38568 matches found
CVE-2026-55944
creationtimestamp| type| source ---|---|--- 2026-07-14 21:08:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqn4ha43uo2z 2026-07-14 22:02:11+00:00| seen| https://www.thezdi.com/blog/2026/7/14/the-july-2026-security-update-review 2026-07-15 01:01:43+00:00| seen|...
CVE-2026-55010
creationtimestamp| type| source ---|---|--- 2026-07-14 21:06:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqn4dmzkrj2q 2026-07-14 22:02:06+00:00| seen| https://www.thezdi.com/blog/2026/7/14/the-july-2026-security-update-review 2026-07-14 23:00:35+00:00| exploited|...
CVE-2026-58617
creationtimestamp| type| source ---|---|--- 2026-07-14 20:42:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqn2yvy7q72t 2026-07-14 22:02:40+00:00| seen| https://www.thezdi.com/blog/2026/7/14/the-july-2026-security-update-review 2026-07-15 01:02:12+00:00| seen|...
CVE-2026-15410
Post-authentication improper control of generation of code 'Code Injection' vulnerability has been identified in the SMA1000 Appliance Management Console AMC which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands...
CVE-2026-15410
Post-authentication improper control of generation of code 'Code Injection' vulnerability has been identified in the SMA1000 Appliance Management Console AMC which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands...
CVE-2026-15410
Post-authentication improper control of generation of code 'Code Injection' vulnerability has been identified in the SMA1000 Appliance Management Console AMC which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands...
CVE-2026-62656
The CVE-2026-62656 entry concerns post-authenticated command injection affecting certain NETGEAR RAX models. A logged-in user can send specially crafted requests to the router to run unauthorized commands, enabling changes to the router and impacting security/operation. The vulnerability targets ...
CVE-2026-62658
NETGEAR Nighthawk RAX series routers (RAX45, RAX43, RAX50, RAX54sv2) are affected by CVE-2026-62658, a post-authentication vulnerability that could allow a logged-in user to execute arbitrary commands or code on the device. The CVSS 4.0 base score is 5.7 (MEDIUM) with high integrity impact and ad...
CVE-2026-58476
creationtimestamp| type| source ---|---|--- 2026-07-14 16:42:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqmnn6ps442w...
CVE-2026-14903
creationtimestamp| type| source ---|---|--- 2026-07-14 15:49:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqmkoeal2u2x 2026-07-14 21:19:56+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/ivanti-security-advisory-av26-696...
CVE-2026-14902
creationtimestamp| type| source ---|---|--- 2026-07-14 15:48:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqmkl6x6la25 2026-07-14 21:19:53+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/ivanti-security-advisory-av26-696...
CVE-2026-12511
creationtimestamp| type| source ---|---|--- 2026-07-14 09:27:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqlvdarid52e 2026-07-15 00:00:32+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mqng3cfyza2o...
CVE-2026-59674 LPE from suricata user to root due to chown in %post in suricata packaging
A UNIX Symbolic Link Symlink Following vulnerability in openSUSE Tumbleweed suricata package allows the suricata user to escalate to root. This issue affects openSUSE Tumbleweed: from ? before 8.0.5-2.1; openSUSE Tumbleweed: from ? before 8.0.5-2.1...
CVE-2026-59674
CVE-2026-59674 affects openSUSE Tumbleweed surfacing a local privilege escalation in suricata packaging due to a symlink follow vulnerability in the post-install script. Connected details indicate the issue involves the libsuricata8 package (version 8.0.5-2.1 and earlier) and is fixed in 8.0.5-2....
mooSocial 3.1.8 - External Service Interaction
mooSocial 3.1.8 is vulnerable to external service interaction via multiple parameters in the post function. id: CVE-2023-43323 info: name: mooSocial 3.1.8 - External Service Interaction author: ritikchaddha severity: medium description: | mooSocial 3.1.8 is vulnerable to external service...
WordPress Post Timeline Plugin < 2.2.6 - Cross-Site Scripting
The Post Timeline WordPress plugin before version 2.2.6 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape an invalid nonce before outputting it back in an AJAX response, which could allow attackers to execute arbitrary JavaScript code in an...
PowerJob <=4.3.2 - Unauthenticated Access
PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. id: CVE-2023-29923 info: name: PowerJob =4.3.2 - Unauthenticated Access author: For3stCo1d severity: medium description: | PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. impact: ...
Mlflow - Cross-Site Scripting
The vulnerability allows an attacker to inject malicious code into the Content-Type header of a POST request, which is then reflected back to the user without proper sanitization or escaping. id: CVE-2023-6568 info: name: Mlflow - Cross-Site Scripting author: ritikchaddha severity: medium...
QCube Cross-Site-Scripting
A reflected cross-site scripting vulnerability in qcubed all versions including 3.1.1 in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. id: CVE-2020-24912 info: name: QCube Cross-Site-Scripting author: pikpikcu severity: medium...
GiveWP - Missing Authorization to Settings Update
GiveWP plugin through 2.5.9 for WordPress contains an unauthenticated settings change caused by insecure access in includes/gateways/stripe/includes/admin/admin-actions.php, letting attackers modify settings without authentication, exploit requires no authentication. id: CVE-2020-20627 info: name...