Lucene search
+L

12249 matches found

CVE
CVE
added 5 days ago10 views

CVE-2026-12274

CVE-2026-12274 affects the Tutor LMS WordPress plugin prior to 3.9.13. The underlying issue is that content-builder save handlers do not verify that the requesting user is authorized to edit the target post, instead authenticating only against an unrelated identifier. This allows authenticated us...

6.5CVSS6.1AI score0.00184EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 5 days ago10 views

Important: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.8CVSS6.1AI score0.00183EPSS
Exploits0References2
Rockylinux
Rockylinux
added 5 days ago4 views

golang security, bug fix, and enhancement update

An update is available for golang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Security...

9.6CVSS6.4AI score0.00478EPSS
Exploits0
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-57856

Name of the Vulnerable Software and Affected Versions CedarJava versions prior to 4.9.0 Description The EntityIdentifier.equals function contains inverted logic for null and self-reference checks. This causes the method to return true for null comparisons and false for self-comparisons, leading t...

8.8CVSS6.1AI score0.00345EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 5 days ago6 views

RockyLinux 9 : maven:3.9 (RLSA-2026:38500)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:38500 advisory. org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method CVE-2025-67030 Tenable has extracted the preceding description block...

8.8CVSS6.2AI score0.00663EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-15506 SecureAge CatchPulse Driver saappctl.sys heap-based overflow

A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. The affected element is an unknown function in the library saappctl.sys of the component Driver. Such manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been...

8.5CVSS0.00184EPSS
Exploits0References7
CVE
CVE
added 6 days ago16 views

CVE-2026-15475

Summary: CVE-2026-15475 affects MiniTool Partition Wizard (up to v13.6), specifically the Signed Kernel Driver pwdrvio.sys. A manipulation of an unknown function in pwdrvio.sys leads to improper access controls. The attack is local. Publicly available exploit suggests potential use in attacks. A ...

5.3CVSS5.7AI score0.00105EPSS
Exploits0References6
Rockylinux
Rockylinux
added 2026/07/11 12:3 p.m.9 views

kernel security, bug fix, and enhancement update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

9.3CVSS6.7AI score0.0053EPSS
Exploits2
EUVD
EUVD
added 2026/07/11 6:50 a.m.9 views

EUVD-2026-43164

The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS6.2AI score0.00676EPSS
Exploits0References6
OSV
OSV
added 2026/07/11 4:4 a.m.1 views

SUSE-SU-2026:2858-1 Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.31 fixes various security issues The following security issues were fixed: - CVE-2026-23393: bridge: cfm: Fix race condition in peermep deletion bsc1260524. - CVE-2026-31505: iavf: fix out-of-bounds writes in iavfgetethtoolstats...

9.8CVSS6.7AI score0.00563EPSS
Exploits8References49
Fedora
Fedora
added 2026/07/11 1:12 a.m.6 views

[SECURITY] Fedora 44 Update: perl-HTML-Gumbo-0.19-1.fc44

Gumbo is an implementation of the HTML5 parsing algorithm implemented as a pure C99 library with no outside dependencies...

9.8CVSS6.1AI score0.00663EPSS
Exploits0
Fedora
Fedora
added 2026/07/11 1:12 a.m.10 views

[SECURITY] Fedora 44 Update: librabbitmq-0.17.0-1.fc44

This is a C-language AMQP client library for use with AMQP servers speaking protocol versions 0-9-1...

6.1AI score
Exploits0
OSV
OSV
added 2026/07/10 9:26 p.m.4 views

CVE-2026-42219 Frappe: Path Traversal via /backups Route

Frappe is a full-stack web application framework. Prior to 16.19.0 and 15.109.0, path traversal via downloadbackups was possible due to lack of hardening. This issue is fixed in versions 16.19.0 and 15.109.0...

6.9CVSS6.1AI score0.00457EPSS
Exploits0References11
CVE
CVE
added 2026/07/10 8:21 p.m.18 views

CVE-2026-57218

RabbitMQ AMQP 0-9-1 vulnerability (CVE-2026-57218) allows an existing consumer to continue receiving messages after OAuth token expiry or update_secret refresh, due to channel user state changes not triggering reauthorization at delivery time. Root cause: existing consumers are not canceled or re...

6.5CVSS6.1AI score0.00321EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/07/10 8:21 p.m.2 views

CVE-2026-57218 RabbitMQ: AMQP 0-9-1 in combination with OAuth 2: consumer persistence can lead to post-revocation message disclosure

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry or connection.updatesecret refresh to reduced scopes because existing consumers are not canceled or reauthorized at delivery time after...

4.9CVSS6.1AI score0.00321EPSS
Exploits1References8
OSV
OSV
added 2026/07/10 8:20 p.m.5 views

CVE-2026-57216 RabbitMQ: AMQP 1.0, AMQP 0-9-1, Stream Protocol loopback enforcement can lead to remote guest sessions due to listener-address loopback checks

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a loopback-restricted user such as guest to connect remotely when traffic is accepted through a trusted PROXY-protocol path and the backend...

6.8CVSS6.1AI score0.00468EPSS
Exploits1References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/10 6:10 p.m.7 views

Security Bulletin: IBM® Data Server driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc url is under user control (CVE-2026-9762)

Summary IBM® Db2® is vulnerable to remote code execution when jdbc url is under user control. Vulnerability Details CVEID:CVE-2026-9762 DESCRIPTION: IBM Data Server Driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc url is under user control. CWE:CWE-94: Improper Control of...

7.8CVSS6.5AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/10 5:40 p.m.6 views

WordPress NEX-Forms – Ultimate Forms Plugin for WordPress plugin <= 9.2.2 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification vulnerability

Missing Authorization to Unauthenticated Arbitrary Form Entry Modification vulnerability discovered by Michael Iden Mickhat in WordPress Plugin NEX-Forms versions = 9.2.2...

5.3CVSS6.1AI score0.00273EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/10 5:17 p.m.9 views

CVE-2026-56675

9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/ access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/dashboardGuard.js to misclassify external requests as...

8.3CVSS0.00315EPSS
Exploits0References3
NVD
NVD
added 2026/07/10 5:16 p.m.8 views

CVE-2026-55638

9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/ to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/ to bypass the API-k...

8.6CVSS0.00372EPSS
Exploits0References3
Rows per page
Query Builder