Lucene search
K

119 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.1 views

Astra Linux – Vulnerability in Mariadb 10.3

It was discovered that MariaDB versions 10.2 to 10.7 contain a segmentation fault due to the component Itemfuncin::cleanup/Item::cleanupprocessor...

7.5CVSS7.7AI score0.01766EPSS
Exploits1References2
NVD
NVD
added 2026/06/16 10:16 a.m.11 views

CVE-2026-2381

The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxpayfororder function in all versions up to, and including, 10.7.0 This is due to a missing order ownership or orderkey verification when...

6.5CVSS0.00267EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.9 views

CVE-2026-9807

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed a blocked Project Access Token to continue accessing private resources due to incorrect authorization...

4.3CVSS5.5AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.9 views

CVE-2026-23823

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability only...

7.2CVSS6AI score0.00957EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 7:16 p.m.14 views

CVE-2026-2601

GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to access sensitive deployment data on projects due to...

4.3CVSS0.00243EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 9:49 a.m.12 views

EUVD-2026-32191

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in IniLerm Advanced IP Blocker advanced-ip-blocker allows DOM-Based XSS.This issue affects Advanced IP Blocker: from n/a through = 8.10.7...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.19 views

CVE-2026-42739

The CVE-2026-42739 affects the WordPress Advanced IP Blocker plugin (

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 9:31 p.m.11 views

EUVD-2026-29739

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability only...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 7:16 p.m.8 views

CVE-2026-23823

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability only...

7.2CVSS0.00957EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 6:38 p.m.33 views

CVE-2026-23823 Authenticated Command Injection leads to RCE in AOS-10 CLI Command

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability only...

7.2CVSS0.00957EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40340

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability only...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29530

Multiple stored cross-site scripting XSS vulnerabilities in the submit add user.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters...

6AI score0.00203EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/30 12:0 a.m.19 views

CVE-2026-29597

DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/filemanager/filedetails.asp” endpoint and manipulating the “file” parameter. By referencing specific...

0.00351EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.3 views

CVE-2026-2414

Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.5.2 before 10.7.2...

8.6CVSS5.8AI score0.00291EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.9 views

HYPR Server 安全漏洞

HYPR Server is a server owned by HYPR Corporation. Versions of HYPR Server prior to 10.7 contained security vulnerabilities. These vulnerabilities were caused by improper permission allocation, which could lead to unauthorized privilege escalation...

8.8CVSS5.8AI score0.00289EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 4:43 a.m.3 views

CVE-2026-33012

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions 4.7.0 through 4.10.16 used an unbounded ConcurrentHashMap cache with no eviction policy in its DefaultHtmlErrorResponseBodyProvider. If the application throws an...

7.5CVSS5.8AI score0.00561EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/20 4:43 a.m.4 views

CVE-2026-33012 Micronaut Framework vulnerable to a Denial of Service in HTML error response caching

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions 4.7.0 through 4.10.16 used an unbounded ConcurrentHashMap cache with no eviction policy in its DefaultHtmlErrorResponseBodyProvider. If the application throws an...

7.5CVSS5.8AI score0.00561EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/16 12:0 a.m.26 views

CVE-2025-68921

SteelSeries Nahimic 3 1.10.7 allows Directory traversal...

0.00324EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.6 views

CVE-2025-63314

A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack...

10CVSS7.2AI score0.00293EPSS
Exploits0References1
OSV
OSV
added 2026/01/12 5:15 p.m.9 views

CVE-2025-63314

A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack...

10CVSS5.9AI score0.00293EPSS
Exploits0References3
Rows per page
Query Builder