Lucene search
+L

712 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/14 12:0 a.m.10 views

Fedora 42 : freerdp (2026-53fe996a57)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-53fe996a57 advisory. Update to 3.23.0 to fix CVE-2026-26965, CVE-2026-26955, CVE-2026-26271, CVE-2026-25997, CVE-2026-25959, CVE-2026-25955, CVE-2026-25954,...

9.8CVSS5.9AI score0.00599EPSS
Exploits10References12
NVD
NVD
added 2026/03/13 7:55 p.m.8 views

CVE-2026-32425

Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Pix For GiveWP: from n/a through = 2.2.3...

5.3CVSS0.00214EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:53 p.m.5 views

CVE-2025-13718

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors...

7.5CVSS0.00183EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 6:33 p.m.3 views

CVE-2025-13718

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors...

3.7CVSS5.8AI score0.00183EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.9 views

PT-2026-25340

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...

3.1CVSS5.8AI score0.00205EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.5 views

PT-2026-25347

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token...

5.3CVSS5.8AI score0.00166EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/12 1:41 a.m.24 views

CVE-2025-59388 Hyper Data Protector

A use of hard-coded password vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the vulnerability in the following version: Hyper Data Protector 2.3.1.455 and later...

8.7CVSS0.00474EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/10 6:6 p.m.6 views

CVE-2026-31797 iccDEV has a heap out-of-bounds read in CTiffImg::ReadLine()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CTiffImg::ReadLine when iccApplyProfiles processes a crafted TIFF image, causing memory disclosure or crash. This vulnerability is fixed in 2.3.1.5...

6.1CVSS5.8AI score0.0015EPSS
Exploits0References4
OSV
OSV
added 2026/03/09 5:24 p.m.1 views

GHSA-9H33-G3WW-MQFF Pocket ID: OAuth redirect_uri validation bypass via userinfo/host confusion

Impact A flaw in callback URL validation allowed crafted redirecturi values containing URL userinfo @ to bypass legitimate callback pattern checks. If an attacker can trick a user into opening a malicious authorization link, the authorization code may be redirected to an attacker-controlled host...

7.1CVSS5.8AI score0.00204EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.6 views

CVE-2026-28683

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, if a malicious authenticated user uploads SVG and creates a hotlink for it, they can achieve stored XSS. This issue has been patched in version 2.2.3...

8.7CVSS5.7AI score0.00189EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/06 9:19 p.m.4 views

CVE-2026-30242

Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks ip.isloopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses 10.x.x.x, 172.16.x.x...

8.5CVSS5.8AI score0.00284EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 4:45 a.m.2 views

CVE-2026-29084 Gokapi: CSRF in Login Endpoint

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the login flow accepts credential-bearing requests without CSRF protection mechanisms tied to the browser session context. The handler parses form values directly and creates a...

4.6CVSS5.7AI score0.00076EPSS
Exploits0References2
OSV
OSV
added 2026/03/06 4:45 a.m.8 views

CVE-2026-29061 Gokapi: Privilege escalation via incomplete API-key permission revocation on user rank demotion

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a privilege escalation vulnerability in the user rank demotion logic allows a demoted user's existing API keys to retain ApiPermManageFileRequests and ApiPermManageLogs permission...

5.4CVSS5.7AI score0.00116EPSS
Exploits0References4
NVD
NVD
added 2026/03/05 7:16 p.m.9 views

CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

9.8CVSS0.22162EPSS
Exploits13References1
CVE
CVE
added 2026/03/05 6:58 p.m.54 views

CVE-2026-28222

Wagtail CVE-2026-28222 is a stored XSS affecting TableBlock in StreamField. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, an attacker with page creation/edit permissions could craft TableBlock class attributes that render arbitrary JavaScript when viewed by higher-privilege users. This is not...

6.1CVSS5.8AI score0.00418EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2026/03/03 11:15 p.m.12 views

CVE-2026-26279

Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code == instead of = completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings in the...

9.1CVSS0.00802EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/03 10:31 p.m.8 views

EUVD-2026-9340

Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code == instead of = completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings in the...

9.1CVSS6.2AI score0.00802EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/03 10:31 p.m.5 views

CVE-2026-26279 Froxlor Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection

Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code == instead of = completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings in the...

9.1CVSS6.2AI score0.00802EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/03 7:48 p.m.28 views

CVE-2025-14604 The following vulnerabilities, which may affect IBM Storage Scale when a directory has a specific ACL composition and could lead to improper execute permissions, have been remediated in Storage Scale versions 5.2.3.6 and 6.0.0.2

IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors...

6.6CVSS0.00132EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/03 2:39 a.m.3 views

CVE-2025-47147

Cleartext Storage of Sensitive Information CWE-312 in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration. This issue affects Command Centre Mobile...

5.7CVSS6AI score0.00071EPSS
Exploits0References1
Rows per page
Query Builder