Lucene search
K

7950 matches found

OSV
OSV
added 2026/06/19 8:47 p.m.14 views

GHSA-WFQX-GJRF-G28R Crossplane: Signature verification TOCTOU allows installing unverified package content via mutable tag

Summary Crossplane allows package signature verification to be configured via the ImageConfig mechanism. When enabled, the package manager uses cosign to verify that packages are correctly signed before pulling and installing them. When a package is installed using a tag reference e.g., a semanti...

9CVSS5.7AI score
Exploits0References2
NVD
NVD
added 2026/06/19 8:16 p.m.12 views

CVE-2026-48089

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create,...

7.1CVSS0.00235EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.15

A flaw was discovered in the netdevsim device driver of the Linux kernel, related to the scheduling of events. This issue arises due to improper management of a reference count. This could allow an attacker to create a denial-of-service condition on the system...

4.4CVSS6.7AI score0.0034EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Linux

A issue was discovered in the Linux kernel versions 3.11 through 5.10.16, as used by Xen. When serving requests to the PV backend, the driver maps grant references provided by the frontend. During this process, errors may occur. In one case, an error encountered earlier might be discarded by late...

7.8CVSS6.7AI score0.00348EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/19 8:59 a.m.13 views

WordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by dodoh4t in WordPress Plugin License Manager for WooCommerce versions = 3.0.15...

6.5CVSS5.8AI score0.00235EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/18 6:30 p.m.6 views

CVE-2026-12475

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

5.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50824

Name of the Vulnerable Software and Affected Versions Daytona versions prior to 0.186 Description A sandbox volume reference volumeId which may also be a volume name was forwarded to the runner and used to build the host bind-mount source path without confinement. A reference containing...

4.2CVSS5.8AI score0.00171EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37604

Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...

7.3CVSS5.2AI score0.00288EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/17 1:59 p.m.6 views

WordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by HieuPenguinnn in WordPress Plugin SupportCandy versions = 3.4.6...

7.6CVSS5.8AI score0.00288EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-54184

Unauthenticated Insecure Direct Object References IDOR in Clean Login = 1.15 versions...

8.2CVSS0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-40768

Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...

7.3CVSS0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.19 views

CVE-2025-15657 WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in School Management = 93.1.0 versions...

5.3CVSS0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.33 views

CVE-2026-54184 WordPress Clean Login plugin <= 1.15 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Clean Login = 1.15 versions...

8.2CVSS0.00261EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:51 a.m.25 views

CVE-2026-54184

The CVE concerns WordPress plugin Clean Login prior to or up to version 1.15 with an Unauthenticated Insecure Direct Object References (IDOR) vulnerability. The root cause is an IDOR issue in the plugin, potentially exposing object identifiers to unauthenticated users. CVSS 3.1 metrics indicate h...

8.2CVSS5.2AI score0.00261EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.29 views

CVE-2026-40768 WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...

7.3CVSS0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:51 a.m.18 views

CVE-2026-40768

The CVE covers WordPress Salon booking system plugin versions

7.3CVSS5.2AI score0.00288EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 5:2 p.m.7 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Control of Generation of Code ('Code Injection') (CVE-2026-27830)

Summary There are vulnerabilities in c3p0-0.9.5.4.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-27830. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-27830 DESCRIPTION: c3p0, a JDBC Connection pooling library, is vulnerable to attack via...

8.9CVSS6.1AI score0.00534EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 1:47 p.m.11 views

pypdf: Possible large memory usage for form XObjects during text extraction

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. Patches This has been fixed in pypdf==6.12.2. Workarounds If you cannot upgrade yet, consider applying...

6.9CVSS5.2AI score0.00123EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/16 9:0 a.m.16 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.22.1 bug fix and security update

Red Hat OpenShift Container Platform release 4.22.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.22. Red Hat Product Security has rated this update as having a...

7.5CVSS7AI score0.00651EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.11 views

EUVD-2026-36995

Subscriber Insecure Direct Object References IDOR in KiviCare = 4.2.1 versions...

6.3CVSS5.2AI score0.00249EPSS
Exploits0References2
Rows per page
Query Builder