Lucene search
K

37 matches found

EUVD
EUVD
added yesterday7 views

EUVD-2026-42857

R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file. This issue was fixed in version v3.17-2000...

8.2CVSS6.1AI score0.00269EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-41879

R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file. This issue was fixed in version v3.17-2000...

8.7CVSS6.1AI score0.01228EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 12:16 a.m.4 views

UBUNTU-CVE-2026-54592

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process, leading to DoS. In a two-step chain in...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/30 11:24 p.m.6 views

CVE-2026-54898

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...

2.1CVSS5.9AI score0.00117EPSS
Exploits0
OSV
OSV
added 2026/06/23 2:37 p.m.4 views

BIT-APISIX-2026-39998 Apache APISIX: Identity Injection via forward-auth Plugin Missing Header Cleanup

Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers. This issue affects Apache APISIX: from 2.12.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

8.8CVSS5.8AI score0.00403EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 1:18 p.m.46 views

CVE-2026-49871

CVE-2026-49871 describes a Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations in Apache APISIX versions 3.0.0–3.16.0. The issue allows a remote attacker who can lure a victim to a controlled webpage to cause the victim’s browser to become authentic...

9.3CVSS5.9AI score0.00261EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/19 1:17 p.m.5 views

CVE-2026-47341

Authentication Bypass by Capture-replay vulnerability in Apache APISIX. Attacker can benefit from certain configurations in hmac-auth to re-use a token forever, bypassing expiry. This issue affects Apache APISIX: from 3.11.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, whic...

6.3CVSS5.8AI score0.0043EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/19 1:10 p.m.10 views

EUVD-2026-38015

Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. This issue affects Apache APISIX: from 2.14.1 through 3.16.0. Users are recommended to upgrad...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50883

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 1.2.0 through 3.16.0 Description A Use of Less Trusted Source issue exists where an attacker can leverage the wolf-rbac plugin under default configuration. This allows for the potential pollution of logs with spoofed...

5.8CVSS5.9AI score0.00314EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/11 6:55 p.m.7 views

CVE-2026-46622 SolidInvoice: API tokens stored as plaintext in the database allowing full credential compromise on database breach

SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the apitokens database table. Any attacker who obtains read access to the database — through SQL injection, a leaked backup, a...

8.1CVSS5.6AI score0.00197EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/22 6:43 p.m.8 views

CVE-2026-39969

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...

6.5CVSS5.8AI score0.0014EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/01 3:16 p.m.4 views

UBUNTU-CVE-2026-31785

In the Linux kernel, the following vulnerability has been resolved: drm/xe/xepagefault: Disallow writes to read-only VMAs The page fault handler should reject write/atomic access to read only VMAs. Add code to handle this in xepagefaultservice after the VMA lookup. v2: - Apply max line length...

5.5CVSS5.7AI score0.00107EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/02 6:41 p.m.5 views

Security Bulletin: IBM Copy Services Manager may be affected by multiple vulnerabilities due to IBM SDK Quarterly CPU - Jan 2026

Summary Multiple Vulnerabilities were disclosed as part of the JAVA SE January 2026 Patch Update. Although likelihood of these issues being exploited is very low, IBM Copy Services Manager frequently updates product stack to ensure the utmost security is maintained. Vulnerability Details Refer to...

7.5CVSS6.8AI score0.00864EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/03/29 6:42 p.m.8 views

ROOT-OS-ALPINE-317-CVE-2024-28182 CVE-2024-28182 in rootio-nghttp2 - Patched by Root

Root has patched CVE-2024-28182 in the rootio-nghttp2 package for Root:Alpine:3.17. Multiple fixed versions available...

5.3CVSS8.3AI score0.8496EPSS
Exploits1
OSV
OSV
added 2026/03/29 6:40 p.m.4 views

ROOT-OS-ALPINE-317-CVE-2023-46853 CVE-2023-46853 in rootio-memcached - Patched by Root

Root has patched CVE-2023-46853 in the rootio-memcached package for Root:Alpine:3.17. Multiple fixed versions available...

9.8CVSS5.4AI score0.00756EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2026/03/25 10:21 a.m.6 views

Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes

Description: This update fixes the following issues: release-notes-susemanager-proxy: Update to SUSE Manager 4.3.17 CVEs Fixed: CVE-2024-29371, CVE-2026-27727, CVE-2026-27830 Bugs mentioned: bsc1227577, bsc1227579, bsc1236799, bsc1243241, bsc1244724 bsc1248741, bsc1251995, bsc1253068, bsc1253773...

9.8CVSS5.8AI score0.01535EPSS
Exploits4References120
EUVD
EUVD
added 2026/02/15 3:24 a.m.5 views

EUVD-2026-5833

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...

6.5CVSS5.7AI score0.00308EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000618)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000618 advisory. arch/x86/kernel/entry64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment SS segment register, which allows local...

7.8CVSS6.9AI score0.01504EPSS
Exploits8References25
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.5 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001919)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001919 advisory. kernel/trace/tracesyscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local...

7.8CVSS6.4AI score0.00568EPSS
Exploits1References12
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.8 views

WordPress plugin Smush Image Compression and Optimization 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...

4.1CVSS8.5AI score0.00315EPSS
Exploits0References1
Rows per page
Query Builder