Lucene search
K

1218 matches found

Cvelist
Cvelist
added 2026/06/25 3:26 p.m.35 views

CVE-2026-48945 Joomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26

The K2 article gallery upload path accepts a zip/tar archive, extracts it under /media/k2/galleries//, and only renames image files gif/jpg/jpeg/png/webp to safe names — non-image files including .php are extracted as-is and remain executable via direct HTTP access...

0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 3:23 p.m.17 views

CVE-2026-48942

Affected software: K2 extension for Joomla (getk2.com), version constraint listed as K2 ≤ 2.26. Vulnerability: two templates render the database column __#k2_users.image directly into HTML src attributes without HTML escaping, revealing a stored-XSS risk. Root cause: lack of escaping when injecti...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/24 5:17 p.m.3 views

UBUNTU-CVE-2026-52968

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic kvms390pciaifenable, kvms390pciaifdisable, and aenhostforward index the GAIT by manually multiplying the index with sizeofstruct zpcigaite. Since...

7.1CVSS5.6AI score0.0018EPSS
Exploits0References3
OSV
OSV
added 2026/06/18 9:13 p.m.5 views

GHSA-Q59X-JC9F-GFQF Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints

Summary signalk-server versions up to and including 2.27.0 contain a Server-Side Request Forgery SSRF vulnerability in three administrative endpoints used for remote Signal K server connection management. The makeRemoteRequest function accepts attacker-controlled host, port, useTLS, and...

5.8CVSS5.7AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.14 views

CVE-2026-9617

A flaw was found in PostgreSQL Anonymizer. A user with specific table creation privileges can exploit this vulnerability by embedding malicious code within a column identifier when creating a table. If a superuser subsequently invokes the k-anonymity function, the embedded malicious code is...

8.8CVSS5.3AI score0.0025EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.10 views

CVE-2026-45760

Externally Controlled Reference to a Resource in Another Sphere, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the...

8.1CVSS5.4AI score0.00325EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.22 views

PT-2026-46011

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ath12k wifi driver where a stale link mapping is retained in ahvif-links map. This occurs when an arvif is initialized in non-AP STA mode but MLO connection...

5.8AI score0.00121EPSS
Exploits0References5
NVD
NVD
added 2026/05/27 2:17 p.m.21 views

CVE-2026-9617

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...

8.8CVSS0.0025EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 1:55 p.m.10 views

CVE-2026-9617

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...

6.8CVSS5.9AI score0.0025EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/27 1:55 p.m.11 views

EUVD-2026-32504

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...

6.8CVSS5.9AI score0.0025EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

PostgreSQL Anonymizer 安全漏洞

PostgreSQL Anonymizer is an open-source extension developed by DALIBO in France, designed to mask or replace personally identifiable information PII or commercially sensitive data in PostgreSQL databases. PostgreSQL Anonymizer has a security vulnerability that stems from allowing users to obtain...

8.8CVSS6AI score0.0025EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2026/05/23 12:0 a.m.13 views

CyBOKClaw: Human-In-The-Loop CyBOK Mapping for Cybersecurity Curriculum

This paper presents CyBOKClaw, an interpretable human-in-the-loop retrieval framework for mapping cybersecurity keywords or phrases KWoPs to the Cyber Security Body of Knowledge CyBOK. Rather than treating the task as strict exact classification, the framework is designed as a top-k candidate...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/21 3:34 p.m.3 views

GHSA-Q8CH-JX67-Q52X Apache Camel K: Kubernetes namespace authorized users can create a Build resource

Externally Controlled Reference to a Resource in Another Sphere, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the...

8.1CVSS5.8AI score0.00325EPSS
Exploits0References10
NVD
NVD
added 2026/05/21 1:16 p.m.28 views

CVE-2026-45760

Externally Controlled Reference to a Resource in Another Sphere, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the...

8.1CVSS0.00325EPSS
Exploits0References2
CVE
CVE
added 2026/05/21 11:43 a.m.28 views

CVE-2026-45760

Apache Camel K (CVE-2026-45760) contains a cross-namespace build execution vulnerability: authorized users in a Kubernetes namespace can create a Build resource that controls Pod generation in a target namespace, including the operator namespace, via externally controlled resource references and ...

8.1CVSS5.8AI score0.00325EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/21 11:43 a.m.8 views

CVE-2026-45760 Apache Camel K: Camel K Cross-Namespace Build Deputy Attack

Externally Controlled Reference to a Resource in Another Sphere, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the...

5.8AI score0.00325EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 11:43 a.m.7 views

CVE-2026-45760

Externally Controlled Reference to a Resource in Another Sphere, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the...

5.8AI score0.00325EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/21 11:43 a.m.11 views

EUVD-2026-31268

Externally Controlled Reference to a Resource in Another Sphere, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the...

5.8AI score0.00325EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 11:43 a.m.45 views

CVE-2026-45760 Apache Camel K: Camel K Cross-Namespace Build Deputy Attack

Externally Controlled Reference to a Resource in Another Sphere, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the...

0.00325EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.22 views

PT-2026-42459

Name of the Vulnerable Software and Affected Versions Apache Camel K versions 2.0.0 through 2.8.0 Apache Camel K versions 2.9.0 through 2.9.1 Apache Camel K versions 2.10.0 Description Authorized users in a Kubernetes namespace can create a Build resource to control Pod generation in a namespace ...

8.1CVSS5.8AI score0.00325EPSS
Exploits0References17
Rows per page
Query Builder