Lucene search
+L

96 matches found

ptsecurity
ptsecurity
added 2026/07/09 12:0 a.m.9 views

PT-2026-56947

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Aalto aalto allows PHP Local File Inclusion.This issue affects Aalto: from n/a through = 1.8...

7.5CVSS6.1AI score0.00496EPSS
Exploits0References3
nvd
nvd
added 2026/07/02 1:17 p.m.14 views

CVE-2026-5524

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS0.00542EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/30 8:30 a.m.39 views

CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS0.00361EPSS
Exploits0References2
cve
cve
added 2026/06/30 8:30 a.m.83 views

CVE-2026-13149

The CVE-2026-13149 entry concerns the library brace-expansion up to version 5.0.6. The vulnerability is in the expand() function, which exhibits exponential-time complexity proportional to the number of consecutive non-expanding '{}' brace groups. This allows an attacker to craft input that cause...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References2
euvd
euvd
added 2026/06/12 10:0 a.m.10 views

EUVD-2026-36411

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...

7CVSS5.1AI score0.00115EPSS
Exploits0References1
hackerone
hackerone
added 2026/06/10 5:0 a.m.15 views

curl: CVE-2026-11856: cross-origin Digest auth state leak

Summary: This issue is the HTTP sibling to the previously disclosed RTSP Digest auth leak. When an application uses libcurl and reuses the same easy handle for sequential transfers the documented best practice, the Digest authentication state captured from the first origin is silently sent to the...

9.8CVSS5.9AI score0.01064EPSS
Exploits1
euvd
euvd
added 2026/06/01 3:32 a.m.16 views

EUVD-2026-33548

An improper neutralization of active SVG content in OTRS or OTRS Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent o...

6.5CVSS5.9AI score0.00333EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/27 12:0 a.m.12 views

ZTE ZXUniPOS NDS-LTE 安全漏洞

ZTE ZXUniPOS NDS-LTE is an operator network positioning platform developed by ZTE Corporation. ZTE ZXUniPOS NDS-LTE has a security vulnerability, which stems from ineffective access control. This vulnerability may allow unauthorized users to access system data that exceeds their permissions, such...

9.1CVSS5.8AI score0.00293EPSS
Exploits0References1
osv
osv
added 2026/05/21 8:35 p.m.13 views

GHSA-CHQV-VRJ7-QFFP NocoDB: Shared-base link access can invite arbitrary users as persistent base members

Summary Shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID xc-shared-base-id, an attacker could enumerate base members and invite an arbitrary email into the base as a real member. The invited user could then redeem the...

5.8CVSS5.9AI score0.00296EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/21 12:0 a.m.19 views

PT-2026-42618

Summary Shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID xc-shared-base-id, an attacker could enumerate base members and invite an arbitrary email into the base as a real member. The invited user could then redeem the...

5.8CVSS5.9AI score
Exploits0References3
github
github
added 2026/05/07 2:57 a.m.10 views

Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change

Summary A session invalidation vulnerability exists in daptin's authentication system where JSON Web Tokens JWTs remain fully valid after a user changes their password. The JWT validation middleware CheckJWT only verifies token signature, expiry, issuer, and signing algorithm — it does not check...

5.9AI score
Exploits0References2Affected Software1
osv
osv
added 2026/05/05 8:9 p.m.6 views

GHSA-98QH-XJC8-98PQ pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...

7.5CVSS5.8AI score0.0077EPSS
Exploits0References4
cve
cve
added 2026/03/24 6:40 p.m.23 views

CVE-2026-33768

Astro: Unauthenticated Path Override via x-astro-path/x_astro_path affects Astro 5.18.1 + @astrojs/vercel 9.0.4 and Astro 6.0.3 + @astrojs/vercel 10.0.0, with patch in 10.0.2. The vulnerable code rewrites the internal request path from a caller-supplied header or query parameter without authentic...

9.1CVSS5.8AI score0.00331EPSS
Exploits1References4Affected Software1
attackerkb
attackerkb
added 2026/03/05 7:0 a.m.6 views

CVE-2026-25702

A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before...

7.3CVSS5.9AI score0.00203EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/03/05 12:0 a.m.14 views

PT-2026-23409

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Server 12 SP5 Description An Improper Access Control issue exists in the kernel of SUSE Linux Enterprise Server 12 SP5, impacting nftables functionality. This prevents firewall rules applied through nftables from...

9.8CVSS6.8AI score0.0071EPSS
Exploits0References156
redhatcve
redhatcve
added 2026/02/20 7:39 p.m.7 views

CVE-2026-27475

SPIP before 4.4.9 allows Insecure Deserialization in the public area through the tablevaleur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content a pre-condition requiring prior access or another vulnerability can trigger arbitrary...

9.2CVSS6AI score0.00776EPSS
Exploits2References1
github
github
added 2026/02/18 10:41 p.m.13 views

Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading

Summary TensorFlow / Keras continues to honor HDF5 “external storage” and ExternalLink features when loading weights. A malicious .weights.h5 or a .keras archive embedding such weights can direct loadweights to read from an arbitrary readable filesystem path. The bytes pulled from that path...

7.5CVSS5.8AI score0.00298EPSS
Exploits0References7Affected Software1
ossf
ossf
added 2026/01/21 4:48 a.m.9 views

Malicious code in plugin-vue (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03d02d8d83b614a55ba66663cbaa93bfc062bb8de63f438fcd60bea960610a5f The package plugin-vue was found to contain malicious code. Source: ghsa-malware 5dd13d282d1e3afa8890341ff538701132443043511faaac6d79e562de074cb3 Any...

5.5AI score
Exploits0References2
nvd
nvd
added 2026/01/20 8:16 a.m.11 views

CVE-2026-0895

The extension extends TYPO3’ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core...

5.2CVSS0.00122EPSS
Exploits0References3
packetstormnews
packetstormnews
added 2025/12/22 12:0 a.m.4 views

6DAttack: Backdoor Attacks in the 6DoF Pose Estimation

Deep learning advances have enabled accurate six-degree-of-freedom 6DoF object pose estimation, widely used in robotics, AR/VR, and autonomous systems. However, backdoor attacks pose significant security risks. While most research focuses on 2D vision, 6DoF pose estimation remains largely...

6.8AI score
Exploits0
Rows per page
Query Builder