Lucene search
K

14238 matches found

NVD
NVD
added 4 days ago13 views

CVE-2026-60125

MISP’s importModule path used getEnabledModule to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules. As a result, an authenticated user from an organisation that was not allowed to use a module restricted v...

5.3CVSS0.00207EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-42241

MISP’s importModule path used getEnabledModule to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules. As a result, an authenticated user from an organisation that was not allowed to use a module restricted v...

5.3CVSS5.9AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-60125 importModule function in MISP ignores per-organisation import module restrictions

MISP’s importModule path used getEnabledModule to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules. As a result, an authenticated user from an organisation that was not allowed to use a module restricted v...

5.3CVSS0.00207EPSS
Exploits0References1
Nuclei
Nuclei
added 5 days ago112 views

WordPress Ultimate Member 2.1.3 - 2.8.2 – SQL Injection

The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘sorting’ parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of...

9.8CVSS7.4AI score0.89431EPSS
Exploits8References5
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42030

A bug in BaseSerialization.deserialize allowed unrestricted importstring of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code execution on the API Server / Scheduler process, crossin...

9.8CVSS6.7AI score0.01649EPSS
Exploits0References3
CVE
CVE
added 6 days ago10 views

CVE-2026-43925

FOSSBilling (open-source billing/client management) contains an unauthenticated mass assignment vulnerability in the client self-registration endpoint, prior to version 0.8.0. An attacker can assign themselves to an arbitrary client group during sign-up, potentially bypassing group-restricted pro...

6.9CVSS6.1AI score0.00298EPSS
Exploits0References1
Debian CVE
Debian CVE
added 6 days ago5 views

CVE-2026-58403

Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which follows symlinks, instead of Lstat, so a direct os.ReadFile...

6.5CVSS5.9AI score0.00318EPSS
Exploits0
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-41853

Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata reads that metadata back from the...

9.8CVSS6.4AI score0.00691EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 6 days ago4 views

The vulnerability of the ColdFusion software platform arises from an incorrect restriction on the path to the restricted directory. This allows attackers to execute arbitrary code.

The vulnerability of the ColdFusion software platform exists due to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS6.4AI score0.28583EPSS
Exploits3References7
Positive Technologies
Positive Technologies
added 6 days ago12 views

PT-2026-56028

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.6.10 through 0.7.2 Description An issue exists in the Config::prettyPrintArrayToPHP method where string values are written into the config.php file without escaping single quotes during configuration updates. Since...

8.9CVSS6.1AI score0.00274EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/03 7:53 a.m.5 views

CVE-2026-11900

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 2.8.16 via the 'data' attribute of the adinserter shortcode. This is due to the replaceaitags function processing a reusable-block-N tag pattern that...

4.3CVSS6AI score0.00273EPSS
Exploits0References11
CVE
CVE
added 2026/07/01 9:9 p.m.17 views

CVE-2026-54259

Wagtail (Django-based CMS) has a vulnerability in older branches where the Documents and Images chooser endpoint could show items to users who lack choose permission. Affected versions: < 7.0.8, < 7.3.3, and

4.3CVSS5.6AI score0.00162EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/01 6:16 p.m.10 views

CVE-2026-46680

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...

7.8CVSS0.00221EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.12 views

PT-2026-55201

Name of the Vulnerable Software and Affected Versions SUSE Rancher Fleet versions prior to 0.15.2 SUSE Rancher Fleet versions prior to 0.14.6 SUSE Rancher Fleet versions prior to 0.13.11 SUSE Rancher Fleet versions prior to 0.12.15 Description Missing validation of valuesFrom references in the He...

9.9CVSS5.8AI score0.00585EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54775

Name of the Vulnerable Software and Affected Versions goshs versions prior to 2.0.10 Description When the WebDAV listener is enabled using the -w flag, the software fails to enforce mode-restriction flags on the WebDAV port. While the primary HTTP port correctly respects the --read-only,...

8.1CVSS6AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54710

Name of the Vulnerable Software and Affected Versions Feast Feature Server affected versions not specified Description An unauthenticated remote attacker can write arbitrary JSON files to the server filesystem via the /save-document endpoint. The issue stems from improper input validation that...

9.1CVSS6.5AI score0.00568EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/30 8:59 a.m.6 views

EUVD-2025-210371

Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative local admin privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute...

7.8CVSS5.9AI score0.00128EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 8:59 a.m.32 views

CVE-2025-7406 A Sudo Privilege Escalation Vulnerability in Nokia MantaRay NM

Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative local admin privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute...

0.00128EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53923

Name of the Vulnerable Software and Affected Versions Ocelot versions prior to 24.1.1 Description A security control bypass exists in the handling of WebSocket upgrade requests. The issue stems from a logic flaw in the OcelotPipelineExtensions.cs file, where a MapWhen branch configured for...

9.3CVSS6AI score0.00412EPSS
Exploits0References9
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/30 12:0 a.m.5 views

Security update for gleam (moderate)

openSUSE security update: security update for gleam ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21143-1 Rating: moderate References: bsc1267396 bsc1267397 bsc1267398 Cross-References: CVE-2026-32685 CVE-2026-42795 CVE-2026-43965 Affected Product...

5.6CVSS6.2AI score0.00152EPSS
Exploits0References3
Rows per page
Query Builder