Lucene search
K

5021 matches found

NVD
NVD
added 2026/06/25 7:16 p.m.9 views

CVE-2026-46608

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin:...

7.4CVSS0.00401EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/25 8:16 a.m.12 views

CVE-2026-53099

A flaw was found in the Linux kernel. The issue arises from an incorrect configuration option for Control-Flow Integrity CFI, a security mechanism designed to prevent certain types of attacks. Due to a naming change, the CFI code was not properly compiled, leading to its intended protections not...

5.9AI score0.00156EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52565

Name of the Vulnerable Software and Affected Versions OHIF affected versions not specified Description The DICOMWebProxy and DICOMJSON data sources, when used with default configurations, fetch an arbitrary URL parameter without proper validation. A global authentication service within the...

8.3CVSS6AI score0.00232EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: fs/buffer: An alert is added in trytofreebuffers for folios without buffers. trytofreebuffers can be called on folios with no buffers attached when filemapreleasefolio is invoked on a folio that belongs to a mapping, and...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 12:39 p.m.7 views

EUVD-2026-38231

MISP allowed an authenticated site administrator to set the Kafkardkafkaconfig setting to an arbitrary filesystem path. MISP subsequently parsed the referenced INI file and passed its options to rdkafka. A crafted attacker-controlled configuration file could use rdkafka options such as...

9.3CVSS6.4AI score0.00342EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 9:39 p.m.23 views

CVE-2026-56081

Cap-go before 12.128.2 contains an authentication logic flaw allowing an attacker to register and take control of an account bound to a victim’s unverified email. By enabling two-factor authentication on the pre-registered account, the attacker can read and modify the account’s state and enforce ...

9.3CVSS5.9AI score0.00351EPSS
Exploits0References2
Veracode
Veracode
added 2026/06/17 6:36 p.m.15 views

Cross-Origin Resource Sharing (CORS) Misconfiguration

hono is vulnerable to Cross-Origin Resource Sharing CORS Misconfiguration. The vulnerability is due to reflecting arbitrary Origin headers while allowing credentials when no explicit origin is configured, which allows an attacker-controlled website to make authenticated cross-origin requests and...

7.1CVSS5.4AI score0.00248EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/17 3:17 p.m.12 views

CVE-2026-54810

Missing Authorization vulnerability in Nexi Payments Nexi XPay allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nexi XPay: from n/a through 8.3.1...

7.5CVSS0.00243EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-40722

Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6...

5.5CVSS0.00188EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.7 views

CVE-2024-37210

Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5...

6.5CVSS0.00269EPSS
Exploits0References1
Qualys Blog
Qualys Blog
added 2026/06/15 4:0 p.m.14 views

What Changed in OWASP Top 10 2025 and Recommendations for Each Category

Key Takeaways 1. The 2025 list introduces two new categories – Software Supply Chain Failures A03 and Mishandling of Exceptional Conditions A10 - reflecting attacks already happening in production. 2. Security Misconfiguration jumping from 5 to 2 signals that continuous deployment without...

5.9AI score
Exploits0
Veracode
Veracode
added 2026/06/12 12:11 p.m.13 views

Security Misconfiguration

@hulumi/baseline is vulnerable to Security Misconfiguration. The vulnerability is due to AccountFoundation reuse paths silently downgrading GuardDuty and Security Hub security settings, which allows an attacker to operate with reduced detection and monitoring capabilities in the affected...

5.2AI score0.00052EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/11 6:30 p.m.19 views

CVE-2026-47177

Quest Bot: Affects versions before 1.0.4. If a user with config access sets the ticket transcript channel to a channel they can read, closing tickets causes the bot to export the full ticket history to that transcript channel, potentially exposing private messages to users who could not read the ...

5.7CVSS5.4AI score0.00251EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 10:50 a.m.11 views

EUVD-2023-60590

Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2...

4.3CVSS5.4AI score0.00184EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.13 views

WordPress plugin MetroStore 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS8.3AI score0.00184EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48642

Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2...

4.3CVSS7.7AI score0.00184EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.12 views

WordPress plugin Contact Form and Lead Form Elementor Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.4CVSS8.4AI score0.00176EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/10 3:39 p.m.9 views

Spring Boot: Spring Boot: Authentication bypass via misconfigured Health Group additional path

A flaw was found in Spring Boot. This vulnerability, an authentication bypass, occurs when an application endpoint requiring authentication is declared under a specific path already configured for a Health Group additional path. A remote attacker could exploit this to bypass authentication,...

8.2CVSS7.4AI score0.00334EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/09 3:50 p.m.30 views

CVE-2026-0418 Certain NETGEAR devices allow administrators to tamper with system

Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system...

6.8CVSS0.00245EPSS
Exploits0References36
Debian CVE
Debian CVE
added 2026/06/09 3:50 a.m.9 views

CVE-2026-41844

A Spring MVC or Spring WebFlux application which configures a mapping for "/" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions: Spring Framework 7.0.0 through...

6.1CVSS5.6AI score0.00134EPSS
Exploits0
Rows per page
Query Builder