Lucene search
K

1121 matches found

EUVD
EUVD
added 2026/05/27 9:49 a.m.11 views

EUVD-2026-32207

Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 4.08.253...

9.8CVSS5.8AI score0.00308EPSS
Exploits1References1
CVE
CVE
added 2026/05/27 9:49 a.m.26 views

CVE-2026-42758

CVE-2026-42758 is a privilege-escalation vulnerability in the WordPress WebinarIgnition plugin (Saleswonder Team: Tobias WebinarIgnition). The issue is described as Incorrect Privilege Assignment and affects WebinarIgnition versions before 4.08.253. The vulnerability is categorized with a high/cr...

9.8CVSS5.8AI score0.00308EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/26 5:7 p.m.15 views

EUVD-2026-31913

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...

8.5CVSS6.1AI score0.00227EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/26 11:43 a.m.8 views

CVE-2025-11482 Allocation of Resources Without Limits or Throttling in the OPC-UA Server

An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based attacker to permanently prevent legitimate users from interacting with the service...

8.7CVSS5.8AI score0.00322EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 5:27 p.m.8 views

CVE-2026-39965

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl to block private IPs and cloud metadata hostnames. However, the HTTP clients ky and fetch follow 3...

7.7CVSS5.8AI score0.00239EPSS
Exploits0References3Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Push notifications stored on disk in private browsing mode were not encrypted, potentially allowing the leakage of sensitive information. This vulnerability affects Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2...

6.5CVSS6.7AI score0.00361EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

6.5CVSS6.6AI score0.01576EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.14 views

ISC BIND 9.20.0 < 9.20.23 / 9.20.9-S1 < 9.20.23-S1 / 9.21.0 < 9.21.22 Vulnerability (cve-2026-3593)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2026-3593 advisory. - A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0...

9.8CVSS5.8AI score0.01844EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.12 views

CVE-2026-6474 affecting package postgresql for versions less than 16.14-1

CVE-2026-6474 affecting package postgresql for versions less than 16.14-1. An upgraded version of the package is available that resolves this issue...

4.3CVSS5.8AI score0.00208EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.14 views

CVE-2026-6472 affecting package postgresql for versions less than 16.14-1

CVE-2026-6472 affecting package postgresql for versions less than 16.14-1. An upgraded version of the package is available that resolves this issue...

5.4CVSS5.8AI score0.00159EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.9 views

CVE-2026-35469 affecting package keda for versions less than 2.14.1-12

CVE-2026-35469 affecting package keda for versions less than 2.14.1-12. A patched version of the package is available...

8.7CVSS5.8AI score0.00656EPSS
Exploits0
NVD
NVD
added 2026/05/17 6:16 p.m.15 views

CVE-2026-46720

Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

8.2CVSS0.00344EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Open WebUI 路径遍历漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.6.10 had a path traversal vulnerability. This vulnerability arises when uploading audio files, where the file name originates from the original HTTP upload request a...

8.1CVSS5.8AI score0.00454EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.22 views

Amazon Linux 2 : gimp, --advisory ALAS2GIMP-2026-015 (ALASGIMP-2026-015)

The version of gimp installed on the remote host is prior to 2.8.22-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2GIMP-2026-015 advisory. A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing ...

7.8CVSS6.2AI score0.00375EPSS
Exploits0References4
NVD
NVD
added 2026/05/12 5:16 p.m.47 views

CVE-2026-20793

Unchecked return value for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result ma...

4.8CVSS0.00096EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2026/05/09 3:31 a.m.10 views

CVE-2026-6861 affecting package emacs for versions less than 29.4-4

CVE-2026-6861 affecting package emacs for versions less than 29.4-4. A patched version of the package is available...

7.1CVSS5.8AI score0.00108EPSS
Exploits0
EUVD
EUVD
added 2026/05/08 9:31 a.m.19 views

EUVD-2026-28537

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

2.9CVSS5.8AI score0.00211EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.13 views

Vim 操作系统命令注入漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Versions of Vim prior to 9.2.0383 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the netrw standard plugin, which allowed for OS command injection. This could...

4.4CVSS6.1AI score0.00774EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.45 views

PHP 8.2.x < 8.2.31 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.31. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.31 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...

9.8CVSS5.8AI score0.0078EPSS
Exploits1References17
Vulnrichment
Vulnrichment
added 2026/05/05 11:24 a.m.5 views

CVE-2026-42438 OpenClaw 2026.4.9 < 2026.4.10 - Sender Policy Bypass in Host Media Attachment Reads

OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading ...

7.7CVSS5.8AI score0.00236EPSS
Exploits0References3
Rows per page
Query Builder