Lucene search
+L

752 matches found

NVD
NVD
added 3 days ago6 views

CVE-2026-45337

Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the deviceAuthorization plugin treats any authenticated session as the owner of any pending device code because GET /device does not claim the row and POST /device/approve and POST /device/deny...

7.6CVSS0.00142EPSS
Exploits0References4
NVD
NVD
added last week6 views

CVE-2026-6804

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.12. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacke...

5.3CVSS0.00353EPSS
Exploits0References10
EUVD
EUVD
added last week6 views

EUVD-2026-43144

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.12. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacke...

5.3CVSS6.2AI score0.00353EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/07/08 7:36 a.m.7 views

CVE-2026-57251

The application opens a PDF, but the cloud-like appearance of the construction process lacks proper setting of an upper limit and consistency checks. Out-of-bounds access to the underlying array is exposed, ultimately leading to a crash of the application...

7.8CVSS6AI score0.00116EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 2026/07/01 7:51 p.m.7 views

CVE-2026-53345

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. This vulnerability occurs when a virtual machine is shutting down, and KVM attempts to mark memory as dirty without an active virtual CPU. This can lead to a memory leak, impacting system stability and resource...

5.7AI score0.00156EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 10:32 p.m.12 views

EUVD-2026-38083

Authelia has an Edge Case Access Control Rule Mismatch...

2.3CVSS5.8AI score0.00283EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 6:14 p.m.8 views

EUVD-2026-39531

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...

7.1CVSS6.2AI score0.00239EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/24 4:28 p.m.36 views

CVE-2026-52951 drm/xe/dma-buf: handle empty bo and UAF races

In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: handle empty bo and UAF races There look to be some nasty races here when triggering the invalidatemappings hook: 1 We do xeboalloc followed by the attach, before the actual full bo init step in xedmabufinitobj...

7.8CVSS0.00138EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: NFSD: The free copynotify stateid in nfs4freeolstateid has been fixed. Typically, the copynotify stateid is freed either when the parent’s stateid is being closed/freed, or in nfsd4laundromat if the stateid has not been used duri...

5.9AI score0.00167EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 3:17 p.m.9 views

EUVD-2025-210310

HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario...

3.5CVSS5.8AI score0.00098EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 3:17 p.m.7 views

CVE-2025-15619

HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario...

3.5CVSS5.8AI score0.00098EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/23 3:17 p.m.10 views

CVE-2025-15619

Technical details about CVE-2025-15619 are not publicly available in the provided documents. No affected products, versions, or remediation are specified. Monitor for updates.

3.5CVSS5.8AI score0.00098EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/23 2:26 a.m.7 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51525

Name of the Vulnerable Software and Affected Versions HCL Connections affected versions not specified Description Broken access control may allow an unauthorized user to view data in a single specific scenario. Recommendations At the moment, there is no information about a newer version that...

3.5CVSS5.8AI score0.00098EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Memory leaks have been fixed in checkfunccall. kmemleak reports this issue: Unreferenced object 0xffff88817139d000 size 2048: comm "testprogs", pid 33246, jiffies 4307381979 age 45851.820s Hex dump first 32 bytes: 01 00 0...

5.5CVSS6.4AI score0.00164EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 6:35 p.m.15 views

EUVD-2026-37585

The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level...

6.6CVSS6.1AI score0.00535EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.45 views

PT-2026-50223

In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8CVSS5.6AI score0.00094EPSS
Exploits0References3
OSV
OSV
added 2026/06/14 6:17 p.m.6 views

DEBIAN-CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS5.4AI score0.00321EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.20 views

PT-2026-47839

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description An error in the callback used to verify certificates during a Root CA key update in the Certificate Management Protocol CMP renders certificate validation ineffectual. Specifically, a typo in...

9.1CVSS5.8AI score0.00684EPSS
Exploits0References100
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.13 views

CVE-2026-47713

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, an approved mobile device token created in single-user mode can survive single-user - multi-user migration even when the device record has userId = null. In...

4.3CVSS5.5AI score0.00219EPSS
Exploits1References1
Rows per page
Query Builder