Lucene search
K

2169 matches found

CVE
CVE
added 2 days ago8 views

CVE-2026-14165

Technical details are not publicly available in the provided documents. Monitor for updates on affected versions, root cause, and remediation.

7.5CVSS6.1AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42857

R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file. This issue was fixed in version v3.17-2000...

8.2CVSS6.1AI score0.00269EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-41879

R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file. This issue was fixed in version v3.17-2000...

8.7CVSS6.1AI score0.01228EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

Kibana 7.x < 7.17.15 / 8.x < 8.11.1 Log Injection (ESA-2026-53)

The version of Kibana installed on the remote host is 7.x prior to 7.17.15 or 8.x prior to 8.11.1. It is, therefore, affected by a log injection vulnerability: - Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection. An attacker can supply specially crafted input tha...

8CVSS6.2AI score0.00201EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 6 days ago6 views

Critical: Red Hat Security Advisory: OpenShift Container Platform 4.17.55 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.55 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

9.8CVSS6.9AI score0.93235EPSS
Exploits54References11
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.12 views

PT-2026-56563

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.12.8 NATS Server versions prior to 2.11.17 Description An unauthenticated peer with network access to a leafnode listener with compression enabled can cause the server to crash. This occurs during the...

7.5CVSS6.1AI score0.00732EPSS
Exploits0References10
NVD
NVD
added 2026/07/07 10:16 a.m.10 views

CVE-2026-14868

The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gai...

8.4CVSS0.0005EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 9:26 a.m.16 views

CVE-2026-14868

The issue involves PcVue projects where the encryption protecting user account configurations in the built‑in user directory is too weak for prior versions (

8.4CVSS5.9AI score0.0005EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/07 9:25 a.m.31 views

CVE-2026-14867 Insecure password storage in User directory

Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials. Active Directory accounts are not affected by this vulnerability...

6.8CVSS0.00092EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/07 9:25 a.m.5 views

EUVD-2026-42031

Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials. Active Directory accounts are not affected by this vulnerability...

6.8CVSS5.9AI score0.00092EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.13 views

PT-2026-56173

Name of the Vulnerable Software and Affected Versions PcVue versions prior to 17.0.0 Description Credentials for built-in users are stored insecurely within the User directory of projects. This allows a local attacker to retrieve these credentials. Active Directory accounts are not affected by th...

6.8CVSS6.1AI score0.00092EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56174

Name of the Vulnerable Software and Affected Versions PcVue versions prior to 17.0.0 Description The encryption algorithm used to protect the configuration of user accounts within the built-in user directory of projects is insufficient. This weakness allows a local attacker to modify the existing...

8.4CVSS6.1AI score0.0005EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/02 4:15 p.m.7 views

EUVD-2026-41416

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.22 views

PT-2026-55266

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.20 Craft CMS versions 4.0.0-RC1 through 4.17.13 Description An authorization issue exists where a forced folder move can delete a conflicting destination folder even if the user lacks the required...

7.1CVSS6AI score0.00207EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/07/01 5:41 p.m.10 views

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.21 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.21...

6.5CVSS5.9AI score0.00139EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/07/01 12:16 a.m.4 views

UBUNTU-CVE-2026-54592

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process, leading to DoS. In a two-step chain in...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.11 views

IBM WebSphere Application Server Liberty 17.0.0.3 < 26.0.0.7 (7278572)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7278572 advisory. - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the...

9.8CVSS6.1AI score0.00222EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/30 11:24 p.m.7 views

CVE-2026-54898

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...

2.1CVSS5.9AI score0.00117EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:30 p.m.6 views

CVE-2026-44696

OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text markdown rendering pipeline uses Sanitize::Config::RELAXED:css for inline style sanitization. This configuration permits essentially all CSS properties in style attributes on permitted HTML...

5.7CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/26 7:29 p.m.5 views

CVE-2026-49355 OpenProject: Private work package data disclosure through single meeting agenda item API

OpenProject is open-source, web-based project management software. Prior to 17.4.0, GET /api/v3/meetings/:meetingid/agendaitems/:agendaitemid discloses private work package data from a linked work package that belongs to a private/inaccessible project. This vulnerability is fixed in 17.4.0...

4.3CVSS6AI score0.00214EPSS
Exploits0References3
Rows per page
Query Builder