Lucene search
K

121514 matches found

CVE
CVE
added 2 hours ago6 views

CVE-2026-10823

The CVE concerns the WordPress plugin YMC Smart Filter prior to version 3.11.3 . The issue arises from improper authorization of a REST API endpoint and lack of validation of a user-supplied query parameter, enabling unauthenticated access to the titles and content of private, draft, and other no...

5.8AI score
Exploits0References1
EUVD
EUVD
added yesterday8 views

EUVD-2026-31402

golang.org/x/crypto/ssh/agent: Invoking pathological inputs can lead to client panic...

5.3CVSS5.8AI score0.00313EPSS
Exploits0References5
NVD
NVD
added yesterday5 views

CVE-2026-56772

NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...

5.3CVSS
Exploits0References3
NVD
NVD
added yesterday6 views

CVE-2026-56771

NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the addurl endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access localhost services and...

8.5CVSS
Exploits0References4
EUVD
EUVD
added yesterday3 views

EUVD-2026-39540

The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership...

4.2CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-2299

The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership...

4.2CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-2299

CVE-2026-2299 affects the Mattermost Google Drive plugin prior to version 1.1.0. The file creation endpoint does not validate channel membership, allowing authenticated users with a connected Google account to share Google Drive files into unauthorized private channels and disclose private channe...

4.2CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-39525

NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...

5.3CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added yesterday7 views

CVE-2026-56772 NewsBlur < 14.5.0 - Insecure Direct Object Reference in Social Interactions Endpoint

NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...

5.3CVSS
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-56772

NewsBlur

5.3CVSS6AI score
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-39524

NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the addurl endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access localhost services and...

8.5CVSS6AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-55412

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

8.3CVSS5.9AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added yesterday12 views

CVE-2026-54033 LibreChat: SSRF via User-Provided Custom Endpoint baseURL — no private IP validation on user-configured API base URLs

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private IP check, no scheme...

7.7CVSS0.00032EPSS
Exploits0References1
Debian CVE
Debian CVE
added yesterday4 views

CVE-2026-53155

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: use correct flags for device private PMD entry Commit 65edfda6f3f2 "mm/rmap: extend rmap and migration support device-private entries" updated setpmdmigrationentry to use pmdphugegetandclear in the softleaf case, b...

5.4AI score0.00172EPSS
Exploits0
EUVD
EUVD
added yesterday3 views

EUVD-2026-39246

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: use correct flags for device private PMD entry Commit 65edfda6f3f2 "mm/rmap: extend rmap and migration support device-private entries" updated setpmdmigrationentry to use pmdphugegetandclear in the softleaf case, b...

5.4AI score0.00172EPSS
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-53155

CVE-2026-53155 : In the Linux kernel, the issue lies in mm/huge_memory where device-private PMD entries were assigned incorrect flags due to the migration logic, causing misinterpretation of softdirty, writable, and uffd-wp states. The function set_pmd_migration_entry() used pmd_write(), pmd_soft...

5.4AI score0.00172EPSS
Exploits0References2
Debian CVE
Debian CVE
added yesterday4 views

CVE-2026-53152

In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...

5.7AI score0.00168EPSS
Exploits0
EUVD
EUVD
added yesterday3 views

EUVD-2026-39243

In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...

5.8AI score0.00168EPSS
Exploits0References4
CVE
CVE
added yesterday6 views

CVE-2026-53152

The CVE affects the Linux kernel driver for rk-series SD/MMC controllers: mmc: dw_mmc-rockchip. The issue stems from missing private data for very old controllers (rk2928, rk3066, rk3188) that do not support UHS speeds and lacked a parse_dt callback and driver private data. The init path now assu...

5.8AI score0.00168EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday16 views

WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts

WordPress before 5.2.4 contains an information disclosure caused by mishandling of the static query property, letting unauthenticated users view certain content, exploit requires no authentication. id: CVE-2019-17671 info: name: WordPress = 5.2.4 - Unauthenticated View Private/Draft Posts author:...

5.3CVSS6.7AI score0.36503EPSS
Exploits2References4
Rows per page
Query Builder