Lucene search
+L

321 matches found

NVD
NVD
added 5 hours ago9 views

CVE-2026-62764

Improper Handling of Insufficient Privileges vulnerability in Apache Accumulo. An authenticated, but low-privileged user without system permissions may issue a remote command to gracefully shutdown system components compaction-coordinator, compactor, gc, manager, monitor, tserver, or sserver,...

5.7CVSS
Exploits0References5
NVD
NVD
added 2 days ago6 views

CVE-2026-48795

AdonisJS is a TypeScript-first web framework. From 10.1.3 until 10.1.5 and 11.0.3, AdonisJS @adonisjs/bodyparser incompletely fixed CVE-2026-25754 because nested multipart field payloads such as user.proto.polluted and constructor.prototype still caused lodash .set via @poppinss/utils to create...

8.6CVSS0.0054EPSS
Exploits0References5
CVE
CVE
added 2026/07/10 7:48 a.m.10 views

CVE-2026-12924

Eventin WordPress plugin (WP Event Solution) ≤ 4.1.15 is vulnerable to Stored Cross‑Site Scripting via the etn_faq_content parameter due to insufficient input sanitization and output escaping. Exploitation requires contributor‑level authentication or higher, enabling injection of scripts that exe...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
OSV
OSV
added 2026/07/09 7:13 p.m.1 views

SUSE-SU-2026:2835-1 Security update for clamav

This update for clamav fixes the following issues - CVE-2026-20213: PE file format parser could allow an unauthenticated, remote attacker to cause a denial of service bsc1270107. - CVE-2026-20214: FSG file format parser could allow an unauthenticated, remote attacker to cause a denial of service...

9.2CVSS7AI score0.00463EPSS
Exploits0References17
Patchstack
Patchstack
added 2026/07/08 1:41 p.m.5 views

WordPress Author Box WP Lens plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ParkHyunWoo in WordPress Plugin Author Box WP Lens versions = 2.1.5...

6.5CVSS6.1AI score0.00161EPSS
Exploits0Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/07/04 8:3 a.m.5 views

IKEv2 Denial of Service via RSA-SHA1 (PKCS#1 RSASSA-PKCS1-v1_5) authentication payload

...

8.1CVSS6.1AI score0.00352EPSS
Exploits0
CVE
CVE
added 2026/07/02 11:15 a.m.17 views

CVE-2026-57753

The CVE-2026-57753 entry concerns the WordPress Kit (formerly ConvertKit) for WooCommerce plugin, affected versions 2.1.5 and earlier. Description indicates an unauthenticated sensitive data exposure vulnerability in these versions. The provided documents do not specify the exact root cause, vuln...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/27 12:56 a.m.6 views

[SECURITY] Fedora 43 Update: util-linux-2.41.5-1.fc43

The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/06/26 3:32 p.m.9 views

EUVD-2025-210353

Contributor Broken Access Control in Live Copy Paste for Elementor = 1.5.3 versions...

4.3CVSS5.8AI score0.00197EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 11:17 p.m.15 views

CVE-2026-50268

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Encryption 4.0.0 through 4.1.0, configuring encrypt:rsa:algorithm=OAEP does not enable OAEP encryption. Due to an incorrect BouncyCastle...

1.9CVSS0.00046EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 10:1 p.m.31 views

CVE-2026-50268

In Steeltoe, the OAEP misconfiguration affects the package Steeltoe.Configuration.Encryption 4.0.0–4.1.0, where setting encrypt:rsa:algorithm=OAEP does not enable OAEP due to an incorrect BouncyCastle transformation string. As a result, OAEP is effectively PKCS#1 v1.5 padding, the same as DEFAULT...

1.9CVSS5.2AI score0.00046EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 12:16 p.m.12 views

CVE-2026-10829

A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An attacker could exploit...

8.6CVSS0.00472EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 10:18 a.m.34 views

CVE-2026-10829

A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An attacker could exploit...

8.6CVSS0.00472EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/16 10:16 a.m.10 views

CVE-2026-10828

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

6.9CVSS5.3AI score0.00472EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.10 views

CVE-2026-39524

Unauthenticated Broken Access Control in Masteriyo - LMS = 2.1.5 versions...

7.5CVSS0.00246EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.10 views

CVE-2026-34898

Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce = 1.5.3 versions...

7.5CVSS0.00246EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 4:16 p.m.24 views

CVE-2026-50011

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the RESP array element count declared in an array header. That count is taken fro...

7.5CVSS0.0038EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/12 2:0 p.m.12 views

EUVD-2026-36432

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS5.4AI score0.00594EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 12:24 p.m.11 views

OESA-2026-2612 nss security update

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

6.5CVSS5.5AI score0.00628EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 5:4 a.m.32 views

CVE-2026-40996 Inbound WS-Security allows RSA PKCS#1 v1.5 key transport by default

Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RSA PKCS1 v1.5 rsa-15 encrypted key material unless operators explicitly reconfigured the flag...

4.8CVSS0.00129EPSS
Exploits0References1
Rows per page
Query Builder