Lucene search
K

1845 matches found

EUVD
EUVD
added yesterday6 views

EUVD-2026-43287

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

5.4CVSS6.1AI score0.00132EPSS
Exploits0References2
NVD
NVD
added 4 days ago8 views

CVE-2026-21057

Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory...

6.8CVSS0.00116EPSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2026-21057

CVE-2026-21057 concerns Samsung Pass: improper input validation in the product prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory. Affected component: Samsung Pass binary/feature set; root cause: input validation flaw leading to memory corruption with LOCAL ...

6.8CVSS5.9AI score0.00116EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42827

Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory...

6.8CVSS5.9AI score0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-21057

Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory...

6.8CVSS5.9AI score0.00116EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-21057

Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory...

6.8CVSS0.00116EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/01 9:31 a.m.4 views

httpd: Apache HTTP Server: Heap-based Buffer Overflow via malicious backend servers

A flaw was found in Apache HTTP Server. This heap-based buffer overflow vulnerability can be exploited by a malicious backend server when using ProxyPassReverseCookie directives. This could lead to a denial of service DoS condition, making the server unavailable to legitimate users...

7.5CVSS6AI score0.00682EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/23 5:8 a.m.96 views

SPIP BigUp Plugin - Remote Code Execution

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request. id: CVE-2024-8517 info: name: SPIP BigUp Plugin - Remote Code Execution...

9.8CVSS7.7AI score0.94618EPSS
Exploits7References5
OSV
OSV
added 2026/06/22 5:47 a.m.3 views

BIT-NGINX-2026-42055 NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6.5AI score0.03459EPSS
Exploits1References10
OSV
OSV
added 2026/06/19 10:10 p.m.28 views

GHSA-4XGF-CPJX-PC3J pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size

Summary NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is followed, so files outside the configured directory are read into settings value...

5.3CVSS5.9AI score0.00138EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/19 4:28 p.m.7 views

CVE-2026-56208 Libaom: libaom: heap buffer overflow in av1 encoder first-pass stats buffer via lap mode

A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when glaginframes is set to 1 or higher. This results in a 232-byte...

7.6CVSS6.2AI score0.00275EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/19 4:28 p.m.7 views

EUVD-2026-38045

A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when glaginframes is set to 1 or higher. This results in a 232-byte...

7.6CVSS6.2AI score0.00275EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 4:28 p.m.24 views

CVE-2026-56208

CVE-2026-56208 affects libaom, the reference AV1 codec. A flaw in the encoder’s Look-Ahead Processing (LAP) mode bypasses the first-pass stats ring-buffer guard when g_lag_in_frames is 1 or more, causing a 232-byte out-of-bounds write on every frame after the second. This can corrupt heap objects...

7.6CVSS6.2AI score0.00275EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/19 4:28 p.m.41 views

CVE-2026-56208 Libaom: libaom: heap buffer overflow in av1 encoder first-pass stats buffer via lap mode

A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when glaginframes is set to 1 or higher. This results in a 232-byte...

7.6CVSS0.00275EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/19 1:53 a.m.7 views

SUSE CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

8.1CVSS6.5AI score0.03459EPSS
Exploits1References5
OSV
OSV
added 2026/06/17 3:16 p.m.4 views

ALPINE-CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6.5AI score0.03459EPSS
Exploits1References1
NVD
NVD
added 2026/06/10 6:16 p.m.15 views

CVE-2026-11596

In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens...

4.7CVSS0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 5:15 p.m.8 views

CVE-2026-11596

In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens...

4.7CVSS5.4AI score0.00221EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 5:15 p.m.14 views

EUVD-2026-36079

In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens...

4.7CVSS5.4AI score0.00221EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 5:15 p.m.33 views

CVE-2026-11596

Affected software: ScreenConnect™ (before version 26.2). The vulnerability concerns input validation in the Host Pass creation flow, where an authenticated user with Host Pass creation privileges could set a delegated access token expiration longer than the intended maximum. Impact, as described,...

4.7CVSS5.5AI score0.00221EPSS
Exploits0References1
Rows per page
Query Builder