Lucene search
K

12478 matches found

Nuclei
Nuclei
added yesterday17 views

Webnus Inc. Modern Events Calendar - Broken Access Control

Webnus Inc. Modern Events Calendar = 7.29.0 contains a broken access control vulnerability caused by incorrectly configured access control security levels, letting attackers bypass authorization, exploit requires no special privileges. id: CVE-2026-32583 info: name: Webnus Inc. Modern Events...

5.3CVSS5.9AI score0.007EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 10:19 a.m.3 views

RHSA-2026:33552 Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

Bulletin has no description...

7.4CVSS5.7AI score0.0041EPSS
Exploits0References33
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54783

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based versions prior to 149.0.4022.98 Description A use-after-free issue exists in Microsoft Edge Chromium-based. This flaw allows an authorized attacker to execute arbitrary code over a network. Use-after-free is a...

8.3CVSS6.1AI score0.00823EPSS
Exploits0References8
NCSC
NCSC
added 2026/06/30 11:47 a.m.5 views

vulnerabilities found in Apple MacOS

Apple has addressed several vulnerabilities in macOS Tahoe. These vulnerabilities included out-of-bounds access, use-after-free errors, memory handling issues, type confusion, double-free operations, stack overflows, insufficient input validation, and race conditions. These vulnerabilities could...

9.1CVSS6.1AI score0.00371EPSS
Exploits2References1
OSV
OSV
added 2026/06/30 5:13 a.m.6 views

ROOT-APP-NPM-CVE-2026-6402 CVE-2026-6402 in @rootio/webpack-dev-server - Patched by Root

Root has patched CVE-2026-6402 in the @rootio/webpack-dev-server package for Root:npm. Multiple fixed versions available...

6.5CVSS5.3AI score0.00216EPSS
Exploits0
NVD
NVD
added 2026/06/29 8:17 p.m.8 views

CVE-2026-43706

A double free issue was addressed with improved memory management. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash...

6.5CVSS0.00182EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.84 views

Openfire Administration Console - Authentication Bypass

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

8.6CVSS7.4AI score0.99999EPSS
Exploits15References5
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.4 views

CVE-2026-53204

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL deref on rsusendmsg timeout in probe rsusendmsg can return -ETIMEDOUT when waitforcompletioninterruptibletimeout fires while the SMC call is still pending. In stratix10rsuprobe, the error paths f...

5.5CVSS5.7AI score0.00107EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.8AI score0.00416EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 8:18 p.m.26 views

CVE-2026-47279 NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holding a share UUID could read links from any LTAR column on t...

6.9CVSS0.00239EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 6:18 p.m.9 views

CVE-2026-54013

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI patched SVG XSS in user profile images and webhook profile images but forgot to apply the same fix to model profile images. The ModelMeta class has no...

7.6CVSS0.00174EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 4:8 p.m.16 views

CVE-2026-50023

CVE-2026-50023 affects yt-dlp. Before 2026-06-09, an issue allowed remote attackers to write arbitrary OS-shortcut files (e.g., .desktop, .url, .webloc) via the --write-link option by exploiting unsafe extensions that were on the allowlist, bypassing the prior CVE-2024-38519 remediation. This cou...

9.6CVSS6AI score0.00555EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/19 2:3 a.m.7 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: dotnet9.0: aspnetcore-runtime-9.0-9.0.17-1.hum1 aarch64, x8664 aspnetcore-runtime-dbg-9.0-9.0.17-1.hum1 aarch64, x8664 aspnetcore-targeting-pack-9.0-9.0.17-1.hum1 aarch64, x8664...

7.5CVSS5.2AI score0.00717EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/06/17 6:6 p.m.11 views

Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch

Because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject to --allowedTools restrictions. An attacker able to inject untrust...

9.1CVSS5.5AI score0.00403EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/17 10:8 a.m.6 views

RHSA-2026:26460 Red Hat Security Advisory: 389-ds:1.4 security update

Bulletin has no description...

7.5CVSS4.8AI score0.00815EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 5:54 p.m.7 views

Security Bulletin: The Apache Tomcat application server that is shipped with IBM ApplinX is vulnerable to multiple vulnerabilities.

Summary The Apache Tomcat application server that is shipped with IBM ApplinX is vulnerable to multiple vulnerabiltiies CVE-2026-29146, CVE-2026-34487, CVE-2026-24880, CVE-2026-25854, CVE-2026-29129, CVE-2026-29145, CVE-2026-32990, CVE-2026-34483, CVE-2026-34500, CVE-2026-41284, CVE-2026-41293,...

9.8CVSS5.8AI score0.03494EPSS
Exploits4Affected Software1
Cisco
Cisco
added 2026/06/15 4:0 p.m.9 views

Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...

6.5CVSS5.6AI score0.07683EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2026/06/12 8:8 p.m.12 views

TYPO3 CMS has Broken Access Control in the Recycler Module

Problem Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, 14.3.3 LTS that fix the problem described. Credits...

5.3CVSS5.2AI score0.00238EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/12 7:6 p.m.14 views

TYPO3 CMS: Broken Access Control in Media Module

Problem Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS,...

5.3CVSS5.4AI score0.00238EPSS
Exploits0References7Affected Software2
SUSE Linux
SUSE Linux
added 2026/06/11 4:15 p.m.9 views

Security update for hplip

This update for hplip fixes the following issues Update to HPLIP 3.26.4: Security issues: CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation bsc1266031. CVE-2026-8631: escalation of privileges and/or arbitrary...

9.8CVSS6.3AI score0.01333EPSS
Exploits0References22
Rows per page
Query Builder