Lucene search
K

308955 matches found

NVD
NVD
added 48 minutes ago6 views

CVE-2026-5523

The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...

8.8CVSS
Exploits0References2
RedHat Linux
RedHat Linux
added 1 hour ago2 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during...

7.5CVSS5.9AI score0.004EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2 hours ago3 views

CVE-2026-5523

The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...

8.8CVSS5.9AI score
Exploits0References3
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-5523 Divi Form Builder <= 5.1.8 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation via User Profile Update Form

The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...

8.8CVSS
Exploits0References2
CVE
CVE
added 2 hours ago7 views

CVE-2026-5523

The CVE describes a privilege-escalation flaw in the Divi Form Builder plugin for WordPress (versions up to and including 5.1.8). The root cause is missing authorization checks: update_user() accepts a user ID from form submissions without validating the editor’s permission for that target user, ...

8.8CVSS5.9AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 6 hours ago2 views

Security Bulletin: Due to use of Golang Go, multiple vulnerabilities affect IBM Cloud Pak System

Summary Due to use of Golang Go multiple vulnerabilities affect IBM Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2026-39827 DESCRIPTION: An authenticated SSH client that repeatedly opened channels which were rejected by the server...

9.1CVSS6.7AI score0.00513EPSS
Exploits0Affected Software2
EUVD
EUVD
added 6 hours ago2 views

EUVD-2026-42500

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password change functionality...

7.5AI score
Exploits0References3
EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-42499

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the search parameter of the allContactSearch endpoint...

7.5AI score
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-55471

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, org.hl7.fhir.utilities.XsltUtilities saxonTransform... overloads instantiated a bare net.sf.saxon.TransformerFactoryImpl without ACCESSEXTERNALDTD or ACCESSEXTERNALSTYLESHEET...

8.7CVSS
Exploits0References3
NVD
NVD
added yesterday6 views

CVE-2026-55830

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, checkfunctionargumentnames rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted...

8.3CVSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-39178

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the search parameter of the allContactSearch endpoint...

Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-44161

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, the Fluentd outhttp output plugin allows placeholders such as $tag in the endpoint configuration parameter, and if a placeholder value is derived from untrusted...

7.2CVSS
Exploits0References4
NVD
NVD
added yesterday5 views

CVE-2026-39179

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password change functionality...

Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-44024

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd allows dynamically constructing file paths using the $tag placeholder, and insufficient validation of $tag in file configurations such as the path...

9.8CVSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

Summary Security vulnerabilities have been addressed in IBM Verify Identity Access and IBM Security Verify Access Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide...

9.8CVSS7.4AI score0.00252EPSS
Exploits1Affected Software2
Cvelist
Cvelist
added yesterday11 views

CVE-2026-55471 HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, org.hl7.fhir.utilities.XsltUtilities saxonTransform... overloads instantiated a bare net.sf.saxon.TransformerFactoryImpl without ACCESSEXTERNALDTD or ACCESSEXTERNALSTYLESHEET...

8.7CVSS
Exploits0References3
EUVD
EUVD
added yesterday6 views

EUVD-2026-42441

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, org.hl7.fhir.utilities.XsltUtilities saxonTransform... overloads instantiated a bare net.sf.saxon.TransformerFactoryImpl without ACCESSEXTERNALDTD or ACCESSEXTERNALSTYLESHEET...

8.7CVSS6AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-55471

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, org.hl7.fhir.utilities.XsltUtilities saxonTransform... overloads instantiated a bare net.sf.saxon.TransformerFactoryImpl without ACCESSEXTERNALDTD or ACCESSEXTERNALSTYLESHEET...

8.7CVSS6AI score
Exploits0References4Affected Software1
CVE
CVE
added yesterday29 views

CVE-2026-55471

CVE-2026-55471 concerns HAPI FHIR’s XsltUtilities.sax(on)Transform overloads, which historically instantiate a bare net.sf.saxon.TransformerFactoryImpl() without external-access restrictions. This enables XML External Entity (XXE) processing, allowing local file disclosure and blind XXE/SSRF when...

8.7CVSS6AI score
Exploits0References3
CVE
CVE
added yesterday33 views

CVE-2026-44161

Fluentd’s out_http plugin (pre-1.19.3) allows placeholders such as ${tag} in the endpoint configuration. If a placeholder comes from untrusted input, an attacker can control the destination hostname of outbound HTTP requests and force requests to arbitrary internal services (SSRF). Affected versi...

7.2CVSS7.3AI score
Exploits0References4
Rows per page
Query Builder