Lucene search
K

1213 matches found

CVE
CVE
added yesterday17 views

CVE-2025-53379

Fortinet FortiAuthenticator is affected by CVE-2025-53379, an out-of-bounds read vulnerability in FortiAuthenticator 6.6.0–6.6.2 and all 6.5 versions. A remote unauthenticated attacker could potentially retrieve sensitive information via a specially crafted request. The CVSSv3.1 vector is NETWORK...

7.5CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-57727

Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through = 6.0.13...

7.5CVSS0.00287EPSS
Exploits0References1
CVE
CVE
added 5 days ago10 views

CVE-2026-55843

Snipe-IT (IT asset/license management system) contains a privilege management flaw prior to version 8.6.0 in UsersController::update(), where a missing permission request field is passed through NormalizePermissionsPayloadAction and PreserveUnauthorizedPrivilegedPermissionsAction. This can overwr...

7CVSS6.1AI score0.00298EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-57334

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 16.16.0 Frappe versions prior to 15.106.0 Description User enumeration is possible through the 'reset password' endpoint. User enumeration is a technique used to verify if a specific user exists within a system by...

6.9CVSS6.1AI score0.00354EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 6 days ago7 views

Podman 1.8.1 < 5.8.4 / 6.0.0 Host Environment Variable Leak (GHSA-4hq8-gpf5-8p68)

The version of Podman installed on the remote host is prior to 5.8.4 / 6.0.0. It is, therefore, affected by an information disclosure vulnerability. - Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains an environment variable with just a...

7.5CVSS6.2AI score0.0026EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added last week4 views

CVE-2026-15171

SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS6.1AI score0.00097EPSS
Exploits1References2
CVE
CVE
added last week16 views

CVE-2026-15163

CVE-2026-15163 affects Wireshark up to 4.6.6 and 4.4.16, where multiple protocol dissectors can enter infinite loops due to an unreachable exit condition, causing denial of service (application unresponsiveness). Severity varies by source: NVD lists CVSSv3.1 impact as High (AV:N/AC:L/PR:N/UI:N/S:...

7.5CVSS5.9AI score0.00187EPSS
Exploits0References5Affected Software1
CVE
CVE
added last week9 views

CVE-2026-15164

CVE-2026-15164 relates to Wireshark’s ciscodump component and is described as a heap-based buffer overflow that causes a crash, resulting in a DoS. Affected versions per the CVE entry include 4.6.0–4.6.6 and 4.4.0–4.4.16. The vulnerability is triggered by processing input under the specified comp...

5.5CVSS5.9AI score0.00097EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/07/07 8:59 p.m.25 views

CVE-2026-49229

Affected software: Actual, a local-first personal finance app. Vulnerability summary: In OpenID multi-user mode prior to 26.6.0, disabling a user blocks future OpenID logins but does not revoke existing session tokens. The shared session validation path accepts any non-expired token, allowing a d...

8.3CVSS6AI score0.00441EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/07 2:10 p.m.8 views

EUVD-2026-42044

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...

6.3CVSS6AI score0.00291EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.11 views

PT-2026-56197

Name of the Vulnerable Software and Affected Versions Django versions prior to 6.0.7 Django versions prior to 5.2.16 Description An issue exists where DomainNameValidator fails to prohibit newlines in domain names. While CharField strips newlines when used via a form field, other implementations...

6.1CVSS6.1AI score0.00217EPSS
Exploits0References64
Patchstack
Patchstack
added 2026/07/06 1:16 p.m.5 views

WordPress Kirki plugin <= 6.0.12 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin Kirki versions = 6.0.12...

9.8CVSS5.9AI score0.00386EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/06 12:46 p.m.4 views

WordPress Kirki plugin <= 6.0.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Psalms Christopher Matovu ByteOverride in WordPress Plugin Kirki versions = 6.0.13...

7.5CVSS5.9AI score0.00287EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/07/06 2:30 a.m.39 views

CVE-2026-14791 crater-invoice-inc crater Invoice Note InvoicesRequest.php getFormattedString cross site scripting

A weakness has been identified in crater-invoice-inc crater up to 6.0.6. This affects the function getFormattedString of the file app/Http/Requests/InvoicesRequest.php of the component Invoice Note Handler. Executing a manipulation of the argument notes can lead to cross site scripting. The attac...

5.1CVSS0.00203EPSS
Exploits0References6
CVE
CVE
added 2026/07/03 6:30 p.m.24 views

CVE-2026-14604

Technical details about CVE-2026-14604 are not publicly available in the provided documents. Monitor for updates from official sources.

6.5CVSS6.3AI score0.00233EPSS
Exploits0References6
NVD
NVD
added 2026/07/02 12:17 p.m.5 views

CVE-2026-57347

Subscriber Sensitive Data Exposure in Hotel Booking Lite = 6.0.3 versions...

6.5CVSS0.00371EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 4:29 p.m.24 views

CVE-2026-57231

CVE-2026-57231 affects Podman versions 1.8.1 through 5.8.4, where a container image with an Env entry having only a key (and using the * wildcard) can cause host environment variables to be leaked into the container at run time. The PTSecurity document confirms the issue is addressed in Podman 5....

7.5CVSS5.8AI score0.0026EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.7 views

CVE-2026-57631

Administrator SQL Injection in Popup box = 6.0.1 versions...

7.6CVSS5.8AI score0.00279EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 9:31 a.m.7 views

EUVD-2026-39331

A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.6.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

6.4CVSS5.8AI score0.00349EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 6:48 p.m.4 views

DRUPAL-CONTRIB-2026-063

The Salesforce Suite of modules integrates Drupal with Salesforce. The Salesforce module does not properly validate the OAuth handshake during interactive authentication, allowing an attacker to hijack the authorization token and bind the site to an attacker's Salesforce account. This vulnerabili...

4.8CVSS5.7AI score0.0009EPSS
Exploits0References1
Rows per page
Query Builder