Lucene search
K

1695 matches found

CVE
CVE
added 2 days ago5 views

CVE-2026-41154

The CVE-2026-41154 entry describes a GPU DDK issue where software run as a non-privileged user can trigger out-of-bounds (OOB) kernel memory reads/writes via GPU API calls. The root cause is an incorrect buffer/index calculation in the page freeing logic for the sparse memory implementation when ...

6.1AI score0.00167EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56660

Name of the Vulnerable Software and Affected Versions Ray Enterprise Translation versions 0.0.0 through 4.0.4 Ray Enterprise Translation versions 4.1.0 through 4.1.4 Ray Enterprise Translation versions 11.0.0 through 11.0.4 Description Cross-Site Request Forgery CSRF occurs when a module fails to...

6.1AI score0.00119EPSS
Exploits0References3
NVD
NVD
added 5 days ago7 views

CVE-2026-48947

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 5 days ago6 views

CVE-2026-48947 Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS6AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42069

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS6AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-48947 Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-48947

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS6AI score0.00197EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/02 11:5 p.m.21 views

CVE-2026-13384

CVE-2026-13384 is an Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent. An authenticated privileged user could remotely execute arbitrary code via specially crafted requests to the Management Web UI. Affected: Fireware OS 12.1–12.12 and 2025.1–2026.2. CVSS details indicate netwo...

8.6CVSS6.1AI score0.00546EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/01 5:16 p.m.20 views

CVE-2026-56149

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the...

4.9CVSS0.00324EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 2:48 p.m.35 views

CVE-2026-58036 Users API leaks whether privileged users have their user groups disabled for lack of 2FA

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php,...

2.1CVSS0.00243EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-53236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks...

5.5CVSS6AI score0.00128EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:6 a.m.8 views

tcp: restrict SO_ATTACH_FILTER to priv users

...

7CVSS5.8AI score0.00128EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/26 2:8 a.m.8 views

SUSE CVE-2026-53249

In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPTSSRR and IPOPTLSRR options This patch restricts setting Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP options to users with CAPNETRAW capability. This prevents unprivileged...

5.8AI score0.00128EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 9:41 p.m.22 views

CVE-2020-37256 Grav - Cross-Site Scripting in Admin Plugin Page Editor

Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access...

5.4CVSS0.00167EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 8:39 a.m.6 views

EUVD-2026-39327

In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks potential side-channel attack where an unprivileged application...

5.8AI score0.00128EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.5 views

CVE-2026-53236

In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks potential side-channel attack where an unprivileged application...

5.5CVSS5.7AI score0.00128EPSS
Exploits0
CVE
CVE
added 2026/06/25 8:39 a.m.19 views

CVE-2026-53236

CVE-2026-53236 affects the Linux kernel where a patch restricts SO_ATTACH_FILTER (cBPF) usage on TCP sockets to CAP_NET_ADMIN, mitigating a potential side-channel leaking TCP sequence/ACK data. Debian/Ubuntu entries show patches across newer kernel builds (e.g., Linux 6.1 series with 6.1.176-1~de...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52168

Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.2.17 Drupal AI versions 1.3.0 through 1.3.8 Drupal AI versions 1.4.0 through 1.4.3 Description A missing authorization issue allows forceful browsing. Certain Drupal core actions exposed as agent tools lack...

6AI score0.00142EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 11:16 p.m.11 views

CVE-2026-12163

Fortra File Integrity Monitoring FIM, formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting XSS vulnerability in the Asset View UI component. An authenticated user with sufficient privileges to create or modify affected node or database configuration fields...

5.5CVSS0.00145EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.10 views

PT-2026-51604

Name of the Vulnerable Software and Affected Versions Fortra File Integrity Monitoring FIM versions prior to 9.4.0.1 Description A stored cross-site scripting XSS issue exists in the Asset View UI component. An authenticated user with sufficient privileges to create or modify affected node or...

5.5CVSS5.6AI score0.00145EPSS
Exploits0References7
Rows per page
Query Builder