Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2026/04/08 7:20 p.m.2 views

CVE-2026-35477 InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escape

InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PARTNAMEFORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed...

5.5CVSS6AI score0.00259EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.4 views

CVE-2026-0912 Toret Manager <= 1.2.7 - Authenticated (Subscriber+) Arbitrary Options Update via AJAX actions

The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trmansaveoption' function and on the 'trmansaveoptionitems' in all versions up to, and including, 1.2.7. This makes it possible...

8.8CVSS5.7AI score0.00292EPSS
Exploits0References4
OSV
OSV
added 2025/11/05 10:23 a.m.10 views

SUSE-SU-2025:3951-1 Security update for runc

This update for runc fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions bsc1252232. - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races bsc1252232. - CVE-2025-52881: Fixed...

8.4CVSS7AI score0.0067EPSS
Exploits4References5
RedhatCVE
RedhatCVE
added 2025/09/12 12:21 p.m.5 views

CVE-2025-40979

DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the 'C:\Users\AppData\Local\Temp' directory, which could lead to...

7CVSS7.8AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:10 p.m.7 views

CVE-2021-27253

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handli...

8.8CVSS7.3AI score0.01127EPSS
Exploits0References1
OSV
OSV
added 2023/11/14 10:15 p.m.6 views

CVE-2023-47520

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Michael Uno miunosoft Responsive Column Widgets plugin = 1.2.7 versions...

6.1CVSS7.3AI score0.00412EPSS
Exploits0References1
Circl
Circl
added 2022/04/14 1:23 p.m.6 views

CVE-2022-1279

creationtimestamp| type| source ---|---|--- 2022-04-14 13:23:52+00:00| seen| https://t.me/cibsecurity/40750...

7.5CVSS7.4AI score0.00354EPSS
Exploits0References1
Rows per page
Query Builder