Lucene search
+L

40722 matches found

NVD
NVD
added 3 hours ago3 views

CVE-2026-63830

In the Linux kernel, the following vulnerability has been resolved: net: skmsg: preserve sg.copy across SG transforms The skmsg sg.copy bitmap is part of the scatterlist entry ownership state. A set bit tells skmsgcomputedatapointers not to expose the entry through writable BPF ctx-data. This...

Exploits0References6
ATTACKERKB
ATTACKERKB
added 3 hours ago3 views

CVE-2026-63835

In the Linux kernel, the following vulnerability has been resolved: batman-adv: v: prevent OGM aggregation on disabled hardif When an interface gets disabled, the worker is correctly disabled by batadvhardifdisableinterface - ... - batadvvogmifacedisable. In this process, the skb aggrlist is also...

5.2AI score
Exploits0References9Affected Software1
Cvelist
Cvelist
added 3 hours ago3 views

CVE-2026-63793 ntfs: serialize volume label accesses

In the Linux kernel, the following vulnerability has been resolved: ntfs: serialize volume label accesses Protect vol-volumelabel with a mutex and snaphost the label before copytouser. This prevent a use-after-free when FSIOCSETFSLABEL replaces the vol-volumelabel and FSIOCGETTSLABEL reads it...

Exploits0References2
EUVD
EUVD
added 3 hours ago2 views

EUVD-2026-45459

In the Linux kernel, the following vulnerability has been resolved: ntfs: serialize volume label accesses Protect vol-volumelabel with a mutex and snaphost the label before copytouser. This prevent a use-after-free when FSIOCSETFSLABEL replaces the vol-volumelabel and FSIOCGETTSLABEL reads it...

5.3AI score
Exploits0References2
CVE
CVE
added 5 hours ago5 views

CVE-2026-53375

The CVE affects the Linux kernel DRM AMDGPU VCE code path. The vulnerability involved partial address patches where only one of lo/hi was valid, risking a bad address being written to the firmware (FW). The issue has been resolved upstream by applying a patch that prevents partial address writes,...

5.4AI score
Exploits0References6
Cvelist
Cvelist
added 11 hours ago10 views

CVE-2026-16213 Fantomas42 django-blog-zinnia Protected Entry Password entry_protection.py cleartext storage

A security flaw has been discovered in Fantomas42 django-blog-zinnia up to 0.20. Affected by this vulnerability is an unknown functionality of the file zinnia/views/mixins/entryprotection.py of the component Protected Entry Password Handler. The manipulation results in cleartext storage of...

4.8CVSS
Exploits0References6
Nuclei
Nuclei
added 12 hours ago252 views

WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection

WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL...

9.8CVSS8.7AI score0.78812EPSS
Exploits7References4
Nuclei
Nuclei
added 12 hours ago34 views

Arcserve Unified Data Protection - Authentication Bypass

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin function within wizardLogin. id: CVE-2024-0799 info: name: Arcserve Unified Data Protection -...

9.8CVSS8.6AI score0.04342EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago110 views

Grafana <= 6.7.1 - Cross-Site Scripting

Grafana through 6.7.1 contains an unauthenticated stored cross-site scripting vulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot...

5.4CVSS6.3AI score0.09619EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 15 hours ago3 views

PT-2026-61109

In the Linux kernel, the following vulnerability has been resolved: ntfs: serialize volume label accesses Protect vol-volume label with a mutex and snaphost the label before copy to user. This prevent a use-after-free when FS IOC SETFSLABEL replaces the vol-volume label and FS IOC GETTSLABEL read...

5.5AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 15 hours ago3 views

PT-2026-61151

In the Linux kernel, the following vulnerability has been resolved: batman-adv: v: prevent OGM aggregation on disabled hardif When an interface gets disabled, the worker is correctly disabled by batadv hardif disable interface - ... - batadv v ogm iface disable. In this process, the skb aggr list...

5.3AI score
Exploits0References9
Positive Technologies
Positive Technologies
added 15 hours ago4 views

PT-2026-61047

A security flaw has been discovered in Fantomas42 django-blog-zinnia up to 0.20. Affected by this vulnerability is an unknown functionality of the file zinnia/views/mixins/entry protection.py of the component Protected Entry Password Handler. The manipulation results in cleartext storage of...

4.8CVSS4.3AI score
Exploits0References7
Imperva Blog
Imperva Blog
added yesterday11 views

Imperva Customers Protected Against “wp2shell” Pre-Authentication RCE in WordPress Core

TL;DR : A critical pre-authentication Remote Code Execution RCE vulnerability, dubbed "wp2shell" CVE-2026-63030, has been identified in WordPress Core. This vulnerability allows an unauthenticated attacker to execute arbitrary code on a vulnerable WordPress installation without any preconditions,...

9.8CVSS6.8AI score0.08946EPSS
Exploits34
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-45286

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow 1.9.0 could allow server-side request forgery SSRF due to insecure default configuration and incomplete enforcement of the SSRF protection mechanism...

7.7CVSS5.3AI score0.00219EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-45237

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, a non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync; the regular integration endpoint POST...

6.5CVSS5.4AI score0.00264EPSS
Exploits0References5
NVD
NVD
added 2 days ago6 views

CVE-2026-16103

A flaw was found in the keycloak-services component of Keycloak. This issue is an incomplete fix for CVE-2026-9798, where brute-force protection checks were added to the Client-Initiated Backchannel Authentication CIBA initiation handler but were omitted from the token redemption handler. This...

4.3CVSS0.00207EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-45225

A flaw was found in the keycloak-services component of Keycloak. This issue is an incomplete fix for CVE-2026-9798, where brute-force protection checks were added to the Client-Initiated Backchannel Authentication CIBA initiation handler but were omitted from the token redemption handler. This...

4.3CVSS5.2AI score0.00207EPSS
Exploits0References2
CVE
CVE
added 2 days ago11 views

CVE-2026-16103

Keycloak CVE-2026-16103 affects the keycloak-services component. It describes an incomplete fix for CVE-2026-9798: brute-force protection checks were added to the CIBA initiation path but omitted from the token redemption path. As a result, an attacker with valid client credentials can obtain acc...

4.3CVSS5.3AI score0.00207EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2 days ago9 views

CVE-2026-50646

A flaw was found in .NET Framework. This protection mechanism failure allows an unauthorized attacker to execute arbitrary code locally. Successful exploitation of this vulnerability can lead to a complete compromise of the affected system...

7.8CVSS6AI score0.01579EPSS
Exploits0References4
NVD
NVD
added 2 days ago8 views

CVE-2026-60025

The Joomla extension Events Booking prior version 5.8.0 had an frontend file upload endpoint that lacked CSRF protection...

0.00097EPSS
Exploits0References1
Rows per page
Query Builder