Lucene search
K

3425 matches found

EUVD
EUVD
added 3 days ago8 views

EUVD-2026-43164

The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS6.2AI score0.00676EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-9282 W3 Total Cache <= 2.9.4 - Unauthenticated Arbitrary File Read via 'f_array[]' Parameter

The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS0.00676EPSS
Exploits0References6
OSV
OSV
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1309 Docassemble unauthorized access through URL manipulation

Impact The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. Patches The vulnerability has been patched in version 1.4.97 of the master branch. The Docker image on docker.io has been patched...

7.5CVSS7AI score0.69486EPSS
Exploits2References6
CVE
CVE
added 2026/07/06 9:49 p.m.13 views

CVE-2026-43927

FOSSBilling has a race-condition vulnerability in the cart checkout flow that, before version 0.8.0, lets an authenticated user apply promo codes beyond their maxuses by sending concurrent checkout requests before usage increments complete. This can enable unlimited discounts or free orders from ...

6.9CVSS6AI score0.0022EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.6 views

PT-2026-56032

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description The PayPalEmail payment adapter fails to validate the amount supplied via PayPal IPN Instant Payment Notification callbacks, specifically the mc gross variable, against the actual invoice total...

2.3CVSS5.9AI score0.00274EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-56031

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description A race condition in the cart checkout flow allows an authenticated client to apply a promo code more times than its configured maximum limit. By sending concurrent checkout requests before the...

6.9CVSS6AI score0.0022EPSS
Exploits0References5
Securelist
Securelist
added 2026/07/02 9:0 a.m.20 views

Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projects

The following analysis presents the key findings from Kaspersky Compromise Assessment engagements performed in 2025. A compromise assessment is an independent, expert-driven service that examines whether a target network has been compromised. The service combines threat intelligence analysis...

6.6AI score
Exploits0
CVE
CVE
added 2026/06/29 4:2 p.m.21 views

CVE-2026-13749

Snowflake CLI prior to 3.19 is affected by Improper neutralization in the Snowpark annotation processor callback template, enabling arbitrary code execution during bundling or deployment. An attacker can supply crafted project content that is interpolated into generated Python code, causing code ...

8.8CVSS6.5AI score0.0037EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/29 3:40 p.m.7 views

EUVD-2026-40129

Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL i...

8.3CVSS5.9AI score0.0032EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.24 views

PT-2026-53322

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper neutralization of parameters allows unintended SQL execution. An attacker can exploit this by providing crafted values to vulnerable command paths, leading the CLI to execute unauthoriz...

8CVSS6.1AI score0.00188EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-53234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: ibm: emac: Fix use-after-free during device removal The driver was using devmregisternetdev which causes unregisternetdev to be deferred until the devres...

7.8CVSS6.1AI score0.00131EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 8:17 p.m.4 views

UBUNTU-CVE-2026-11310

X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...

8.7CVSS5.8AI score0.00145EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 7:38 p.m.31 views

CVE-2026-11310

The CVE-2026-11310 entry concerns wolfSSL’s X509_verify_cert() when built with --enable-opensslextra (OPENSSL_EXTRA) and used by applications that pass untrusted intermediates to X509_verify_cert(). The root cause is that wolfSSL temporarily loads untrusted intermediates into the certificate mana...

8.7CVSS5.9AI score0.00145EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/25 9:16 a.m.7 views

CVE-2026-53234

In the Linux kernel, the following vulnerability has been resolved: net: ibm: emac: Fix use-after-free during device removal The driver was using devmregisternetdev which causes unregisternetdev to be deferred until the devres cleanup phase, which runs after emacremove returns. This creates a...

7.8CVSS0.00131EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 8:39 a.m.6 views

EUVD-2026-39325

In the Linux kernel, the following vulnerability has been resolved: net: ibm: emac: Fix use-after-free during device removal The driver was using devmregisternetdev which causes unregisternetdev to be deferred until the devres cleanup phase, which runs after emacremove returns. This creates a...

5.7AI score0.00131EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 8:39 a.m.13 views

CVE-2026-53234

The CVE-2026-53234 entry concerns the Linux kernel IBM EMAC network driver. The root cause is a use-after-free window created by using devm_register_netdev(), which defers unregister_netdev() to the devres cleanup phase after emac_remove() returns, allowing the network stack to access freed hardw...

7.8CVSS5.7AI score0.00131EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52329

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the IBM EMAC driver during device removal. The driver utilized devm register netdev, which defers the unregister netdev call until the devres cleanup...

7.8CVSS6.1AI score0.00131EPSS
Exploits0References17
NVD
NVD
added 2026/06/23 6:18 p.m.11 views

CVE-2026-49406

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.12, when Deno was run in BYONM mode nodeModulesDir: "manual", the module resolver did not validate that a package's resolved entrypoint stayed within its nodemodules// directory. A malicious package.json whose main field...

5.5CVSS0.00135EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 5:19 p.m.37 views

CVE-2026-49406 Deno: BYONM module resolution allows `package.json` main path traversal to bypass `--allow-read` restrictions

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.12, when Deno was run in BYONM mode nodeModulesDir: "manual", the module resolver did not validate that a package's resolved entrypoint stayed within its nodemodules// directory. A malicious package.json whose main field...

5.5CVSS0.00135EPSS
Exploits1References1
OSV
OSV
added 2026/06/23 9:40 a.m.2 views

OPENSUSE-SU-2026:21143-1 Security update for gleam

This update for gleam fixes the following issues: Changes in gleam: - Update to 1.17.0: Fixed security vulnerabilities: - Restrict custom documentation page path and source values so gleam docs build cannot escape the docs output directory or project root bsc1267396, CVE-2026-32685 - Restrict...

5.6CVSS5.8AI score0.00152EPSS
Exploits0References6
Rows per page
Query Builder