Lucene search
K

2012 matches found

Nuclei
Nuclei
added 7 hours ago84 views

FortiWeb - Cross Site Scripting

FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points. id: CVE-2021-22122 info: name:...

6.1CVSS6.4AI score0.1052EPSS
Exploits0References5
CVE
CVE
added 4 days ago13 views

CVE-2026-10628

The CVE concerns the WordPress plugin Points and Rewards for WooCommerce (affected: all versions up to 2.10.0). It describes an authorization bypass in which authenticated users with subscriber-level access and above can perform arbitrary modifications via multiple AJAX actions. Core implications...

4.3CVSS6.2AI score0.00349EPSS
Exploits0References12
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43123

The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.10.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS6.2AI score0.00349EPSS
Exploits0References12
NVD
NVD
added 5 days ago6 views

CVE-2026-57156

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in updatereaddeltapoints in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeofDELTAPOINT, allowing a malicious RDP pee...

9.8CVSS0.00698EPSS
Exploits1References4
Cvelist
Cvelist
added 5 days ago37 views

CVE-2026-57156 FreeRDP: Integer overflow leading to heap buffer overflow in Orders Delta Points parsing

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in updatereaddeltapoints in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeofDELTAPOINT, allowing a malicious RDP pee...

8.6CVSS0.00698EPSS
Exploits1References4
CVE
CVE
added 5 days ago18 views

CVE-2026-57156

FreeRDP (32-bit builds) before version 3.28.0 is affected by an integer overflow in update_read_delta_points (libfreerdp/core/orders.c) when multiplying attacker-controlled point count by sizeof(DELTA_POINT). This can cause the allocation of an undersized heap buffer, allowing a malicious RDP pee...

9.8CVSS6.2AI score0.00698EPSS
Exploits1References4Affected Software1
OSV
OSV
added 5 days ago3 views

CVE-2026-57156 FreeRDP: Integer overflow leading to heap buffer overflow in Orders Delta Points parsing

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in updatereaddeltapoints in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeofDELTAPOINT, allowing a malicious RDP pee...

8.6CVSS6.2AI score0.00698EPSS
Exploits1References6
OSV
OSV
added 2026/07/07 4:3 p.m.8 views

PYSEC-2026-1448 libsodium has Incomplete List of Disallowed Inputs

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. This advisoory...

4.5CVSS6AI score0.00166EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2026/07/02 12:14 p.m.2 views

python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite

A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to wri...

8CVSS7.1AI score0.0032EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/29 10:3 a.m.6 views

CVE-2026-53317

A flaw was found in the Linux kernel's Wi-Fi drivers mt76 and mt7921. A remote attacker could exploit this by configuring a Wi-Fi station with an Association ID AID exceeding the expected limit. This malformed AID can cause a firmware crash, leading to a Denial of Service DoS on the affected...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/23 1:24 a.m.5 views

samba: Missing access check on reparse point operations

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS5.8AI score0.00862EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 1:16 a.m.6 views

samba: Missing access check on reparse point operations

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS5.8AI score0.00862EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 1:7 a.m.18 views

samba: Missing access check on reparse point operations

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS5.8AI score0.00862EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Venus: pmhelpers: Fixed a warning in the OPP phase during the probe. Fixed the following WARN messages that were triggered during the Venus driver probe in version 5.19.0-rc8-next-20220728: WARNING: CPU: 7 PID: 339 at...

5.5CVSS6.3AI score0.002EPSS
Exploits0References2
Fedora
Fedora
added 2026/06/19 1:10 a.m.14 views

[SECURITY] Fedora 43 Update: ongres-stringprep-2.4-1.fc43

The stringprep protocol does not stand on its own; it has to be used by other protocols at precisely-defined places in those other protocols...

5.3AI score
Exploits0
NVD
NVD
added 2026/06/15 6:16 p.m.12 views

CVE-2026-6045

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...

6.9CVSS0.0012EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 6:16 p.m.17 views

CVE-2026-6039

LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose...

6.9CVSS0.00157EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 12:25 p.m.15 views

OESA-2026-2631 python-pip security update

%changelog Sat Jul 13 2024 yangyuan [email protected] - 23.3.1-2 - Fix CVE-2023-45803 and CVE-2024-37891 Security Fixes: A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel...

8CVSS5.8AI score0.0032EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 12:5 p.m.9 views

RLSA-2026:22963 Critical: samba security update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: Missing access check on reparse point operations...

9CVSS6AI score0.12797EPSS
Exploits10References7
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-49762

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a deni...

5.1CVSS5.9AI score0.00152EPSS
Exploits0References3
Rows per page
Query Builder