Lucene search
K

421 matches found

osv
osv
added 2026/04/23 6:30 a.m.6 views

GHSA-QMQ6-F8PR-CX5X Duplicate Advisory: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w5hq-g745-h8pq. This link is maintained to preserve external references. Original Advisory uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6...

3.2CVSS5.7AI score0.00181EPSS
Exploits1References3
cvelist
cvelist
added 2026/04/23 4:0 a.m.42 views

CVE-2026-41988

uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue...

3.2CVSS0.00181EPSS
Exploits1References2
nvd
nvd
added 2026/04/23 12:16 a.m.20 views

CVE-2026-1726

IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. T...

4.8CVSS0.00194EPSS
Exploits0References1
cve
cve
added 2026/04/22 11:42 p.m.15 views

CVE-2026-1726

CVE-2026-1726 affects IBM Guardium Key Lifecycle Manager (GKLM) versions 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1. The IBM security bulletin lists this CVE under CWE-269: Improper Privilege Management, with a IBM CVSS base score of 6.4 (vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N). The conne...

4.8CVSS5.5AI score0.00194EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/04/22 11:42 p.m.42 views

CVE-2026-1726 Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager

IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. T...

0.00194EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/04/09 7:23 p.m.5 views

CVE-2026-39346

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source allowed authenticated users to bypass disabled-module access controls via URL-encoded request paths and access functionality of modules disabled by an administrator. This vulnerability is fix...

6.5CVSS5.9AI score0.00153EPSS
Exploits0References1
nvd
nvd
added 2026/04/08 9:16 a.m.6 views

CVE-2026-39603

Cross-Site Request Forgery CSRF vulnerability in ThemeGoods Grand Photography grandphotography allows Cross Site Request Forgery.This issue affects Grand Photography: from n/a through = 5.7.8...

5.4CVSS0.00104EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39712

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a through = 5.4.3...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39647 WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.11 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

5.8AI score0.00168EPSS
Exploits0References1
osv
osv
added 2026/04/07 6:31 p.m.1 views

GHSA-XGRM-4FWX-7QM8 pgx contains memory-safety vulnerability

pgx is a pure Go driver and toolkit for PostgreSQL. pgx prior to v5.9.0 contains a memory-safety vulnerability...

9.8CVSS5.7AI score0.00605EPSS
Exploits0References6
euvd
euvd
added 2026/04/07 6:21 p.m.5 views

EUVD-2026-19858

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source omits authorization on job specification and vacancy attachment download handlers, allowing authenticated low-privilege users to read attachments via direct reference to attachment identifier...

5.3CVSS5.9AI score0.00165EPSS
Exploits0References1
cvelist
cvelist
added 2026/04/07 6:19 p.m.17 views

CVE-2026-39346 OrangeHRM has Improper Access Control Allowing Access to Disabled Modules via URL Encoding

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source allowed authenticated users to bypass disabled-module access controls via URL-encoded request paths and access functionality of modules disabled by an administrator. This vulnerability is fix...

5.3CVSS0.00153EPSS
Exploits0References1
cve
cve
added 2026/04/07 6:19 p.m.10 views

CVE-2026-39346

OrangeHRM Open Source versions 5.0–5.8 are affected by an Improper Access Control via URL-encoded paths that lets authenticated users access modules disabled by an administrator. Root cause: bypass of disabled-module access controls. Impact: exposure of module functionality with LOW impact to con...

6.5CVSS5.9AI score0.00153EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added 2026/04/07 6:17 p.m.1 views

CVE-2026-39345

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing an authenticated actor who can influence the template path to read arbitrary local files. This...

4.6CVSS6AI score0.00323EPSS
Exploits0References2Affected Software1
vulnersosv
vulnersosv
added 2026/04/07 4:15 p.m.4 views

11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.1.5.0) +399 more potentially affected by CVE-2026-33034 via django (>=5.0.0 <=5.2.12)

django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =0.42.1, =1.0.0, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.51 and more Source cves: CVE-2026-33034 Source advisory: SNYK:PYTHON-DJANGO-15923566...

7.5CVSS7AI score0.00769EPSS
Exploits0
osv
osv
added 2026/04/07 2:0 p.m.8 views

UBUNTU-CVE-2026-3902

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS5.8AI score0.00436EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/04/02 12:0 a.m.8 views

WordPress plugin Webmention 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.2CVSS6AI score0.00302EPSS
Exploits0References5
github
github
added 2026/03/31 10:43 p.m.6 views

baserCMS has OS command injection vulnerability in installer

baserCMS has an OS command injection vulnerability in the installer. Target baserCMS 5.2.2 and earlier versions Vulnerability If baserCMS is placed on a server but not installed, malicious commands may be executed. Countermeasures Update to the latest version of baserCMS Please refer to the...

9.8CVSS7.1AI score0.02059EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2026/03/25 5:16 p.m.3 views

CVE-2026-25306

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through = 5.6.4...

7.1CVSS0.00184EPSS
Exploits0References1
ibm
ibm
added 2026/03/23 7:49 p.m.5 views

Security Bulletin: Vulnerabilities in Quarkus affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Quarkus has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-66560 DESCRIPTION: Quarkus ...

7.5CVSS5.7AI score0.00349EPSS
Exploits0Affected Software1
Rows per page
Query Builder