Lucene search
+L

1659 matches found

susecve
susecve
added yesterday4 views

SUSE CVE-2025-3879

Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...

7.5CVSS6.7AI score0.00351EPSS
Exploits0References5
cvelist
cvelist
added 2 days ago35 views

CVE-2026-15409

A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location...

0.01404EPSS
Exploits3References1
cve
cve
added 2 days ago8 views

CVE-2026-15392

DBD::File for Perl is affected in versions before 1.651. The issue arises because complete_table_name builds an absolute path to the table file without verifying symbolic links, enabling a symlink inside the data directory to point to a table file anywhere outside configured f_dir/f_dir_search di...

7.7CVSS6.1AI score0.00205EPSS
Exploits0References4
cvelist
cvelist
added 2 days ago26 views

CVE-2026-0487 DLL Hijacking vulnerability in SAProuter on Microsoft Windows

SAProuter on Microsoft Windows allows an unauthenticated attacker to load library DLL files from an untrusted location, allowing them to execute malicious code on the system. This could enable the attacker to hijack the DLL loading process and achieve arbitrary code execution. This has high impac...

8.4CVSS0.00148EPSS
Exploits0References2
cisa_kev
cisa_kev
added 2 days ago6 views

SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability

SonicWall SMA1000 Appliances contain a server-side request forgery vulnerability that could allow a remote unauthenticated attacker to potentially cause the appliance to make requests to unintended location...

10CVSS7.1AI score0.01404EPSS
In wildExploits3
nvd
nvd
added 3 days ago10 views

CVE-2026-49970

Laravel-Mediable before 7.0.0 contains a path traversal vulnerability in the File::sanitizePath function that allows attackers to write uploaded files to arbitrary locations by controlling the directory argument passed to MediaUploader::toDestination. Attackers can exploit the permissive...

8.8CVSS0.00771EPSS
Exploits0References3
nvd
nvd
added 3 days ago9 views

CVE-2026-57419

Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Locations for WooCommerce: from n/a through = 3.1.8...

6.5CVSS0.00212EPSS
Exploits0References1
cve
cve
added 3 days ago7 views

CVE-2026-57419

CVE-2026-57419 concerns the WordPress plugin Stock Locations for WooCommerce (versions up to and including 3.1.8). The vulnerability is described as a Missing Authorization / Broken Access Control issue, arising from incorrectly configured access control security levels. The CVE notes that this a...

6.5CVSS6.1AI score0.00212EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago27 views

CVE-2026-57419 WordPress Stock Locations for WooCommerce plugin <= 3.1.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Locations for WooCommerce: from n/a through = 3.1.8...

6.5CVSS0.00212EPSS
Exploits0References1
nvd
nvd
added 6 days ago7 views

CVE-2026-55472

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scopelocationsfmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location...

4.3CVSS0.00197EPSS
Exploits0References3
osv
osv
added 6 days ago4 views

CVE-2026-55472 Snipe-IT: API Location Creation Bypasses FMCS Parent-Child Company Boundary Validation

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scopelocationsfmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location...

4.3CVSS6.1AI score0.00197EPSS
Exploits0References5
nvd
nvd
added 2026/07/08 10:17 p.m.7 views

CVE-2026-55878

Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 before 2.36.1 and from 3.0.0 before 3.2.0, the ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map, and because Path::isRelative accepts paths like ../../../etc, a crafted or...

7.8CVSS0.00146EPSS
Exploits0References4
patchstack
patchstack
added 2026/07/08 1:37 p.m.4 views

WordPress Stock Locations for WooCommerce plugin <= 3.1.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mitchell in WordPress Plugin Stock Locations for WooCommerce versions = 3.1.8...

6.5CVSS6.1AI score0.00212EPSS
Exploits0Affected Software1
euvd
euvd
added 2026/07/07 7:25 a.m.8 views

EUVD-2026-42019

Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Collect Data from Common Resource Locations. This issue affects Access Control System GKS: before Version 2...

8.2CVSS5.9AI score0.00198EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/07 7:25 a.m.34 views

CVE-2026-8377 Improper Authorization in Armiya Technologies' Access Control System

Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Collect Data from Common Resource Locations. This issue affects Access Control System GKS: before Version 2...

8.2CVSS0.00198EPSS
Exploits0References1
osv
osv
added 2026/07/02 4:57 p.m.15 views

GHSA-V8CX-933X-R976 OpenClaw: Fake package roots could influence memory-core artifact loading

Summary Fake package roots could influence memory-core artifact loading. In affected versions, a local package root resolution path influenced by workspace state could select a package root that was not the intended bundled artifact root. This advisory is scoped to the named feature and...

7.8CVSS5.9AI score0.00114EPSS
Exploits0References4
osv
osv
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-292 BBOT's various issues in unarchive.py can cause arbitrary file write and RCE

Summary Various issues in bbot's unarchive.py allow a malicious site to cause bbot to write arbitrary files to arbitrary locations. This can be used to achieve Remote Code Execution RCE. Impact A user who uses bbot to scan a malicious webserver may have arbitrary code executed on their system...

9.6CVSS6.1AI score0.00658EPSS
Exploits0References7
euvd
euvd
added 2026/06/27 12:30 a.m.8 views

EUVD-2026-39927

A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or...

8.6CVSS5.9AI score0.004EPSS
Exploits0References4
nvd
nvd
added 2026/06/26 11:17 p.m.15 views

CVE-2026-56414

A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or...

8.6CVSS0.004EPSS
Exploits0References3
cve
cve
added 2026/06/26 11:0 p.m.14 views

CVE-2026-56414

The CVE-2026-56414 entry concerns H.View IP cameras (HV-500S6) with certificate-related upload interfaces. Authenticated users can store arbitrary file content to fixed, persistent filesystem locations without validation of file type, structure, or size. The described design omission enables plac...

8.6CVSS5.9AI score0.004EPSS
Exploits0References3
Rows per page
Query Builder