Lucene search
+L

522 matches found

CVE
CVE
added yesterday18 views

CVE-2026-43977

Summary (CVE-2026-43977) : In wger, versions prior to 2.6 expose an IDOR: any authenticated user can read another user’s private workout data via /logs/ and /stats/ on a routine, because RoutinePermission incorrectly treats is_template=True as readable and RoutineViewSet actions return the owner’...

7.5CVSS6.1AI score0.00051EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in hehehe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 588dd776720f805d7d84a58c93ffcd21ed860e3fc21a48787d732eb6180b974d Package is published as an 'enterprise Windows Diagnostic Utility' but is an anti-proctoring cheating tool that also steals the installer's browser...

6.1AI score
Exploits0References2
CVE
CVE
added 4 days ago15 views

CVE-2026-40553

CVE-2026-40553 affects GNU awk (gawk); a buffer/stack-based overflow in the extension/readdir.c ftype() routine can crash the process and, per the CVE description, potentially enable code execution, though this has not been confirmed. Vulnerable as of version 5.4.0 and earlier. No remediation det...

7.5CVSS6AI score0.00291EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43495

Buffer overflow vulnerability has been found in "extension/readdir.c" program file of gawk ftype routine. This issue could be used to crash the program and potentially to achieve code execution, although the latter has not been confirmed to be feasible. It affects gawk in versions 5.4.0 and below...

7.5CVSS6AI score0.00291EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-43494

Integer overflow vulnerability has been found in "builtin.c" program file of gawk dosub routine. This issue could be used to overwrite gawk heap metadata and objects causing the program to crash. It affects 32-bit builds of gawk in versions 5.4.0 and below...

9.1CVSS6AI score0.00213EPSS
Exploits0References2
CVE
CVE
added 4 days ago12 views

CVE-2026-40469

In the provided documents, CVE-2026-40469 affects gawk, specifically 32-bit builds in versions 5.4.0 and earlier. The root cause is an integer overflow in the do_sub (subroutine) path within builtin.c, which could allow overwriting heap metadata and related objects, potentially causing the progra...

9.1CVSS6AI score0.00213EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/07 6:0 a.m.38 views

CVE-2026-12277 Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Deletion via Saved File Metadata Path Traversal

The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before deleting the referenced file, allowing unauthenticated users to delete arbitrary files on the server such as wp-config.php when guest upload mode is enabled. Deleting...

0.00231EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/30 2:42 p.m.5 views

mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 11:22 a.m.4 views

mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 7:8 a.m.4 views

mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/29 10:57 p.m.3 views

mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References6
CVE
CVE
added 2026/06/26 7:40 p.m.16 views

CVE-2026-53291

CVE-2026-53291 affects the Linux kernel ALSA hda/conexant driver. The root cause is the ignored return value from snd_hda_jack_detect_enable_callback() in cx_probe(); if the call fails, an error pointer is returned and not checked, potentially leading to a crash when jack events are handled. The ...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/06/25 9:16 p.m.4 views

UBUNTU-CVE-2026-6678

Integer underflow in wcPKCS7DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/23 8:0 a.m.14 views

CVE-2026-44169

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/22 2:22 p.m.5 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the NestedParamsEncoder module through the dehash routine. An attacker can cause the application to crash and exhaust system resources by submitting a deeply nested query string that triggers uncontrolled...

8.7CVSS5.9AI score0.00391EPSS
Exploits1References2
OSV
OSV
added 2026/06/16 11:50 a.m.7 views

BIT-MYSQL-CLIENT-2026-44169 MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions

MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been...

4.3CVSS5.2AI score0.00161EPSS
Exploits0References3
OSV
OSV
added 2026/06/16 11:47 a.m.8 views

BIT-MARIADB-MIN-2026-44169 MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions

MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been...

4.3CVSS5.3AI score0.00161EPSS
Exploits0References3
OSV
OSV
added 2026/06/16 11:46 a.m.8 views

BIT-MARIADB-2026-44169 MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions

MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been...

4.3CVSS5.3AI score0.00161EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 6:16 p.m.13 views

CVE-2026-44169

MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been...

4.3CVSS0.00161EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 6:16 p.m.9 views

ALPINE-CVE-2026-44169

MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been...

4.3CVSS5.2AI score0.00161EPSS
Exploits0References1
Rows per page
Query Builder