Lucene search
+L

18275 matches found

NOZOMI
NOZOMI
added 2026/07/07 12:0 a.m.5 views

Open Redirect in SAML Single Sign-On in Guardian/CMC before 26.2.0

Summary An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. Impact An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for...

7.1CVSS5.9AI score0.00167EPSS
Exploits0Affected Software2
NVD
NVD
added 2026/07/06 8:16 a.m.9 views

CVE-2026-11962

The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who have been granted file-manager access — which its premium add-on can extend to sub-administrator roles — to upload arbitrary PHP files and...

8.8CVSS0.00435EPSS
Exploits0References1
Circl
Circl
added 2026/07/06 8:4 a.m.6 views

CVE-2024-6228

creationtimestamp| type| source ---|---|--- 2026-07-06 08:04:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpxmwcsanv27 2026-07-09 00:32:11+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mq6f2nevl622...

7.5CVSS5.9AI score0.00318EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 6:31 a.m.7 views

OESA-2026-2870 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcfpeditact computes the COW range for skbensurewritable once before the key loop using...

7.8CVSS5.9AI score0.00321EPSS
Exploits11References2
Cvelist
Cvelist
added 2026/07/05 5:30 a.m.31 views

CVE-2026-14714 zhayujie chatgpt-on-wechat CowAgent wx Endpoint common.py verify_server missing authentication

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verifyserver of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmptoken causes missing authentication. The attack may be initiated...

6.9CVSS0.00453EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/05 5:30 a.m.15 views

EUVD-2026-41729

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verifyserver of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmptoken causes missing authentication. The attack may be initiated...

6.9CVSS6.2AI score0.00453EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2026/07/03 8:4 a.m.5 views

MessagePack: Out-of-bounds read/crash on Unpacker reuse after caught error

...

7.5CVSS6.1AI score0.00278EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/02 9:23 p.m.9 views

Malicious code in epic-build-scripts (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14d466b50466bb93e6e9130d18e67b680c7255beecafe16043dc5ee51bfec886 On import epicbuildscripts, the package's top-level init spawns a background thread that POSTs a JSON payload containing socket.gethostname, the...

6.1AI score
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/07/02 8:3 a.m.5 views

debugobjects: Do not fill_pool() if pi_blocked_on

...

5.9AI score0.00172EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-14428

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer...

8.3CVSS6.2AI score0.00259EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-14391

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain...

5.3CVSS6.2AI score0.00233EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 10:22 p.m.27 views

CVE-2026-14424

Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

0.00215EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:19 p.m.8 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the createconfig path in awscli/customizations/codedeploy/register.py. An attacker can read the CodeDeploy on-premises configuration file by accessing it on the same Unix-like ho...

6.8CVSS6AI score0.00118EPSS
Exploits0References2
Circl
Circl
added 2026/07/01 8:43 p.m.10 views

CVE-2026-13889

creationtimestamp| type| source ---|---|--- 2026-07-01 20:43:08+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmeymz4662i 2026-07-02 07:22:31+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702...

6.5CVSS5.8AI score0.00296EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/01 8:28 p.m.8 views

Malicious code in ts-eslint-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5bbed232e0268a791ce846260ce170342eec359bf1a7e84b9514767d77803a1 The package's index.js defines run/fromstr that recursively walk process.cwd and match files named.env, env, id.json, config.json, config.toml,...

6AI score
Exploits0References6
OSV
OSV
added 2026/07/01 7:34 p.m.4 views

CVE-2026-54908 Pion DTLS: Denial of service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while parsing a crafted ECDHEPSK ServerKeyExchange message. This issue has been fixed in version 3.1.4...

6.3CVSS5.9AI score0.0032EPSS
Exploits0References4
Snyk
Snyk
added 2026/07/01 6:57 p.m.8 views

Timing Attack

Overview pay is a package for processing payments in Ruby on Rails apps Affected versions of this package are vulnerable to Timing Attack via the validsignature? function. An attacker can recover valid webhook signatures by sending multiple requests with crafted Paddle-Signature header values and...

9.1CVSS6AI score
Exploits0References2
Chainguard
Chainguard
added 2026/07/01 2:16 p.m.11 views

CVE-2026-8950 vulnerabilities

Vulnerabilities for packages: firefox, firefox-esr...

9.3CVSS5.1AI score0.00194EPSS
Exploits0
Chainguard
Chainguard
added 2026/07/01 2:16 p.m.9 views

GHSA-Q86P-QVCQ-MV9C vulnerabilities

Vulnerabilities for packages: chromium...

5.8AI score
Exploits0
NVD
NVD
added 2026/07/01 2:16 p.m.7 views

CVE-2026-53327

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Do not fillpool if piblockedon On RT enabled kernels, fillpool ends up calling rtlocklock, which asserts if current::piblockedon is set, because a task can obviously only block on one lock as otherwise the priority...

0.00172EPSS
Exploits0References6
Rows per page
Query Builder