Lucene search
+L

2370 matches found

CVE
CVE
added yesterday12 views

CVE-2026-16126

The CVE affects zevorn rt-claw up to version 0.2.0, specifically the Swarm RPC Receiver’s Swarm.c handle_rpc_request function. The root cause is a manipulation that leads to incorrect authorization, enabling remote exploitation. Public exploit information exists and is accessible. No remediation ...

7.5CVSS7AI score
Exploits0References8
NVD
NVD
added 2 days ago8 views

CVE-2026-48016

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the Store API endpoint /store-api/handle-payment in src/Core/Checkout/Payment/SalesChannel/HandlePaymentMethodRoute.php accepts a user-controlled orderId and forwards it to src/Core/Checkout/Payment/PaymentProcessor.php witho...

4.3CVSS0.00238EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-48016 Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the Store API endpoint /store-api/handle-payment in src/Core/Checkout/Payment/SalesChannel/HandlePaymentMethodRoute.php accepts a user-controlled orderId and forwards it to src/Core/Checkout/Payment/PaymentProcessor.php witho...

4.3CVSS0.00238EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-45239

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the Store API endpoint /store-api/handle-payment in src/Core/Checkout/Payment/SalesChannel/HandlePaymentMethodRoute.php accepts a user-controlled orderId and forwards it to src/Core/Checkout/Payment/PaymentProcessor.php witho...

4.3CVSS5.3AI score0.00238EPSS
Exploits0References5
OSV
OSV
added 2 days ago6 views

CVE-2026-48016 Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the Store API endpoint /store-api/handle-payment in src/Core/Checkout/Payment/SalesChannel/HandlePaymentMethodRoute.php accepts a user-controlled orderId and forwards it to src/Core/Checkout/Payment/PaymentProcessor.php witho...

4.3CVSS5.3AI score0.00238EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 3 days ago6 views

CVE-2026-60082

A flaw was found in perl-DBI, a database interface for Perl. This vulnerability arises when the DBI library processes inconsistent data, specifically when a statement handle lacks fields but is associated with a non-empty data row. This inconsistency can cause the internal row-buffer to attempt...

9.1CVSS6AI score0.00653EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 4 days ago10 views

Linux Distros Unpatched Vulnerability : CVE-2026-60082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row. When the statement handle had no fields but the source row was...

9.1CVSS5.4AI score0.00653EPSS
Exploits0References4
CVE
CVE
added 5 days ago12 views

CVE-2026-60082

The CVE-2026-60082 issue affects Perl DBI prior to 1.651, where the statement handle consistency with the row is not enforced. If the statement handle has no fields but the source row is non-empty, the internal row-buffer helper could read from a negative array index. This can be triggered when a...

9.1CVSS6.1AI score0.00653EPSS
Exploits0References4
OSV
OSV
added 5 days ago4 views

CVE-2026-60082 DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row

DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row. When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array index. This could be triggered by a caller supplying inconsistent...

9.1CVSS6.1AI score0.00653EPSS
Exploits0References8
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-43604

EIPStackGroup OpENer 2.3.0 commit 76b95cf suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands, it verifies whether the provided sessionhandle exists in the global session list, but it fails to...

9.1CVSS6.1AI score0.00379EPSS
Exploits0References3
NVD
NVD
added 6 days ago7 views

CVE-2026-51538

EIPStackGroup OpENer 2.3.0 commit 76b95cf suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands, it verifies whether the provided sessionhandle exists in the global session list, but it fails to...

9.1CVSS0.00379EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-43298

A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch...

7.5CVSS6.6AI score0.00316EPSS
Exploits0References8
NVD
NVD
added 6 days ago8 views

CVE-2026-15541

A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch...

7.5CVSS0.00316EPSS
Exploits0References7
CVE
CVE
added 6 days ago9 views

CVE-2026-15541

CVE-2026-15541 affects will-moss Isaiah up to version 1.36.9. The flaw resides in the Master Websocket Handler’s Server.Handle function (file app/server/server/server.go). A manipulation of the Agent argument can lead to missing authorization, enabling a remote attack. The issue is awaiting a pul...

7.5CVSS6.6AI score0.00316EPSS
Exploits0References7
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-15541 will-moss Isaiah Master Websocket server.go Server.Handle authorization

A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch...

7.5CVSS0.00316EPSS
Exploits0References7
CVE
CVE
added 6 days ago18 views

CVE-2026-51538

CVE-2026-51538 (OpENer 2.3.0) describes an Incorrect Access Control in encapsulation session handling. The server validates that a session_handle exists in the global list but does not verify that the handle belongs to the TCP connection issuing the request. With no strong binding between a sessi...

9.1CVSS6.1AI score0.00379EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-51538

EIPStackGroup OpENer 2.3.0 commit 76b95cf suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands, it verifies whether the provided sessionhandle exists in the global session list, but it fails to...

0.00379EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.10 views

openSUSE 16: apache2 / apache2-devel / apache2-event / apache2-manual / etc (openSUSE-SU-2026:21235-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21235-1 advisory. This update for apache2 fixes the following issues - CVE-2026-29167: modldap per-dir use-after-free bsc1267976. - CVE-2026-29170: modproxyftp XS...

9.8CVSS6.2AI score0.11471EPSS
Exploits8References39
RedhatCVE
RedhatCVE
added 2026/07/08 4:21 p.m.5 views

CVE-2026-11856

A flaw was found in curl. When libcurl performs a transfer to an HTTP origin using Digest authentication and then reuses the same connection handle for a subsequent transfer to a different origin, it may incorrectly send the authentication header intended for the first origin to the second. This...

9.8CVSS5.8AI score0.01064EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/07/07 9:8 p.m.27 views

CVE-2026-55490 OpenWrt: EAD Integer Underflow → Pre-Auth Denial of Service

OpenWrt is a Linux operating system targeting embedded devices. Before v25.12.5, an integer underflow in handlesenda of the Emergency Access Daemon allows any unauthenticated attacker on the local network to crash the daemon by sending a single crafted UDP packet. The message length underflows...

6.5CVSS0.00684EPSS
Exploits1References3
Rows per page
Query Builder