Lucene search
K

2099 matches found

Cvelist
Cvelist
added 2026/06/25 2:11 p.m.38 views

CVE-2026-49319 Alps Electric Co., Ltd. R53R0 Remote Keyless Entry System (RKES) Replay Attack

Remote Keyless Entry System RKES, using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication. An attacker within RF range who records two consecutive lock or unlock transmissions from a...

6.9CVSS0.0024EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: A memory leak was fixed in amdgpurasinit. When amdgpunbiorasswinit fails in amdgpurasinit, the function returns directly without freeing the allocated con structure, resulting in a memory leak. This issue was fixed by...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.7 views

Slackware Linux 15.0 / current openssl Multiple Vulnerabilities (SSA:2026-168-05)

The version of openssl installed on the remote host is prior to 1.1.1zh / 3.5.7. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-168-05 advisory. New openssl packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted t...

8.8CVSS6.5AI score0.02719EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.17 views

FreeBSD : caddy -- multiple vulnerabilities (94f93681-6775-11f1-8044-002590af0794)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 94f93681-6775-11f1-8044-002590af0794 advisory. Caddy project reports: Caddy 2.11.4 contains multiple security fixes. GitHub Security Advisory...

8.1CVSS6AI score0.00409EPSS
Exploits3References8
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 p.m.11 views

CVE-2026-47900

Logseq is vulnerable to a stored cross-site scripting XSS. A malicious plugin can include a JavaScript payload in the "name" field of its "package.json" file, which is rendered using "innerHTML" without proper sanitization, allowing the execution of arbitrary code in the privileged host context...

4.6CVSS5.7AI score0.00139EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.15 views

Splunk Enterprise 9.3.0 < 9.3.13, 9.4.0 < 9.4.12, 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0608)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0608 advisory. - In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11...

7.1CVSS5.7AI score0.00174EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 2:16 p.m.13 views

CVE-2026-47901

Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy CSP, this allows a malicious plugin to execute arbitrary...

4.6CVSS0.00139EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 1:23 p.m.10 views

CVE-2026-47901 Iframe escape by plugins in Logseq

Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy CSP, this allows a malicious plugin to execute arbitrary...

4.6CVSS5.8AI score0.00139EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 1:23 p.m.9 views

CVE-2026-47899 Arbitrary File Read, Write, Rename, and Delete in Logseq

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer e.g. via XSS or a malicious plugin, can read, write, or delete arbitrary files on the user's...

8.7CVSS5.8AI score0.00137EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 1:23 p.m.12 views

EUVD-2026-35436

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer e.g. via XSS or a malicious plugin, can read, write, or delete arbitrary files on the user's...

8.7CVSS5.8AI score0.0027EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47799

Logseq is vulnerable to a stored cross-site scripting XSS. A malicious plugin can include a JavaScript payload in the "name" field of its "package.json" file, which is rendered using "innerHTML" without proper sanitization, allowing the execution of arbitrary code in the privileged host context...

4.6CVSS5.7AI score0.00139EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.10 views

CVE-2026-47325

ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...

6.9CVSS5.4AI score0.00249EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:34 p.m.6 views

CVE-2026-8762

After analysis, the originally reported behaviour was determined not to constitute a security vulnerability. The findings were parser-strictness defects without an exploitable framing-disagreement path in any tested deployment configuration...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.77 views

Notepad++ < 8.9.6.1 Multiple Vulnerabilities

The version of Notepad++ installed on the remote host is prior to 8.9.6.1. It is, therefore, affected by multiple vulnerabilities: - A crash caused by any malformed structure that could allow an attacker to cause a denial of service condition. CVE-2026-48770 - An arbitrary code execution...

7.8CVSS6.6AI score0.01314EPSS
Exploits8References8
ATTACKERKB
ATTACKERKB
added 2026/06/03 1:28 p.m.13 views

CVE-2026-47325

ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...

6.9CVSS5.8AI score0.00291EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/03 1:28 p.m.15 views

EUVD-2026-34094

ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...

6.9CVSS5.8AI score0.00291EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/03 1:28 p.m.8 views

CVE-2026-47325 Weak password policy in ProjectsAndPrograms school-management-system

ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/03 1:28 p.m.37 views

CVE-2026-47324 Stored XSS in Multiple Points in ProjectsAndPrograms school-management-system

ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting XSS in multiple attributes of students and teachers objects. An authorized attacker e.g., a teacher or administrator can inject malicious JavaScript that is subsequently executed in other users’ browsers...

5.1CVSS0.00291EPSS
Exploits0References2
Atlassian
Atlassian
added 2026/06/02 6:55 a.m.20 views

Restricted page for a user is getting displayed in "Recently Updated" macro.

h3. Issue Summary Restricted page for a user is getting displayed in "Recently Updated" macro. h3. Steps to Reproduce In confluence 10.2.x create 3 normal users user01, user02, user03. Create a sample space using admin user. Create a page using admin user and add "Recently Updated" macro. Switch ...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.68 views

📄 D-Link DSL2600U Password Disclosure

D-Link DSL2600U suffers from an administrative password disclosure vulnerability. Exploit Title: D-Link DSL2600U - 'rom-0' Admin Password Disclosure Date: 2026-05-02 Exploit Author: Amir Hossein Jamshidi Vendor Homepage: https://www.dlink.com Version: DSL-2600U Tested on: ubuntu CVE : N/A Firmwar...

5.8AI score
Exploits0
Rows per page
Query Builder