Lucene search
+L

18274 matches found

Tenable Nessus
Tenable Nessus
added 6 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-55213

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK...

7.5CVSS6.2AI score0.00343EPSS
Exploits0References3
NVD
NVD
added last week10 views

CVE-2026-56336

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal orgid and providerid values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers...

6.9CVSS0.00205EPSS
Exploits0References2
CVE
CVE
added last week16 views

CVE-2026-56313

Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint. Attackers with org.update_settings permission and an active SSO provider can call the prelink-users endpoint to permanently remove email-based authentication for any user matching the...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References2
Cvelist
Cvelist
added last week41 views

CVE-2026-56313 Capgo - Cross-Organization Account Disruption via SSO Prelink Endpoint

Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.updatesettings permission and an active SSO provider can call...

8.1CVSS0.00276EPSS
Exploits0References2
OSV
OSV
added last week6 views

CVE-2026-56336 Capgo - Information Disclosure via Unauthenticated SSO check-domain Endpoint

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal orgid and providerid values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers...

6.9CVSS6.1AI score0.00205EPSS
Exploits0References4
OSV
OSV
added last week4 views

CVE-2026-56313 Capgo - Cross-Organization Account Disruption via SSO Prelink Endpoint

Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.updatesettings permission and an active SSO provider can call...

7.2CVSS6.1AI score0.00276EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/07/11 10:40 p.m.75 views

Chromium: CVE-2026-14128 Insufficient data validation in Chrome for iOS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

4.3CVSS6.1AI score0.00179EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/07/11 10:40 p.m.72 views

Chromium: CVE-2026-13916 Inappropriate implementation in Chrome for iOS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

4.3CVSS6.1AI score0.0023EPSS
Exploits0
Chainguard
Chainguard
added 2026/07/11 2:17 a.m.12 views

GHSA-6W3M-4HHP-775Q vulnerabilities

Vulnerabilities for packages: keda-http-add-on, keda-http-add-on-fips...

5.3AI score
Exploits0
NVD
NVD
added 2026/07/10 9:16 p.m.11 views

CVE-2026-55213

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling...

7.5CVSS0.00343EPSS
Exploits0References2
OSV
OSV
added 2026/07/10 8:49 p.m.3 views

CVE-2026-55213 h2o: musl libc stack overflow (QPACK)

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling...

7.5CVSS6.2AI score0.00343EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/10 8:35 p.m.31 views

CVE-2026-57807 WordPress OAuth Single Sign On - SSO (OAuth Client) plugin <= 38.5.8 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO OAuth Client allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO OAuth Client: from n/a through 38.5.8...

9.8CVSS0.00429EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 8:35 p.m.33 views

CVE-2026-57807

The CVE-2026-57807 entry concerns miniOrange OAuth Single Sign On - SSO (OAuth Client) for WordPress, affected through version 38.5.8. The vulnerability is an Authentication Bypass via an alternate path or channel (broken authentication), enabling Password Recovery Exploitation. No exploitation d...

9.8CVSS6.1AI score0.00429EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/10 8:35 p.m.13 views

EUVD-2026-43028

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO OAuth Client allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO OAuth Client: from n/a through 38.5.8...

9.8CVSS6.1AI score0.00429EPSS
Exploits0References1
Circl
Circl
added 2026/07/10 8:16 p.m.8 views

CVE-2026-54088

creationtimestamp| type| source ---|---|--- 2026-07-10 20:16:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqcxokhktk2v 2026-07-10 20:35:07+00:00| published-proof-of-concept| https://github.com/filebrowser/filebrowser/security/advisories/GHSA-m93h-4hw7-5qcm 2026-07-11...

9.3CVSS6.1AI score0.00533EPSS
Exploits0References4
OSV
OSV
added 2026/07/10 3:51 p.m.3 views

CVE-2026-59162 Excelize: Negative shared-string index causes panic in GetCellValue and GetRows

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...

6.9CVSS6.1AI score0.00655EPSS
Exploits1References6
SUSE Linux
SUSE Linux
added 2026/07/10 9:25 a.m.5 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2026-31771: Bluetooth: Ignore HCIERRORCANCELLEDBYHOST on adv set terminated event bsc1264145. CVE-2026-43038: ipv6: icmp: clear skb2-cb in ip6errgenicmpv6unreach...

9.3CVSS6.2AI score0.00385EPSS
Exploits17References112
OSV
OSV
added 2026/07/10 9:9 a.m.3 views

SUSE-SU-2026:2839-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished delayed work bsc1255416. - CVE-2026-43198: tcp: fix potential race in tcpv6synrecvsock bsc1264610. ...

9.8CVSS6.7AI score0.00346EPSS
Exploits16References22
EUVD
EUVD
added 2026/07/10 2:45 a.m.8 views

EUVD-2026-42780

A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function onpost of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument newvalues'data' results in cross site scripting. The attack can be launched remotely. The exploit has been...

4.8CVSS4.3AI score0.0022EPSS
Exploits0References8
CVE
CVE
added 2026/07/10 2:45 a.m.11 views

CVE-2026-15321

CVE-2026-15321 (MyEMS Admin Backend) affects myems-api/core/svg.py, function on_post, in MyEMS

4.8CVSS4.3AI score0.0022EPSS
Exploits0References8
Rows per page
Query Builder