Lucene search
K

222 matches found

Cvelist
Cvelist
added last week31 views

CVE-2026-60124 MISP importModule missing authorization allows read-only users to modify events via misp_standard imports

An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...

5.3CVSS0.0022EPSS
Exploits0References1
CVE
CVE
added last week18 views

CVE-2026-57241

CVE-2026-57241 affects Foxit PDF Editor/Reader. The issue arises when opening a PDF where JavaScript operations on the page/document desynchronize page-related objects, yet the renderer trusts an outdated page count, leading to an out-of-bounds access and application crash. CVSSv3.1 metrics indic...

6.1CVSS6AI score0.00107EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2026/07/06 7:9 a.m.21 views

CVE-2026-14807

The CVE-2026-14807 entry concerns PROG MIS’s ERP App with a Use of Hard-coded Credentials vulnerability. The connected documentation confirms unauthenticated remote access that could log in and reveal application code, enabling retrieval of the database account and password. Reported CVSS metrics...

9.8CVSS6.1AI score0.00463EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:9 a.m.5 views

CVE-2026-14807

ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password...

9.8CVSS6.1AI score0.00463EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/01 4:57 p.m.7 views

CVE-2026-53356

A flaw was found in the Linux kernel's drm/i915/gem component. This vulnerability occurs because the sgpage function incorrectly scales pread/pwrite operations for physical Buffer Objects BO when a non-zero offset is used. This can lead to incorrect memory access, potentially allowing an attacker...

5.8AI score0.00164EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/27 9:8 a.m.36 views

CVE-2026-49413 Flaw in Linuxulator execution of setugid binaries

The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. A...

0.00098EPSS
Exploits1References1
CVE
CVE
added 2026/06/15 4:22 p.m.30 views

CVE-2026-6047

CVE-2026-6047 : LibreOffice is affected during OOXML (DOCX) import of a text box element. The issue is a heap buffer overflow that occurs when replaying deferred parser events; a handler object may be written using a layout for a larger type, causing writes past the allocation end. The root cause...

6.9CVSS5.7AI score0.0012EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 9:8 p.m.3 views

CVE-2026-54398 MISP object edit authorization bypass allows unauthorized sharing group assignment

An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user was not authorized to use or view. When editing objects, the sharing group...

5.3CVSS6AI score0.0022EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/10 8:9 p.m.24 views

Critical: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS6.5AI score0.00563EPSS
Exploits0References14
SUSE Linux
SUSE Linux
added 2026/06/08 3:27 p.m.8 views

Security update for firewalld

This update for firewalld fixes the following issue: CVE-2026-4948: local unprivileged users can modify the runtime firewall state without proper authentication due to D-Bus setter mis-authorizations bsc1260903. Patch Instructions: To install this SUSE update use the SUSE recommended installation...

6.8CVSS5.4AI score0.00118EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.9 views

CVE-2026-6515

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...

5.4CVSS5.5AI score0.00163EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/05/15 3:22 p.m.12 views

Security update for firewalld

This update for firewalld fixes the following issue: CVE-2026-4948: local unprivileged users can modify the runtime firewall state without proper authentication due to D-Bus setter mis-authorizations bsc1260903. Patch Instructions: To install this SUSE update use the SUSE recommended installation...

6.8CVSS5.8AI score0.00118EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/11 7:51 p.m.8 views

CVE-2026-42883

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in the URL path, but fetches downloadable items solely by attacker-provided IDs without constraining...

6.5CVSS5.8AI score0.00205EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/28 6:9 p.m.5 views

CVE-2026-41383 OpenClaw < 2026.4.2 - Arbitrary Remote Directory Deletion via Mis-scoped Mirror Mode Paths

OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipulate these OpenShell config paths to cause mirr...

8.1CVSS5.7AI score0.00371EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/28 6:9 p.m.35 views

CVE-2026-41383 OpenClaw < 2026.4.2 - Arbitrary Remote Directory Deletion via Mis-scoped Mirror Mode Paths

OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipulate these OpenShell config paths to cause mirr...

8.1CVSS0.00371EPSS
Exploits0References3
CVE
CVE
added 2026/04/28 6:9 p.m.12 views

CVE-2026-41383

OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode. By influencing remoteWorkspaceDir and remoteAgentWorkspaceDir, an attacker can cause mirror sync to delete unintended remote directory contents and replace them with uploaded workspace data. Affected p...

8.1CVSS5.7AI score0.00371EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/22 6:31 p.m.5 views

EUVD-2026-25048

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...

5.4CVSS5.8AI score0.00163EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:4 p.m.4 views

CVE-2026-6515

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...

5.4CVSS5.8AI score0.00163EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.13 views

PT-2026-34521

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.2 through 18.9.5 GitLab CE/EE versions 18.10 through 18.10.3 GitLab CE/EE versions 18.11 through 18.11.0 Description An issue exists that could allow a user to access Virtual Registries under certain conditions by usin...

5.4CVSS5.2AI score0.00163EPSS
Exploits0References5
OSV
OSV
added 2026/04/11 2:3 p.m.5 views

OESA-2026-1857 firewalld security update

firewalld is a firewall service daemon that provides a dynamic customizable firewall with a D-Bus interface. Security Fixes: A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus Desktop Bus setters, setZoneSettings2 and...

5.5CVSS5.7AI score0.00118EPSS
Exploits0References2
Rows per page
Query Builder