Lucene search
+L

421 matches found

GithubExploit
GithubExploit
added 2026/05/31 12:40 p.m.124 views

Exploit for Use After Free in Linux Linux_Kernel

CVE-2024-1086 Universal local privilege escalation Proof-of-C...

7.8CVSS7AI score0.28058EPSS
Exploits16
Patchstack
Patchstack
added 2026/05/21 10:39 p.m.9 views

NPM: Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret

NPM: Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret vulnerability discovered by ? in WordPress Npm network-ai versions = 5.4.4...

5.8AI score0.00023EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/21 11:49 a.m.38 views

CVE-2026-6841 Reflected XSS in Request Tracker

Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0....

5.1CVSS0.00235EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/irdma: The Cap MSIX used to online CPUs + 1 The irdma driver can use a maximum number of msix vectors equal to numonlinecpus + 1. If this number is exceeded, the kernel will issue a warning. The kernel issues a warning wh...

6AI score0.00162EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: scsitransportsas: Fixed error handling in sasPhyadd. If transportadddevice fails in sasPhyadd, the kernel may crash when trying to delete the device via transportRemoveDevice, which is called from sasRemoveHost. The kernel...

5.5CVSS6.1AI score0.00183EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Qemu

A use-after-free flaw was discovered in the MegaRAID emulator of QEMU. This issue occurs during the processing of SCSI I/O requests when the mptsasfreerequest function fails to dequeue the request object ‘req’ from the pending requests queue. This flaw allows a privileged guest user to crash the...

3.2CVSS6.4AI score0.0045EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Mariadb 10.3

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. The supported versions affected are 5.7.33 and earlier, as well as 8.0.23 and earlier. This easily exploitable vulnerability allows a highly privileged attacker with network access via multiple protocols to compromi...

4.9CVSS6.7AI score0.04643EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A use-after-free vulnerability was discovered in iscsiswtcpsessioncreate in drivers/scsi/iscsitcp.c within the SCSI sub-component of the Linux kernel. This flaw allows an attacker to access internal kernel information...

5.5CVSS6.7AI score0.00249EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/14 7:53 p.m.12 views

WordPress Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin <= 5.3.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Modification vulnerability discovered by momopon1415 in WordPress Plugin Classified Listing versions = 5.3.10...

4.3CVSS5.8AI score0.00265EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 4:17 p.m.6 views

CVE-2026-44511 Katalyst Koi: Session cookies can be replayed after user logout

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...

7.4CVSS5.8AI score0.00197EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 2:17 p.m.20 views

CVE-2026-40638

Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges...

6.7CVSS0.00119EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 1:31 p.m.31 views

CVE-2026-40638

Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges...

6.7CVSS0.00119EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.10 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-016791)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016791 advisory. An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on RasterField only implemented on PostGIS allows remote...

8.3CVSS7.4AI score0.09436EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 7:42 p.m.8 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty

Summary IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token wi...

7.5CVSS5.8AI score0.00248EPSS
Exploits1Affected Software1
PyPA
PyPA
added 2026/05/05 4:16 p.m.14 views

PYSEC-2026-55

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served.Earlier, unsupported Django series such as 5.0.x, 4.1.x...

5.3CVSS5.8AI score0.00358EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/05/04 7:57 p.m.15 views

WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modification vulnerability

Missing Authorization to Authenticated Contributor+ Limited Page Content Modification vulnerability discovered by Hunter Jensen skid in WordPress Plugin User Registration versions = 5.1.4...

4.3CVSS5.8AI score0.003EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/04 11:53 a.m.59 views

CVE-2026-3120 RCE in Profelis Informatics' SambaBox

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3...

7.2CVSS0.01182EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 8:7 p.m.5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in minimatch-3.1.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in minimatch-3.1.2.tgz Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regul...

8.7CVSS7.2AI score0.00519EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/25 11:29 a.m.6 views

CVE-2026-41988

A flaw was found in uuid. When external output buffers are used with UUID versions 3, 5, or 6, an attacker with local access may be able to cause unexpected data writes. This vulnerability could lead to low impact data integrity issues. UUID version 4 is not affected...

3.2CVSS5.2AI score0.00181EPSS
Exploits1References5
NVD
NVD
added 2026/04/24 7:17 p.m.11 views

CVE-2026-41907

uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes small buf or large offset. This allows silent partial writes into caller-provided buffers. This vulnerability is fixed in 14.0.0...

9.3CVSS0.00337EPSS
Exploits1References1
Rows per page
Query Builder