processing an MLD query, a pointer to the multicast group address is retrieved when initially...

8.8CVSS6AI score0.00252EPSS
Exploits0References4
NVD
NVD
added 2026/06/27 9:16 a.m.8 views

CVE-2026-49413

The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. A...

7.1CVSS0.00098EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/27 9:8 a.m.36 views

CVE-2026-49413 Flaw in Linuxulator execution of setugid binaries

The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. A...

0.00098EPSS
Exploits1References1
CVE
CVE
added 2026/06/27 9:8 a.m.124 views

CVE-2026-49413

The CVE-2026-49413 issue affects the Linuxulator in FreeBSD, where the runtime determines set-user-ID/set-group-ID status by the P_SUGID flag. During execve, P_SUGID is not yet set when the ELF auxiliary vector is constructed, causing AT_SECURE to be incorrectly set to zero for setuid/setgid exec...

7.1CVSS5.8AI score0.00098EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/26 8:17 p.m.6 views

UBUNTU-CVE-2026-53280

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix NULL group-domain dereference in pcidevresetiommudone Local sashiko review pointed it out that group-domain could be NULL when a default domain fails to allocate during the first probe, which can crash at...

5.5CVSS5.7AI score0.00107EPSS
Exploits0References5
Rows per page
Query Builder