Lucene search
K

162513 matches found

Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.8 views

Visual Studio Code Elevation of Privilege Vulnerability

Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

8.1CVSS5.5AI score0.00671EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/09 1:23 p.m.8 views

CVE-2026-47899 Arbitrary File Read, Write, Rename, and Delete in Logseq

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer e.g. via XSS or a malicious plugin, can read, write, or delete arbitrary files on the user's...

8.7CVSS5.8AI score0.00137EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/06/09 1:20 p.m.12 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues The following security issues were fixed: CVE-2026-23271: perf: Fix perfeventoverflow vs perfremovefromcontext race bsc1260018. CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache bsc1261638...

8.8CVSS5.6AI score0.00563EPSS
Exploits5References38
Cvelist
Cvelist
added 2026/06/09 12:36 p.m.28 views

CVE-2026-46332 greybus: gb-beagleplay: bound bootloader receive buffering

In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound bootloader receive buffering cc1352bootloaderrx appends each serdev chunk into the fixed rxbuffer before parsing bootloader packets. The helper can keep leftover bytes between callbacks and may recei...

8CVSS0.00193EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 11:54 a.m.14 views

CVE-2026-46739

A flaw was found in perl-Net-Statsd. This vulnerability allows an attacker to inject additional statsd metrics due to insufficient validation of metric names and values. Specifically, the software does not properly check for newlines, colons, or pipes in metric names, nor does it ensure that valu...

5.3CVSS5.3AI score0.00258EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.8 views

node-forge: Forge (node-forge): Certificate validation bypass allows unauthorized certificate issuance

A flaw was found in Forge also known as node-forge, a JavaScript implementation of Transport Layer Security TLS. The pki.verifyCertificateChain function does not properly enforce certificate validation rules. This oversight allows an intermediate certificate that lacks specific security extension...

9.1CVSS5.5AI score0.00303EPSS
Exploits1References6
NVD
NVD
added 2026/06/09 11:16 a.m.10 views

CVE-2026-49741

Backend users with write access to the formdefinition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations,...

8.7CVSS0.00244EPSS
Exploits0References3
Veracode
Veracode
added 2026/06/09 9:19 a.m.13 views

Improper Certificate Validation

The LDAP client is vulnerable to Improper Certificate Validation. The vulnerability is due to missing hostname verification during TLS server identity validation, where the LDAP client validates the certificate chain but does not verify that the certificate matches the intended LDAP server...

8.8CVSS5.5AI score0.00182EPSS
Exploits0References2Affected Software1
Ubuntu
Ubuntu
added 2026/06/09 8:38 a.m.18 views

USN-8410-1: shell-quote vulnerability

Akshat Sinha discovered that shell-quote improperly validated object-token inputs. An attacker could possibly use this issue to cause shell-quote to crash, resulting in a denial of service, or execute arbitrary code...

9.2CVSS5.8AI score0.00848EPSS
Exploits1
OSV
OSV
added 2026/06/09 8:38 a.m.7 views

USN-8410-1 node-shell-quote vulnerability

Akshat Sinha discovered that shell-quote improperly validated object-token inputs. An attacker could possibly use this issue to cause shell-quote to crash, resulting in a denial of service, or execute arbitrary code...

9.2CVSS5.8AI score0.00848EPSS
Exploits1References2
CVE
CVE
added 2026/06/09 7:34 a.m.29 views

CVE-2026-34031

CVE-2026-34031 concerns Apache Answer up to version 2.0.0, where the server fails to validate user-supplied image URLs used for profile avatars. This allows embedding arbitrary external content as avatars, potentially enabling unintended external requests and tracking by third-party servers. A fi...

6.5CVSS5.5AI score0.00403EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/09 7:34 a.m.40 views

CVE-2026-34031 Apache Answer: The custom avatar was not properly validated

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The server did not sufficiently validate user-supplied image URLs, allowing arbitrary external content to be embedded as profile images, which could expose users to...

0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 7:34 a.m.7 views

CVE-2026-34031 Apache Answer: The custom avatar was not properly validated

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The server did not sufficiently validate user-supplied image URLs, allowing arbitrary external content to be embedded as profile images, which could expose users to...

5.5AI score0.00403EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 7:34 a.m.8 views

EUVD-2026-35370

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The server did not sufficiently validate user-supplied image URLs, allowing arbitrary external content to be embedded as profile images, which could expose users to...

6.5CVSS5.5AI score0.00403EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 6:0 a.m.12 views

RLSA-2026:22644 Important: samba security update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: group policy certificate enrollment uses http://...

9CVSS5.7AI score0.12797EPSS
Exploits7References4
NVD
NVD
added 2026/06/09 5:16 a.m.15 views

CVE-2026-8902

The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rcoptionspage function. This makes it possible for unauthenticated attackers to modify plugin settings...

4.3CVSS0.00124EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 5:16 a.m.14 views

CVE-2026-8909

The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or incorrect nonce validation on the handleSaveGeneralSettings function. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS0.00128EPSS
Exploits0References4
Veracode
Veracode
added 2026/06/09 5:1 a.m.11 views

DNS Cache Poisoning

Netty is vulnerable to DNS Cache Poisoning. The vulnerability is due to insufficient validation of the bailiwick of NS records in DnsResolveContext, which allows an attacker controlling an authoritative subdomain name server to poison DNS cache entries for parent domains...

10CVSS5.5AI score0.00285EPSS
Exploits0References10Affected Software1
EUVD
EUVD
added 2026/06/09 3:41 a.m.11 views

EUVD-2026-35314

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFootnotesoptionssubpanel function. This makes it possible for unauthenticated attackers to update th...

4.3CVSS5.5AI score0.00145EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/09 3:41 a.m.9 views

EUVD-2026-35307

The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the sixstoragegetuserinfo and sixstorageupdateprofile AJAX actions. This is due to the sixstoragegetUserInfo and...

7.5CVSS5.5AI score0.00403EPSS
Exploits0References11
Rows per page
Query Builder