Lucene search
K

15024 matches found

NVD
NVD
added 3 days ago10 views

CVE-2026-6352

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS0.00264EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-6352 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS0.00264EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-42408

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS6AI score0.00264EPSS
Exploits0References3
NVD
NVD
added 3 days ago9 views

CVE-2026-59879

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Listset, ListsetSize, ListsetIn, ListupdateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 30 to 2 31 in setListBounds in src/List.js, causing an empty List to ente...

8.7CVSS0.00301EPSS
Exploits1References5
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-42315

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such a...

8.7CVSS6AI score0.00301EPSS
Exploits1References5
Debian CVE
Debian CVE
added 3 days ago4 views

CVE-2026-59875

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is...

5.3CVSS5.9AI score0.00291EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-57241

The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...

6.1CVSS6AI score0.00107EPSS
Exploits0References2Affected Software2
RedHat Linux
RedHat Linux
added 3 days ago3 views

kernel: net/ipv6: ioam6: prevent schema length wraparound in trace fill

A flaw was found in the Linux kernel's IPv6 In-situ Operations, Administration, and Maintenance IOAM6 trace fill functionality. An integer overflow vulnerability exists in the ioam6filltracedata function, where the schema length calculation can wrap around due to being stored in an 8-bit unsigned...

9.8CVSS6.2AI score0.00409EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago89 views

Micro Focus Operations Bridge Reporter - Remote Code Execution

Micro Focus Operations Bridge Reporter 10.40 is susceptible to remote code execution. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials. id: CVE-2021-22502 info: name: Micro Focus...

10CVSS7.7AI score0.9674EPSS
Exploits4References5
Nuclei
Nuclei
added 4 days ago72 views

Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - Remote Code Execution

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of GetFileWithoutZip method. The issue results from th...

9.8CVSS7.8AI score0.99288EPSS
Exploits1References5
NVD
NVD
added 4 days ago10 views

CVE-2026-34037

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the cloneTo Livewire action in ResourceOperations.php authorizes the source resource but resolves destination resources with unscoped Eloquent lookups, allowing an...

9.9CVSS0.00247EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-34037

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the cloneTo Livewire action in ResourceOperations.php authorizes the source resource but resolves destination resources with unscoped Eloquent lookups, allowing an...

9.9CVSS5.9AI score0.00247EPSS
Exploits0References4Affected Software1
CVE
CVE
added 4 days ago10 views

CVE-2026-34058

CVE-2026-34058 : Coolify prior to 4.0.0-beta.471 is vulnerable to OS Command Injection in the Livewire component Server\Resources. The public methods startUnmanaged, stopUnmanaged, and restartUnmanaged accept a container ID directly from the browser without sanitization, and this value is interpo...

8.8CVSS6.2AI score0.00352EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago10 views

PT-2026-56137

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Coolify is an open-source tool for managing servers, applications, and databases. An authenticated member can execute commands as root on managed servers by injecting shell metacharacters in...

8.8CVSS6AI score0.00435EPSS
Exploits0References7
NVD
NVD
added 5 days ago10 views

CVE-2026-48206

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel JIRA component. The camel-jira producers read their operation parameters - the issue key, project key, transition id, summary, type, assignee, components, watchers, link type, work-log minute...

5.3CVSS0.00349EPSS
Exploits0References2
NVD
NVD
added 5 days ago8 views

CVE-2026-11962

The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who have been granted file-manager access — which its premium add-on can extend to sub-administrator roles — to upload arbitrary PHP files and...

8.8CVSS0.00435EPSS
Exploits0References1
CVE
CVE
added 5 days ago11 views

CVE-2026-48206

Apache Camel JIRA: A vulnerability allows an unauthenticated HTTP client to bypass input validation by supplying non-Camel header names (IssueKey, ProjectKey, IssueTransitionId, etc.) that flow into jira: producers. This lets the attacker potentially drive JIRA operations (delete/transition issue...

5.3CVSS6.1AI score0.00349EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago10 views

CVE-2026-11962

The FileOrganizer WordPress plugin before 1.2.0 does not validate file types on several file-management operations, enabling authenticated users with file-manager access — extended to sub-administrator roles via the premium add‑on — to upload arbitrary PHP files and achieve remote code execution....

8.8CVSS6.3AI score0.00435EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 5 days ago3 views

The vulnerability of the Internal Operations component of the “from order to payment” automation module in Oracle Receivables, a business automation system from Oracle E-Business Suite. This vulnerability allows a perpetrator to gain full control over the application.

The vulnerability of the Internal Operations component of the “from order to payment” automation module in Oracle Receivables, a business automation system from Oracle E-Business Suite, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker operating...

8.1CVSS5.9AI score0.00366EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/07/03 9:16 p.m.6 views

CVE-2026-26292

Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests...

9.8CVSS0.00482EPSS
Exploits0References4
Rows per page
Query Builder