Lucene search
K

1950 matches found

NVD
NVD
added 4 days ago9 views

CVE-2026-1365

Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc. OSOS allows Authentication Bypass. This issue affects OSOS: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

6.5CVSS0.00443EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42551

Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc. OSOS allows Authentication Bypass. This issue affects OSOS: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

6.5CVSS5.9AI score0.00443EPSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2026-1365

Summary: CVE-2026-1365 describes an information-disclosure vulnerability in Sayax Energy Technologies Inc. OSOS that permits insertion of sensitive information into data sent by the system and enables an authentication bypass. The issue affects OSOS up to version 09072026. CVSS 3.1 metrics indica...

6.5CVSS5.9AI score0.00443EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-1365 Information Disclosure in Sayax's OSOS

Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc. OSOS allows Authentication Bypass. This issue affects OSOS: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

6.5CVSS0.00443EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-1365

Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc. OSOS allows Authentication Bypass. This issue affects OSOS: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

6.5CVSS5.9AI score0.00443EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago4 views

EUVD-2026-42247

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.manifest INSERT policy that allows read-only org members to insert OTA manifest rows. Attackers with read-only org access can inject malicious manifest entries with arbitrary s3path values that are served to device...

7.1CVSS6AI score0.00203EPSS
Exploits0References2
CVE
CVE
added 5 days ago7 views

CVE-2026-56220

Capgo before version 12.128.2 contains an authorization bypass in the public.manifest INSERT policy that lets read-only org members insert OTA manifest rows. Attackers with read-only org access can inject malicious manifest entries with arbitrary s3_path values, which are served to devices via th...

7.1CVSS6AI score0.00203EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/06 12:30 a.m.5 views

EUVD-2026-41782

Insertion of Sensitive Information Into Sent Data vulnerability in Tim Strifler Exclusive Addons Elementor allows Retrieve Embedded Sensitive Data. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.9...

5.3CVSS5.9AI score0.00201EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/05 9:36 p.m.7 views

CVE-2026-59511

Insertion of Sensitive Information Into Sent Data vulnerability in Tim Strifler Exclusive Addons Elementor allows Retrieve Embedded Sensitive Data. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.9...

5.3CVSS5.9AI score0.00201EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.9 views

PT-2026-55825

Name of the Vulnerable Software and Affected Versions Exclusive Addons Elementor versions prior to 2.7.10 Description An issue involving the insertion of sensitive information into sent data allows for the retrieval of embedded sensitive data. Recommendations Update Exclusive Addons Elementor to...

5.3CVSS5.9AI score0.00201EPSS
Exploits0References3
NVD
NVD
added 2026/07/03 1:17 p.m.6 views

CVE-2026-46467

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low...

5.8CVSS0.00085EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/03 1:4 p.m.8 views

EUVD-2026-41543

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low...

5.8CVSS5.9AI score0.00085EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 5:40 p.m.6 views

EUVD-2026-41104

Insertion of Sensitive Information Into Sent Data vulnerability in HubSpot allows Retrieve Embedded Sensitive Data. This issue affects HubSpot: from n/a through 11.3.51...

7.4CVSS5.8AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 4:4 p.m.7 views

EUVD-2026-41054

Guardian language-system fails to sanitize the id GET parameter before inserting it into HTML source and form action attributes in media.php lines 119, 129. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/26 2:14 a.m.10 views

SUSE CVE-2026-52954

In the Linux kernel, the following vulnerability has been resolved: libceph: handle rbtree insertion error in decodechooseargs A message of type CEPHMSGOSDMAP contains an OSD map that itself contains a CRUSH map. The received CRUSH map may optionally contain chooseargs that get decoded in...

6.5CVSS5.8AI score0.0053EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/25 12:22 p.m.33 views

CVE-2026-40011 Prometheus denial of service via crafted DNS queries

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...

3.7CVSS0.00158EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 9:16 a.m.6 views

CVE-2026-53259

In the Linux kernel, the following vulnerability has been resolved: ipv6: anycast: insert aca into global hash under idev-lock syzbot reported a splat 1: a slab-use-after-free in ipv6chkacastaddr, which walks the global inet6acaddrlst hash under RCU and dereferences a struct ifacaddr6 that has...

7.8CVSS0.00123EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 9:16 a.m.4 views

UBUNTU-CVE-2026-53259

In the Linux kernel, the following vulnerability has been resolved: ipv6: anycast: insert aca into global hash under idev-lock syzbot reported a splat 1: a slab-use-after-free in ipv6chkacastaddr, which walks the global inet6acaddrlst hash under RCU and dereferences a struct ifacaddr6 that has...

7.8CVSS5.7AI score0.00123EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52423

Name of the Vulnerable Software and Affected Versions APIExperts Square for WooCommerce versions prior to 4.7.4 Description An issue allows the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. This flaw is network-exploitable and requires no...

8.3CVSS5.8AI score0.00182EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 5:17 p.m.7 views

CVE-2026-52954

In the Linux kernel, the following vulnerability has been resolved: libceph: handle rbtree insertion error in decodechooseargs A message of type CEPHMSGOSDMAP contains an OSD map that itself contains a CRUSH map. The received CRUSH map may optionally contain chooseargs that get decoded in...

7.5CVSS0.0053EPSS
Exploits0References8
Rows per page
Query Builder