Lucene search
K

5227 matches found

Nuclei
Nuclei
โ€ขadded 5 hours agoโ€ข115 views

Dolibarr Unauthenticated Contacts Database Theft

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists. id: CVE-2023-33568 info: name: Dolibarr Unauthenticated Contacts Database Theft...

7.5CVSS7AI score0.1494EPSS
Exploits2References5
NVD
NVD
โ€ขadded 4 days agoโ€ข6 views

CVE-2026-55516

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/maintenanceid checks access to the current maintenance record and asset but then fills attacker-controlled fields including assetid without re-authorizing the newly supplied asset, allowing an...

7.7CVSS0.00218EPSS
Exploits0References3
Cvelist
Cvelist
โ€ขadded 2026/07/04 12:49 p.m.โ€ข40 views

CVE-2025-13475 Cross-Tenant Access via Application Consent Mismanagement in Multiple WSO2 Products Allows Unauthorized Data Exposure

In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants,...

3.5CVSS0.00158EPSS
Exploits0References1
EUVD
EUVD
โ€ขadded 2026/07/02 12:31 a.m.โ€ข9 views

EUVD-2026-41217

An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

5.5CVSS5.8AI score0.00113EPSS
Exploits0References3
NVD
NVD
โ€ขadded 2026/07/01 10:16 p.m.โ€ข6 views

CVE-2026-36910

An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

5.5CVSS0.00113EPSS
Exploits0References2
EUVD
EUVD
โ€ขadded 2026/07/01 4:32 p.m.โ€ข7 views

EUVD-2026-41087

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/07/01 11:16 a.m.โ€ข6 views

CVE-2026-13228

The LatePoint โ€“ Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.6.3 This is due to an Insecure Direct Object Reference IDOR in the createorupdate function of OsOrdersController, whi...

8.8CVSS0.00309EPSS
Exploits0References7
Cvelist
Cvelist
โ€ขadded 2026/07/01 12:0 a.m.โ€ข34 views

CVE-2026-36910

An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

0.00113EPSS
Exploits0References2
CVE
CVE
โ€ขadded 2026/07/01 12:0 a.m.โ€ข12 views

CVE-2026-36910

The vulnerability affects MPC-BE (Aleksoid1978) where an access violation occurs in BaseSplitterFile::Read prior to commit 4341cb3, enabling DoS via a crafted MP4 file. The issue is described consistently across multiple trusted sources (NVD, CVE records, EUVD, CVE list, PT Security, AttackersKB,...

5.5CVSS5.8AI score0.00113EPSS
Exploits0References2
RedHat Linux
RedHat Linux
โ€ขadded 2026/06/30 1:11 p.m.โ€ข6 views

postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write

A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...

8.8CVSS7.6AI score0.00668EPSS
Exploits0References5
EUVD
EUVD
โ€ขadded 2026/06/26 7:17 a.m.โ€ข7 views

EUVD-2026-39632

An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a...

7.5CVSS5.8AI score0.00313EPSS
Exploits0References1
Cvelist
Cvelist
โ€ขadded 2026/06/25 9:2 p.m.โ€ข32 views

CVE-2026-6329 PKCS#12 MAC verification uses attacker-controlled comparison length

PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...

6CVSS0.0016EPSS
Exploits0References2
Nuclei
Nuclei
โ€ขadded 2026/06/25 1:31 a.m.โ€ข19 views

VMware vCenter Server - Out-of-Bounds Write

vCenter Server contains an out-of-bounds write caused by a vulnerability in the DCERPC protocol implementation. A malicious actor with network access can trigger remote code execution on vCenter Server. id: CVE-2023-34048 info: name: VMware vCenter Server - Out-of-Bounds Write author: ritikchaddh...

9.8CVSS8.1AI score0.99428EPSS
Exploits1References3
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/25 12:0 a.m.โ€ข10 views

PT-2026-52589

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A flaw exists where X.509 name constraints can be bypassed when the Subject Common Name is treated as a DNS-type name. This allows a certificate to be accepted...

7.5CVSS5.7AI score0.00124EPSS
Exploits0References7
EUVD
EUVD
โ€ขadded 2026/06/24 11:53 a.m.โ€ข12 views

EUVD-2026-38751

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.existappv2 RPC function that allows unauthenticated attackers to enumerate appids by calling POST /rest/v1/rpc/existappv2 with arbitrary appid parameters. Remote attackers can exploit this SECURITY DEFINER functi...

6.9CVSS6AI score0.00261EPSS
Exploits0References2
OSV
OSV
โ€ขadded 2026/06/23 6:21 p.m.โ€ข6 views

EEF-CVE-2026-55736 Private action arguments can be set by user input in Ash

Summary Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References4
NVD
NVD
โ€ขadded 2026/06/22 10:16 p.m.โ€ข10 views

CVE-2026-48109

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes Lz4Block and Lz4BlockArray. The decoder implementation is based on a deprecated fast-decompression algorithm that do...

8.2CVSS0.00296EPSS
Exploits0References1
CVE
CVE
โ€ขadded 2026/06/22 9:19 p.m.โ€ข101 views

CVE-2026-48109

CVE-2026-48109 affects MessagePack-CSharp in the optional LZ4 decompression path (Lz4Block, Lz4BlockArray). The vulnerability stems from a deprecated fast-decompression algorithm that does not enforce a source-length bound, enabling a remote attacker to craft payloads with manipulated LZ4 token/l...

8.2CVSS5.9AI score0.00296EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
โ€ขadded 2026/06/21 3:58 p.m.โ€ข5 views

CVE-2026-56412

libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219...

5.9CVSS5.8AI score0.00105EPSS
Exploits0
EUVD
EUVD
โ€ขadded 2026/06/21 3:58 p.m.โ€ข12 views

EUVD-2026-38189

libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219...

5.9CVSS5.8AI score0.00218EPSS
Exploits0References1
Rows per page
Query Builder