Lucene search
K

32391 matches found

Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-10597 ITPison|OMICARD EDM - Insecure Direct Object Reference

OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address...

6.9CVSS
Exploits0References2
CVE
CVE
added 1 hour ago2 views

CVE-2026-10597 ITPison|OMICARD EDM - Insecure Direct Object Reference

OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address...

6.9CVSS
Exploits0References2
RedhatCVE
RedhatCVE
added 3 hours ago4 views

CVE-2026-26824

A flaw was found in libxls. This vulnerability, a use of uninitialized memory, occurs in the OLE container parser when processing a specially crafted XLS file. An attacker could exploit this by providing a malicious XLS file, which may lead to application crashes or the potential disclosure of...

5.6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday2 views

CVE-2026-45247

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

9.8CVSS6.7AI score0.00137EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday1 views

CVE-2026-46264

A flaw was found in the Linux kernel's drm/xe/pf component. This vulnerability arises during the initialization of the sysfs interface, where an error in devmaddactionorreset can cause a cleanup action to execute on an uninitialized kernel object. This can lead to a use-after-free condition, whic...

5.9AI score
Exploits0References4
NVD
NVD
added yesterday2 views

CVE-2026-7888

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the Workflow, Form block, and File/Set components that lack the allowedclasses restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been...

8.4CVSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-34164

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the Workflow, Form block, and File/Set components that lack the allowedclasses restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been...

8.4CVSS5.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-7888

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the Workflow, Form block, and File/Set components that lack the allowedclasses restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been...

8.4CVSS5.9AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added yesterday8 views

CVE-2026-7888 Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction.

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the Workflow, Form block, and File/Set components that lack the allowedclasses restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been...

8.4CVSS
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday4 views

CVE-2026-7888 Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction.

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the Workflow, Form block, and File/Set components that lack the allowedclasses restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been...

8.4CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-7888

CVE-2026-7888 affects Concrete CMS versions below 9.5.2. The vulnerability arises from PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that do not enforce allowed_classes. An unauthenticated attacker could trigger arbitrary PHP object instantiatio...

8.4CVSS5.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-6473

A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...

8.8CVSS6.3AI score0.00075EPSS
Exploits0References4
GithubExploit
GithubExploit
added yesterday21 views

ParamStriker

ParamStriker Offline JSON & Query Parameter Exploit Frame...

6AI score
Exploits0
CVE
CVE
added yesterday3 views

CVE-2026-44281

GLPI CVE-2026-44281 affects GLPI versions 0.78 through prior to 10.0.25 and 11.0.7. An authenticated user with config READ permission can read a specific asset object, exposing information. Patch available by upgrading to 10.0.25 or 11.0.7.

7CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday11 views

CVE-2026-44281 GLPI vulnerable to unauthorized reading of a specific asset object

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a patch...

7CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-44281

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a patch...

7CVSS5.8AI score
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-44281 GLPI vulnerable to unauthorized reading of a specific asset object

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a patch...

7CVSS5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday2 views

CVE-2026-9334

A flaw was found in perl-Cpanel-JSON-XS. This vulnerability allows a remote attacker to cause a denial of service DoS by providing specially crafted JSON input with duplicate object keys. When the dupkeysasarrayref option is enabled, the decodehv function incorrectly processes the input, leading ...

7.3CVSS5.8AI score0.00017EPSS
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-35083

Technical details about affected product, component, and remediation are not publicly available in the provided documents. Monitor for updates to CVE-2026-35083.

8.8CVSS6AI score
Exploits0References1
RedHat Linux
RedHat Linux
added yesterday4 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.8AI score0.00035EPSS
Exploits0References6
Rows per page
Query Builder