Lucene search
+L

2100 matches found

Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.4 views

PT-2026-25758

Mattermost fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References9
CVE
CVE
added 2026/03/10 12:8 p.m.21 views

CVE-2026-2742

Summary of CVE-2026-2742 : Vaadin flow-server contains an authentication bypass via the /VAADIN endpoint when accessed without a trailing slash, allowing unauthenticated users to trigger framework initialization and create sessions. Affected products/versions include Vaadin 14.0.0–14.14.0, 23.0.0...

5.3CVSS5.8AI score0.00391EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/10 12:8 p.m.2 views

CVE-2026-2742 Unauthorized session creation via reserved framework path access

An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...

5.3CVSS5.8AI score0.00391EPSS
Exploits0References7
Vaadin
Vaadin
added 2026/03/10 12:0 a.m.34 views

Unauthorized Session Creation via Reserved Framework Path Access

An authentication bypass vulnerability exists in Vaadin applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without a trailing slash bypasses security filters, allowing unauthenticated users to trigger framework...

5.3CVSS5.8AI score0.00391EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/03/07 5:29 a.m.6 views

CVE-2026-30839

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.php does not validate the target URL against private/reserved IP ranges, enabling full-read SSRF. The server response is returned to the caller. This issue has been patched in...

5.3CVSS5.7AI score0.00331EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/03/06 11:40 a.m.36 views

CVE-2024-35644

CVE-2024-35644 describes a DOM-based Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Preferred Languages” by Pascal Birchler. The issue is caused by improper input neutralization during web page generation, enabling DOM-based XSS. It affects versions from n/a through 2.2.2 of th...

5.9CVSS5.8AI score0.00165EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/03 10:31 p.m.6 views

CVE-2026-3076

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-2363. Reason: This candidate is a reservation duplicate of CVE-2026-2363. Notes: All CVE users should reference CVE-2026-2363 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

5.9AI score0.00254EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/03 10:12 p.m.30 views

OpenClaw's runtime /debug override path accepted prototype-reserved keys

Summary OpenClaw accepted prototype-reserved keys in runtime /debug set override object values proto, constructor, prototype. Impact /debug is disabled by default, and exploitation requires an already authorized /debug set caller. No unauthenticated vector was identified. This issue affects runti...

4.3CVSS5.9AI score0.00237EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/03/02 7:2 p.m.54 views

CVE-2024-31328

CVE-2024-31328 is documented in Wear OS/Android Wear context. A logic error in the function broadcastIntentLockedTraced of BroadcastController.java may allow launching arbitrary activities from the background on the paired companion phone, resulting in local elevation of privilege without additio...

8.8CVSS6.2AI score0.00115EPSS
Exploits0References1Affected Software1
Fedora
Fedora
added 2026/02/26 12:56 a.m.10 views

[SECURITY] Fedora 42 Update: munge-0.5.18-1.fc42

MUNGE MUNGE Uid 'N' Gid Emporium is an authentication service for creating and validating credentials. It is designed to be highly scalable for use in an HPC cluster environment. It allows a process to authenticate the UID and GID of another local or remote process within a group of hosts having...

7.8CVSS6AI score0.00302EPSS
Exploits0
OSV
OSV
added 2026/02/25 10:31 p.m.11 views

GHSA-76RV-2R9V-C5M6 zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service

Summary All rate limit buckets for a single entity share the same DynamoDB partition key namespace/ENTITYid. A high-traffic entity can exceed DynamoDB's per-partition throughput limits 1,000 WCU/sec, causing throttling that degrades service for that entity — and potentially co-located entities in...

4.3CVSS5.5AI score0.00228EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/21 9:29 a.m.9 views

CVE-2019-19008

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-19363. Reason: This candidate is a reservation duplicate of CVE-2019-19363. Notes: All CVE users should reference CVE-2019-19363 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

7.8CVSS7.5AI score0.04566EPSS
Exploits8References1
ATTACKERKB
ATTACKERKB
added 2026/02/21 3:47 a.m.6 views

CVE-2018-9146

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17724. Reason: This candidate is a reservation duplicate of CVE-2017-17724. Notes: All CVE users should reference CVE-2017-17724 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

6.5CVSS5.6AI score0.02172EPSS
Exploits1References1
CVE
CVE
added 2026/02/20 3:46 p.m.38 views

CVE-2024-34438

CVE-2024-34438 is a Missing Authorization vulnerability in the WordPress plugin Shared Files (Download Manager & Media Gallery) affecting versions up to and including 1.7.19 . The issue enables unauthorized access to protected resources due to broken access control. The CVSS v3.1 base score is 5....

5.3CVSS5.4AI score0.00255EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 6:38 a.m.2 views

CVE-2017-4504

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...

5.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/19 2:54 a.m.12 views

CVE-2025-13965

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-12500. Reason: This candidate is a reservation duplicate of CVE-2025-12500. Notes: All CVE users should reference CVE-2025-12500 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

5.6AI score0.00328EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/17 9:42 p.m.7 views

CVE-2009-0190

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1016. Reason: This candidate is a reservation duplicate of CVE-2009-1016. Notes: All CVE users should reference CVE-2009-1016 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental...

8.5CVSS5.5AI score0.02013EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/14 3:36 p.m.5 views

CVE-2025-71202

In the Linux kernel, the following vulnerability has been resolved: iommu/sva: invalidate stale IOTLB entries for kernel address space Introduce a new IOMMU interface to flush IOTLB paging cache entries for the CPU kernel address space. This interface is invoked from the x86 architecture code tha...

5.3AI score0.00108EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/13 9:32 p.m.7 views

CVE-2025-68128

reserved but not needed...

5.4AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/13 9:32 p.m.6 views

CVE-2025-68127

reserved but not needed...

5.4AI score
Exploits0References1
Rows per page
Query Builder