Lucene search
K

43 matches found

Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56488

Name of the Vulnerable Software and Affected Versions Socket.IO versions 4.1.0 through 6.6.6 Description The Engine.IO protocol v4 polling transport fails to properly close the HTTP response when receiving invalid binary POST requests that use the Content-Type: application/octet-stream header. Th...

7.5CVSS6AI score0.00354EPSS
Exploits0References11
GithubExploit
GithubExploit
added 2026/06/24 12:23 p.m.92 views

Exploit for CVE-2026-48908

CVE-2026-48908 — SP Page Builder Unauthenticated RCE SP Pag...

10CVSS6.2AI score0.01569EPSS
Exploits6
Cvelist
Cvelist
added 2026/06/20 11:57 a.m.60 views

CVE-2026-48908 Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2

A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code...

10CVSS0.01569EPSS
Exploits6References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.8 views

PT-2026-49369

Shop manager PHP Object Injection in CTX Feed = 6.6.26 versions...

7.2CVSS5.3AI score0.00446EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:17 p.m.13 views

CVE-2026-48011

Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.18 and 6.7.10.1 fix the issue...

3.7CVSS0.00223EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.21 views

PT-2026-48561

Name of the Vulnerable Software and Affected Versions Pi-hole FTL versions prior to 6.6.1 Description A race condition exists in the HTTP session management subsystem of the embedded CivetWeb-based web server. This issue was introduced during the v6.0 rewrite of the server engine. Recommendations...

8.8CVSS5.2AI score0.0023EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.2 views

CVE-2026-35520

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DHCP lease time configuration parameter dhcp.leaseTime. This vulnerability allows an...

8.8CVSS6.2AI score0.00701EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/07 3:18 p.m.24 views

CVE-2026-35519 Pi-hole FTL affected by Remote Code Execution (RCE) via dns.hostRecord Newline Injection

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS host record configuration parameter dns.hostRecord. This vulnerability allows an...

8.8CVSS0.00537EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/31 3:17 p.m.27 views

CVE-2026-34221 MikroORM has Prototype Pollution in Utils.merge

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, a prototype pollution vulnerability exists in the Utils.merge helper used internally by MikroORM when merging object structures. The function did not prevent...

8.3CVSS0.00377EPSS
Exploits0References1
OSV
OSV
added 2026/03/12 9:47 p.m.4 views

CVE-2026-32612 Statamic: privilege escalation via stored cross-site scripting

Statamic is a Laravel and Git powered content management system CMS. Prior to 6.6.2, stored XSS in the control panel color mode preference allows authenticated users with control panel access to inject malicious JavaScript that executes when a higher-privileged user impersonates their account. Th...

5.4CVSS5.7AI score0.0023EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.13 views

PT-2026-25092

Statamic is a Laravel and Git powered content management system CMS. Prior to 6.6.2, stored XSS in the control panel color mode preference allows authenticated users with control panel access to inject malicious JavaScript that executes when a higher-privileged user impersonates their account. Th...

5.4CVSS5.7AI score0.0023EPSS
Exploits2References10
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.5 views

CVE-2026-25590

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6...

6.1CVSS5.9AI score0.00169EPSS
Exploits0References1
OSV
OSV
added 2026/03/04 3:16 p.m.4 views

UBUNTU-CVE-2026-23233

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid mapping wrong physical block for swapfile Xiaolong Guo reported a f2fs bug in bugzilla 1 1 https://bugzilla.kernel.org/showbug.cgi?id=220951 Quoted: "When using stress-ng's swap stress test on F2FS filesystem...

7.8CVSS5.6AI score0.0016EPSS
Exploits0References16
NVD
NVD
added 2026/01/22 5:16 p.m.4 views

CVE-2026-22461

Missing Authorization vulnerability in WebAppick CTX Feed webappick-product-feed-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CTX Feed: from n/a through = 6.6.18...

5.3CVSS0.00314EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2025/12/15 4:3 p.m.3 views

CVE-2025-40331 affecting package kernel for versions less than 6.6.117.1-1

CVE-2025-40331 affecting package kernel for versions less than 6.6.117.1-1. An upgraded version of the package is available that resolves this issue...

6.8AI score0.00209EPSS
Exploits0
EUVD
EUVD
added 2025/12/10 9:31 p.m.7 views

EUVD-2025-202604

External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access...

5CVSS5.6AI score0.00123EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.6 views

Zoom Rooms for Windows 安全漏洞

Zoom Rooms for Windows is a conference room software from Zoom USA. A security vulnerability exists in Zoom Rooms for Windows prior to version 6.6.0, which stems from a failure in the software's downgrade protection mechanism and could lead to elevation of privilege via local access by an...

7.8CVSS6.6AI score0.00141EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 5:18 p.m.24 views

CVE-2025-57823

A direct request 'forced browsing' vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and...

2.7CVSS0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 5:18 p.m.3 views

CVE-2025-57823

A direct request 'forced browsing' vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and...

2.7CVSS6.2AI score0.00202EPSS
Exploits0References1
OSV
OSV
added 2025/11/12 10:15 p.m.6 views

AZL-70109 CVE-2025-40193 affecting package kernel for versions less than 6.6.117.1-1

In the Linux kernel, the following vulnerability has been resolved: xtensa: simdisk: add input size check in procwritesimdisk A malicious user could pass an arbitrarily bad value to memdupusernul, potentially causing kernel crash. This follows the same pattern as commit ee76746387f6 "netdevsim:...

5.6AI score0.00187EPSS
Exploits0References1
Rows per page
Query Builder