Lucene search
+L

449 matches found

cve
cve
added yesterday9 views

CVE-2026-40952

The CVE-2026-40952 entry describes a privilege misconfiguration in the Windows Secure Access installer for the client and server prior to version 14.55. Local attackers with access to the affected system can elevate privileges to Administrator when Secure Access is installed in a non-default loca...

8.5CVSS6.1AI score
Exploits0References1Affected Software1
cvelist
cvelist
added yesterday31 views

CVE-2026-40952 Privilge misconfiguration in Secure Access installers

CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it to elevate privileges to Administrator when Secure Access is installed in a non-default location...

8.5CVSS
Exploits0References1
attackerkb
attackerkb
added yesterday2 views

CVE-2026-40952

CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it to elevate privileges to Administrator when Secure Access is installed in a non-default location...

8.5CVSS6.1AI score
Exploits0References2
euvd
euvd
added 6 days ago7 views

EUVD-2026-43004

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...

7.5CVSS6.1AI score0.00526EPSS
Exploits1References4
alpinelinux
alpinelinux
added 6 days ago8 views

CVE-2026-55827

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...

8.8CVSS6.1AI score0.00526EPSS
Exploits1
nvd
nvd
added 2026/07/09 6:16 p.m.10 views

CVE-2026-55420

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to obtain RCE on the server. This issue is patched in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

8.1CVSS0.00348EPSS
Exploits0References6
cve
cve
added 2026/07/09 5:54 p.m.14 views

CVE-2026-55420

Discourse (open-source platform) prior to versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, in some non-default configurations, allowed processing of PDF uploads to lead to remote code execution on the server. The root cause is tied to how PDFs are processed under specific configurations, enab...

8.1CVSS5.9AI score0.00348EPSS
Exploits0References6Affected Software1
cvelist
cvelist
added 2026/07/09 5:54 p.m.34 views

CVE-2026-55420 Discourse: Remote code execution via pdf uploads

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to obtain RCE on the server. This issue is patched in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

7.5CVSS0.00348EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/07/09 5:54 p.m.4 views

CVE-2026-55420

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to obtain RCE on the server. This issue is patched in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

7.5CVSS5.9AI score0.00348EPSS
Exploits0References7Affected Software1
osv
osv
added 2026/07/09 5:54 p.m.4 views

CVE-2026-55420 Discourse: Remote code execution via pdf uploads

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to obtain RCE on the server. This issue is patched in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

7.5CVSS6.1AI score0.00348EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/07/09 12:0 a.m.7 views

PT-2026-56893

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description Under certain non-default configurations, the processing of PDF uploads can be...

8.1CVSS6.4AI score0.00348EPSS
Exploits0References14
euvd
euvd
added 2026/07/02 8:29 p.m.15 views

EUVD-2026-37801

Steeltoe vulnerable to management-port isolation bypass via spoofed Host header...

8.2CVSS5.8AI score0.00238EPSS
Exploits0References5
cve
cve
added 2026/07/02 6:0 a.m.15 views

CVE-2026-11578

The CVE concerns the Fluent Forms WordPress plugin prior to 6.2.5, where deletion of form submission entries is not properly restricted to forms a restricted Manager is authorized to manage. This misconfiguration allows a Manager limited to specific forms to permanently delete submission entries ...

2.7CVSS5.8AI score0.00168EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/19 4:31 a.m.8 views

CVE-2026-9013

The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogorestcreateposttranslation. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the raw title, content, excerpt,...

4.3CVSS5.8AI score0.00254EPSS
Exploits0References10
euvd
euvd
added 2026/06/19 4:31 a.m.12 views

EUVD-2026-37983

The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogorestcreateposttranslation. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the raw title, content, excerpt,...

4.3CVSS5.8AI score0.00254EPSS
Exploits0References9
redhatcve
redhatcve
added 2026/06/05 7:45 p.m.9 views

CVE-2026-40563

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data Affect...

8.1CVSS5.4AI score0.00464EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/03 4:2 p.m.19 views

CVE-2026-7312

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600 to 15.4.8630 allows a remote unauthenticated attacker to...

10CVSS5.8AI score0.00441EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/03 4:2 p.m.9 views

CVE-2026-7195

CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to...

8.8CVSS5.8AI score0.00471EPSS
Exploits0References1
redhat
redhat
added 2026/06/02 10:15 p.m.10 views

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

8.1CVSS6AI score0.00247EPSS
Exploits0References7
nvd
nvd
added 2026/06/02 2:17 p.m.12 views

CVE-2026-7195

CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to...

8.8CVSS0.00471EPSS
Exploits0References1
Rows per page
Query Builder