Lucene search
K

2028 matches found

OSV
OSV
added 2026/06/10 11:16 p.m.7 views

UBUNTU-CVE-2026-53460

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition. This issue has been patched in versions 6.9.13-50 a...

7.5CVSS5.2AI score0.00346EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/10 10:7 p.m.7 views

CVE-2026-53464

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, when providing invalid options to the wand option parser a small memory leak will occur. This issue has been patched in version 7.1.2-25...

4CVSS5.3AI score0.0011EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 9:29 p.m.33 views

CVE-2026-45624 ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an out of bounds over-read of 24 bytes can occur when specifying specific arguments. This issue has been patched in...

5.1CVSS0.0012EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/10 7:33 p.m.13 views

Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload

Impact Any baileys session under the latest version false in socket config. There are no workarounds for the app state sync jamming...

5.4AI score0.00018EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 p.m.8 views

CVE-2026-49938

A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via...

6.5CVSS5.5AI score0.00201EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/10 10:11 a.m.13 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is affected by multiple vulnerabilities when using when using Web Server Plug-ins.

Summary The security issue described in CVE-2026-8633, CVE-2026-8620 has been identified in WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

9.8CVSS5.3AI score0.00847EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 8:59 p.m.8 views

CVE-2026-48303 Adobe Campaign Classic (ACC) | Incorrect Authorization (CWE-863)

Adobe Campaign Classic ACC versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS6.2AI score0.00553EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/09 12:45 p.m.7 views

WordPress Coupon Affiliates plugin <= 7.8.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Stefano in WordPress Plugin Coupon Affiliates versions = 7.8.1...

7.5CVSS5.5AI score0.00386EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/09 5:16 a.m.17 views

CVE-2026-41852

A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....

5.3CVSS0.00164EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:16 a.m.20 views

CVE-2026-41840

Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, 5.3.0 through 5.3.48...

5.9CVSS0.00247EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 5:16 a.m.6 views

UBUNTU-CVE-2026-41853

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.3CVSS5.5AI score0.00186EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/08 8:58 a.m.12 views

CVE-2026-11453

A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...

6.5CVSS6.3AI score0.00193EPSS
Exploits0References1
NVD
NVD
added 2026/06/07 4:16 a.m.11 views

CVE-2026-11453

A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...

6.5CVSS0.00193EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/07 3:45 a.m.8 views

CVE-2026-11453 Tiobon Employee Self-Service System Login Endpoint BlogSearch.aspx sql injection

A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...

6.5CVSS6.3AI score0.00193EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.14 views

CVE-2026-6274

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...

9.8CVSS5.5AI score0.0046EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/05 8:9 p.m.22 views

TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs

Impact TinyMCE 6.8.x contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. Patches This issue affects TinyMCE 6.8.x-7.0.x. The vulnerability is fix...

8.7CVSS5.8AI score0.00191EPSS
Exploits0References3Affected Software2
EUVD
EUVD
added 2026/06/05 8:9 p.m.54 views

EUVD-2026-32920

TinyMCE Cross-Site Scripting XSS vulnerability using sanitization bypass through nested SVGs...

8.7CVSS5.4AI score0.00191EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-30904

Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access...

4.3CVSS5.4AI score0.00143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-36178

The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data...

4.6CVSS5.5AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.10 views

CVE-2026-35250

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle V...

2.3CVSS7.2AI score0.0011EPSS
Exploits1References1
Rows per page
Query Builder