Lucene search
K

15026 matches found

BDU FSTEC
BDU FSTEC
added 6 days ago3 views

The vulnerability of the Internal Operations component of the “from order to payment” automation module in Oracle Receivables, a business automation system from Oracle E-Business Suite. This vulnerability allows a perpetrator to gain full control over the application.

The vulnerability of the Internal Operations component of the “from order to payment” automation module in Oracle Receivables, a business automation system from Oracle E-Business Suite, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker operating...

8.1CVSS5.9AI score0.00366EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/07/03 9:16 p.m.6 views

CVE-2026-26292

Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests...

9.8CVSS0.00482EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:35 p.m.8 views

CVE-2026-58597

Insufficient ui warning of dangerous operations in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

4.3CVSS6AI score0.00398EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/03 8:35 p.m.8 views

EUVD-2026-41597

Insufficient ui warning of dangerous operations in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

4.3CVSS6AI score0.00398EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.5 views

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Insufficient ui warning of dangerous operations in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

4.3CVSS6AI score0.00398EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55598

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description LFS push and sync mirror operations do not utilize the migration HTTP transport. This behavior allows LFS requests to bypass the configured migration transport protections. Recommendations Update Gite...

9.8CVSS6.1AI score0.00482EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.12 views

PT-2026-55649

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Insufficient UI warnings regarding dangerous operations allow an unauthorized attacker to perform spoofing over a network. Recommendations At the moment, there is no...

4.3CVSS6AI score0.00398EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/02 7:43 p.m.37 views

CVE-2026-59100 LobeChat 2.2.9 - Broken Object Level Authorization via Chat-Group Agent Operations

LobeChat through 2.2.9 contains a broken object level authorization vulnerability that allows authenticated attackers to access and modify other users' chat-group agent data by supplying arbitrary group identifiers. Attackers can invoke the getGroupAgents, updateAgentInGroup, and...

5CVSS0.0018EPSS
Exploits0References4
OSV
OSV
added 2026/07/02 7:22 p.m.3 views

GHSA-V5FF-XMFP-P245 electerm has Command Injection in File System Operations (rmrf, mv, cp)

Impact A command injection vulnerability exists in electerm's file system operations rmrf, mv, cp in src/app/lib/fs.js. These functions construct shell commands by interpolating file paths directly into command strings without escaping shell metacharacters. Vulnerable functions: - rmrf - Uses rm...

8.8CVSS6.2AI score0.00072EPSS
Exploits0References3
Cisco
Cisco
added 2026/07/01 4:0 p.m.14 views

ClamAV Vulnerabilities Affecting Cisco Products: July 2026

Multiple vulnerabilities in ClamAV could allow a remote attacker to cause a denial of service DoS condition, interrupting scanning operations. For more information about these vulnerabilities, see the Details "details" section of this advisory. For additional information on these vulnerabilities ...

7.5CVSS5.8AI score0.00463EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 8:17 p.m.6 views

CVE-2026-7663

IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint...

9.8CVSS0.00259EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53301

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - reset: amlogic: t7: Fix null reset ops Fix missing reset ops causing kernel null pointer dereference. This SOC's reset is currently not used yet. CVE-2026-53301...

5.5CVSS6AI score0.00121EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54370

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by...

7.2CVSS6.1AI score0.00091EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/29 7:59 p.m.4 views

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

7.8CVSS6.6AI score0.00353EPSS
Exploits4References7
EUVD
EUVD
added 2026/06/29 5:20 p.m.7 views

EUVD-2026-40168

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

7.1CVSS5.8AI score0.00246EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/29 5:20 p.m.7 views

EUVD-2026-40167

ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control vulnerability in ErpSaleOrderController that allows attackers with erp:sale-out permissions to gain unauthorized access to sale order operations by exploiting an incorrect permission namespace enforcement...

8.6CVSS5.8AI score0.00294EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:38 p.m.7 views

CVE-2026-54370

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS5.9AI score0.00091EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/29 11:4 a.m.10 views

CVE-2026-53301

A flaw was found in the Linux kernel. Missing reset operations can lead to a null pointer dereference, which may cause system instability or a denial of service DoS. This vulnerability occurs when the system attempts to use uninitialized reset operations, resulting in an unexpected system state...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/29 8:6 a.m.3 views

CVE-2026-13595

A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent partition additions cause the array to be...

6.8CVSS5.7AI score0.00112EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53671

Name of the Vulnerable Software and Affected Versions Mythic versions prior to 3.4.0.60 Description An authorization bypass exists that allows authenticated users with the spectator role to perform unauthorized write operations. This occurs because the 'eventing import automatic webhook' endpoint...

5.4CVSS6AI score0.00249EPSS
Exploits0References9
Rows per page
Query Builder