Lucene search
K

4789 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: hibernate (UTSA-2026-016690)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016690 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...

6.5CVSS6.8AI score0.02126EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.12 views

PT-2026-42777

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...

5.9CVSS5.8AI score0.00346EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 7:29 p.m.6 views

CVE-2026-4843

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.8AI score0.00192EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/21 7:29 p.m.10 views

CVE-2026-4843 GSheet For Woo Importer <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Reset

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.8AI score0.00192EPSS
Exploits0References2
CVE
CVE
added 2026/05/21 7:29 p.m.22 views

CVE-2026-4843

The CVE-2026-4843 entry concerns the WordPress plugin “GSheet For Woo Importer.” All versions up to 2.3.1 are affected by a missing capability check in process_ajax_restore_action(), enabling authenticated users with Subscriber-level access or higher to delete the plugin’s Google Sheets API token...

4.3CVSS5.8AI score0.00192EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Networking. The supported versions affected by this vulnerability include Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle...

6.1CVSS5.6AI score0.00261EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The supported versions affected by this vulnerability include Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0....

7.4CVSS6.9AI score0.00911EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/19 10:19 a.m.10 views

Insufficient Granularity of Access Control

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Insufficient Granularity of Access Control via the user handler in the resource account service. An attacker...

5.3CVSS5.9AI score0.0037EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.15 views

SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2026:1955-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1955-1 advisory. This update for java-180-openjdk fixes the following issues - CVE-2026-22007: APIs in the specified component can lead to an...

7.5CVSS5.9AI score0.00702EPSS
Exploits0References22
NVD
NVD
added 2026/05/18 8:16 p.m.19 views

CVE-2026-21789

HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios...

4.6CVSS0.00122EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 7:17 p.m.10 views

CVE-2026-21789 HCL Connections is vulnerable to broken access control

HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios...

4.6CVSS5.8AI score0.00122EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/18 7:17 p.m.10 views

CVE-2026-21789

HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios...

4.6CVSS5.8AI score0.00122EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/18 7:17 p.m.17 views

CVE-2026-21789

CVE-2026-21789 affects HCL Connections and describes a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios. The CVSS 3.1 base score is 4.6 (MEDIUM) with a vector: AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N, indicating network attack with low privil...

4.6CVSS5.8AI score0.00122EPSS
Exploits0References1
OSV
OSV
added 2026/05/18 5:39 a.m.6 views

BIT-ETCD-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.9 views

HCL Connections 安全漏洞

HCL Connections is a corporate collaboration platform developed by the Indian company HCL. There is a security vulnerability in HCL Connections, which stems from ineffective access control. This vulnerability may allow unauthorized users to update data in certain scenarios...

4.6CVSS5.8AI score0.00122EPSS
Exploits0References1
NVD
NVD
added 2026/05/17 1:16 p.m.27 views

CVE-2018-25334

Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...

5.4CVSS0.00145EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/17 12:12 p.m.52 views

CVE-2018-25334 Zechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag parameter

Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...

5.4CVSS0.00145EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:12 p.m.15 views

CVE-2018-25334

Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...

5.4CVSS5.8AI score0.00145EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/17 12:12 p.m.24 views

CVE-2018-25334

CVE-2018-25334 concerns Zechat 1.5 with a Cross-Site Request Forgery (CSRF) vulnerability that can bypass anti-CSRF protections via the hashtag parameter, enabling an attacker to induce unauthorized changes to user data. The root cause is described as exploitation of a CSRF token mechanism when a...

5.4CVSS5.8AI score0.00145EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.10 views

SUSE CVE-2026-44283

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References3
Rows per page
Query Builder