Lucene search
+L

4615 matches found

Patchstack
Patchstack
added 2026/07/01 4:40 p.m.5 views

WordPress Houzez Property Feed plugin <= 2.5.46 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Houzez Property Feed versions = 2.5.46...

4.9CVSS5.8AI score0.00288EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/01 9:31 a.m.5 views

httpd: Apache httpd mod_dav_fs: Denial of Service due to path handling issue

A flaw was found in the moddavfs module of Apache HTTP Server. A WebDAV Web Distributed Authoring and Versioning content author could exploit a path handling issue to directly manipulate trusted DAV property databases. This manipulation could potentially lead to child process crashes, resulting i...

9.1CVSS5.8AI score0.00538EPSS
Exploits0References5
OSV
OSV
added 2026/06/30 11:17 p.m.4 views

UBUNTU-CVE-2026-55223

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection match the getXXX form, so JavaBean...

6.3CVSS5.7AI score0.00284EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/30 9:36 p.m.19 views

CVE-2026-54516

A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass security controls by exploiting an issue in how properties are handled when both @JsonProperty for renaming and @JsonIgnore for ignoring annotations are used. By supplying a specially crafted JSON key, an...

5.3CVSS5.7AI score0.00282EPSS
Exploits0References8
OSV
OSV
added 2026/06/30 6:43 p.m.5 views

GHSA-H8VQ-8GPG-MHCG Twig: Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`

Description This is a residual bypass of CVE-2026-46635 / GHSA-vcc8-phrv-43wj that only affects sandboxing enabled through SourcePolicyInterface and not the regular global sandbox mode. CoreExtension::column receives the active sandbox state via the needsissandboxed channel as a boolean...

7.5CVSS5.7AI score0.00239EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 3:13 p.m.8 views

Malicious code in postcss-property-rollup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector acb8d62cdeb6a2c19937f3d02aa6214a23114e4dbc38373e6107c8345c3f1f9f [email protected] was scanned with no a static rule matches and no behavioral findings. No exfiltration, install-time fetch-and-execute,...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/30 3:13 p.m.10 views

MAL-2026-6684 Malicious code in postcss-property-rollup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector acb8d62cdeb6a2c19937f3d02aa6214a23114e4dbc38373e6107c8345c3f1f9f [email protected] was scanned with no a static rule matches and no behavioral findings. No exfiltration, install-time fetch-and-execute,...

6.1AI score
Exploits0References2
CVE
CVE
added 2026/06/30 9:49 a.m.13 views

CVE-2026-53917

CVE-2026-53917 describes an unbounded memory allocation vulnerability in OpenWire property unmarshalling in Apache ActiveMQ and related builds. An authenticated user can send a crafted OpenWire Message with a very large encoded size value for a message property map, causing OpenWire maps to be un...

7.5CVSS5.7AI score0.00796EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.14 views

PT-2026-54435

Name of the Vulnerable Software and Affected Versions c3p0 versions prior to 0.14.0 Description c3p0, a JDBC Connection pooling library, can act as a sink for deserialization gadgets when used with other libraries. The DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection...

6.3CVSS5.8AI score0.00284EPSS
Exploits0References9
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-329 Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass

Summary Django-Unicorn is vulnerable to python class pollution vulnerability, a new type of vulnerability categorized under CWE-915. The vulnerability arises from the core functionality setpropertyvalue, which can be remotely triggered by users by crafting appropriate component requests and feedi...

9.3CVSS6.7AI score0.0047EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/29 8:36 a.m.6 views

CVE-2026-53307

A flaw was found in the Linux kernel. The pinctrl: pinconf-generic subsystem does not properly validate the 'pinmux' property. An attacker could provide an empty 'pinmux' property, which would cause the system to crash due to invalid memory access. This could lead to a denial of service...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/28 1:8 a.m.7 views

SUSE CVE-2026-53307

In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconfgenericparsedtpinmux assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value i...

5.8AI score0.00112EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:18 a.m.7 views

Vim: Out-of-bounds Read in Text Property Count

...

6.1CVSS5.8AI score0.00113EPSS
Exploits0
NVD
NVD
added 2026/06/26 8:17 p.m.8 views

CVE-2026-53307

In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconfgenericparsedtpinmux assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value i...

5.5CVSS0.00112EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 8:17 p.m.3 views

DEBIAN-CVE-2026-53307

In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconfgenericparsedtpinmux assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value i...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 8:17 p.m.4 views

UBUNTU-CVE-2026-53307

In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconfgenericparsedtpinmux assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value i...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/26 7:41 p.m.10 views

EUVD-2026-39842

In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconfgenericparsedtpinmux assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value i...

5.8AI score0.00112EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/26 7:41 p.m.6 views

CVE-2026-53307

In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconfgenericparsedtpinmux assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value i...

5.5CVSS5.7AI score0.00112EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/26 2:12 a.m.8 views

SUSE CVE-2026-53149

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size tbpropertyparsedir does not check that contentoffset + contentlen fits within blocklen for the root directory case. When rootdir-length equals or exceeds blocklen - 2, the...

5.8AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/26 2:12 a.m.9 views

SUSE CVE-2026-53150

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Reject zero-length property entries in validator tbpropertyentryvalid accepts entries with length == 0 for DIRECTORY, DATA, and TEXT types. A zero-length TEXT entry passes validation but causes an underflow in the...

6.1CVSS5.8AI score0.00128EPSS
Exploits0References4
Rows per page
Query Builder