Lucene search
+L

552 matches found

OSV
OSV
added yesterday12 views

ROOT-OS-DEBIAN-12-CVE-2025-39931 CVE-2025-39931 in rootio-linux - Patched by Root

Root has patched CVE-2025-39931 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

5.5CVSS6.5AI score0.00143EPSS
Exploits0
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-48016 Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the Store API endpoint /store-api/handle-payment in src/Core/Checkout/Payment/SalesChannel/HandlePaymentMethodRoute.php accepts a user-controlled orderId and forwards it to src/Core/Checkout/Payment/PaymentProcessor.php witho...

4.3CVSS0.00238EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-54496

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad 5.0.0, halo2gadgets 0.5.0, orchard 0.14.0, zcashprimitives 0.28.0, and zcashd 6.20.0, the variable-base scalar multiplication gadget in halo2gadgets/src/ecc/chip/mul/incomplete.rs used assignadvice for the base point without a copy...

9.3CVSS5.4AI score0.00315EPSS
Exploits0References8Affected Software5
OSV
OSV
added 2 days ago4 views

ROOT-OS-UBUNTU-2404-CVE-2025-39961 CVE-2025-39961 in rootio-linux - Patched by Root

Root has patched CVE-2025-39961 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

4.7CVSS8.2AI score0.00101EPSS
Exploits0
OSV
OSV
added 3 days ago4 views

CVE-2026-44595 Yamcs: Unauthorized user enumeration via IAM API endpoints

Yamcs is a mission control framework. Prior to 5.12.7, the IAM API endpoints listUsers, getUser, listGroups, and getGroup in yamcs-core did not enforce the required SystemPrivilege.ControlAccess check in yamcs-core/src/main/java/org/yamcs/http/api/IamApi.java, so any authenticated user, even one...

4.3CVSS6.1AI score0.01008EPSS
Exploits3References7
CVE
CVE
added 4 days ago36 views

CVE-2026-49445

Cilium CVE-2026-49445 : When L7 is enabled, embedded or standalone Envoy creates a world-accessible admin.sock on cluster nodes, enabling a local attacker to access Envoy admin endpoints, potentially expose TLS secrets, disrupt traffic, or terminate Envoy. Affected are Cilium releases prior to 1....

9.2CVSS6.1AI score0.00164EPSS
Exploits0References6Affected Software1
NVD
NVD
added 5 days ago3 views

CVE-2026-45068

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, SendmailTransport in -t mode appended recipient addresses to the sendmail command line without a -- end-of-options separator, allowing an address beginnin...

8.7CVSS0.00399EPSS
Exploits0References6
CVE
CVE
added 5 days ago33 views

CVE-2026-48068

The CVE-2026-48068 entry concerns @grpc/grpc-js (Pure JavaScript gRPC implementation). The issue is triggered by an invalid incoming HTTP/2 stream initiation, which can cause the server process created by @grpc/grpc-js to crash. Affected versions are pre-fix: 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13...

7.5CVSS6.1AI score0.00625EPSS
Exploits0References13
NVD
NVD
added 5 days ago4 views

CVE-2026-45304

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser resolved YAML collection aliases recursively, allowing a small untrusted YAML input to expand into a multi-gigabyte structur...

8.7CVSS0.00804EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-45133 Symfony: [Yaml] Harden the parser when handling untrusted input

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, when the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level Parser::parseBlock and inline...

8.2CVSS0.00691EPSS
Exploits0References5
NVD
NVD
added 5 days ago5 views

CVE-2026-45066

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs through allowLinkHosts or allowMediaHosts because UrlSanitizer::parse follows RFC 3986...

6.1CVSS0.0029EPSS
Exploits0References5
OSV
OSV
added 5 days ago5 views

ROOT-OS-UBUNTU-2204-CVE-2022-50322 CVE-2022-50322 in rootio-linux - Patched by Root

Root has patched CVE-2022-50322 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

5.5CVSS5.4AI score0.00143EPSS
Exploits0
OSV
OSV
added 5 days ago6 views

ROOT-OS-UBUNTU-2204-CVE-2026-53001 CVE-2026-53001 in rootio-linux - Patched by Root

Root has patched CVE-2026-53001 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

5.5CVSS5.8AI score0.00122EPSS
Exploits0
OSV
OSV
added 5 days ago5 views

ROOT-OS-UBUNTU-2204-CVE-2024-46820 CVE-2024-46820 in rootio-linux - Patched by Root

Root has patched CVE-2024-46820 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

7.8CVSS7.9AI score0.00231EPSS
Exploits0
OSV
OSV
added 5 days ago7 views

ROOT-OS-UBUNTU-2204-CVE-2025-39898 CVE-2025-39898 in rootio-linux - Patched by Root

Root has patched CVE-2025-39898 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

8.2AI score
Exploits0
OSV
OSV
added 2026/07/12 3:45 a.m.5 views

CVE-2026-15477 Bahmni bahmnicore Search Endpoint sql additionalParams sql injection

A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely...

5.3CVSS5.9AI score0.00319EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/10 8:15 p.m.31 views

CVE-2026-57212 RabbitMQ management HTTP API accepts request bodies larger than configured max_http_body_size

RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmqmanagement HTTP API accepts oversized valid JSON bodies on withdecode and directrequest paths because readcompletebody checks the accumulated size before the final chunk but not the final combin...

7.1CVSS0.00404EPSS
Exploits1References6
CVE
CVE
added 2026/07/10 5:22 p.m.17 views

CVE-2026-56665

ZITADEL's external JWT Identity Provider validation (internal/idp/providers/jwt/session.go) does not enforce expiration when an incoming token omits the exp claim, causing tokens from trusted issuers to be treated as valid without an automatic expiration window. Affected releases: 3.0.0-rc.1 thro...

4.2CVSS6.1AI score0.00167EPSS
Exploits0References5
NVD
NVD
added 2026/07/09 10:17 p.m.9 views

CVE-2026-53962

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, insufficient SVG sanitization in upload and user avatar handling could lead to cross-site scripting when a user visited specific URLs that are not normally part of community browsing. This issue ...

5.4CVSS0.0027EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/07/09 10:3 p.m.7 views

CVE-2026-44787

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primarygroupid and gain whisper-group privileges without legitimate group membership on sites with whispersallowedgroups configured. This...

8.2CVSS6AI score0.00267EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder