Lucene search
K

5071 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-55208

Pimcore Studio Backend Bundle is the backend bundle for Pimcore Studio. Prior to 2025.4.6 and 2026.1.6, an authenticated user can extract the admin password hash and other database content through time-based blind SQL injection in the DateFilter column key parameter. The POST...

7.7CVSS6.1AI score0.00249EPSS
Exploits0References6Affected Software1
CVE
CVE
added 5 days ago12 views

CVE-2026-5005

CVE-2026-5005 : A stored cross-site scripting (XSS) vulnerability in Twiser Informatics Technology Consulting, Trade and Education Inc. OKRs & Goals due to improper input neutralization during web page generation. Affected versions are OKRs & Goals from 28220 before 28398. The CVSS 3.1 vector ind...

5.4CVSS5.9AI score0.00133EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42518

A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselv...

9.3CVSS6AI score0.00132EPSS
Exploits0References1
Patchstack
Patchstack
added last week6 views

WordPress aBlocks plugin < 2.9.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Evan NR in WordPress Plugin aBlocks versions 2.9.1...

8.8CVSS5.9AI score0.00417EPSS
Exploits0Affected Software1
NVD
NVD
added last week10 views

CVE-2026-14868

The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gai...

8.4CVSS0.0005EPSS
Exploits0References1
EUVD
EUVD
added last week5 views

EUVD-2026-42031

Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials. Active Directory accounts are not affected by this vulnerability...

6.8CVSS5.9AI score0.00092EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.8 views

PT-2026-56174

Name of the Vulnerable Software and Affected Versions PcVue versions prior to 17.0.0 Description The encryption algorithm used to protect the configuration of user accounts within the built-in user directory of projects is insufficient. This weakness allows a local attacker to modify the existing...

8.4CVSS6.1AI score0.0005EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/06 2:46 p.m.6 views

EUVD-2025-210433

ownCloud is a file storage, synchronization, and sharing application. In ownCloud 10 prior to version 10.15.3, an attacker with administrative privileges can exploit a path traversal vulnerability in the system to execute arbitrary code. Upgrade ownCloud 10 to version 10.15.3 or later to receive ...

8CVSS6.2AI score0.00335EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.38 views

CVE-2026-27780 Gitea pre-receive hook can miss branch-protection checks after scanner errors

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks...

0.00472EPSS
Exploits0References3
CVE
CVE
added 2026/07/03 8:19 p.m.13 views

CVE-2026-20909

Gitea (go-gitea/gitea) versions before 1.25.5 are affected by an access control issue in the tracked-time list endpoint, allowing potential disclosure of time-tracking data due to insufficient permission checks. The vulnerability is mitigated by upgrading to version 1.25.5 or higher (as per the l...

5.3CVSS6AI score0.00286EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 8:19 p.m.4 views

CVE-2026-20909 Gitea tracked-time list endpoint has insufficient permission checks

Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries...

5.3CVSS6AI score0.00286EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55593

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description Insufficient visibility checks exist within organization permission APIs, which may affect hidden members and private organizations. Recommendations Update to version 1.25.5 or later...

7.5CVSS6.1AI score0.00353EPSS
Exploits0References7
OSV
OSV
added 2026/07/02 4:6 p.m.4 views

CVE-2026-55952 TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS6.1AI score0.00487EPSS
Exploits0References11
EUVD
EUVD
added 2026/07/02 12:37 p.m.7 views

EUVD-2026-41369

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web Application Firewall: from v1.0.42.239 before v1.4.0.117...

4.6CVSS5.8AI score0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 3:4 p.m.38 views

CVE-2026-58038 Stored XSS through javascript URLs in SVGs generated by EasyTimeline

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files includes/Timeline.Php, scripts/EasyTimeline.Pl. This issue affects timeline: from before 1.46.0, 1.45.4,...

0.00169EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 2:24 p.m.8 views

EUVD-2026-41012

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from...

5.8AI score0.00133EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54228

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in PerformanceAPIs allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Recommendations Update Google Chrome to...

9.6CVSS6AI score0.00413EPSS
Exploits0References448
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-277 Apache Airflow Google Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0...

9.8CVSS7.3AI score0.01583EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-270 OS Command Injection in Apache Airflow

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider...

9.8CVSS7.4AI score0.03944EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 7:16 a.m.6 views

CVE-2025-0824

Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00...

3.7CVSS0.00083EPSS
Exploits0References1
Rows per page
Query Builder