Lucene search
K

7522 matches found

Nuclei
Nuclei
added yesterday65 views

Navigate CMS 2.9.4 - Server-Side Request Forgery

Navigate CMS 2.9.4 is susceptible to server-side request forgery via feedparser class. This can allow a remote attacker to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter, thus enabling possible theft of sensitive information, data...

4.9CVSS6.2AI score0.2195EPSS
Exploits6References5
NVD
NVD
added yesterday5 views

CVE-2026-44771

SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of...

4.3CVSS0.00172EPSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-44771

Technical details about CVE-2026-44771 are not publicly available in the provided documents; monitor for updates as new information may be released.

4.3CVSS6.1AI score0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday8 views

CVE-2026-44771 Missing Authorization check in SAP S/4HANA (Draft operation)

SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of...

4.3CVSS0.00172EPSS
Exploits0References2
NVD
NVD
added 3 days ago6 views

CVE-2026-15494

A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switchstatus.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and...

5.8CVSS0.00202EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43216

A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switchstatus.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and...

5.8CVSS6AI score0.00202EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 3 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-56372

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An...

9.1CVSS6.2AI score0.00198EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-56372

ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service...

9.1CVSS0.00198EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 4 days ago3 views

CVE-2026-61465

ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of...

6.5CVSS6.1AI score0.00173EPSS
Exploits0References2
CVE
CVE
added 4 days ago15 views

CVE-2026-56372

ImageMagick (before version 7.1.2-19) contains a heap buffer overflow in the magnify operation. A malformed magnify:method value triggers an out-of-bounds read, which can expose sensitive information or cause denial of service. Multiple sources (NVD, Debian/Ubuntu OSV entries, Red Hat advisory, a...

9.1CVSS6.2AI score0.00198EPSS
Exploits0References2Affected Software1
OSV
OSV
added 4 days ago3 views

CVE-2026-56372 ImageMagick - Heap Buffer Overflow Read via Unrecognized Magnify Method

ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service...

4.8CVSS6.2AI score0.00198EPSS
Exploits0References4
Nuclei
Nuclei
added 4 days ago59 views

Micro Focus UCMDB - Remote Code Execution

Micro Focus UCMDB is susceptible to remote code execution. Impacted products include Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions, and Operations Bridge containerized 2020.05, 2019.08, 2019.0...

10CVSS7.2AI score0.74232EPSS
Exploits3References5
OSV
OSV
added 5 days ago5 views

CVE-2026-55843 Snipe-IT: Improper Privilege Management

Snipe-IT is an IT asset/license management system. Prior to 8.6.0, UsersController::update passes a missing permission request field through NormalizePermissionsPayloadAction and PreserveUnauthorizedPrivilegedPermissionsAction in a way that can overwrite a target user’s permissions with a sparse...

7CVSS6.1AI score0.00298EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-58374

A flaw was found in hostapd. An unauthenticated attacker within wireless range can send a specially crafted management frame during Wi-Fi 7 IEEE 802.11be Multi-Link Operation MLO association request processing. This crafted frame, containing a malformed Multi-Link Element or Per-STA Profile...

7.1CVSS6AI score0.00282EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-57271

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.0 Description In the IT asset and license management system, the update function within UsersController incorrectly handles missing permission request fields when processed through NormalizePermissionsPayloadActi...

7CVSS6.1AI score0.00298EPSS
Exploits0References9
EUVD
EUVD
added 6 days ago11 views

EUVD-2026-38358

pypdf: Possible infinite loop when processing threads/articles in writer...

6.9CVSS5.9AI score0.00111EPSS
Exploits0References4
NVD
NVD
added last week17 views

CVE-2026-39822

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open"symlink/"' will open "symlink" even when "symlink" is a symbolic link pointing...

7.8CVSS0.00183EPSS
Exploits0References4
EUVD
EUVD
added last week7 views

EUVD-2026-42187

The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing...

7.8CVSS6AI score0.00116EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-46592

A flaw was found in the Apache Camel CXF SOAP component. A remote attacker can exploit this vulnerability by manipulating the operationName header in an unauthenticated HTTP request. This improper input validation allows the attacker to force the CxfProducer to invoke unintended SOAP operations o...

7.5CVSS6AI score0.00396EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added last week8 views

CVE-2026-59194

A flaw was found in pnpm, a package manager. A remote attacker could exploit this vulnerability by providing a specially crafted patch entry. This crafted entry could resolve outside the configured patches directory, allowing for the deletion of an arbitrary file when pnpm patch-remove is execute...

7.1CVSS6AI score0.00257EPSS
Exploits1References4
Rows per page
Query Builder