Lucene search
K

346 matches found

NVD
NVD
added yesterday4 views

CVE-2026-8387

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...

2.4CVSS
Exploits0References2
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-40378

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability...

3.5CVSS5.8AI score0.00151EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.9 views

IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7277387)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 7277387 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of...

7.5CVSS6AI score0.00702EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

Due to a vulnerability in the iouring subsystem, it is possible for kernel memory information to be leaked to the user process. timensinstall calls currentissinglethreaded to determine whether the current process is single-threaded. However, this call does not take into account iouring’s ioworker...

5.5CVSS6.6AI score0.00268EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in libpng1.6

LIBPNG is a reference library used in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Starting from version 1.6.0 until 1.6.51, there was a heap buffer overflow vulnerability in the libpng simplified API function pngimagefinishread, when processing...

7.1CVSS6.5AI score0.00224EPSS
Exploits4References2
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-39537

Unauthenticated Local File Inclusion in Mikado Core = 1.6 versions...

8.1CVSS0.00423EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.28 views

CVE-2025-69127 WordPress Plumbing theme <= 1.6 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Plumbing = 1.6 versions...

9.8CVSS0.00386EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 7:46 a.m.9 views

EUVD-2026-37041

The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldrttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.5AI score0.00235EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.7 views

PT-2026-49504

Unauthenticated SQL Injection in Advanced 301 and 302 Redirect = 1.6.9 versions...

9.3CVSS5.7AI score0.00289EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/12 2:26 a.m.8 views

SUSE CVE-2026-44724

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

7.8CVSS5.3AI score0.0062EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48929

Name of the Vulnerable Software and Affected Versions NanaZip versions 3.0.1000.0 through 6.0.1697.0 Description A heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser via the upstream 7-Zip AvbHandler. An unsigned integer underflow in a bounds check allows an...

5.4CVSS5.2AI score0.0017EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/10 8:9 p.m.13 views

EUVD-2026-36121

OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's tryhonestpairingcheck function invokes Theorem 3 of https://eprint.iacr.org/2024/640.pdf but does not check that the scaling factor s is in a...

8.7CVSS5.4AI score0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-47705

Name of the Vulnerable Software and Affected Versions DBI versions prior to 1.648 Description Error messages returned when RaiseError, PrintError, or HandleError are enabled are written to a 200-byte buffer that lacks a length limit. Attackers capable of influencing the error text within an...

9.8CVSS5.7AI score0.00413EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.10 views

MiracleLinux 8 : ruby:3.3 (AXSA:2026-769:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-769:01 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the...

8.1CVSS6AI score0.01131EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.8 views

CVE-2026-36340

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

8.1CVSS6AI score0.00567EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.8 views

CVE-2026-6621

A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument proto causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The...

7.5CVSS6.9AI score0.00336EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 10:44 a.m.14 views

CVE-2026-39550

CVE-2026-39550 affects the WordPress Aperitif theme (versions up to 1.6). The issue is a PHP Object Injection caused by deserialization of untrusted data in Aperitif, enabling exploitation via a network vector with no user interaction and no privileges required. The CVSSv3.1 base score is 8.1 (HI...

8.1CVSS5.8AI score0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.10 views

PT-2026-45672

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...

4.8CVSS4.1AI score0.00251EPSS
Exploits0References10
EUVD
EUVD
added 2026/05/28 3:32 p.m.8 views

EUVD-2026-32928

SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints mgmt.php, npcmd.php that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the...

9.8CVSS5.8AI score0.00535EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 9:27 a.m.8 views

CVE-2026-2288 myLinksDump <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'link_title' Parameter

The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linktitle' parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access...

4.8CVSS6AI score0.0023EPSS
Exploits0References5
Rows per page
Query Builder