Lucene search
K

34877 matches found

OSV
OSV
added last week3 views

CVE-2026-55542 Snipe-IT's S3 signature image retrieval lacks authorization before temporary URL

Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated users who know a signature filename can obtain a 5-minute signed S3 URL because the S3 branch returns...

5.3CVSS6.1AI score0.00281EPSS
Exploits0References4
NVD
NVD
added last week6 views

CVE-2026-58213

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NATS protocol data to route or leafnode connections, corrupti...

7.1CVSS0.00441EPSS
Exploits0References8
CVE
CVE
added last week8 views

CVE-2026-59936

Technical details about CVE-2026-59936 are not publicly available in the provided documents. Monitor for updates from official advisories to learn affected versions, impact, and fixes.

8.7CVSS6AI score0.00345EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added last week4 views

httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...

5.3CVSS6.2AI score0.00393EPSS
Exploits0References5
Cvelist
Cvelist
added last week34 views

CVE-2026-59926 Mistune: XSS via unescaped class option in Admonition directive

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...

5.3CVSS0.00191EPSS
Exploits0References3
Cvelist
Cvelist
added last week34 views

CVE-2026-59897 Hono: API Gateway v1 adapter can drop a distinct repeated request header value during de-duplication

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware o...

4.8CVSS0.00126EPSS
Exploits0References3
CVE
CVE
added last week8 views

CVE-2026-3144

CVE-2026-3144 affects IBM API Connect 12.1.0.0 through 12.1.0.3. The issue is the use of default credentials, which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update. Exploitation details or a remediation/fix are not provided in ...

9.8CVSS5.9AI score0.00412EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added last week6 views

CVE-2026-59870

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem to perform a linear duplicate-key scan on every insertion, causing On^2 CPU consumption when yaml.load parses a crafted ordered-map...

7.5CVSS6.5AI score0.00358EPSS
Exploits1
NVD
NVD
added last week13 views

CVE-2026-22927

Omnissa Workspace ONE® Tunnel for Windows addresses a Local Privilege Escalation Vulnerability...

7.8CVSS0.0017EPSS
Exploits0References2
Cvelist
Cvelist
added last week35 views

CVE-2026-10706 Exposure of Sensitive Information to an Unauthorized attacker

In Adalo’s no-code app builder, Versions 1 and 2 the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing...

0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added last week35 views

CVE-2026-59257 n8n - SQL Injection in MySQL v1 executeQuery Operation via Expression Interpolation

n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection vulnerability in the legacy MySQL v1 node's executeQuery operation. The operation substitutes evaluated ... expression values directly into the raw SQL string without parameterization. When a workflow uses...

5.3CVSS0.00314EPSS
Exploits0References2
EUVD
EUVD
added last week5 views

EUVD-2026-42249

Capgo before 12.128.2 contains a broken access control vulnerability in the organization management API where a scoped API key limitedtoorgs inherits its owner-user's permissions, allowing destructive cross-organization actions. When a user is an admin in two organizations and creates a write-mod...

8.1CVSS6AI score0.00223EPSS
Exploits0References2
Patchstack
Patchstack
added last week5 views

WordPress Author Box WP Lens plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ParkHyunWoo in WordPress Plugin Author Box WP Lens versions = 2.1.5...

6.5CVSS6.1AI score0.00161EPSS
Exploits0Affected Software1
CVE
CVE
added last week18 views

CVE-2026-22927

Technical details about CVE-2026-22927 are not publicly available in the provided documents. Monitor for updates from Omnissa and CVE databases.

7.8CVSS5.9AI score0.0017EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-22927

Omnissa Workspace ONE® Tunnel for Windows addresses a Local Privilege Escalation Vulnerability...

7.8CVSS5.9AI score0.0017EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added last week6 views

EUVD-2026-42242

Omnissa Workspace ONE® Tunnel for Windows addresses a Local Privilege Escalation Vulnerability...

7.8CVSS5.9AI score0.0017EPSS
Exploits0References2
Cvelist
Cvelist
added last week31 views

CVE-2026-22927

Omnissa Workspace ONE® Tunnel for Windows addresses a Local Privilege Escalation Vulnerability...

7.8CVSS0.0017EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/08 12:46 p.m.5 views

WordPress Active Products Tables for WooCommerce plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin Active Products Tables for WooCommerce versions = 1.1.0...

7.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/07/08 10:9 a.m.7 views

RHSA-2026:36206 Red Hat Security Advisory: 389-ds:1.4 security update

Bulletin has no description...

8.8CVSS5.9AI score0.01038EPSS
Exploits0References12
NVD
NVD
added 2026/07/08 6:16 a.m.8 views

CVE-2026-14500

The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouwfetchcsvdata AJAX handler being registered on the wpajaxnopriv hook with no capability or nonce check, and passing the attacker-supplied...

5.3CVSS0.00333EPSS
Exploits0References4
Rows per page
Query Builder