Lucene search
K

1202 matches found

NVD
NVD
added 2 days ago3 views

CVE-2026-57727

Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through = 6.0.13...

7.5CVSS0.00287EPSS
Exploits0References1
CVE
CVE
added 5 days ago9 views

CVE-2026-55843

Snipe-IT (IT asset/license management system) contains a privilege management flaw prior to version 8.6.0 in UsersController::update(), where a missing permission request field is passed through NormalizePermissionsPayloadAction and PreserveUnauthorizedPrivilegedPermissionsAction. This can overwr...

7CVSS6.1AI score0.00298EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-57334

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 16.16.0 Frappe versions prior to 15.106.0 Description User enumeration is possible through the 'reset password' endpoint. User enumeration is a technique used to verify if a specific user exists within a system by...

6.9CVSS6.1AI score0.00354EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 6 days ago7 views

Podman 1.8.1 < 5.8.4 / 6.0.0 Host Environment Variable Leak (GHSA-4hq8-gpf5-8p68)

The version of Podman installed on the remote host is prior to 5.8.4 / 6.0.0. It is, therefore, affected by an information disclosure vulnerability. - Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains an environment variable with just a...

7.5CVSS6.2AI score0.0026EPSS
Exploits0References2
CVE
CVE
added last week16 views

CVE-2026-15163

CVE-2026-15163 affects Wireshark up to 4.6.6 and 4.4.16, where multiple protocol dissectors can enter infinite loops due to an unreachable exit condition, causing denial of service (application unresponsiveness). Severity varies by source: NVD lists CVSSv3.1 impact as High (AV:N/AC:L/PR:N/UI:N/S:...

7.5CVSS5.9AI score0.00187EPSS
Exploits0References5Affected Software1
CVE
CVE
added last week9 views

CVE-2026-15164

CVE-2026-15164 relates to Wireshark’s ciscodump component and is described as a heap-based buffer overflow that causes a crash, resulting in a DoS. Affected versions per the CVE entry include 4.6.0–4.6.6 and 4.4.0–4.4.16. The vulnerability is triggered by processing input under the specified comp...

5.5CVSS5.9AI score0.00097EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/07/07 8:59 p.m.25 views

CVE-2026-49229

Affected software: Actual, a local-first personal finance app. Vulnerability summary: In OpenID multi-user mode prior to 26.6.0, disabling a user blocks future OpenID logins but does not revoke existing session tokens. The shared session validation path accepts any non-expired token, allowing a d...

8.3CVSS6AI score0.00441EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/07 2:10 p.m.8 views

EUVD-2026-42044

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...

6.3CVSS6AI score0.00291EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.11 views

PT-2026-56197

Name of the Vulnerable Software and Affected Versions Django versions prior to 6.0.7 Django versions prior to 5.2.16 Description An issue exists where DomainNameValidator fails to prohibit newlines in domain names. While CharField strips newlines when used via a form field, other implementations...

6.1CVSS6.1AI score0.00217EPSS
Exploits0References64
Patchstack
Patchstack
added 2026/07/06 1:16 p.m.5 views

WordPress Kirki plugin <= 6.0.12 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin Kirki versions = 6.0.12...

9.8CVSS5.9AI score0.00386EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/06 12:46 p.m.4 views

WordPress Kirki plugin <= 6.0.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Psalms Christopher Matovu ByteOverride in WordPress Plugin Kirki versions = 6.0.13...

7.5CVSS5.9AI score0.00287EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/07/06 2:30 a.m.39 views

CVE-2026-14791 crater-invoice-inc crater Invoice Note InvoicesRequest.php getFormattedString cross site scripting

A weakness has been identified in crater-invoice-inc crater up to 6.0.6. This affects the function getFormattedString of the file app/Http/Requests/InvoicesRequest.php of the component Invoice Note Handler. Executing a manipulation of the argument notes can lead to cross site scripting. The attac...

5.1CVSS0.00203EPSS
Exploits0References6
CVE
CVE
added 2026/07/03 6:30 p.m.23 views

CVE-2026-14604

Technical details about CVE-2026-14604 are not publicly available in the provided documents. Monitor for updates from official sources.

6.5CVSS6.3AI score0.00233EPSS
Exploits0References6
NVD
NVD
added 2026/07/02 12:17 p.m.5 views

CVE-2026-57347

Subscriber Sensitive Data Exposure in Hotel Booking Lite = 6.0.3 versions...

6.5CVSS0.00371EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 4:29 p.m.24 views

CVE-2026-57231

CVE-2026-57231 affects Podman versions 1.8.1 through 5.8.4, where a container image with an Env entry having only a key (and using the * wildcard) can cause host environment variables to be leaked into the container at run time. The PTSecurity document confirms the issue is addressed in Podman 5....

7.5CVSS5.8AI score0.0026EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.7 views

CVE-2026-57631

Administrator SQL Injection in Popup box = 6.0.1 versions...

7.6CVSS5.8AI score0.00279EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 9:31 a.m.7 views

EUVD-2026-39331

A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.6.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

6.4CVSS5.8AI score0.00349EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 6:48 p.m.4 views

DRUPAL-CONTRIB-2026-063

The Salesforce Suite of modules integrates Drupal with Salesforce. The Salesforce module does not properly validate the OAuth handshake during interactive authentication, allowing an attacker to hijack the authorization token and bind the site to an attacker's Salesforce account. This vulnerabili...

4.8CVSS5.7AI score0.0009EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 9:59 a.m.2 views

SUSE-SU-2026:22408-1 Security update for the Linux Kernel RT (Live Patch 15 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues The following security issues were fixed: - CVE-2026-23278: netfilter: nftables: always walk all pending catchall elements bsc1260907. - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache...

9.8CVSS6AI score0.0049EPSS
Exploits8References14
EUVD
EUVD
added 2026/06/24 12:49 a.m.17 views

EUVD-2026-38641

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended ...

8.9CVSS6.2AI score0.00191EPSS
Exploits0References3
Rows per page
Query Builder