Lucene search
K

3117 matches found

CVE
CVE
added 2026/06/26 8:21 p.m.111 views

CVE-2026-48778

Notepad++ prior to 8.9.6.1 is affected by an RCE in config.xml: the value is read without validation and passed to ShellExecute when triggering File → Open Containing Folder → cmd, enabling attacker-controlled executable paths. The issue stems from NppXml::value() storing the value in _nppGUI._c...

7.8CVSS5.8AI score0.01314EPSS
Exploits5References2Affected Software1
EUVD
EUVD
added 2026/06/26 12:32 a.m.5 views

EUVD-2026-39569

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead t...

9.4CVSS5.9AI score0.00378EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52595

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, which allows attackers to impersonate charging stations. This flaw can be exploited to gain unauthoriz...

9.4CVSS5.8AI score0.00378EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:47 p.m.5 views

CVE-2026-1840

The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness exposes essential configuration settings, allowing attackers to alter operational parameters and trigger system restarts without...

8.7CVSS5.9AI score0.00726EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/15 5:28 p.m.12 views

EUVD-2026-32916

PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values DoS...

3.7CVSS5.1AI score0.00222EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

QNAP qumagie 信息泄露漏洞

QNAP Systems QuMagie is a QTS photo management application developed by QNAP Systems. There is a security vulnerability in QNAP Systems QuMagie, which stems from lack of authorization. This vulnerability may allow remote attackers to access unauthorized data or perform unauthorized operations. Th...

8.7CVSS5.9AI score0.00322EPSS
Exploits0References1
Schneier on Security
Schneier on Security
added 2026/06/08 11:1 a.m.11 views

Anthropic’s Project Glasswing Update

In April, Anthropic initated Project Glasswing. The idea was to let companies use their new model to find and fix vulnerabilities in their own software. It was a fantastic PR move, and so many press outlets have uncritically parroted Anthropic's claims that it's now common wisdom that Mythos is...

5.4AI score
Exploits0
OSV
OSV
added 2026/06/06 6:12 a.m.11 views

BELL-CVE-2026-46250

Bulletin has no description...

7.3CVSS5.2AI score0.00128EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.8 views

CVE-2026-39331

ChurchCRM is an open-source church management system. Prior to 7.1.0, an authenticated API user can modify any family record's state without proper authorization by simply changing the familyId parameter in requests, regardless of whether they possess the required EditRecords privilege...

8.1CVSS5.6AI score0.00214EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 10:45 p.m.7 views

CVE-2026-10688

A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function executeblendercode of the file /src/blendermcp/server.py. This manipulation of the argument code causes code injection. The attack is possible to be carried...

6.5CVSS5.9AI score0.00178EPSS
Exploits0References6
OSV
OSV
added 2026/05/28 3:47 p.m.4 views

MINI-GMPQ-7W7W-PG62

Bulletin has no description...

6.5CVSS5.7AI score0.00471EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/22 1:14 p.m.19 views

ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model

The distributed pixel cache was originally designed to operate without a challenge–response authentication model. However, given today’s heightened security expectations, we have changed our implementation...

4.1CVSS5.8AI score0.00109EPSS
Exploits0References3Affected Software17
CVE
CVE
added 2026/05/20 4:6 p.m.90 views

CVE-2026-20223

Cisco Secure Workload is affected by a vulnerability in the access validation of internal REST APIs that could allow an unauthenticated, remote attacker to access site resources with Site Admin privileges. The issue arises from insufficient validation/authentication when accessing REST API endpoi...

10CVSS5.8AI score0.00835EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.36 views

CVE-2026-31240

The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records PUT /memories/memoryid are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit...

0.00372EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 6:10 a.m.10 views

BELL-CVE-2026-43217

Bulletin has no description...

5.5CVSS6AI score0.00126EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 4:16 a.m.14 views

CVE-2026-43941

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal...

9.6CVSS0.00394EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/04 9:42 a.m.16 views

OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a...

2.5CVSS5.8AI score0.0013EPSS
Exploits0References7
OSV
OSV
added 2026/04/28 10:20 a.m.5 views

MINI-VRGX-VHPJ-3VPM

Bulletin has no description...

6.9CVSS4.9AI score0.00527EPSS
Exploits0
OSV
OSV
added 2026/04/28 9:15 a.m.4 views

MINI-PPPW-6JRW-8WXR

Bulletin has no description...

6.3CVSS4.8AI score0.00395EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

SenseLive X3050 访问控制错误漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a access control vulnerability, which stems from the lack of authentication or authorization in the embedded management services. This...

9.8CVSS5.8AI score0.00546EPSS
Exploits0References1
Rows per page
Query Builder