Lucene search
K

534 matches found

OSV
OSV
added 2026/07/02 7:43 p.m.10 views

GHSA-GF9R-M956-97QX zebrad has consensus divergence via P2SH sigop undercount in pure-Rust disabled-opcode parser

Am I affected You are affected if: 1. You run any version of zebrad up to and including v4.4.1. 2. Your node validates blocks on mainnet, testnet, or any network where both Zebra and zcashd nodes participate. All default configurations are affected. No feature flags, non-default settings, or...

9.3CVSS6AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-54190

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the Autofill feature allows a remote attacker to leak cross-origin data. This occurs when a user is convinced to perform specific UI gestures o...

9.8CVSS6AI score0.00413EPSS
Exploits0References445
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Fixed out-of-bounds access during read/writing of sysfs attributes. Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. Example: vm: echo...

7.1CVSS5.8AI score0.00156EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2026/06/10 2:9 p.m.11 views

CVE-2026-49975 affecting package httpd for versions less than 2.4.68-1

CVE-2026-49975 affecting package httpd for versions less than 2.4.68-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS5.4AI score0.11471EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.11 views

CVE-2026-33052

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...

5.3CVSS5.3AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.13 views

CVE-2026-26206

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security/user/authenticate can be bypassed by sending concurrent authentication requests. Although the...

6.5CVSS5.3AI score0.00209EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.8 views

CVE-2026-6966

Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegated role...

7CVSS5.5AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.19 views

CVE-2026-42070

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, the mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing t...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 9:16 a.m.17 views

CVE-2026-9722

The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.00131EPSS
Exploits0References4
CVE
CVE
added 2026/06/02 7:48 a.m.22 views

CVE-2026-9722

The CVE-2026-9722 entry concerns the WordPress plugin Laiser Tag, affected versions ≤ 1.2.5. The root cause is missing or incorrect nonce validation in the addOptionsPageFields function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to modify plugin settings (API key,...

4.3CVSS5.7AI score0.00131EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:48 a.m.11 views

CVE-2026-9722

The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.00131EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/02 7:48 a.m.42 views

CVE-2026-9722 Laiser Tag <= 1.2.5 - Cross-Site Request Forgery to Plugin Settings Update via Settings Form

The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.00131EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.9 views

Don't Trust Us: A Privacy-By-Design Android Malware Detection Pipeline

Android malware detection increasingly relies on collecting and processing sensitive user data, including device identifiers, network artifacts, and runtime traces, while privacy is too often treated as a secondary concern. Existing privacy-aware approaches typically enforce privacy after data...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.14 views

PT-2026-45713

Name of the Vulnerable Software and Affected Versions Laiser Tag versions prior to 1.2.6 Description The Laiser Tag plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into executing unwanted actions. This occurs due to missing or incorrect...

4.3CVSS5.3AI score0.00131EPSS
Exploits0References8
Packet Storm News
Packet Storm News
added 2026/06/01 12:0 a.m.10 views

Gate AI: LLM Security Benchmark Evaluation Methodology and Results

Published evaluations of prompt-injection and jailbreak detectors for Large Language Models often suffer from two systematic weaknesses: per-dataset threshold tuning and undisclosed operating points. We describe an evaluation harness that addresses both. The detector under evaluation is scored...

5.8AI score
Exploits0
CBLMariner
CBLMariner
added 2026/05/30 3:37 a.m.14 views

CVE-2026-39821 affecting package cri-tools for versions less than 1.32.0-6

CVE-2026-39821 affecting package cri-tools for versions less than 1.32.0-6. A patched version of the package is available...

9.6CVSS5.8AI score0.00478EPSS
Exploits0
NVD
NVD
added 2026/05/28 9:16 p.m.13 views

CVE-2026-42070

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, the mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing t...

5.3CVSS0.00258EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/28 8:28 p.m.32 views

CVE-2026-42070 MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, the mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing t...

5.3CVSS0.00258EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/28 8:28 p.m.9 views

CVE-2026-42070 MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, the mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing t...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/28 8:28 p.m.8 views

CVE-2026-42070

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, the mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing t...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder