Lucene search
K

47679 matches found

OSV
OSV
added 2026/02/23 6:23 p.m.4 views

GO-2026-4519 Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels in github.com/mattermost/mattermost-plugin-zoom

Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels in github.com/mattermost/mattermost-plugin-zoom...

4.3CVSS5.6AI score0.00152EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/23 1:31 p.m.5 views

CVE-2026-27199

Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that...

6.3CVSS5.2AI score0.00556EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/02/23 1:25 p.m.3 views

kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution

A flaw was found in the Linux kernel. This vulnerability, known as a use-after-free UAF, occurs in the pagepoolrecycleinring function. A local attacker could exploit this by manipulating the system's memory management, causing a freed memory region to be improperly accessed. This can lead to syst...

7.8CVSS5.8AI score0.00161EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/02/23 12:0 a.m.4 views

An Explainable Memory Forensics Approach for Malware Analysis

Memory forensics is an effective methodology for analyzing living-off-the-land malware, including threats that employ evasion, obfuscation, anti-analysis, and steganographic techniques. By capturing volatile system state, memory analysis enables the recovery of transient artifacts such as decrypt...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/22 7:24 a.m.5 views

CVE-2026-27196

Statmatic is a Laravel and Git powered content management system CMS. Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissions to inject malicious JavaScript that...

8.1CVSS5.5AI score0.0028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.6 views

CVE-2026-27111

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

5.3CVSS5.6AI score0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/21 9:2 p.m.4 views

CVE-2026-2887 aardappel lobster idents.h TypeName recursion

A security vulnerability has been detected in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. Such manipulation leads to uncontrolled recursion. The attack can only be performed from a local environment. The exploit has been...

4.8CVSS4.2AI score0.0018EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2026/02/21 9:2 p.m.4 views

CVE-2026-2887

A security vulnerability has been detected in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. Such manipulation leads to uncontrolled recursion. The attack can only be performed from a local environment. The exploit has been...

4.8CVSS5AI score0.0018EPSS
Exploits1References9Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.4 views

CVE-2025-53217

Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n/a through = 2.0.2...

7.6CVSS5.5AI score0.00204EPSS
Exploits0References1
NVD
NVD
added 2026/02/21 3:15 p.m.12 views

CVE-2026-2869

A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetcvarset of the file src/core/specials.c of the component handleattr Handler. The manipulation leads to out-of-bounds read. The attack can only be performed from a local environment...

5.5CVSS0.0018EPSS
Exploits1References8
NVD
NVD
added 2026/02/21 10:16 a.m.7 views

CVE-2026-27485

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/packageskill.py a local helper script used when authors package skills previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory...

4.6CVSS0.00221EPSS
Exploits0References5
OSV
OSV
added 2026/02/21 10:16 a.m.9 views

CVE-2026-27492 Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused

Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a...

4.7CVSS5.5AI score0.00166EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/21 7:14 a.m.3 views

CVE-2026-27466 BigBlueButton: Exposed ClamAV port enables Denial of Service

BigBlueButton is an open-source virtual classroom. In versions 3.0.21 and below, the official documentation for "Server Customization" on Support for ClamAV as presentation file scanner contains instructions that leave a BBB server vulnerable for Denial of Service. The flawed command exposes both...

7.2CVSS5.6AI score0.00397EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/21 7:14 a.m.2 views

CVE-2026-27466

BigBlueButton is an open-source virtual classroom. In versions 3.0.21 and below, the official documentation for "Server Customization" on Support for ClamAV as presentation file scanner contains instructions that leave a BBB server vulnerable for Denial of Service. The flawed command exposes both...

7.2CVSS5.8AI score0.00397EPSS
Exploits1References3Affected Software1
Huntr
Huntr
added 2026/02/21 6:25 a.m.9 views

Path traversal via startswith() prefix confusion in is_path_in_dir (bypass of CVE-2025-12638 fix)

Description The ispathindir function in keras/src/utils/fileutils.py line 47-48 is a security-critical path validation function introduced as part of the fix for CVE-2025-12638. It is used by both filtersafezipinfos and filtersafetarinfos to validate that archive entries stay within the intended...

8CVSS7.2AI score0.00592EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/02/21 5:36 a.m.6 views

CVE-2026-27211

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration constrained by process privileges when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted...

9.1CVSS5.6AI score0.005EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2026/02/21 4:25 a.m.15 views

CVE-2026-27194

D-Tale (Python package dtale) is affected by CVE-2026-27194 due to a flaw in the /save-column-filter endpoint that allows Remote Code Execution. The issue arises from improper validation when constructing column filters via pandas DataFrame.query(), enabling an attacker to execute arbitrary code ...

9.8CVSS6.7AI score0.00712EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/21 3:50 a.m.16 views

CVE-2026-27192

Feathersjs vulnerability CVE-2026-27192 affects 5.0.39 and earlier. The origin validation in getAllowedOrigin() uses startsWith() to compare Referer against allowed origins, which can be bypassed by registering a domain with a shared prefix (e.g., https://target.com.attacker.com vs https://target...

8.1CVSS5.7AI score0.0024EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/21 1:31 a.m.8 views

CVE-2025-67438

A Stored Cross-Site Scripting XSS vulnerability in Sync-in Server before 1.9.3 allows an authenticated attacker to execute arbitrary JavaScript in a victim's browser. By uploading a crafted SVG file containing a malicious payload, an attacker can access and exfiltrate sensitive information,...

6.1CVSS5.9AI score0.00267EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/21 1:30 a.m.11 views

CVE-2026-1292

Tanium addressed an insertion of sensitive information into log file vulnerability in Trends...

6.5CVSS5.4AI score0.00306EPSS
Exploits0References1
Rows per page
Query Builder