Lucene search
K

11735 matches found

RedHat Linux
RedHat Linux
added yesterday6 views

org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method

A flaw was found in plexus-utils. This vulnerability, known as a Directory Traversal, exists within the extractFile method. An attacker can exploit this to execute unauthorized code on the system in the context of the current working user...

8.8CVSS6.2AI score0.00663EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added yesterday7 views

Important: Red Hat Security Advisory: plexus-utils security update

An update for plexus-utils is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.8CVSS6.1AI score0.00663EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday216 views

mongo-express Remote Code Execution

mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the toBSON method and misuse the vm dependency to perform exec commands in a non-safe environment. id: CVE-2019-10758 info: name: mongo-express Remote Code Execution author: princechaddha severity: critical...

9.9CVSS7.4AI score0.84845EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday73 views

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

6.1CVSS6.5AI score0.57735EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday64 views

Telesquare TLR-2855KS6 - Arbitrary File Deletion

An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts. id: CVE-2021-46419 info: name: Telesquare TLR-2855KS6 - Arbitrary File Deletion author: DhiyaneshDK severity: critical description: | An unauthorized file deleti...

9.1CVSS7AI score0.71384EPSS
Exploits4References3
RedhatCVE
RedhatCVE
added 3 days ago6 views

CVE-2026-56372

A flaw was found in ImageMagick. This heap buffer overflow vulnerability, identified as CWE-122 Heap-based Buffer Overflow, occurs in the magnify operation when processing an unrecognized magnify:method value. An attacker could exploit this by providing a specially crafted input, leading to an...

9.1CVSS6.1AI score0.00116EPSS
Exploits0References5
NVD
NVD
added 3 days ago6 views

CVE-2026-56372

ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service...

9.1CVSS0.00116EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-56372 ImageMagick - Heap Buffer Overflow Read via Unrecognized Magnify Method

ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service...

4.8CVSS0.00116EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-43172

ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service...

4.8CVSS6.2AI score0.00116EPSS
Exploits0References2
CVE
CVE
added 3 days ago11 views

CVE-2026-56372

ImageMagick (before version 7.1.2-19) contains a heap buffer overflow in the magnify operation. A malformed magnify:method value triggers an out-of-bounds read, which can expose sensitive information or cause denial of service. Multiple sources (NVD, Debian/Ubuntu OSV entries, Red Hat advisory, a...

9.1CVSS6.2AI score0.00116EPSS
Exploits0References2Affected Software1
NVD
NVD
added 4 days ago6 views

CVE-2026-58492

grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists method interpolates its table argument directly into a raw SQL query string without sanitization, escaping, quoting, or whitelisting, allowing attacker-controlled table names passed by consuming plugin ...

9.2CVSS0.00302EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42861

The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget's 'sgbodydescription' parameter in versions up to, and including, 3.2.6. This is due to insufficient input...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-10879

A flaw was found in perl-DBI. A heap overflow vulnerability exists when preparsing SQL statements with more than 9 binders. The preparse method incorrectly allocates buffer space for SQL placeholder characters, leading to an overflow when processing binders with two or more digits. This can resul...

9.8CVSS6.3AI score0.00413EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-40007 Apache IoTDB: Unauthenticated unbounded recursion in IoTDB AirGap receiver's E-language prefix parser causes per-connection StackOverflowError

Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively each time it recognises the E-language prefix in socket data, with no depth limit. An unauthenticate...

0.00278EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago13 views

EUVD-2026-33938

mint has potential CRLF injection in its HTTP request line via unvalidated method/target...

2.1CVSS5.9AI score0.00166EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 5 days ago4 views

netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended...

8.1CVSS5.9AI score0.00573EPSS
Exploits0References7
EUVD
EUVD
added 5 days ago10 views

EUVD-2026-42558

The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateShippingMethod function registered to the wpajaxlpcorderaffect AJAX action in versions up to, and including, 2.9.0...

4.3CVSS6AI score0.00196EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-9240 Colissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Shipment Modification via lpc_order_affect AJAX action

The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateShippingMethod function registered to the wpajaxlpcorderaffect AJAX action in versions up to, and including, 2.9.0...

4.3CVSS0.00196EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-9240

The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateShippingMethod function registered to the wpajaxlpcorderaffect AJAX action in versions up to, and including, 2.9.0...

4.3CVSS6AI score0.00196EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-54780 CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference...

3.7CVSS0.00157EPSS
Exploits0References6
Rows per page
Query Builder