Lucene search
K

16748 matches found

EUVD
EUVD
added yesterday6 views

EUVD-2026-41248

The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.27. This is due to the plugin not properly verifying that a user is authorized to perfor...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References12
OSV
OSV
added 2 days ago3 views

USN-8489-1 linux-oem-7.0 vulnerabilities

It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...

9.8CVSS7.2AI score0.93235EPSS
Exploits62References166
NVD
NVD
added 2026/06/24 9:16 p.m.6 views

CVE-2026-52795

Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead returns 404 when the user CAN read instead o...

4.3CVSS0.00168EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:8 p.m.5 views

CVE-2026-55762

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, the POST /api/v1/fingerprint REST endpoint enforces authentication authRequired: true but performs no authorization check. Any authenticated user —...

8.1CVSS5.9AI score0.00323EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/24 9:8 p.m.16 views

CVE-2026-55762 Rocket.Chat: Any Authenticated User Can Permanently Deregister Workspace from Rocket.Chat Cloud via Unprotected `/api/v1/fingerprint` Endpoint

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, the POST /api/v1/fingerprint REST endpoint enforces authentication authRequired: true but performs no authorization check. Any authenticated user —...

8.1CVSS0.00323EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 9:8 p.m.12 views

CVE-2026-55762

Rocket.Chat CVE-2026-55762 concerns an unauthenticated mis-authorization on POST /api/v1/fingerprint. Prior to fixed versions, authenticated users could call the endpoint with {"setDeploymentAs": "new-workspace"} to permanently deregister the workspace from Rocket.Chat Cloud, wiping cloud credent...

8.1CVSS5.9AI score0.00323EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 8:6 p.m.7 views

CVE-2026-52795

CVE-2026-52795 affects Gogs (open source self-hosted Git service). In 0.14.3 and earlier, an authorization logic error in the Watch API lets any authenticated user watch a private repository they have no access to, due to an inverted access check. This exposes private repository activity in the a...

4.3CVSS5.9AI score0.00168EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 6:32 p.m.6 views

EUVD-2026-38805

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications Events panel...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 4:16 p.m.7 views

CVE-2026-50709

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications Events panel...

4.8CVSS0.00239EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 3:4 p.m.30 views

CVE-2026-50709 Frappe Framework 17.0.0-dev - Stored XSS in Notifications Events color rendering

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications Events panel...

4.8CVSS0.00239EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 3:4 p.m.9 views

CVE-2026-50709

CVE-2026-50709 : In Frappe Framework 17.0.0-dev, a stored XSS vulnerability exists in the Notifications → Events panel due to improper neutralization of user-controlled input. The issue affects the rendering of color in Events and is described with a CVSS v4.0 base score of 4.8 (MEDIUM). The conn...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52084

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.4 Description An authenticated user can watch a private repository without having the necessary access permissions. This occurs because the access check in the Watch API handler is inverted, specifically within the...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-52118

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...

8.1CVSS5.9AI score0.00323EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 6:18 p.m.9 views

CVE-2026-54324

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, a cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification...

6.5CVSS0.00275EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.6 views

Ubuntu 26.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8461-1)

The remote Ubuntu 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8461-1 advisory. It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. ...

8.8CVSS7.1AI score0.93235EPSS
Exploits57References19
Ubuntu
Ubuntu
added 2026/06/22 10:51 p.m.9 views

USN-8461-1: Linux kernel (Azure) vulnerabilities

It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...

8.8CVSS7AI score0.93235EPSS
Exploits57
OSV
OSV
added 2026/06/22 10:51 p.m.3 views

USN-8461-1 linux-azure vulnerabilities

It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...

8.8CVSS6.4AI score0.93235EPSS
Exploits57References19
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Xen

Inappropriate x86 IOMMU timeout detection/handling: IOMMU processes commands that are issued in parallel with the operation of the CPUs that issue those commands. In the current implementation in Xen, asynchronous notifications of the completion of such commands are not used. Instead, the issuing...

7.1CVSS6.9AI score0.00284EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rustbinder: Calling setnotificationdone without holding the proc lock. Consider the following sequence of events when a death listener is triggered: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local proces...

5.5CVSS5.8AI score0.0009EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Chromium

Before version 90.0.4430.212, using “after free” in notifications in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...

8.8CVSS8.1AI score0.01234EPSS
Exploits1References1
Rows per page
Query Builder