Lucene search
K

21696 matches found

Patchstack
Patchstack
added last week5 views

WordPress PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin <= 2.3.0 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Modification vulnerability

Insecure Direct Object Reference to Authenticated Custom+ Arbitrary Modification vulnerability discovered by Truong Tran in WordPress Plugin PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin versions = 2.3.0...

4.3CVSS5.3AI score0.0026EPSS
Exploits0References1Affected Software1
OSV
OSV
added last week3 views

MINI-P4W5-HP5R-GR3M

Bulletin has no description...

4.8CVSS5AI score0.00114EPSS
Exploits0
OSV
OSV
added last week3 views

MINI-78G2-R3MC-P2P4

Bulletin has no description...

5.3CVSS5AI score0.00186EPSS
Exploits0
Patchstack
Patchstack
added last week6 views

WordPress Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification vulnerability

Insecure Direct Object Reference to Authenticated Custom+ Arbitrary Order Modification vulnerability discovered by Kirasec in WordPress Plugin Dokan versions = 5.0.3...

4.3CVSS5.3AI score0.0025EPSS
Exploits0References1Affected Software1
NVD
NVD
added last week6 views

CVE-2025-15657

Unauthenticated Insecure Direct Object References IDOR in School Management = 93.1.0 versions...

5.3CVSS0.00228EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added last week9 views

Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services

Summary There is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlist against the target backendRef.namespace instead of the route's own...

6CVSS5.2AI score
Exploits1References4Affected Software3
NVD
NVD
added last week7 views

CVE-2026-12439

Use after free in Digital Credentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS0.00323EPSS
Exploits0References2
OSV
OSV
added last week3 views

MINI-Q5CW-2P76-GW65

Bulletin has no description...

5.3CVSS4.8AI score0.00292EPSS
Exploits0
OSV
OSV
added last week4 views

MINI-WVGP-G668-3G5G

Bulletin has no description...

6.8CVSS4.8AI score0.00256EPSS
Exploits0
RedHat Linux
RedHat Linux
added last week6 views

kernel: nbd: defer config unlock in nbd_genl_connect

In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbdgenlconnect There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs=2 set NBDRTHASCONFIGREF...

5.5AI score0.00165EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/17 9:22 a.m.3 views

kernel: nbd: defer config unlock in nbd_genl_connect

In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbdgenlconnect There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs=2 set NBDRTHASCONFIGREF...

5.5AI score0.00165EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/17 1:20 a.m.3 views

kernel: nbd: defer config unlock in nbd_genl_connect

In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbdgenlconnect There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs=2 set NBDRTHASCONFIGREF...

5.4AI score0.00165EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.8 views

PT-2026-50495

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 3.6.21 Traefik versions prior to 3.7.5 Description An issue exists in the Kubernetes Gateway provider regarding the crossProviderNamespaces allowlist. When HTTPRoute rules declare multiple backendRefs Weighted Round...

6CVSS5.9AI score
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50606

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description An attacker with appropriate JSON:API write permissions could potentially inject a malicious payload in certain rare circumstances, leading to PHP Object Injection. PHP Object Injection...

6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.11 views

PT-2026-50564

Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.16.0 Steeltoe affected versions not specified Description TypeBot contains an Insecure Direct Object Reference IDOR issue—a flaw where an application provides direct access to objects based on user-supplied...

7.1CVSS5.2AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50535

Name of the Vulnerable Software and Affected Versions Shaarli versions prior to 0.16.2 Description A stored Cross-Site Scripting XSS issue exists in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside ...

5.8CVSS5.3AI score0.0012EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/16 7:28 p.m.17 views

CVE-2026-46970

...

7.2CVSS0.00453EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 7:28 p.m.17 views

CVE-2026-46958

...

7.5CVSS0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 7:27 p.m.20 views

CVE-2026-46914

...

7.1CVSS0.0015EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 7:27 p.m.14 views

CVE-2026-46884

...

9.8CVSS0.00473EPSS
Exploits0References1
Rows per page
Query Builder