Lucene search
+L

704 matches found

NVD
NVD
added 2 days ago4 views

CVE-2026-48799

Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...

7.7CVSS0.00164EPSS
Exploits0References4
NVD
NVD
added 2 days ago4 views

CVE-2026-20158

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS0.00252EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-20158

Technical details (affected products, versions, root cause, and exploit information) are not publicly available in the provided documents. Monitor for updates.

7.5CVSS6.1AI score0.00252EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-44721

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS6.1AI score0.00252EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-20158 Cisco RoomOS Security Hardening Release - Resource Lifetime Management Vulnerabilities

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS0.00252EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-48799 Postiz: Unauthenticated arbitrary lifetime PRO grant via Nowpayments webhook

Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...

7.7CVSS0.00164EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-44712

Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...

7.7CVSS6.2AI score0.00164EPSS
Exploits0References4
CVE
CVE
added 2 days ago5 views

CVE-2026-48799

CVE-2026-48799 - Postiz : An unauthenticated Nowpayments IPN callback verification flaw allows a low-privilege attacker to read the target subscription ID from the untrusted request body and grant lifetime PRO subscriptions to arbitrary organizations. Root cause: missing IPN authenticity verifica...

7.7CVSS6.2AI score0.00164EPSS
Exploits0References4
OSV
OSV
added 2 days ago3 views

CVE-2026-48799 Postiz: Unauthenticated arbitrary lifetime PRO grant via Nowpayments webhook

Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...

7.7CVSS6.2AI score0.00164EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-44649

The Grav API plugin getgrav/grav-plugin-api before 2.0.4 contains an improper session invalidation vulnerability where JWT access tokens are issued without a jti JWT ID claim and therefore cannot be revoked server-side. Unlike refresh tokens, access tokens remain valid for their full lifetime...

6.9CVSS6.1AI score0.00194EPSS
Exploits0References2
NVD
NVD
added 3 days ago7 views

CVE-2026-46629

Twig is a template language for PHP. Prior to 3.26.0, twig/intl-extra memoises IntlDateFormatter and NumberFormatter instances in arrays keyed by template-controlled filter arguments such as locale, pattern, and attrs, allowing a template to allocate many ICU formatter objects that remain pinned...

6.5CVSS0.00302EPSS
Exploits0References3
NVD
NVD
added 3 days ago3 views

CVE-2026-44806

Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network...

7.5CVSS0.00776EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 3 days ago4 views

PT-2026-58127

Name of the Vulnerable Software and Affected Versions Windows Cryptographic Services affected versions not specified Windows Schannel affected versions not specified Description A memory leak occurs in Windows Cryptographic Services when memory is not released after its effective lifetime. This...

5.3CVSS6.1AI score0.00776EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 3 days ago6 views

PT-2026-60105

Name of the Vulnerable Software and Affected Versions Nebula-mesh versions 0.2.0 through 0.3.8 Description When OIDC is enabled, the application is susceptible to a denial of service via memory exhaustion. An unauthenticated remote client can repeatedly send requests to the GET /ui/oidc/login...

5.3CVSS6.2AI score
Exploits0References6
EUVD
EUVD
added 2026/07/08 2:18 p.m.5 views

EUVD-2026-42279

Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...

7.5CVSS5.9AI score0.00283EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.8 views

PT-2026-56453

Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...

7.5CVSS5.9AI score0.00283EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 7:42 p.m.7 views

EUVD-2026-41430

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution...

9.3CVSS6AI score0.00356EPSS
Exploits0References5
CVE
CVE
added 2026/06/25 2:34 p.m.19 views

CVE-2026-57437

Nokogiri (Ruby) vulnerable in versions prior to 1.19.4 due to Nokogiri::XML::XPathContext not keeping the source document alive for GC. If an XPathContext outlives its document and the document is collected, evaluating an XPath expression could read invalid memory and potentially segfault. This i...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 2:34 p.m.37 views

CVE-2026-57437 Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetime

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...

6.3CVSS0.00312EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/25 2:34 p.m.8 views

CVE-2026-57437

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...

6.3CVSS5.8AI score0.00312EPSS
Exploits0References1
Rows per page
Query Builder