Lucene search
+L

259 matches found

nvd
nvd
added yesterday5 views

CVE-2026-48795

AdonisJS is a TypeScript-first web framework. From 10.1.3 until 10.1.5 and 11.0.3, AdonisJS @adonisjs/bodyparser incompletely fixed CVE-2026-25754 because nested multipart field payloads such as user.proto.polluted and constructor.prototype still caused lodash .set via @poppinss/utils to create...

8.6CVSS0.00148EPSS
Exploits0References5
euvd
euvd
added 6 days ago7 views

EUVD-2026-42799

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to blind SQL Injection via the search parameter in all versions up to, and including, 2.10.1 due to insufficient escaping on the user supplied...

7.5CVSS6AI score0.00393EPSS
Exploits0References5
euvd
euvd
added 2026/06/21 5:15 a.m.12 views

EUVD-2026-38144

A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the library ddmdrv.sys of the component Kernel Driver. Performing a manipulation results in improper access controls. The attack must be initiated from a local position. The exploi...

8.5CVSS5.3AI score0.00113EPSS
Exploits0References5
nvd
nvd
added 2026/06/15 9:17 p.m.8 views

CVE-2026-48873

Unauthenticated Broken Access Control in Montonio for WooCommerce = 10.1.2 versions...

7.5CVSS0.00238EPSS
Exploits0References1
osv
osv
added 2026/06/08 3:2 p.m.5 views

CLEANSTART-2026-XV65906 Security fixes for CVE-2023-45288, CVE-2023-48795, CVE-2024-24786, CVE-2024-45337, CVE-2024-45338, CVE-2025-22868, CVE-2025-22869, CVE-2025-22870, CVE-2025-22872, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27140, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598 applied in versions: 2.10.1-r0, 2.10.1-r1, 2.10.1-r2

Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7.6AI score0.93305EPSS
Exploits11References111
osv
osv
added 2026/06/01 3:50 p.m.7 views

OPENSUSE-SU-2026:20854-1 Security update for rqlite

This update for rqlite fixes the following issues: Changes in rqlite: - Update to version 10.2.0: Support verifying mTLS peer Common Name Console supports restore from SQLite data Console "count rows" respects current Tables Expand/Collapse state Console supports dropping indexes Further Console...

9.6CVSS5.8AI score0.00781EPSS
Exploits0References4
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

Due to a vulnerability in the iouring subsystem, it is possible for kernel memory information to be leaked to the user process. timensinstall calls currentissinglethreaded to determine whether the current process is single-threaded. However, this call does not take into account iouring’s ioworker...

5.5CVSS6.6AI score0.0027EPSS
Exploits0References1
nessus
nessus
added 2026/04/23 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-41168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to...

6.9CVSS5.8AI score0.00297EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/04/22 8:49 p.m.4 views

CVE-2026-41168 pypdf has possible long runtimes for wrong size values in cross-reference and object streams

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. This ha...

6.9CVSS5.6AI score0.00297EPSS
Exploits0References4
github
github
added 2026/04/15 7:43 p.m.22 views

pypdf has long runtimes for wrong size values in cross-reference and object streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. Patches This has been fixed in pypdf==6.10.1. Workarounds If you cannot upgrade yet,...

6.9CVSS5.7AI score0.00297EPSS
Exploits0References6Affected Software1
osv
osv
added 2026/04/15 7:43 p.m.4 views

GHSA-JJ6C-8H6C-HPPX pypdf has long runtimes for wrong size values in cross-reference and object streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. Patches This has been fixed in pypdf==6.10.1. Workarounds If you cannot upgrade yet,...

5.3CVSS5.7AI score0.00297EPSS
Exploits0References6
ibm
ibm
added 2026/04/15 10:29 a.m.10 views

Security Bulletin: Vulnerabilities in OpenSSH affects IBM Netezza Appliance

Summary The OpenSSH package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-61984, CVE-2025-61985 Vulnerability Details CVEID:CVE-2025-61984 DESCRIPTION: ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certa...

3.6CVSS6.7AI score0.00284EPSS
Exploits2Affected Software1
attackerkb
attackerkb
added 2026/04/15 10:21 a.m.8 views

CVE-2026-40744

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through = 2.10.1.2...

5.9AI score0.0022EPSS
Exploits0References2
euvd
euvd
added 2026/04/02 6:31 p.m.5 views

EUVD-2025-209190

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. Users are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue...

7.5CVSS5.8AI score0.00428EPSS
Exploits0References2
osv
osv
added 2026/04/02 5:16 p.m.4 views

DEBIAN-CVE-2025-58136

A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue. A workaround for older versions is to...

7.5CVSS7.6AI score0.00673EPSS
Exploits0References1
cvelist
cvelist
added 2026/04/02 3:55 p.m.18 views

CVE-2025-65114 Apache Traffic Server: Malformed chunked message body allows request smuggling

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. Users are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue...

0.00428EPSS
Exploits0References1
cvelist
cvelist
added 2026/04/02 3:54 p.m.18 views

CVE-2025-58136 Apache Traffic Server: A simple legitimate POST request causes a crash

A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue. A workaround for older versions is to...

0.00673EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/04/02 12:0 a.m.11 views

Apache Traffic Server 安全漏洞

Apache Traffic Server ATS is a scalable HTTP proxy and caching server developed by the Apache Foundation in the United States. There are security vulnerabilities in Apache Traffic Server versions 9.2.12 and earlier, as well as 10.1.1 and earlier versions. These vulnerabilities stem from an error ...

7.5CVSS5.8AI score0.00428EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/04/02 12:0 a.m.11 views

Apache Traffic Server 安全漏洞

Apache Traffic Server ATS is a scalable HTTP proxy and caching server developed by the Apache Foundation in the United States. Versions of Apache Traffic Server 10.1.1 and earlier, as well as 9.2.12 and earlier versions, have security vulnerabilities. These vulnerabilities stem from defects in PO...

7.5CVSS7.4AI score0.00673EPSS
Exploits0References1
euvd
euvd
added 2026/03/25 6:31 p.m.5 views

EUVD-2026-15639

Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through = 4.10.1...

5.8AI score0.00287EPSS
Exploits0References2
Rows per page
Query Builder