Lucene search
K

4016 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-7655

The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email during customer profile synchronization from webhook...

8.1CVSS0.00302EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43148

The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email during customer profile synchronization from webhook...

8.1CVSS6.1AI score0.00302EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-42718

A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service DoS. When the reachability of an sFlow collector changes, the corresponding next-hop entry is...

6CVSS6AI score0.0019EPSS
Exploits0References2
CVE
CVE
added 5 days ago14 views

CVE-2026-57029

CVE-2026-57029 describes a missing synchronization vulnerability in the flow collector handler of Junos OS Evolved on QFX Series. When the reachability of an sFlow collector changes, updating the next-hop entry can race with the sFlow thread accessing the same data, causing the evo-pfemand proces...

6CVSS6AI score0.0019EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-57029

A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service DoS. When the reachability of an sFlow collector changes, the corresponding next-hop entry is...

6CVSS6AI score0.0019EPSS
Exploits0References2Affected Software1
NVD
NVD
added 5 days ago8 views

CVE-2026-33390

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS0.0021EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42536

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS6AI score0.0021EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-33390

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS6AI score0.0021EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-33390 Incorrect privilege assignment for Arc sensors in Guardian/CMC before 26.2.0

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS0.0021EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-31983

A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH...

6.9CVSS6AI score0.00235EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42533

A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH...

6.9CVSS6AI score0.00235EPSS
Exploits0References1
CVE
CVE
added 6 days ago9 views

CVE-2026-29008

U-Boot 2026.04-rc3 contains a vulnerability in tcp_rx_state_machine() (net/tcp.c) that can crash the bootloader via a malformed TCP SYN+ACK with manipulated data offset, causing payload_len to become negative. The negative value is implicitly converted to a large unsigned integer and passed to me...

8.7CVSS6AI score0.00432EPSS
Exploits0References4
OSV
OSV
added last week4 views

CVE-2026-56812 Phoenix JavaScript presence client crashes on presence keys colliding with Object.prototype members in Presence.syncState/syncDiff

Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is...

6.3CVSS6AI score0.00447EPSS
Exploits1References13
CVE
CVE
added last week14 views

CVE-2026-56812

The Phoenix JavaScript presence client suffers a client-side denial of service due to an unsafe existence check in Presence.syncState() and Presence.syncDiff(). By using a bare truthiness test (state[key]) to detect existing presences, attacker-controlled keys that collide with Object.prototype (...

7.5CVSS6AI score0.00447EPSS
Exploits1References7Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/07 6:9 a.m.3 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in SyncChangeCounter()

A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter. A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or f...

7.8CVSS6.9AI score0.0014EPSS
Exploits0References7
NVD
NVD
added 2026/07/06 9:16 p.m.7 views

CVE-2025-59615

Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper synchronization...

7.8CVSS0.00064EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 8:9 p.m.4 views

EUVD-2025-210436

Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper synchronization...

6.6CVSS6AI score0.00064EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/06 8:9 p.m.6 views

CVE-2025-59615 Use After Free in Computer Vision

Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper synchronization...

6.6CVSS6AI score0.00064EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 8:9 p.m.14 views

CVE-2025-59615

Technical details are not publicly available in the provided documents. Monitor for updates.

7.8CVSS6AI score0.00064EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-55985

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs when invoking device input/output control operations for mapping and unmapping persistent memory buffers. This issue is caused by improp...

7.8CVSS6AI score0.00064EPSS
Exploits0References3
Rows per page
Query Builder