Lucene search
K

3026 matches found

OSV
OSV
added yesterday3 views

CGA-26RM-6QF5-258V

Bulletin has no description...

7.5CVSS6.8AI score0.01544EPSS
Exploits0
Nuclei
Nuclei
added yesterday89 views

Academy LMS 6.0 - Cross-Site Scripting

Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting XSS vulnerability through query parameter. id: CVE-2023-38964 info: name: Academy LMS 6.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Creative Item Academy LMS 6.0 was discovered to...

6.1CVSS6.4AI score0.01056EPSS
Exploits1References2
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-43238

A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument itemnumber results in sql injection. The attack may be performed from remote. The vendor was contacte...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-15502 AojiaoZero Antaris PayPal IPN Payment ipn.php _rewardPurchase sql injection

A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument itemnumber results in sql injection. The attack may be performed from remote. The vendor was contacte...

6.5CVSS0.00196EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-41129

API Platform Core vulnerable to cross-user attribute leak in JSON:API and HAL item normalizers due to missing isCacheKeySafe gate...

5.9CVSS6.1AI score0.00197EPSS
Exploits0References2
OSV
OSV
added 6 days ago2 views

CGA-2J38-CXFP-C8P6

Bulletin has no description...

6.1AI score
Exploits0
CVE
CVE
added 2026/07/08 8:46 p.m.83 views

CVE-2026-8472

CVE-2026-8472 affects GitLab Enterprise Edition and reports a privilege/authorization issue where an authenticated user with minimal access could read work item metadata from private projects. The root cause is missing authorization checks, enabling unintended metadata access. Affected versions i...

4.3CVSS6AI score0.00243EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/07/08 8:46 p.m.34 views

CVE-2026-8472 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...

4.3CVSS0.00243EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/08 8:46 p.m.7 views

EUVD-2026-42405

GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...

4.3CVSS6AI score0.00243EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.10 views

PT-2026-56617

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.9 through 18.11.6 GitLab EE versions 19.0 through 19.0.3 GitLab EE versions 19.1 through 19.1.1 Description An issue exists where missing authorization checks could allow an authenticated user with minimal access...

4.3CVSS6.1AI score0.00243EPSS
Exploits0References6
NVD
NVD
added 2026/07/07 9:17 p.m.6 views

CVE-2026-46700

Actual is a local-first personal finance tool. Prior to 26.6.0, the GET /secret/:name endpoint in @actual-app/sync-server checks only that the caller has a valid session and does not verify the caller is an admin, while the sibling POST /secret/ handler enforces an admin check in OpenID mode. Any...

4.3CVSS0.00342EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 1:47 p.m.4 views

MINI-QCRP-H9W2-H64R

Bulletin has no description...

6.5CVSS6.7AI score0.00478EPSS
Exploits0
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-992 Heap overflow in `QuantizeAndDequantizeV2`

Impact The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. python import tensorflow as tf @tf.function def test:...

4.8CVSS6AI score0.00401EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 1:33 a.m.2 views

MINI-574J-MG2C-WXW9

Bulletin has no description...

4.7CVSS6.6AI score0.00276EPSS
Exploits1
OSV
OSV
added 2026/07/06 9:55 a.m.5 views

MINI-3P4P-H45W-5JPV

Bulletin has no description...

9.6CVSS5.9AI score0.00233EPSS
Exploits0
OSV
OSV
added 2026/07/06 6:31 a.m.5 views

OESA-2026-2871 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackexpect: use expect-helper Use expect-helper in ctnetlink and /proc to dump the helper name. Using nfcthelp without holding a reference to t...

9.8CVSS5.8AI score0.00469EPSS
Exploits0References15
NVD
NVD
added 2026/07/05 2:16 p.m.7 views

CVE-2026-14753

A vulnerability was detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This impacts an unknown function of the file /PHP/objects/notes of the component Note Handler/Assignment Handler. Performing a manipulation of the argument assignmentitemid results in authorization...

7.5CVSS0.00309EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 1:45 p.m.7 views

CVE-2026-14753

A vulnerability was detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This impacts an unknown function of the file /PHP/objects/notes of the component Note Handler/Assignment Handler. Performing a manipulation of the argument assignmentitemid results in authorization...

7.5CVSS6.7AI score0.00309EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 1:45 p.m.9 views

EUVD-2026-41759

A vulnerability was detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This impacts an unknown function of the file /PHP/objects/notes of the component Note Handler/Assignment Handler. Performing a manipulation of the argument assignmentitemid results in authorization...

7.5CVSS6.7AI score0.00309EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.16 views

PT-2026-55799

Name of the Vulnerable Software and Affected Versions mjperpinosa stumasy versions up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be Description An authorization bypass exists in the Note Handler/Assignment Handler component within the /PHP/objects/notes file. A remote attacker can trigger this issu...

7.5CVSS7.1AI score0.00309EPSS
Exploits0References10
Rows per page
Query Builder