Lucene search
K

1319 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in glib2.0

A flaw was discovered in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, resulting in a denial of service...

7.5CVSS6.8AI score0.00768EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.9 views

CVE-2026-6391 Sentence To SEO (keywords, description and tags) <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page Parameters

The Sentence To SEO keywords, description and tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the createadminpage function. This makes it possible for unauthenticated attackers...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/19 6:4 a.m.53 views

CVE-2026-8830 Keycloak: org.keycloak/keycloak-services: keycloak: policy bypass during webauthn credential registration via client-side javascript manipulation

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

4.3CVSS0.00392EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/19 12:0 a.m.12 views

EUVD-2026-30945

The LalanaChami Pharmacy Management System commit 5c3d028 allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body...

5.8AI score0.00476EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 12:0 a.m.47 views

CVE-2026-31070

The LalanaChami Pharmacy Management System commit 5c3d028 allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body...

0.00476EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.18 views

PT-2026-41943

Name of the Vulnerable Software and Affected Versions LalanaChami Pharmacy Management System version 5c3d028 Description Unauthenticated remote attackers can escalate privileges by self-assigning an administrative role during the registration process. This occurs because the '/api/user/signup'...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.11 views

Mattermost doesn't validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an authenticated attacker to bypass token rotation and reuse the original invite token via sending a craft...

4.3CVSS5.8AI score0.00142EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2026/05/18 8:7 a.m.45 views

CVE-2026-4286 Playbooks Plugin fails to validate team transfers, allowing unauthorized removal of member access via playbook update

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

3.1CVSS0.00143EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 8:7 a.m.9 views

CVE-2026-4286 Playbooks Plugin fails to validate team transfers, allowing unauthorized removal of member access via playbook update

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

3.1CVSS5.8AI score0.00143EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/18 7:8 a.m.12 views

EUVD-2026-30744

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive folder...

4.3CVSS5.8AI score0.0024EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/16 5:23 a.m.4 views

Improper Input Validation

github.com/free5gc/udm is vulnerable to improper input validation. The vulnerability is due to the UDM component failing to validate the SUPI path parameter in multiple nudm-sdm GET handlers, which allows an unauthenticated attacker to inject control characters, forward malformed requests to the...

8.7CVSS5.8AI score0.00324EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:55 p.m.21 views

@utcp/http: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

Summary The @utcp/http package is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual validates the discovery URL against an HTTPS / loopback allowlist, but callTool reuses the resolved...

4.7CVSS6AI score0.00122EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/14 4:24 p.m.6 views

GHSA-MGQ6-4X29-88R3 Portainer's Kubernetes middleware continues after token validation failure, bypassing endpoint authorization

Summary Portainer proxies requests to Kubernetes clusters through a middleware layer kubeClientMiddleware that validates the requesting user's token before forwarding traffic to the cluster. When security.RetrieveTokenData returned an error, the middleware wrote an HTTP 403 response but was missi...

8.1CVSS5.9AI score0.00335EPSS
Exploits1References4
Snyk
Snyk
added 2026/05/13 3:29 p.m.7 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop through insufficient validation and missing safety mechanisms during symlink resolution. An attacker can cause infinite loops and resource exhaustion by providing crafted or malformed input that triggers uncontrolled...

7.5CVSS5.8AI score0.00295EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/08 6:51 p.m.6 views

CVE-2026-29201

Insufficient input validation of the feature file name in feature::LOADFEATUREFILE adminbin call can cause arbitrary file read when a relative file path is passed...

8.6CVSS5.9AI score0.00435EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/07 6:15 p.m.18 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References8
Redos
Redos
added 2026/05/07 12:0 a.m.15 views

ROS-20260507-73-0003

Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

5.3CVSS5.8AI score0.00402EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.17 views

PT-2026-38404

Name of the Vulnerable Software and Affected Versions css parser versions prior to 1.22.0 css parser versions prior to 2.1.0 Description The software fails to validate HTTPS connections when loading stylesheets, which allows a Man-in-the-Middle MITM attacker to inject or modify CSS content. This...

5.8CVSS5.8AI score0.00146EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/05/06 7:16 p.m.9 views

CVE-2026-7990

Insufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Medium...

7.8CVSS5.8AI score0.00112EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/05 9:23 a.m.14 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References8
Rows per page
Query Builder