Lucene search
K

1754 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/13 4:56 a.m.6 views

CVE-2026-21024

Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions...

6.3CVSS5.8AI score0.00091EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 6:37 p.m.11 views

CVE-2026-8431 Ops Manager RCE via webhook body

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. This issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior...

9.4CVSS6AI score0.00371EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 8:56 a.m.6 views

BIT-PHP-MIN-2026-7263 DoS attack via DOMNode::C14N()

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 8:56 a.m.18 views

BIT-PHP-2026-7568 Signed integer overflow in metaphone()

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...

7.5CVSS5.8AI score0.00443EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 12:40 a.m.16 views

CVE-2026-45362

Summary : CVE-2026-45362 affects Sangoma Switchvox prior to version 8.4, where cleartext SIP authentication credentials are stored in a backup file. What’s affected : Switchvox software (versions before 8.4). Root cause / nature : Credentials are written in cleartext in a backup file, exposing SI...

3.2CVSS5.8AI score0.00095EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-39906

Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file...

3.2CVSS5.8AI score0.00095EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Sangoma Technologies Switchvox 安全漏洞

Sangoma Technologies Switchvox is a telephone system developed by Sangoma Technologies in Canada, suitable for businesses of any size. Prior to the version 8.4 of Sangoma Technologies Switchvox, there was a security vulnerability. This vulnerability stemmed from the storage of plaintext SIP...

3.2CVSS5.8AI score0.00095EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/11 2:17 p.m.11 views

SUSE CVE-2026-6735

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

6.3CVSS6.2AI score0.0021EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017701)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017701 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.23 and prior. Easily exploitable...

4.9CVSS6.7AI score0.01319EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017672)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017672 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.23 and prior. Easily...

4.9CVSS6.7AI score0.01319EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.10 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017790)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017790 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.22 and prior. Easily exploitable...

6.8CVSS6.7AI score0.02157EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017756)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017756 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Roles. Supported versions that are affected are 8.0.21 and prior. Easily...

4CVSS5.8AI score0.01259EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.11 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017717)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017717 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 8.0.21 and prior. Easily exploitable...

4.9CVSS6.7AI score0.01778EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017734)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017734 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.23 and prior. Easily exploitable...

4.9CVSS6.7AI score0.02072EPSS
Exploits0References4
NVD
NVD
added 2026/05/10 1:16 p.m.18 views

CVE-2021-47935

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

8.8CVSS0.00927EPSS
Exploits1References3
OSV
OSV
added 2026/05/10 5:16 a.m.4 views

UBUNTU-CVE-2026-7568

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...

7.5CVSS5.8AI score0.00443EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/08 10:23 p.m.11 views

Snipe-IT has Stored XSS via Component Checkout Notes (v8.4.0)

Impact Users with component view access could be impacted by an unescaped notes column. Patches This was patched in https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438, and is fixed in v8.4.1 or greater. Workarounds None...

5.4CVSS5.8AI score0.00218EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/08 3:56 p.m.9 views

EUVD-2026-28807

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...

6.1CVSS5.9AI score0.00247EPSS
Exploits1References2
OSV
OSV
added 2026/05/08 11:56 a.m.7 views

CLSA-2026-1773654558 mysql: Fix of 7 CVEs

Update to MySQL 8.0.45 January 2026 CPU CVE-2026-21968 CVE-2026-21936 CVE-2026-21937 CVE-2026-21941 CVE-2026-21948 CVE-2026-21964 CVE-2025-9230...

7.5CVSS6.6AI score0.01744EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 5:47 a.m.8 views

BIT-JRE-2026-21947

Vulnerability in Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u471-b50. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks require human...

3.1CVSS5.8AI score0.00204EPSS
Exploits0References3
Rows per page
Query Builder