Lucene search
K

3264 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/16 11:16 a.m.4 views

CVE-2026-2461

Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...

4.3CVSS5.8AI score0.00162EPSS
Exploits1References2
NVD
NVD
added 2026/03/10 5:35 p.m.4 views

CVE-2026-24311

The SAP Customer Checkout application exhibits certain design characteristics that involve locally storing operational data using reversible protection mechanisms. Access to this data, combined with user?initiated interaction, may allow modifications to occur without validation. Such changes coul...

5.6CVSS0.00087EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.5 views

PT-2026-24156

The SAP Customer Checkout application exhibits certain design characteristics that involve locally storing operational data using reversible protection mechanisms. Access to this data, combined with user?initiated interaction, may allow modifications to occur without validation. Such changes coul...

5.6CVSS5.8AI score0.00087EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/25 9:31 p.m.5 views

EUVD-2026-8724

GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...

4.3CVSS5.4AI score0.00229EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/25 9:16 p.m.8 views

CVE-2026-1747

GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...

4.3CVSS5.9AI score0.00229EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/25 8:4 p.m.3 views

CVE-2026-1747

GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...

4.3CVSS5.4AI score0.00229EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/25 8:4 p.m.17 views

CVE-2026-1747 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...

4.3CVSS0.00229EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/02/25 8:4 p.m.5 views

CVE-2026-1747

Removed by vendor...

4.3CVSS5.8AI score0.00229EPSS
Exploits0
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.12 views

Plane 安全漏洞

Plane is an open-source, self-hosted project planning tool developed by Plane OpenSource. Versions of Plane prior to 1.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the ProjectAssetEndpoint.patch method, which performed global asset searches based solely on asset IDs,...

7.1CVSS5.8AI score0.00213EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.9 views

GitLab EE 安全漏洞

GitLab Enterprise Edition EE is a content management system provided by the American company GitLab. There were security vulnerabilities in versions of GitLab EE from 17.11 to 18.7.5, as well as in versions 18.8 to 18.8.5 and 18.9 to 18.9.1. These vulnerabilities stemmed from the possibility that...

4.3CVSS5.8AI score0.00229EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.7 views

WordPress plugin EmailKit – Email Customizer for WooCommerce & WP 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

4.3CVSS5.8AI score0.00245EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.7 views

WordPress plugin Business Directory Plugin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.9AI score0.0032EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/04 7:28 p.m.6 views

CVE-2025-52627

Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0...

7.5CVSS5.4AI score0.00148EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.10 views

PT-2026-5903

Name of the Vulnerable Software and Affected Versions AION version 2.0 Description A configuration issue exists where the root file system is not mounted as read-only. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or...

7.5CVSS5.5AI score0.00148EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/17 12:0 a.m.4 views

WordPress plugin Phrase TMS Integration for WordPress has security vulnerabilities.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

4.3CVSS5.8AI score0.00161EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 11:28 a.m.7 views

CVE-2021-33790

The RebornCore library before 4.7.3 allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of reborncore.common.network.ExtendedPacketBuffer. An attacker can instantiate any class on the classpath with any data. A class usable for exploitation...

9.8CVSS7.9AI score0.02839EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.10 views

CVE-2021-33177

The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries...

8.8CVSS8AI score0.09817EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:27 a.m.5 views

CVE-2023-45864

A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 allows unintended modifications of values within certain areas...

4.7CVSS6.9AI score0.00142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:41 a.m.8 views

CVE-1999-0184

When compiled with the -DALLOWUPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records...

6.4CVSS7AI score0.01909EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/18 4:45 a.m.4 views

CVE-2025-59374

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that...

9.8CVSS6.8AI score0.01084EPSS
Exploits0References1
Rows per page
Query Builder