Lucene search
K

1756 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/29 4:47 p.m.2 views

CVE-2026-6914

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

7.1CVSS5.2AI score0.00255EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/29 2:49 p.m.6 views

CVE-2026-40742

Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio AB Testing: from n/a through = 8.2.8...

5.3CVSS5.1AI score0.00187EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/27 12:0 a.m.4 views

CVE-2024-46636

NASA Earth Observing System Data and Information System EOSDIS MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter...

5.6AI score0.00331EPSS
Exploits1References3
Fedora
Fedora
added 2026/04/25 1:56 a.m.7 views

[SECURITY] Fedora 44 Update: awstats-8.0-4.fc44

Advanced Web Statistics is a powerful and full-featured tool that generates advanced web server graphical statistics. This server log analyzer works from the command line or as a CGI and shows all information your log contains, in graphical web pages. It can analyze a lot of web/wap/proxy servers...

7.8CVSS5.3AI score0.01046EPSS
Exploits1
Fedora
Fedora
added 2026/04/25 1:56 a.m.7 views

[SECURITY] Fedora 44 Update: curl-8.18.0-6.fc44

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

7.5CVSS7.8AI score0.00715EPSS
Exploits4
EUVD
EUVD
added 2026/04/24 2:5 a.m.4 views

EUVD-2026-25377

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxysectionsave function in app/routes/config/routes.py. The serverip parameter, sourced from the URL path, is passed unsanitized through...

9.3CVSS6.2AI score0.00352EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.13 views

Roxy-WI 路径遍历漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions prior to Roxy-WI 8.2.6.4 contained a path traversal vulnerability, which stemmed from a vulnerability in the oldconfig parameter of the haproxysectionsave interface, allowing arbitrary...

8.7CVSS5.9AI score0.00428EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

Rocket.Chat 访问控制错误漏洞

Rocket.Chat is a chat software developed by the Rocket.Chat company. Vulnerabilities in access control existed in versions prior to 8.4.0, 8.3.2, 8.2.2, 8.1.3, 8.0.4, 7.13.6, 7.12.7, 7.11.7, and 7.10.10. These vulnerabilities stem from spelling errors in the permission checks for the /api/apps/lo...

4.3CVSS5.8AI score0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 9:31 p.m.6 views

EUVD-2026-24295

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

4.9CVSS5.7AI score0.00323EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 9:16 p.m.6 views

CVE-2026-35239

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.9CVSS0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/21 7:23 p.m.5 views

CVE-2026-26942

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contains an Improper Neutralization of Special Elements used in an OS Command 'OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command...

7.2CVSS6.1AI score0.00882EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 7:16 a.m.3 views

CVE-2026-6711

The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filterinput without a sanitization filter and insufficient output escaping. This makes it possible for...

6.1CVSS0.00215EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/21 6:43 a.m.3 views

CVE-2026-6711

The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filterinput without a sanitization filter and insufficient output escaping. This makes it possible for...

6.1CVSS5.9AI score0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.7 views

PT-2026-33920

The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filter input without a sanitization filter and insufficient output escaping. This makes it possible for...

6.1CVSS5.9AI score0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.12 views

PT-2026-34093

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Portal. Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools...

6.1CVSS5.8AI score0.00179EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/21 12:0 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. This is only exploitable if the...

6.9CVSS7.7AI score0.00323EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.5 views

CVE-2026-35582

Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The INFILEENDING and...

8.8CVSS5.9AI score0.00861EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/20 4:34 p.m.5 views

CVE-2026-26942

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contains an Improper Neutralization of Special Elements used in an OS Command 'OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command...

6.7CVSS6.1AI score0.00882EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/20 4:34 p.m.4 views

CVE-2026-26942

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contains an Improper Neutralization of Special Elements used in an OS Command 'OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command...

6.7CVSS6.1AI score0.00882EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/20 12:0 a.m.7 views

WordPress Website LLMs.txt plugin <= 8.2.6 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Website LLMs.txt versions = 8.2.6...

6.1CVSS5.8AI score0.00215EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder