Lucene search
K

947 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-6382

The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before 8.0.4 do not properly escape a parameter before passing it to a shell command when processing image operation...

9.1CVSS0.00902EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-50238

Rejected reason: Red Hat Product Security has concluded that this CVE is not required. The reported issue has been classified as a regular bug and will be addressed through the standard bug-fixing process...

5.8AI score
Exploits0References1
NVD
NVD
added 6 days ago6 views

CVE-2026-11965

The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users after self-registering an account through the open registration flow to obtain an active subscription on any paid...

6.5CVSS0.00164EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/27 12:30 a.m.13 views

EUVD-2026-39925

The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access...

9.3CVSS5.8AI score0.00569EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 11:17 p.m.14 views

CVE-2026-31928

The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access...

9.8CVSS0.00569EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2026/06/25 4:17 p.m.8 views

K000161911: Node.js vulnerability CVE-2026-48936

Security Advisory Description A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26. CVE-2026-48936 Impact There is no impact; F5 products are not...

3.3CVSS6AI score0.00154EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51787

Name of the Vulnerable Software and Affected Versions Mailerup versions prior to 1.0.0 Description An open redirect issue exists in the safe redirect function of the click-tracking endpoint '/c//'. Remote unauthenticated attackers can redirect users to arbitrary external sites to perform phishing...

5.3CVSS5.9AI score0.00329EPSS
Exploits0References5
NVD
NVD
added 2026/06/18 5:16 p.m.10 views

CVE-2026-56022

Webmin accepts basic authentication without session cookies when an attacker provides the 'User-Agent: webmin' header, allowing bypass of additional MFA requirements. Fixed in 2.641...

6.9CVSS0.00308EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-28576

In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.11 views

CVE-2026-9746

When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/06/09 12:0 a.m.14 views

Progress Software Kemp LoadMaster apiuser Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the apiuser parameter provided to the accessv2 endpoin...

9.8CVSS7.8AI score0.29641EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.11 views

CVE-2026-4377

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

6CVSS5.5AI score0.00141EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 10:16 p.m.6 views

DEBIAN-CVE-2026-44983

smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption...

7.3CVSS6.1AI score0.00151EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.10 views

PT-2026-42564

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.0 Description The user-profile edit controller passes the entire raw POST array to the UserInfo::update function without field whitelisting. This allows registered users to change passwords without providing...

5.3CVSS5.8AI score0.00182EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/19 1:45 p.m.8 views

CVE-2026-44159 Tyler Identity Local (TID-L) default administrative credentials

Tyler Identity Local TID-L uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 2020, and has not been supported since 2021...

9.8CVSS5.8AI score0.00477EPSS
Exploits0References2
OSV
OSV
added 2026/05/13 5:19 p.m.34 views

DRUPAL-CONTRIB-2026-037

This module enables you to export entity date fields as iCal feeds. The module doesn't sufficiently check entity or field access or sanitize user inputs when generating iCal feeds. This vulnerability is not mitigated by any permission, the routes are accessible to all anonymous users with no...

9.8CVSS5.8AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 3:8 p.m.8 views

GHSA-8HF9-3Q64-Q2QF Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option

Summary When dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options are JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through dalfox.Initialize into the scan engine's logging path. The logger opens the...

8.2CVSS6AI score0.00243EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/08 3:16 p.m.9 views

CVE-2026-43360

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on file creation due to name hash collision If we attempt to create several files with names that result in the same hash, we have to pack them in same dir item and that has a limit inherent to the le...

5.5CVSS5.8AI score0.00163EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/05/08 3:16 p.m.8 views

CVE-2026-43361

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort when snapshotting received subvolumes Currently a user can trigger a transaction abort by snapshotting a previously received snapshot a bunch of times until we reach a BTRFSUUIDKEYRECEIVEDSUBVOL item...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/05/08 12:31 a.m.9 views

OpenStack Cyborg uses rule:allow (check_str='@') as the default policy for multiple API endpoints

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

7.4CVSS5.9AI score0.00206EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder