Lucene search
K

4352 matches found

CVE
CVE
added 4 hours ago9 views

CVE-2026-10536

libcurl (HTTP/2) contains a use-after-free vulnerability. If an application builds an HTTP/2 stream-dependency tree using CURLOPT_STREAM_DEPENDS/…_E, then calls curl_easy_reset() and later curl_easy_cleanup(), libcurl may access/modify an internal structure that was freed during reset. This is a ...

6AI score
Exploits0References3
Nuclei
Nuclei
added yesterday28 views

NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

8.8CVSS6AI score0.01875EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday15 views

ASUSTOR ADM 3.1.0.RFQ3 - SQL Injection

ASUSTOR ADM version 3.1.0.RFQ3 is vulnerable to SQL injection via the albumid parameter in the /photo-gallery/api/album/treelists/ endpoint. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the database, potentially leading to information disclosure or further...

9.8CVSS7.6AI score0.11176EPSS
Exploits7References2
Nuclei
Nuclei
added yesterday33 views

Joomla! Percha Categories Tree 0.6 - Local File Inclusion

A directory traversal vulnerability in the Percha Fields Attach comperchafieldsattach component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2033 info: name:...

7.5CVSS6AI score0.15795EPSS
Exploits1References3
NVD
NVD
added 3 days ago5 views

CVE-2026-56777

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...

5.3CVSS0.00253EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 4 days ago8 views

CVE-2026-53122

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between reflink and transaction commit when using flushoncommit When using the flushoncommit mount option, we can have a deadlock between a transaction commit and a reflink operation that copied an inline exte...

5.5CVSS5.8AI score0.00179EPSS
Exploits0References4
OSV
OSV
added 4 days ago5 views

PYSEC-2026-346 gramps-webapi: Zip Slip Path Traversal in Media Archive Import

Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...

9.1CVSS6AI score0.00401EPSS
Exploits0References7
NVD
NVD
added 4 days ago8 views

CVE-2026-9676

The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts...

4.3CVSS0.00102EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-9676 f4 Post Tree < 2.0.5 - Subscriber+ Arbitrary Post Parent/Menu Order Modification

The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts...

0.00102EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40040

The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts...

4.3CVSS5.9AI score0.00102EPSS
Exploits0References1
CVE
CVE
added 4 days ago12 views

CVE-2026-9676

The vulnerability CVE-2026-9676 affects the F4 Post Tree WordPress plugin prior to 2.0.5. The issue arises because the plugin does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the...

4.3CVSS5.9AI score0.00102EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-9676

The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts...

5.9AI score0.00102EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 5 days ago7 views

SUSE CVE-2026-53284

In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...

7.5CVSS6AI score0.00432EPSS
Exploits0References2
NVD
NVD
added last week6 views

CVE-2026-53284

In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...

7.5CVSS0.00432EPSS
Exploits0References3
Cvelist
Cvelist
added last week22 views

CVE-2026-53284 btrfs: only release the dirty pages io tree after successful writes

In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...

7.5CVSS0.00432EPSS
Exploits0References3
CVE
CVE
added last week20 views

CVE-2026-54557

CVE-2026-54557 affects the mise HTTP backend. Before 2026.6.1, install symlinks were created using the raw resolved version string for non-latest versions, instead of the sanitized version pathname. This allows a repository-controlled .tool-versions entry to cause mise install to create a symlink...

5.5CVSS5.8AI score0.00175EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-54557

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlin...

5.5CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added last week35 views

CVE-2026-54557 mise HTTP backend uses raw version path for install symlink destination

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlin...

5.5CVSS0.00175EPSS
Exploits0References1
CVE
CVE
added last week8 views

CVE-2026-21734

The CVE-2026-21734 reports an out-of-bounds write in the GPU shader compiler library triggered by loading a web page containing unusual GPU shader code. The vulnerability affects the GPU shader compiler process and can lead to a segmentation fault or write-out-of-bounds in the shader compiler, wi...

7.7CVSS5.8AI score0.00118EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/25 4:16 p.m.7 views

CVE-2026-55693

Vim is an open source, command line text editor. Prior to 9.2.0653, the treecountwords function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked...

8.4CVSS0.00126EPSS
Exploits0References3
Rows per page
Query Builder