Lucene search
K

34458 matches found

Snyk
Snyk
added 2026/04/08 12:0 a.m.7 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the processing of XCOFF object files. An attacker can execute unauthorized code or commands by convincing a user to process a specially crafted file. Remediation A fix was pushed into the master branch but...

8.5CVSS5.5AI score0.00171EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.1 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006676)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006676 advisory. In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't dereference ACPI root object handle Since the commit referenced in the...

5.5CVSS6.4AI score0.00186EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.9 views

PT-2026-31067

Name of the Vulnerable Software and Affected Versions Everest Forms plugin for WordPress versions up to and including 3.4.3 Description The Everest Forms plugin for WordPress is susceptible to PHP Object Injection due to the unsafe deserialization of untrusted input from form entry metadata. The...

9.8CVSS5.8AI score0.00878EPSS
Exploits1References19
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.4 views

CVE-2026-35173

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions Edit Post, Edit Draft, Edit Own Post, Edit Own Draft to modify posts they do not own and do not have...

6.5CVSS5.9AI score0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.5 views

CVE-2026-35209

defu is software that allows uers to assign default properties recursively. Prior to version 6.1.5, applications that pass unsanitized user input e.g. parsed JSON request bodies, database records, or config files from untrusted sources as the first argument to defu are vulnerable to prototype...

7.5CVSS5.9AI score0.00398EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.5 views

CVE-2026-35176

openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-buffer-overflow read vulnerability exists in POFParser::parseSection that allows out-of-bounds heap memory access when parsing a crafted .pof file. No FPGA hardware is required to trigger this vulnerability...

7.1CVSS5.9AI score0.00159EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/07 5:4 p.m.4 views

CVE-2026-34208

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects for example Math.random = ..., but this protection can be bypassed through an exposed callable constructor path: this.constructor.calltarget, attackerObject. Because this.constructo...

10CVSS6.1AI score0.00561EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/07 4:7 p.m.7 views

EUVD-2026-19734

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET /thread/read/conversationid/threadid does not require authentication and does not validate whether the given threadid belongs to the given conversationid. This allows any...

6.9CVSS6AI score0.00304EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2026/04/07 2:55 p.m.74 views

grav-cms-filecache-object-injection

Grav CMS FileCache Object Injection Description The File...

5.7AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/07 1:59 p.m.117 views

Exploit for CVE-2026-5465

CVE-2026-5465: Privilege Escalation en Plugin Amelia WordPress...

8.8CVSS5.9AI score0.00632EPSS
Exploits1
Akamai Blog
Akamai Blog
added 2026/04/07 1:0 p.m.6 views

Scale Smarter: A Practical Guide to Building with Akamai Object Storage

Akamai Object Storage provides high-performance, cost-effective Amazon S3–compatible object storage. Here's what it's used for and how to set it up...

5.9AI score
Exploits0
Patchstack
Patchstack
added 2026/04/07 12:21 p.m.3 views

WordPress CTX Feed plugin <= 6.6.26 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin CTX Feed versions = 6.6.26...

5.9AI score0.00446EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/04/07 9:31 a.m.5 views

EUVD-2026-19580

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...

8.8CVSS6AI score0.00632EPSS
Exploits1References7
NVD
NVD
added 2026/04/07 7:16 a.m.9 views

CVE-2026-5465

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...

8.8CVSS0.00632EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/07 6:43 a.m.26 views

CVE-2026-5465 Amelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...

8.8CVSS0.00632EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/04/07 6:43 a.m.11 views

CVE-2026-5465 Amelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...

8.8CVSS6AI score0.00632EPSS
Exploits1References6
CVE
CVE
added 2026/04/07 6:43 a.m.28 views

CVE-2026-5465

Summary (technical): The Amelia Booking for Appointments and Events Calendar WordPress plugin (versions ≤ 2.1.3) is affected by an Insecure Direct Object Reference (IDOR) in the UpdateProviderCommandHandler. The handler does not validate ownership when a Provider (Employee) user updates their pro...

8.8CVSS6AI score0.00632EPSS
Exploits1References6
Patchstack
Patchstack
added 2026/04/07 3:48 a.m.6 views

WordPress Amelia plugin <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter vulnerability

Insecure Direct Object Reference to Authenticated Employee+ Privilege Escalation via 'externalId' Parameter vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Amelia versions = 2.1.3...

8.8CVSS5.9AI score0.00632EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30828

A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the AgentFlows component. The vulnerability arises from improper handling of user input in the loadFlow and deleteFlow methods in server/utils/agentFlows/index.js. Specifically, the...

9.1CVSS7.3AI score0.00809EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.10 views

PT-2026-30799

Name of the Vulnerable Software and Affected Versions Amelia plugin for WordPress versions up to and including 2.1.3 Description The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is susceptible to Insecure Direct Object Reference. The UpdateProviderCommandHandler does...

8.8CVSS5.7AI score0.00632EPSS
Exploits1References10
Rows per page
Query Builder