Lucene search
K

1754 matches found

Vulnrichment
Vulnrichment
added 2026/04/14 12:0 a.m.6 views

CVE-2026-38533

An improper authorization vulnerability in the /api/v1/users/id endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and account-state fields of other non-admin users via supplying a crafted PUT request...

5.8AI score0.00311EPSS
Exploits2References2
EUVD
EUVD
added 2026/04/13 3:31 p.m.3 views

EUVD-2026-21976

A heap buffer overflow in the avbprintfinalize function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via a crafted input...

7.5CVSS6AI score0.00452EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/13 3:31 p.m.5 views

EUVD-2026-21974

An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via supplying a crafted input file...

7.5CVSS5.8AI score0.004EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/13 3:31 p.m.3 views

EUVD-2026-21972

An out-of-bounds read in the readglobalparam function libavcodec/av1dec.c of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via a crafted input...

7.5CVSS5.8AI score0.00337EPSS
Exploits1References3
OSV
OSV
added 2026/04/13 3:17 p.m.4 views

DEBIAN-CVE-2026-30999

A heap buffer overflow in the avbprintfinalize function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via a crafted input...

7.5CVSS6AI score0.00452EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/04/13 3:17 p.m.8 views

CVE-2026-30997

An out-of-bounds read in the readglobalparam function libavcodec/av1dec.c of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via a crafted input...

7.5CVSS5.8AI score0.00337EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.8 views

Vtiger CRM 安全漏洞

Vtiger CRM is a customer relationship management system developed by Vtiger Corporation in the United States, based on SugarCRM. This system provides functions for managing, collecting, and analyzing customer information. Version Vtiger CRM 8.4.0 has a security vulnerability that stems from...

6.1CVSS5.8AI score0.00163EPSS
Exploits0References2
OSV
OSV
added 2026/04/09 9:32 p.m.6 views

JLSEC-2026-67

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...

9.8CVSS7.1AI score0.02216EPSS
Exploits0References11
EUVD
EUVD
added 2026/04/09 6:31 p.m.5 views

EUVD-2025-209388

A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...

6AI score0.00138EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/09 6:31 p.m.5 views

EUVD-2025-209386

An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server...

6.2AI score0.00305EPSS
Exploits0References3
OSV
OSV
added 2026/04/09 5:16 p.m.5 views

UBUNTU-CVE-2026-30479

A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable...

9.1CVSS6.2AI score0.00316EPSS
Exploits0References4
NVD
NVD
added 2026/04/09 4:16 p.m.7 views

CVE-2025-70364

An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Supplier's position is that this is "a historical and intended administrative feature of the product, accessible only to already authenticated users...

8.8CVSS0.00305EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/09 12:0 a.m.1 views

CVE-2026-30479

A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable...

6.3AI score0.00316EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/09 12:0 a.m.3 views

Security update for mapserver (moderate)

openSUSE security update: security update for mapserver ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20476-1 Rating: moderate References: bsc1260869 Cross-References: CVE-2026-33721 Affected Products: openSUSE Leap 16.0...

7.5CVSS5.9AI score0.00865EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

Apache Tomcat 安全漏洞

Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. There are security vulnerabilities in Apache Tomcat versions 11.0.18 and earlier, 10.1.52 and earlier, 9.0.115 and earlier,...

7.5CVSS7.5AI score0.03494EPSS
Exploits1References1
CVE
CVE
added 2026/04/09 12:0 a.m.10 views

CVE-2025-70364

CVE-2025-70364 affects Kiamo prior to 8.4 and allows authenticated administrative users to execute arbitrary PHP code on the server. The vulnerability is triggered by privileged admin access, with an impact of total compromise of confidentiality, integrity, and availability as per the CVSS vector...

8.8CVSS5.9AI score0.00305EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.23 views

CVE-2026-39509 WordPress Directorist plugin <= 8.5.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through = 8.5.10...

5.3CVSS0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

WordPress plugin WP Visitor Statistics (Real Time Traffic) 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00274EPSS
Exploits0References8
EUVD
EUVD
added 2026/04/07 6:17 p.m.6 views

EUVD-2026-19855

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing an authenticated actor who can influence the template path to read arbitrary local files. This...

4.6CVSS6AI score0.00323EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 3:56 p.m.3 views

CVE-2026-35581

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACENAME parameter — with insufficient sanitization. Only spaces were replaced with underscores, allowing she...

7.2CVSS5.9AI score0.00563EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder