Lucene search
K

2028 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.10 views

CVE-2026-35250

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle V...

2.3CVSS7.2AI score0.0011EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.7 views

CVE-2025-41268

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines...

9.1CVSS5.7AI score0.00437EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.7 views

CVE-2026-25431

Missing Authorization vulnerability in WPMU DEV Hustle allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hustle: through 7.8.10.1...

5.3CVSS5.4AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.9 views

CVE-2026-34718

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the HTML sanitizer for ticket articles was missing proper sanitization of data: ... URI schemes, resulting in storing such malicious content in the database of the Zammad instance. The Zammad GUI is...

6.1CVSS5.4AI score0.00149EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.6 views

CVE-2026-41177

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

5.5CVSS5.4AI score0.00329EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.10 views

CVE-2026-35247

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle V...

6CVSS7.3AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.8 views

CVE-2026-39337

ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

10CVSS6.4AI score0.00715EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.10 views

CVE-2026-35230

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

7.5CVSS7.1AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.10 views

CVE-2026-35242

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

7.5CVSS7.3AI score0.00107EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.13 views

PT-2026-48562

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-24 Description ImageMagick is free and open-source software used for editing and manipulating digital images. A negative heap buffer over-write occurs when using an image with a mask and the Floyd-Steinberg...

7.8CVSS5.7AI score0.01849EPSS
Exploits2References88
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.5 views

ALLPlayer 安全漏洞

ALLPlayer is a multimedia player developed by ALLPlayer Corporation. Version 7.4 of ALLPlayer contains a security vulnerability, which stems from a local buffer overflow in URL processing. This vulnerability could allow attackers to overwrite structured exception handling by providing overly long...

8.6CVSS5.7AI score0.00148EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2026/06/04 12:0 a.m.12 views

VulnCheck KEV: CVE-2026-5073

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS5.7AI score0.01383EPSS
In wildExploits1References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-46243

GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface...

5.8AI score0.00156EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/02 10:22 p.m.12 views

CVE-2026-31942 LibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite other users' API keys

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...

7.1CVSS5.7AI score0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 8:16 p.m.12 views

CVE-2026-34077

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

7.5CVSS0.00294EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 6:30 p.m.11 views

EUVD-2026-34005

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS5.9AI score0.01383EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/06/02 1:29 p.m.7 views

WordPress GamiPress plugin <= 7.8.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by kai63001 in WordPress Plugin GamiPress versions = 7.8.7...

8.5CVSS5.9AI score0.00332EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.12 views

PT-2026-45835

Name of the Vulnerable Software and Affected Versions react-router versions 7.0.0 through 7.14.x @remix-run/server-runtime versions 2.10.0 through 2.17.4 Description Certain crafted requests can cause unbounded path expansion in the " manifest" endpoint, leading to disproportionate server resourc...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References5
Rosalinux
Rosalinux
added 2026/06/01 11:45 a.m.12 views

Advisory ROSA-SA-2026-3306

Component: PHP 7.4.33 OS: ROSA-CHROME Affected versions: = php-7.4.33-13 Affected versions: php-7.4.33-13 CVE-ID: CVE-2024-5458 BDU-ID: 2024-04846 CVE-Crit: Medium CVE-DESCRIPTION: The vulnerability in the filtervar function of the PHP interpreter involves insufficient validation of data...

5.3CVSS5.8AI score0.12117EPSS
Exploits1
CVE
CVE
added 2026/06/01 3:33 a.m.19 views

CVE-2026-48189

Technical details about CVE-2026-48189 are not provided in the supplied documents; no affected versions, vectors, or patches are specified. Monitor for updates from official advisories.

5.7CVSS5.8AI score0.00198EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder