Lucene search
K

1781 matches found

Ubuntu
Ubuntu
added 2026/03/05 10:30 p.m.9 views

USN-8079-1: less vulnerability

It was discovered that less incorrectly handled certain file names. An attacker could possibly use this issue to cause a denial of service or execute arbitrary commands...

7.8CVSS6AI score0.01059EPSS
Exploits0
OSV
OSV
added 2026/02/24 2:16 p.m.3 views

UBUNTU-CVE-2026-2807

Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

9.8CVSS7.4AI score0.00245EPSS
Exploits0References6
CVE
CVE
added 2026/02/24 1:33 p.m.20 views

CVE-2026-2777

CVE-2026-2777 is a privilege-escalation vulnerability in the Firefox/Thunderbird Messaging System component. The issue is fixed in Firefox 148, Firefox ESR 115.33/140.8, Thunderbird 148, and Thunderbird 140.8. Connected sources (Astra Linux, AWS advisories, Debian security notes) confirm the same...

9.8CVSS5.8AI score0.00366EPSS
Exploits0References34Affected Software2
Cvelist
Cvelist
added 2026/02/24 1:33 p.m.24 views

CVE-2026-2765 Use-after-free in the JavaScript Engine component

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

0.00469EPSS
Exploits0References5
CBLMariner
CBLMariner
added 2026/02/24 1:8 a.m.5 views

CVE-2026-25506 affecting package munge for versions less than 0.5.18-1

CVE-2026-25506 affecting package munge for versions less than 0.5.18-1. An upgraded version of the package is available that resolves this issue...

7.8CVSS5.4AI score0.00302EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.6 views

PT-2026-21090

Name of the Vulnerable Software and Affected Versions ModelTheme Addons for WPBakery and Elementor versions prior to 1.5.6 Description A flaw exists in ModelTheme Addons for WPBakery and Elementor that allows for Object Injection due to deserialization of untrusted data. This issue impacts the...

5.5AI score0.00344EPSS
Exploits0References3
CBLMariner
CBLMariner
added 2026/02/19 10:21 p.m.8 views

CVE-2026-26157 affecting package busybox for versions less than 1.35.0-17

CVE-2026-26157 affecting package busybox for versions less than 1.35.0-17. A patched version of the package is available...

7CVSS5.5AI score0.00682EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/02/19 7:21 p.m.7 views

CVE-2026-2655

A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::strless::operator of the file include/chaiscript/chaiscriptdefines.hpp. The manipulation results in use after free. The attack requires a local approach. The attack requires a high level of...

2.5CVSS5AI score0.00191EPSS
Exploits1References1
Snyk
Snyk
added 2026/02/18 3:5 p.m.3 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the operator in the chaiscript::strless function of the chaiscriptdefines.hpp file. An attacker can cause a program crash or unexpected behavior by triggering use of memory after it has been freed through complex loca...

2.5CVSS5.5AI score0.00191EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-20416

A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::str less::operator of the file include/chaiscript/chaiscript defines.hpp. The manipulation results in use after free. The attack requires a local approach. The attack requires a high level of...

2.5CVSS5AI score0.00191EPSS
Exploits1References7
CBLMariner
CBLMariner
added 2026/02/13 5:54 p.m.11 views

CVE-2026-1642 affecting package nginx for versions less than 1.28.2-1

CVE-2026-1642 affecting package nginx for versions less than 1.28.2-1. An upgraded version of the package is available that resolves this issue...

8.2CVSS5.4AI score0.00339EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/11 7:30 a.m.5 views

CVE-2026-24312

An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data...

5.2CVSS5.6AI score0.0017EPSS
Exploits0References1
OSV
OSV
added 2026/02/10 4:16 a.m.7 views

CVE-2026-24312

An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data...

5.2CVSS5.8AI score0.0017EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/05 9:26 p.m.8 views

WordPress Keap Official Opt-in Forms plugin < 1.0.12 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by MINGYOUNG BAN in WordPress Plugin Keap Official Opt-in Forms versions 1.0.12...

4.8CVSS5.3AI score0.00402EPSS
Exploits2References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/02/05 10:39 a.m.4 views

firefox: thunderbird: Use-after-free in the JavaScript: GC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript: GC component...

6.5CVSS5.7AI score0.00361EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/02/03 10:39 p.m.9 views

WordPress Tutor LMS plugin <= 3.9.5 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Course Modification and Deletion vulnerability

Insecure Direct Object Reference to Authenticated Instructor+ Arbitrary Course Modification and Deletion vulnerability discovered by WordFence in WordPress Plugin Tutor LMS versions = 3.9.5...

8.1CVSS5.4AI score0.00345EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/01/28 4:22 a.m.3 views

firefox: thunderbird: Clickjacking issue, information disclosure in the PDF Viewer component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Clickjacking issue, information disclosure in the PDF Viewer component...

4.3CVSS5.7AI score0.00284EPSS
Exploits0References6
OSV
OSV
added 2026/01/27 9:15 a.m.9 views

AZL-75470 CVE-2026-24809 affecting package ntopng for versions less than 5.2.1-4

An issue from the component luaGrunerror in dependencies/lua/src/ldebug.c in praydog/REFramework version before 1.5.5 leads to a heap-buffer overflow when a recursive error occurs...

6.9CVSS5.7AI score0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 4:52 p.m.17 views

CVE-2025-69186 WordPress Hospital Doctor Directory plugin <= 1.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through = 1.3.9...

7.3CVSS0.00219EPSS
Exploits0References1
Veracode
Veracode
added 2026/01/21 9:12 a.m.10 views

Improper Access Control

github.com/kyverno/kyverno is vulnerable to Improper Access Control. The vulnerability is due to incorrect handling of multiple policy exceptions in enforce mode, which allows an attacker to bypass enforced policies by leveraging a less restrictive exception even when a more restrictive exception...

5.6AI score
Exploits0
Rows per page
Query Builder