Lucene search
K

1754 matches found

Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.6 views

PT-2026-33805

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...

6.7CVSS6.1AI score0.01159EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/18 1:16 a.m.5 views

CVE-2026-35582

Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The INFILEENDING and...

8.8CVSS5.9AI score0.00861EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/17 1:45 p.m.4 views

CVE-2026-6491

A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function imminposvec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached...

5.3CVSS5.6AI score0.0016EPSS
Exploits0References7
CVE
CVE
added 2026/04/17 1:45 p.m.14 views

CVE-2026-6491

Affected software and component: libvips (up to 8.18.2), specifically the nip2 Handler’s function im_minpos_vec in libvips/deprecated/vips7compat.c. Root cause / vulnerability: manipulation of the argument n leads to a heap-based buffer overflow. Impact (as stated): local attack feasibility with ...

5.3CVSS5.9AI score0.0016EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/04/17 1:45 p.m.9 views

CVE-2026-6491

A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function imminposvec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached...

5.3CVSS5.3AI score0.0016EPSS
Exploits0
EUVD
EUVD
added 2026/04/17 12:31 p.m.4 views

EUVD-2025-209523

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access...

6.6CVSS5.8AI score0.00354EPSS
Exploits0References2
NVD
NVD
added 2026/04/17 12:16 p.m.5 views

CVE-2025-46606

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 8.4 through 8.5 contain an improper restriction of excessive authentication attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading...

7.2CVSS0.00368EPSS
Exploits0References1
CVE
CVE
added 2026/04/17 11:36 a.m.10 views

CVE-2025-46606

Dell PowerProtect Data Domain with DD OS Feature Release versions 8.4–8.5 are affected by an improper restriction of excessive authentication attempts, which could allow a high-privilege attacker with remote access to gain unauthorized access. The vulnerability details, including affected product...

7.2CVSS5.8AI score0.00368EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/17 11:13 a.m.3 views

CVE-2025-46607

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access...

6.6CVSS5.8AI score0.00368EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.9 views

Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞

Dell PowerProtect Data Domain Dell PowerProtect DD is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. There are security vulnerabilities in the Dell PowerProtect Data Domain Dell PowerProtect DD versions 8.4 to 8.5...

7.2CVSS5.8AI score0.00314EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.8 views

PT-2026-33440

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain with Data Domain Operating System DD OS versions 8.4 through 8.5 Description A session fixation issue exists where a high privileged attacker with remote access could potentially gain unauthorized access...

7.2CVSS5.8AI score0.00314EPSS
Exploits0References4
CBLMariner
CBLMariner
added 2026/04/16 2:25 a.m.7 views

CVE-2026-1965 affecting package curl for versions less than 8.11.1-6

CVE-2026-1965 affecting package curl for versions less than 8.11.1-6. A patched version of the package is available...

6.5CVSS5.7AI score0.00259EPSS
Exploits0
EUVD
EUVD
added 2026/04/15 6:31 p.m.3 views

EUVD-2026-22895

Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio AB Testing: from n/a through = 8.2.8...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.7 views

PT-2026-33045

Name of the Vulnerable Software and Affected Versions Nelio AB Testing versions prior to 8.2.9 Description Nelio AB Testing contains a missing authorization flaw that allows the exploitation of incorrectly configured access control security levels. Recommendations Update to a version newer than...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.11 views

WordPress plugin Element Pack Elementor Addons 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

7.6CVSS5.9AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/04/14 10:16 p.m.6 views

CVE-2025-15565

The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the redirect function in all versions up to, and including, 8.3.0. This makes it possible for unauthenticated attackers to mark pending WooCommerce orders as paid/completed...

5.3CVSS0.00189EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 9:26 p.m.11 views

CVE-2025-15565

The Nexi XPay plugin for WordPress (all versions up to and including 8.3.0) is vulnerable to unauthorized data modification due to missing authorization checks on the redirect function. This allows unauthenticated attackers to mark pending WooCommerce orders as paid or completed. CVSS 3.1 base sc...

5.3CVSS5.8AI score0.00189EPSS
Exploits0References2
OSV
OSV
added 2026/04/14 8:1 p.m.5 views

GHSA-6QVV-PJ99-48QM @adonisjs/http-server has an Open Redirect vulnerability

Impact The response.redirect.back method in @adonisjs/http-server is vulnerable to open redirects. The method reads the Referer header from the incoming HTTP request and redirects to that URL without validating the host. An attacker who can influence the Referer header for example, by linking a...

6.1CVSS5.7AI score0.00248EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/04/14 5:2 p.m.89 views

Teslav8sandboxescape

Te...

5.8AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2026/04/14 5:0 p.m.136 views

2026-04 .NET 8.0.26 Security Update for x64 Client (KB5086096)

2026-04 .NET 8.0.26 Security Update for x64 Client KB5086096...

5.8AI score
Exploits0
Rows per page
Query Builder