Lucene search
K

7169 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: i2c: validation of user data in compact ioctl commands. Incorrect user data may cause warnings in i2ctransfer. For example, it may result in no messages being sent at all. Userspace should not be able to trigger such warnings...

3.3CVSS5.5AI score0.00233EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

A NULL pointer dereference flaw was discovered in the az6027 driver, located in the file drivers/media/usb/dev-usb/az6027.c within the Linux Kernel. The message from the user space is not properly checked before being transferred to the device. This flaw could allow a local user to crash the syst...

5.5CVSS6.2AI score0.00226EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux - Vulnerability in Golang-1.19

If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates...

5.4CVSS6.6AI score0.00795EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-51003

Name of the Vulnerable Software and Affected Versions Joomla com booking component version 2.4.9 Description An information disclosure issue allows unauthenticated attackers to enumerate user accounts. By exploiting the getUserData function in the customer controller, attackers can send GET...

8.7CVSS5.8AI score0.00346EPSS
Exploits0References10
NVD
NVD
added 2026/06/17 10:16 p.m.13 views

CVE-2026-48820

CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, and 5.3.0 through 5.3.5, View::getElementFileName does not check that the resolved element path is within the application/plugin view template paths...

6.3CVSS0.00258EPSS
Exploits0References1
Rockylinux
Rockylinux
added 2026/06/17 12:3 p.m.7 views

webkit2gtk3 security update

An update is available for webkit2gtk3. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list WebKitGTK is the port of the portable web rendering engine WebKit to the...

8.8CVSS6.7AI score0.00693EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/17 6:0 a.m.27 views

CVE-2026-8383 LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API

The LearnPress WordPress plugin before 4.3.7 does not gate the edit context on one of its REST endpoint behind the editusers capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted...

0.00424EPSS
Exploits0References1
OSV
OSV
added 2026/06/16 12:40 p.m.3 views

BIT-PARSE-2026-53725 Parse Server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1, apps that enable MFA and deny get on the User class via Class-Level Permissions could expose sensitive user data through the /login and /verifyPasswo...

5.9CVSS5.3AI score0.00251EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 4:24 a.m.9 views

Malicious code in @ts-internal/shared-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7afc836ea4b9ecc7e09f0add976470f1b4e253f8b5b53b3ce706889efb349171 The package squats the internal-looking scope @ts-internal/shared-lib on the public npm registry and runs a network beacon both during install...

5.4AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-50139

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description The /api/v1/monitor router exposes seven endpoints that allow read, write, and delete operations on user-owned resources, including messages, sessions, build artifacts, and LLM transaction logs. The...

8.8CVSS5.9AI score0.00291EPSS
Exploits1References7
NVD
NVD
added 2026/06/15 8:16 p.m.10 views

CVE-2026-36537

ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote...

9.8CVSS0.00511EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 3:50 p.m.7 views

MAL-2026-5807 Malicious code in sam-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26e593046a8f405a1a571d19aaa6bd46db57c4a22fce4b9acfc114dd4eb8ffb6 [email protected] is a malicious package whose only purpose is to deliver a prompt-injection payload targeting AI coding assistants Copilot, Cursor,...

5.5AI score
Exploits0References19
OSV
OSV
added 2026/06/15 11:36 a.m.9 views

MAL-2026-5831 Malicious code in unicocheck-ios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bafc91c569cf42c5f1ff68531a8d5238919f595368ffa90b7d4e5bcc74fe9788 package.json declares a preinstall lifecycle script that runs curl against https://webhook.site/fe1246c2-ac04-4493-b223-fe34ba26b79f with query...

5.6AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/15 10:20 a.m.7 views

webkitgtk: An app may be able to access sensitive user data

A flaw was found in WebKitGTK. Processing or loading malicious web content can allow an app to access sensitive user data due to improper data protection...

5.5CVSS5.2AI score0.0014EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/15 7:3 a.m.9 views

YesWiki < 4.6.4 - Unauthenticated SQL Injection

YesWiki before version 4.6.4 contains an unauthenticated SQL injection vulnerability in the Bazar form-import path. The bnidnature parameter in FormManager::create is concatenated into an INSERT statement without sanitization, allowing unauthenticated attackers to inject arbitrary SQL and read th...

5.8AI score0.0004EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49210

BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.6 views

RHEL 8 : webkit2gtk3 (RHSA-2026:25918)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25918 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...

8.8CVSS5.6AI score0.00693EPSS
Exploits0References34
Snyk
Snyk
added 2026/06/12 8:12 p.m.6 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the handleLogIn and verifyPassword user...

8.2CVSS5.4AI score0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.10 views

CVE-2025-46315

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data...

7.5CVSS0.0027EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 7:16 p.m.9 views

CVE-2025-30459

A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data...

5.5CVSS0.00122EPSS
Exploits0References1
Rows per page
Query Builder