Lucene search
K

3763 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-43315

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation...

5.4CVSS6.1AI score0.00138EPSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-9597

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation...

5.4CVSS0.00138EPSS
Exploits0References1
CVE
CVE
added yesterday13 views

CVE-2026-9597

Mattermost advisory MMSA-2026-00681 documents a vulnerability in Mattermost where versions 11.7.x <= 11.7.2 and 11.6.x

5.4CVSS6.1AI score0.00138EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added yesterday29 views

CVE-2026-9597 Deactivated guest accounts can authenticate via magic-link token in Mattermost REST API login endpoint

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation...

5.4CVSS0.00138EPSS
Exploits0References1
Debian CVE
Debian CVE
added 6 days ago5 views

CVE-2026-56362

ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting a...

4.2CVSS6AI score0.00188EPSS
Exploits0
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-14495 DoLogin Security <= 4.3 - Unauthenticated Authentication Bypass via Insufficient Randomness via 'dologin' Parameter Weak PRNG Token

The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...

8.8CVSS0.00425EPSS
Exploits0References5
OSV
OSV
added 2026/07/06 6:27 a.m.2 views

OESA-2026-2829 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: A use-after-free...

8.8CVSS6.3AI score0.00477EPSS
Exploits3References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40440

Capgo before 12.128.2 contains improper error handling in the /private/acceptinvitation endpoint that returns HTTP 500 instead of safe 4xx errors when magicinvitestring is invalid. Attackers can trigger this vulnerability using only the public key by submitting malformed magicinvitestring values ...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 11:39 p.m.3 views

BIT-GHOST-2026-53947 Ghost: Member existence leak via magic link sign-in response

Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possible for an unauthenticated attacker to determine whether a given email address belongs to a registered member of a Ghost site. This vulnerability is...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.23 views

CVE-2026-56331 Capgo - Improper Error Handling in Accept Invitation Endpoint via Invalid Magic String

Capgo before 12.128.2 contains improper error handling in the /private/acceptinvitation endpoint that returns HTTP 500 instead of safe 4xx errors when magicinvitestring is invalid. Attackers can trigger this vulnerability using only the public key by submitting malformed magicinvitestring values ...

6.9CVSS0.0025EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:8 p.m.15 views

CVE-2026-56331

Capgo before 12.128.2 is affected by improper error handling in the /private/accept_invitation endpoint. The vulnerability causes HTTP 500 errors instead of safe 4xx responses when magic_invite_string is invalid, potentially leaking internal processing details. Attackers can trigger this using on...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/29 5:7 a.m.8 views

CVE-2026-8461

A flaw was found in FFmpeg's libavcodec library. This out-of-bounds write vulnerability, specifically within the MagicYUV decoder, could allow a remote attacker to execute arbitrary code on the affected system. In other scenarios, it may lead to a denial-of-service, making the system unavailable...

8.8CVSS6.1AI score0.00477EPSS
Exploits3References5
Cvelist
Cvelist
added 2026/06/24 6:7 p.m.28 views

CVE-2026-53947 Ghost: Member existence leak via magic link sign-in response

Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possible for an unauthenticated attacker to determine whether a given email address belongs to a registered member of a Ghost site. This vulnerability is...

5.3CVSS0.00206EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 6:7 p.m.12 views

CVE-2026-53947

Ghost (Node.js CMS) contains a member existence leak via the magic link sign-in flow in versions 5.18.0–6.21.0, caused by differing responses from the members signin endpoints. An unauthenticated user could confirm whether an email is registered on a Ghost site. The issue is fixed in version 6.21...

5.3CVSS5.9AI score0.00206EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: Do not cause a crash when the msc-input field is missing. Fake USB devices can send their own report descriptors, for which the inputmapping hook is not called. In this case, msc-input remains NULL, leading to a...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51850

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds memory access exists in the ceph x decrypt function within libceph. The issue occurs because a portion of buffer p is interpreted as a ceph x encrypt header and its magi...

7.5CVSS5.9AI score0.00359EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/21 7:0 a.m.11 views

EUVD-2026-38149

A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This affects an unknown function in the library MDANTDRV.sys of the component Kernel Driver. This manipulation causes improper access controls. The attack requires local access. The exploit has been made available to the...

8.5CVSS5.4AI score0.00113EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:29 a.m.5 views

CVE-2026-8461

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg befor...

8.8CVSS5.6AI score0.00477EPSS
Exploits3References2
EUVD
EUVD
added 2026/06/18 11:29 a.m.12 views

EUVD-2026-37878

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg befor...

8.8CVSS5.7AI score0.00477EPSS
Exploits3References1
OSV
OSV
added 2026/06/17 6:35 p.m.5 views

GHSA-CC5P-54X3-HCF8 Duplicate Advisory: Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-97f8-7cmv-76j2. This link is maintained to preserve external references. Original Description picklescan before 1.0.3 contains a scanning bypass vulnerability in the scanpytorch function that allows attackers to...

7.1CVSS6.1AI score0.00434EPSS
Exploits0References5
Rows per page
Query Builder