Lucene search
K

4568 matches found

Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.10 views

PT-2026-51059

Name of the Vulnerable Software and Affected Versions @tinacms/cli versions prior to 2.4.3 Description @tinacms/cli contains a Remote Code Execution issue in its Forestry-to-Tina migration command. The internal helper function addVariablesToCode unquotes any value matching the marker " TINA...

7.8CVSS6.1AI score0.0017EPSS
Exploits0References8
Rockylinux
Rockylinux
added 2026/06/17 6:3 p.m.7 views

389-ds-base security, bug fix, and enhancement update

An update is available for 389-ds-base. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The ba...

7.5CVSS5.4AI score0.00815EPSS
Exploits0
EUVD
EUVD
added 2026/06/17 4:42 p.m.8 views

EUVD-2026-37761

Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform':makeatt1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal " bytes: ...

4.8CVSS5AI score0.00133EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 4:42 p.m.17 views

CVE-2026-48591 Stored XSS via unescaped HTML attribute values in earmark

Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform':makeatt1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal " bytes: ...

4.8CVSS0.00133EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/17 2:8 p.m.4 views

NPM: NocoDB: Server-Side Request Forgery via Base Migration URL

NPM: NocoDB: Server-Side Request Forgery via Base Migration URL vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

5.1CVSS5.8AI score0.00288EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 2:8 p.m.11 views

NocoDB: Server-Side Request Forgery via Base Migration URL

Summary The base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing protocol or destination, allowing scheme abuse file:, ftp:, etc. and probing of internal HTTP destinations. Details The migrate endpoint is restricted to the workspace owner...

5.1CVSS5.3AI score0.00288EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/17 9:22 a.m.4 views

kernel: Linux kernel: Denial of Service due to a deadlock in hugetlb folio migration

A flaw was found in the Linux kernel. A local attacker could exploit a deadlock vulnerability due to incorrect lock ordering between foliolock and immaprwsem when migrating hugetlb file-backed folios. This could lead to hung tasks and potential system-wide stalls, resulting in a Denial of Service...

5.5CVSS5.3AI score0.00114EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50476

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description The 'base-migration' endpoint accepts a caller-supplied URL that the migration worker dereferences without enforcing the protocol or destination. This allows for scheme abuse, such as using file: ...

5.1CVSS5.9AI score0.00288EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 10:16 p.m.4 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2025-67030)

Summary There are vulnerabilities in plexus-utils-3.5.1.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-67030. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability in the extractFile method of...

8.8CVSS5.9AI score0.00663EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36939

Unauthenticated Sensitive Data Exposure in Backup Migration = 2.1.1 versions...

7.5CVSS5.2AI score0.00376EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-39480

Unauthenticated Sensitive Data Exposure in Backup Migration = 2.1.1 versions...

7.5CVSS0.00376EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.14 views

CVE-2026-39480

CVE-2026-39480 affects the WordPress plugin Backup Migration (versions

7.5CVSS5.2AI score0.00376EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.27 views

CVE-2026-39480 WordPress Backup Migration plugin <= 2.1.1 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Backup Migration = 2.1.1 versions...

7.5CVSS0.00376EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49381

Unauthenticated Sensitive Data Exposure in Backup Migration = 2.1.1 versions...

7.5CVSS5.2AI score0.00376EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 4:17 a.m.15 views

CVE-2026-48613

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated ...

5.9CVSS0.00155EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 2:27 a.m.8 views

CVE-2026-48613

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated ...

5.9CVSS6.5AI score0.00155EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 2:27 a.m.17 views

CVE-2026-48613

Affects phpBB forums that were upgraded from versions prior to 3.3.8 and have not been updated to 3.3.11 or newer. The issue lies in the profile field migration process where user-supplied profile field data is not properly sanitized, allowing an SQL injection. The vulnerability enables execution...

5.9CVSS6.7AI score0.00155EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:27 a.m.13 views

EUVD-2026-36382

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated ...

5.9CVSS6.7AI score0.00155EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 2:27 a.m.29 views

CVE-2026-48613

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated ...

5.9CVSS0.00155EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.12 views

PT-2026-48828

Name of the Vulnerable Software and Affected Versions phpBB versions prior to 3.3.11 Description An issue exists in the profile field migration process where user-supplied profile field data is handled improperly. This allows for the execution of arbitrary SQL queries, a technique known as SQL...

5.9CVSS6.6AI score0.00155EPSS
Exploits0References4
Rows per page
Query Builder