Lucene search
+L

1032 matches found

OSV
OSV
added 2026/04/15 12:1 a.m.3 views

CVE-2026-40104 XWiki's REST APIs can list all pages/spaces, leading to unavailability

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...

6.9CVSS5.9AI score0.00405EPSS
Exploits0References5
OSV
OSV
added 2026/04/14 10:34 p.m.2 views

GHSA-MRQG-XMGM-RC5G XWiki's REST APIs can list all pages/spaces, leading to unavailability

Impact REST API endpoints like /xwiki/rest/wikis/xwiki/spaces/AnnotationCode/pages/AnnotationConfig/objects/AnnotationCode.AnnotationConfig/0/properties list all available pages as part of the metadata for database list properties, which can exhaust available resources on large wikis. Patches Thi...

8.2CVSS5.7AI score0.00405EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/14 10:32 p.m.12 views

MCP Server Kubernetes has an Argument Injection in port_forward tool via space-splitting

Summary The portforward tool in mcp-server-kubernetes constructs a kubectl command as a string and splits it on spaces before passing to spawn. Unlike all other tools in the codebase which correctly use execFileSync"kubectl", argsArray, portforward uses string concatenation with user-controlled...

8.3CVSS5.9AI score0.00258EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/14 6:30 p.m.8 views

EUVD-2026-22505

Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...

7.8CVSS5.7AI score0.00258EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 6:30 p.m.4 views

EUVD-2026-22445

Integer underflow wrap or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00298EPSS
Exploits0References2
NVD
NVD
added 2026/04/14 6:17 p.m.5 views

CVE-2026-32076

Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00258EPSS
Exploits0References1
NVD
NVD
added 2026/04/14 6:16 p.m.4 views

CVE-2026-27907

Integer underflow wrap or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00298EPSS
Exploits0References1
CVE
CVE
added 2026/04/14 4:58 p.m.32 views

CVE-2026-32076

CVE-2026-32076 describes an out-of-bounds read in the Windows Storage Spaces Controller that enables an authorized local attacker to elevate privileges. The vulnerability is tied to the Storage Spaces Controller component and is documented across multiple sources (NVD/NVD-affiliated listings, Red...

7.8CVSS5.7AI score0.00258EPSS
Exploits0References1Affected Software6
Vulnrichment
Vulnrichment
added 2026/04/14 4:58 p.m.6 views

CVE-2026-32076 Windows Storage Spaces Controller Elevation of Privilege Vulnerability

...

7.8CVSS5.8AI score0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 4:58 p.m.30 views

CVE-2026-32076 Windows Storage Spaces Controller Elevation of Privilege Vulnerability

...

7.8CVSS0.00258EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/14 4:57 p.m.4 views

CVE-2026-27907 Windows Storage Spaces Controller Elevation of Privilege Vulnerability

...

7.8CVSS5.8AI score0.00298EPSS
Exploits0References1
CVE
CVE
added 2026/04/14 4:57 p.m.42 views

CVE-2026-27907

CVE-2026-27907 is a Windows Storage Spaces Controller elevation-of-privilege vulnerability caused by an integer underflow. Exploitation would require local access with low privileges. Publicly available sources confirm the issue and that Microsoft released fixes (e.g., KB5082060 for Windows Serve...

7.8CVSS5.8AI score0.00298EPSS
Exploits0References1Affected Software6
Cvelist
Cvelist
added 2026/04/14 4:57 p.m.33 views

CVE-2026-27907 Windows Storage Spaces Controller Elevation of Privilege Vulnerability

...

7.8CVSS0.00298EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/04/14 2:0 p.m.7 views

Windows Storage Spaces Controller Elevation of Privilege Vulnerability

Integer underflow wrap or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...

7.8CVSS6.3AI score0.00298EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/04/14 2:0 p.m.7 views

Windows Storage Spaces Controller Elevation of Privilege Vulnerability

Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...

7.8CVSS6.3AI score0.00258EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.4 views

PT-2026-32802

CVE-2026-32076 Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally. https://t.co/6Pxw9igVaS...

7.8CVSS6.2AI score0.00258EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.11 views

Microsoft Windows Storage Spaces Controller 缓冲区错误漏洞

Microsoft Windows Storage Spaces Controller is a necessary driver provided by Microsoft for providing storage space functions. There is a buffer error vulnerability in Microsoft Windows Storage Spaces Controller. Attackers can exploit this vulnerability to gain elevated privileges. The following...

7.8CVSS6AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.10 views

Microsoft Windows Storage Spaces Controller 数字错误漏洞

Microsoft Windows Storage Spaces Controller is a necessary driver provided by Microsoft for providing storage space functions. There is a numerical error vulnerability in Microsoft Windows Storage Spaces Controller. Attackers can exploit this vulnerability to gain higher privileges. The following...

7.8CVSS5.8AI score0.00298EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32769

Name of the Vulnerable Software and Affected Versions Windows Storage Spaces Controller affected versions not specified Description An integer underflow wrap or wraparound occurs in the Windows Storage Spaces Controller, which allows an authorized attacker to elevate privileges locally...

7.8CVSS6.3AI score0.00298EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/04/09 6:17 p.m.4 views

CVE-2026-39983

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

8.6CVSS5.8AI score0.02185EPSS
Exploits1References4
Rows per page
Query Builder