Lucene search
+L

322 matches found

cvelist
cvelist
added 3 days ago29 views

CVE-2026-59518 WordPress Directorist plugin <= 8.8.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This issue affects Directorist: from n/a through = 8.8.2...

9.8CVSS0.00313EPSS
Exploits0References1
osv
osv
added 6 days ago3 views

CVE-2026-55474 Snipe-IT: Directory traversal in displaySig

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, allowing an authenticated attacker to traverse outside the intended directory and read arbitrary...

7.1CVSS6.2AI score0.00329EPSS
Exploits0References6
cvelist
cvelist
added last week39 views

CVE-2026-60108 Zeek < 8.0.9 Uncontrolled Memory Consumption DoS via FTP Analyzer

Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT control line. Attackers can exploit t...

8.7CVSS0.00436EPSS
Exploits0References3
nessus
nessus
added 2026/06/23 12:0 a.m.10 views

Vertiv Liebert SiteScan Incorrect Authorization (CVE-2024-5539)

CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...

9.2CVSS5.9AI score0.00287EPSS
Exploits0References2
cve
cve
added 2026/06/21 5:30 a.m.23 views

CVE-2026-12780

AOMEI Backupper Kernel Driver amwrtdrv.sys (library within the Kernel Driver) up to version 8.3.0 is affected. The vulnerability enables local privilege escalation via improper access control in amwrtdrv.sys. Exploitation is local and reportedly has public disclosure; no exploit vector details ar...

8.5CVSS6.5AI score0.00111EPSS
Exploits0References5
ossf
ossf
added 2026/05/20 2:10 a.m.9 views

Malicious code in stripe-commands (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 25869cea9557ac431847a2e11b5c78d6da5ee072b1d73f1d0fa6ccc895d2be60 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
cnnvd
cnnvd
added 2026/05/12 12:0 a.m.11 views

Sangoma Technologies Switchvox 安全漏洞

Sangoma Technologies Switchvox is a telephone system developed by Sangoma Technologies in Canada, suitable for businesses of any size. Prior to the version 8.4 of Sangoma Technologies Switchvox, there was a security vulnerability. This vulnerability stemmed from the storage of plaintext SIP...

3.2CVSS5.8AI score0.00095EPSS
Exploits0References1
nessus
nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017672)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017672 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.23 and prior. Easily...

4.9CVSS6.7AI score0.01319EPSS
Exploits0References4
nessus
nessus
added 2026/05/11 12:0 a.m.10 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017790)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017790 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.22 and prior. Easily exploitable...

6.8CVSS6.7AI score0.02157EPSS
Exploits0References4
euvd
euvd
added 2026/05/08 3:56 p.m.11 views

EUVD-2026-28807

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...

6.1CVSS5.9AI score0.00247EPSS
Exploits1References2
fedora
fedora
added 2026/05/07 1:9 a.m.49 views

[SECURITY] Fedora 43 Update: nano-8.5-3.fc43

GNU nano is a small and friendly text editor...

5.5CVSS5.8AI score0.00108EPSS
Exploits0
cnnvd
cnnvd
added 2026/05/06 12:0 a.m.47 views

Gotenberg 参数注入漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg 8.30.1 and earlier contained a parameter injection vulnerability. This vulnerability stemmed from the fact that the metadata writing...

10CVSS5.9AI score0.00611EPSS
Exploits1References1
redhat
redhat
added 2026/05/02 12:23 a.m.9 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: curl: curl-8.20.0-0.1.hum1 aarch64, x8664 libcurl-8.20.0-0.1.hum1 aarch64, x8664 libcurl-devel-8.20.0-0.1.hum1 aarch64, x8664 libcurl-minimal-8.20.0-0.1.hum1 aarch64, x8664 curl-8.20.0-0.1.hum1.s...

7.5CVSS5.8AI score0.00639EPSS
Exploits6References8
euvd
euvd
added 2026/04/24 2:5 a.m.6 views

EUVD-2026-25377

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxysectionsave function in app/routes/config/routes.py. The serverip parameter, sourced from the URL path, is passed unsanitized through...

9.3CVSS6.2AI score0.00352EPSS
Exploits1References2
snyk
snyk
added 2026/04/21 12:0 a.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. This is only exploitable if the...

6.9CVSS7.7AI score0.00323EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/04/17 11:13 a.m.3 views

CVE-2025-46607

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access...

6.6CVSS5.8AI score0.00368EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/04/14 12:0 a.m.6 views

CVE-2026-38533

An improper authorization vulnerability in the /api/v1/users/id endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and account-state fields of other non-admin users via supplying a crafted PUT request...

5.8AI score0.00311EPSS
Exploits2References2
osv
osv
added 2026/04/13 3:17 p.m.5 views

DEBIAN-CVE-2026-30999

A heap buffer overflow in the avbprintfinalize function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via a crafted input...

7.5CVSS6AI score0.00452EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/04/13 12:0 a.m.9 views

Vtiger CRM 安全漏洞

Vtiger CRM is a customer relationship management system developed by Vtiger Corporation in the United States, based on SugarCRM. This system provides functions for managing, collecting, and analyzing customer information. Version Vtiger CRM 8.4.0 has a security vulnerability that stems from...

6.1CVSS5.8AI score0.00163EPSS
Exploits0References2
euvd
euvd
added 2026/04/09 6:31 p.m.7 views

EUVD-2025-209386

An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server...

6.2AI score0.00288EPSS
Exploits0References3
Rows per page
Query Builder