Lucene search
K

9116 matches found

EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-40961

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Do not fillpool if piblockedon On RT enabled kernels, fillpool ends up calling rtlocklock, which asserts if current::piblockedon is set, because a task can obviously only block on one lock as otherwise the priority...

5.8AI score
Exploits0References3
EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-40960

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't call fillpool in early boot hardirq context When booting a debug PREEMPTRT kernel on an ARM64 system, a "inconsistent HARDIRQ-ON-W - IN-HARDIRQ-W usage" lockdep warning message was reported to the console...

5.8AI score
Exploits0References3
Nuclei
Nuclei
added 17 hours ago32 views

JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jpyearbuilt leads to cross...

6.1CVSS3.7AI score0.0097EPSS
Exploits2References3
Nuclei
Nuclei
added 17 hours ago7 views

WordPress Realtyna Organic IDX Plugin <= 4.14.4 - SQL Injection

The Realtyna Organic IDX plugin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.14.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...

9.3CVSS5.8AI score0.0172EPSS
Exploits0References2
Nuclei
Nuclei
added 17 hours ago23 views

WordPress Essential Real Estate <3.9.6 - Authenticated Cross-Site Scripting

WordPress Essential Real Estate plugin before 3.9.6 contains an authenticated cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters, which can allow someone with a role as low as admin to inject arbitrary script in the browser of an unsuspecting user in the...

5.4CVSS6AI score0.00869EPSS
Exploits2References5
EUVD
EUVD
added 20 hours ago4 views

EUVD-2026-40765

Insufficient validation of untrusted input in WebRTC in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...

5.8AI score
Exploits0References3
EUVD
EUVD
added 20 hours ago5 views

EUVD-2026-40703

Race in WebRTC in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 20 hours ago6 views

Important: Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS6.1AI score0.00475EPSS
Exploits0References10
NVD
NVD
added yesterday5 views

CVE-2026-14078

Insufficient validation of untrusted input in WebRTC in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...

8.8CVSS
Exploits0References2
OSV
OSV
added yesterday3 views

DEBIAN-CVE-2026-14015

Race in WebRTC in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-14078

Insufficient validation of untrusted input in WebRTC in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...

8.8CVSS5.8AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added yesterday15 views

CVE-2026-14015

Race in WebRTC in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

Exploits0References2
NVD
NVD
added 2 days ago7 views

CVE-2026-13559

A weakness has been identified in code-projects Real State Services 1.0. Impacted is an unknown function of the file /single-listsale.php?action=add. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...

7.5CVSS0.00412EPSS
Exploits0References6
CVE
CVE
added 2 days ago11 views

CVE-2026-13559

CVE-2026-13559 affects code-projects Real State Services 1.0. The vulnerability resides in the /single-list_sale.php?action=add handling of the ID parameter, where unsafely manipulated input enables SQL injection. Attack vector is network-based and exploitation is possible remotely, with a public...

7.5CVSS7AI score0.00412EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-40070

A weakness has been identified in code-projects Real State Services 1.0. Impacted is an unknown function of the file /single-listsale.php?action=add. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...

7.5CVSS7AI score0.00412EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-13559 code-projects Real State Services single-list_sale.php add sql injection

A weakness has been identified in code-projects Real State Services 1.0. Impacted is an unknown function of the file /single-listsale.php?action=add. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...

7.5CVSS0.00412EPSS
Exploits0References6
OSV
OSV
added 3 days ago7 views

MAL-2026-6561 Malicious code in skillspector (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3c5f440b1893b0d6aad59302e3cef3c14e1ae5b51b83144474e8126b3d2f9075 This package is a modified, unofficial version of the Nvidia project https://github.com/NVIDIA/skillspector. The modification is disguised as telemetry. The...

5.9AI score
Exploits0References1
Nuclei
Nuclei
added 3 days ago34 views

WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL Injection

WordPress Visitor Statistics Real Time Traffic plugin before 4.8 does not properly sanitize and escape the refUrl in the refDetails AJAX action, which is available to any authenticated user. This could allow users with a role as low as subscriber to perform SQL injection attacks. id: CVE-2021-247...

8.8CVSS7.3AI score0.38298EPSS
Exploits5References5
CVE
CVE
added 5 days ago6 views

CVE-2026-55838

CVE-2026-55838 (RustFS) : In versions up to 1.0.0-beta.7, the real-time metrics endpoint /rustfs/admin/v3/metrics is accessible to any valid IAM user, because MetricsHandler skips the admin-request validation that other admin handlers perform. As a result, a user whose policy allows only their ow...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 5 days ago4 views

CVE-2026-57641

Unauthenticated Cross Site Request Forgery CSRF in Real Estate 7 = 3.5.9 versions...

6.5CVSS0.00127EPSS
Exploits0References1
Rows per page
Query Builder