Lucene search
K

16901 matches found

NVD
NVD
added yesterday7 views

CVE-2026-6212

Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse. This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026...

8.8CVSS
Exploits0References1
Nuclei
Nuclei
added yesterday36 views

TOTOLINK CX-A3002RU - Remote Code Execution

An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote...

6.8CVSS6.3AI score0.0379EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago11 views

PT-2026-56020

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description An authenticated command injection exists in the GetLogs Livewire component. Users with team membership, including those with the lowest privilege role, can execute arbitrary commands as roo...

8.8CVSS6.1AI score0.01385EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/07/03 7:26 a.m.14 views

CVE-2026-14544

A flaw was found in HPLIP HP Linux Imaging and Printing Software. This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling...

9.8CVSS6.2AI score0.00511EPSS
Exploits0References3
NVD
NVD
added 2026/07/02 12:17 p.m.7 views

CVE-2026-57746

Subscriber Broken Access Control in Booked = 3.0.0 versions...

7.1CVSS0.00235EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/07/01 3:36 a.m.55 views

PRTG Network Monitor - Local File Inclusion

PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges including administrator. A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local...

9.8CVSS7.6AI score0.8646EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-54830

Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description Account Denial of Service occurs due to the improper implementation of the password reset functionality. Each request to reset a password invalidates the current password and any previously issued temporary...

7.1CVSS5.8AI score0.00204EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/06/30 1:24 p.m.6 views

WordPress Automotive Car Dealership Business theme <= 13.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Automotive Car Dealership Business versions = 13.3.3...

7.1CVSS5.8AI score0.00191EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/26 12:30 p.m.5 views

WordPress MasterStudy LMS plugin <= 3.7.30 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by lagi bljr in WordPress Plugin MasterStudy LMS versions = 3.7.30...

4.3CVSS5.8AI score0.00243EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.7 views

PT-2026-52890

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Envoy versions prior to 1.36.7 Envoy versions prior to 1.37.3 Envoy versions prior to 1.38.1 Description An issue exists in the UDP DNS filter when configured with local or remote resolution for names exactly 25...

7.5CVSS5.8AI score0.00405EPSS
Exploits0References19
Debian CVE
Debian CVE
added 2026/06/25 2:34 p.m.6 views

CVE-2026-57437

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...

6.3CVSS5.9AI score0.00312EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in openexr

OpenEXR provides the specification and reference implementation of the EXR file format, a image storage format used in the motion picture industry. From version 3.4.0 to before version 3.4.8, a properly crafted B44 or B44A EXR file could cause an out-of-bounds write in any application that decode...

8.4CVSS5.9AI score0.00244EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Firefox, Thunderbird

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

7.5CVSS7AI score0.00687EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, a malicious RDP server could trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input AUDIN format lists. The audinprocessformats function reuses the callback-formatscount...

9.8CVSS5.5AI score0.00365EPSS
Exploits1References3
CVE
CVE
added 2026/06/22 9:41 p.m.30 views

CVE-2026-48500

Summary: Filament (Laravel components) had an unauthenticated temporary file upload issue on some auth-related schemas. Affected versions: 3.0.0–3.3.52, 4.11.5, and 5.6.5. Root cause: The Livewire component embeddings could apply WithFileUploads to forms that don’t require uploads, allowing unaut...

6.5CVSS6AI score0.00207EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/18 2:27 p.m.8 views

Improper Authentication

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.8CVSS5.8AI score
Exploits0References2
CVE
CVE
added 2026/06/17 8:54 p.m.38 views

CVE-2026-48988

markdown-it is affected by a Denial-of-Service vulnerability (CVE-2026-48988) when typographer: true is enabled. Versions 14.1.1 and earlier process smartquotes with a quadratic time complexity due to repeated uses of replaceAt(), causing high CPU usage on quote-heavy inputs. The issue can degrad...

5.3CVSS5.2AI score0.00306EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/06/17 2:17 p.m.15 views

CVE-2025-69111

Unauthenticated PHP Object Injection in Reisen = 1.4.1 versions...

9.8CVSS0.00386EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 7:27 p.m.18 views

CVE-2026-46908

Technical details about CVE-2026-46908 are not publicly available in the provided documents. Monitor for updates from official sources.

9.9CVSS5.3AI score0.00411EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/16 6:40 p.m.31 views

CVE-2026-48777

CVE-2026-48777 — FileBrowser Quantum has a path-traversal in the public share PATCH endpoint. Versions prior to 1.3.2-stable, 1.4.0-beta, and 1.4.1-beta allow an attacker with a public share link that has AllowModify=true to move, copy, or rename files outside the share root by abusing publicPatc...

9.3CVSS5.4AI score0.00446EPSS
Exploits0References3
Rows per page
Query Builder