Lucene search
+L

15340 matches found

Microsoft CVE
Microsoft CVE
added 5 days ago7 views

Outlook Copilot Tampering Vulnerability

Improper neutralization of special elements used in a command 'command injection' in Outlook Copilot allows an authorized attacker to perform tampering over a network...

6.3CVSS6.1AI score0.0037EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 5 days ago5 views

Windows Subsystem for Linux (WSL2) Kernel Tampering Vulnerability

Time-of-check time-of-use toctou race condition in Windows Subsystem for Linux allows an authorized attacker to perform tampering locally...

6.3CVSS6.1AI score0.00159EPSS
Exploits0
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-43611

The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.2AI score0.00252EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-58637

Name of the Vulnerable Software and Affected Versions Windows Subsystem for Linux versions prior to 2.7.10 Description A time-of-check time-of-use TOCTOU race condition exists in the Windows Subsystem for Linux. This flaw allows an authorized local attacker to perform data tampering. A TOCTOU rac...

6.3CVSS6.1AI score0.00159EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-58715

Improper link resolution before file access 'link following' in .NET allows an authorized attacker to perform tampering locally...

7CVSS6AI score0.00159EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 5 days ago9 views

Microsoft Windows Subsystem for Linux (WSL2) < 2.7.10 Tampering (CVE-2026-57973) (July 2026)

The version of Microsoft Windows Subsystem for Linux WSL2 on the remote Windows host is prior to 2.7.10. It is, therefore, affected by a tampering vulnerability: - Time-of-check time-of-use toctou race condition in Windows Subsystem for Linux allows an authorized attacker to perform tampering...

6.3CVSS6.1AI score0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-58746

Name of the Vulnerable Software and Affected Versions NVIDIA TensorRT-LLM for Linux affected versions not specified Description A flaw exists in the restricted unpickler used for model weight deserialization. This allows a local, unauthenticated attacker to trigger the deserialization of untruste...

8.4CVSS6.2AI score0.00263EPSS
Exploits0References5
OSV
OSV
added 5 days ago6 views

UBUNTU-CVE-2026-50526

Improper link resolution before file access 'link following' in .NET allows an authorized attacker to perform tampering locally...

7CVSS6AI score0.00159EPSS
Exploits0References6
Kaspersky
Kaspersky
added 5 days ago8 views

KLA91143 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, gain privileges, obtain sensitive information, spoof user interface. Below is a complete list of...

8.8CVSS6.6AI score0.01579EPSS
Exploits0References51
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-58469

Name of the Vulnerable Software and Affected Versions Microsoft Windows DNS affected versions not specified Description Improper access control in the Windows DNS Client allows an authorized, logged-in attacker to perform local tampering. Recommendations At the moment, there is no information abo...

6.1CVSS6.1AI score0.00279EPSS
Exploits0References3
NVD
NVD
added 2026/07/11 7:16 a.m.7 views

CVE-2026-11901

The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 2.3.1. This is due to the webhookprocesspaypalstandard IPN handler selecting its PayPal validation endpoint from the attacker-controlled $REQUEST'testipn...

5.3CVSS0.00177EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/11 5:35 a.m.9 views

EUVD-2026-43149

The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 2.3.1. This is due to the webhookprocesspaypalstandard IPN handler selecting its PayPal validation endpoint from the attacker-controlled $REQUEST'testipn...

5.3CVSS6.1AI score0.00177EPSS
Exploits0References10
NVD
NVD
added 2026/07/10 7:17 p.m.7 views

CVE-2026-55516

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/maintenanceid checks access to the current maintenance record and asset but then fills attacker-controlled fields including assetid without re-authorizing the newly supplied asset, allowing an...

7.7CVSS0.00218EPSS
Exploits0References3
NVD
NVD
added 2026/07/10 5:16 a.m.8 views

CVE-2026-15288

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...

7.5CVSS0.00333EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/10 4:31 a.m.7 views

CVE-2026-15288

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...

7.5CVSS6.1AI score0.00333EPSS
Exploits0References4
NVD
NVD
added 2026/07/07 5:16 p.m.12 views

CVE-2026-57851

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...

8.5CVSS0.0017EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/07 4:2 p.m.11 views

CVE-2026-57851

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...

8.5CVSS6AI score0.0017EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 9:22 p.m.7 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the Neo4jChatAgent process. An attacker can gain unauthorized access to all gra...

9.2CVSS6.2AI score0.00461EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 3:22 p.m.10 views

BIT-LIBPYTHON-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

5.3CVSS5.4AI score0.00136EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/06 8:48 a.m.38 views

CVE-2026-12686 Incorrect authorisation in Adiss’s Biloop

An authenticated user could manipulate a company ID parameter in a POST request to the backend to gain unauthorised access to other companies hosted within the same subdomain environment. The application does not adequately verify whether the requested company ID belongs to the authenticated user...

9.3CVSS0.00309EPSS
Exploits0References1
Rows per page
Query Builder