Lucene search
+L

28564 matches found

EUVD
EUVD
added 2026/07/03 8:54 a.m.8 views

EUVD-2026-41526

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the produ...

9.8CVSS6AI score0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/03 8:54 a.m.33 views

CVE-2026-4321 SQLi in Raera's Destekz

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the produ...

9.8CVSS0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/03 6:15 a.m.61 views

CVE-2026-8925 SASL double-free

The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free the same pointer twice...

0.0108EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/03 12:31 a.m.7 views

EUVD-2026-41439

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemblev2incomingfragments would ignore unknown outer payloads but still store these in a fixed size array msgdigest.digestPAYLIMIT...

7.5CVSS6.4AI score0.00597EPSS
Exploits0References3
Snyk
Snyk
added 2026/07/02 10:17 p.m.8 views

HTTP Request Smuggling

Overview webrick is a HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server. Affected versions of this package are vulnerable to HTTP Request Smuggling in the request process. An attacker can bypass request boundaries and interfere with HTTP...

6.9CVSS6AI score0.00352EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/02 3:50 p.m.7 views

CVE-2025-15666

A flaw was found in Assimp, the Open Asset Import Library. A local attacker could exploit a vulnerability where specially crafted model files could cause a heap-based buffer overflow. This issue, occurring in the SceneCombiner::Copy function, could allow an attacker to gain unauthorized access to...

6.1CVSS6AI score0.00123EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/02 3:43 p.m.2 views

libcurl: libcurl: Information disclosure due to failure to clear proxy authentication credentials

A flaw was found in curl. When libcurl is instructed to clear proxy authentication credentials, it fails to do so, leaving the old credentials available. This could lead to the unintended reuse of sensitive proxy authentication credentials for subsequent network transfers, potentially resulting i...

9.8CVSS6AI score0.01064EPSS
Exploits1References7
NVD
NVD
added 2026/07/02 6:16 a.m.7 views

CVE-2026-11965

The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users after self-registering an account through the open registration flow to obtain an active subscription on any paid...

6.5CVSS0.00164EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.6 views

io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

6.9CVSS6.6AI score0.00343EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/07/01 10:35 p.m.11 views

CVE-2026-14440 Cloudflare Universal SSL automatically managed CAA RRset supersedes customer-configured CAA records

Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design e.g. 'issue "letsencrypt.org"' without parameters. On Universal SSL zones,...

7.6CVSS5.7AI score0.00135EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/01 9:10 p.m.8 views

CVE-2026-54261

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check on the image preview endpoint, a user with access to the Wagtail admin can preview any image. The existing data of the image object itself is not...

6.5CVSS5.6AI score0.00201EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/07/01 7:42 p.m.8 views

CVE-2026-53355

A flaw was found in the Linux kernel's Reliable Datagram Sockets RDS over InfiniBand IB connection teardown process. When the rdsibsetupqp function fails to set up a connection, it may free a memory allocation isends without properly clearing the associated pointer. This can lead to a stale point...

7CVSS5.7AI score0.00164EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/01 2:56 p.m.36 views

CVE-2026-58032 mw.Api.getErrorMessage() may return injected HTML if used without errorformat=html

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Api/index.Js. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6,...

5.3CVSS0.00299EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 2:16 p.m.5 views

CVE-2026-53337

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL pointer dereference in bonddoioctl In bonddoioctl, slavedev is obtained via devgetbyname which can return NULL if the requested interface name does not exist. However, the subsequent slavedbg call is placed...

0.00164EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/01 1:32 p.m.8 views

EUVD-2026-40971

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL pointer dereference in bonddoioctl In bonddoioctl, slavedev is obtained via devgetbyname which can return NULL if the requested interface name does not exist. However, the subsequent slavedbg call is placed...

5.8AI score0.00164EPSS
Exploits0References8
OSV
OSV
added 2026/07/01 6:3 a.m.6 views

BELL-CVE-2026-53315 CVE-2026-53315 does not affect BellSoft software

Bulletin has no description...

5.5CVSS5.7AI score0.00102EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 12:2 a.m.38 views

CVE-2026-41579 runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join strin...

3.3CVSS0.00222EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 10:8 p.m.7 views

CVE-2026-56278

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses a weak hardcoded default secret 'flowise' for the express-session middleware when the EXPRESSSESSIONSECRET environment variable is not set packages/server/src/enterprise/middleware/passport/index.ts. Because this default secret is...

9.3CVSS5.8AI score0.0036EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 10:8 p.m.2 views

CVE-2025-71381 Hono - Vary Header Injection in CORS Middleware

Hono before 4.10.2 fixed in 4.10.3 contains a flaw in its CORS middleware: when the origin is not set to "", the middleware copies the Vary header from the incoming request into the response. Because Vary is a response header that should be managed by the server, an attacker can supply arbitrary...

6.9CVSS6.1AI score0.0028EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 6:43 p.m.8 views

GHSA-8X9C-RMQH-456C Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters

Description This is a residual bypass of CVE-2026-47732 / GHSA-pr2w-4gpj-cpq4 left after the initial fix for unguarded toString calls. It covers two related coercion points that were not caught by the original patch. Traversable in join and replace filters. SandboxExtension::ensureToStringAllowed...

9.1CVSS5.8AI score0.00235EPSS
Exploits0References5
Rows per page
Query Builder