Lucene search
K

5917 matches found

EUVD
EUVD
added 4 hours ago4 views

EUVD-2026-41439

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemblev2incomingfragments would ignore unknown outer payloads but still store these in a fixed size array msgdigest.digestPAYLIMIT...

7.5CVSS6.4AI score
Exploits0References3
EUVD
EUVD
added 4 hours ago5 views

EUVD-2026-41441

Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...

8.1CVSS6.3AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-50721

Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...

8.1CVSS6.3AI score
Exploits0References5
CVE
CVE
added yesterday8 views

CVE-2026-50721

CVE-2026-50721 concerns Libreswan where the function RSA_authenticate_hash_signature_raw_rsa() does not properly verify the authentication hash length when the SIG payload of an IKEv1 packet is encoded using PKCS#1 RSA Encryption per RFC 2313. This enables a remote attacker to leverage a Bleichen...

8.1CVSS6.3AI score
Exploits0References4
NVD
NVD
added yesterday5 views

CVE-2026-57764

Contributor Cross Site Scripting XSS in Surbma | Yoast SEO Breadcrumb Shortcode = 1.2 versions...

6.5CVSS
Exploits0References1
Nuclei
Nuclei
added yesterday11 views

Dify User Enumeration via Observable Response Discrepancy

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue. id: CVE-2026-28288 info: name: Dify User Enumeratio...

6.9CVSS5.8AI score0.00635EPSS
Exploits1References2
CVE
CVE
added 3 days ago7 views

CVE-2026-13841

CVE-2026-13841 affects Google Chrome components using Skia . The issue is an integer overflow in Skia that, on Chrome builds prior to 150.0.7871.47 , could allow a remote attacker who already compromised the renderer process to perform a sandbox escape via a crafted HTML page . The explicit impac...

8.3CVSS5.9AI score0.0026EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 3 days ago4 views

EUVD-2025-210372

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue...

5.4CVSS5.7AI score0.00348EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-13579

A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /patientchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be launched remotely. The...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-13559 code-projects Real State Services single-list_sale.php add sql injection

A weakness has been identified in code-projects Real State Services 1.0. Impacted is an unknown function of the file /single-listsale.php?action=add. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...

7.5CVSS0.00412EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-13550 itsourcecode Baptism Information Management System delbaptism.php sql injection

A weakness has been identified in itsourcecode Baptism Information Management System 1.0. The impacted element is an unknown function of the file /delbaptism.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been mad...

7.5CVSS0.00263EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40051

A security flaw has been discovered in CodeAstro Complaint Management System 1.0. The affected element is the function deletereport of the file application/controllers/Report.php of the component Report Endpoint. The manipulation results in authorization bypass. The attack can be executed remotel...

6.4CVSS5.8AI score0.00293EPSS
Exploits0References6
Patchstack
Patchstack
added last week6 views

WordPress Child theme Wizard plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Child Theme Wizard versions = 1.4...

8.2CVSS5.8AI score0.00112EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.7 views

PT-2026-52825

Name of the Vulnerable Software and Affected Versions Child Theme Wizard versions 1.4 and earlier Description An unauthenticated Cross Site Request Forgery CSRF exists, which allows attackers to force users to execute unwanted actions. CSRF is a type of attack that tricks a victim into submitting...

8.2CVSS5.8AI score0.00112EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 8:13 p.m.6 views

EUVD-2026-39557

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This...

8.8CVSS6.1AI score0.00385EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 1:11 p.m.4 views

OESA-2026-2709 flatpak security update

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Every Flatpak app is able to read and write arbitrary files on the host and execute code in the host context,...

10CVSS6.1AI score0.0168EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 5:33 a.m.12 views

CVE-2026-8622

The CVE-2026-8622 entry concerns the WordPress plugin Image Sizes on Demand (versions affected: all up to and including 1.3). The vulnerability is a Reflected Cross-Site Scripting (XSS) via the PHP_SELF server variable caused by insufficient input sanitization and output escaping. It allows unaut...

6.1CVSS6AI score0.00168EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51738

Name of the Vulnerable Software and Affected Versions upKeeper Instant Privilege Access versions prior to 1.6.2 Description Improper output neutralization for logs in upKeeper Instant Privilege Access on Windows enables Log Injection, Tampering, and Forging. This occurs when the application fails...

7.9CVSS5.8AI score0.00264EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/06/23 4:37 p.m.5 views

WordPress MP Customize Login Page plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin MP Customize Login Page versions = 1.0...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/23 3:40 p.m.5 views

CVE-2026-54310

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the...

6.5CVSS6AI score0.00394EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder