Lucene search
K

1824 matches found

OSV
OSV
added 13 hours ago1 views

MINI-297Q-JW2C-WVP9

Bulletin has no description...

6.5CVSS5.9AI score0.00242EPSS
Exploits0
Nuclei
Nuclei
added 15 hours ago40 views

External Media without Import <=1.1.2 - Authenticated Blind Server-Side Request Forgery

WordPress External Media without Import plugin through 1.1.2 is susceptible to authenticated blind server-side request forgery. The plugin has no authorization and does not ensure that media added via URLs are external media, which can allow any authenticated users, including subscribers, to obta...

6.5CVSS6.7AI score0.02878EPSS
Exploits1References4
CVE
CVE
added yesterday21 views

CVE-2026-44454

Coder is vulnerable to command injection in the dotfiles registry module, exploitable via crafted dotfiles_uri values and the mode=auto workflow. Root cause: unsanitized user input interpolated into shell commands, enabling arbitrary code execution inside a provisioned workspace, especially when ...

8.8CVSS6.6AI score
Exploits0References7Affected Software1
EUVD
EUVD
added yesterday5 views

EUVD-2026-42074

The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings,...

8.7CVSS6AI score
Exploits0References4
EUVD
EUVD
added yesterday7 views

EUVD-2026-42069

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS6AI score
Exploits0References1
OSV
OSV
added yesterday2 views

DEBIAN-CVE-2026-33630

Bulletin has no description...

5.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2 days ago4 views

CVE-2026-8926

A flaw was found in curl. When curl is configured to use a .netrc file for credentials and a URL is provided with a username but no password, curl may incorrectly retrieve and use the password for a different user from the .netrc file for the same host. This could lead to unauthorized information...

9.1CVSS5.8AI score0.00479EPSS
Exploits1References6
OSV
OSV
added 2 days ago4 views

DEBIAN-CVE-2026-55380

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score0.00342EPSS
Exploits1References1
OSV
OSV
added 2 days ago4 views

BIT-TOMCAT-2026-53434 Apache Tomcat: Invalid CRL configuration doesn't trigger failure for FFM Connector

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version 11.0.23,...

9.1CVSS6AI score0.00368EPSS
Exploits0References3
OSV
OSV
added 4 days ago7 views

DEBIAN-CVE-2026-58213

Bulletin has no description...

5.9AI score
Exploits0References1
Snyk
Snyk
added 5 days ago4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the repository feed endpoints. An attacker can access private repository commit data by using API tokens that lack the required repository scope. Remediation Upgrade github.com/go-gitea/gitea/routers/web/feed...

5.3CVSS7.2AI score0.00367EPSS
Exploits0References2
OSV
OSV
added 5 days ago3 views

MINI-7C59-4PMJ-GM2V

Bulletin has no description...

6.1CVSS5.9AI score0.00178EPSS
Exploits0
OSV
OSV
added 5 days ago2 views

MINI-WXWC-J2R5-857G

Bulletin has no description...

5.9AI score
Exploits0
OSV
OSV
added 5 days ago3 views

MINI-35VF-RF4X-8FFV

Bulletin has no description...

9.6CVSS5.9AI score0.00206EPSS
Exploits0
OSV
OSV
added 6 days ago3 views

ECHO-496E-C070-4EC0

Bulletin has no description...

5.3CVSS5.7AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 6 days ago2 views

MINI-RR87-XCRX-GM2X

Bulletin has no description...

5.7AI score
Exploits0
OSV
OSV
added 6 days ago4 views

CGA-67PX-Q2R2-V28W

Bulletin has no description...

5.7AI score
Exploits0
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41255

The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users after self-registering an account through the open registration flow to obtain an active subscription on any paid...

6.5CVSS5.8AI score0.00164EPSS
Exploits0References1
OSV
OSV
added 6 days ago3 views

MINI-FMP6-8VGX-3W55

Bulletin has no description...

5.3CVSS5.7AI score0.0019EPSS
Exploits0
Snyk
Snyk
added 2026/07/01 6:18 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview github.com/elastic/fleet-server/internal/pkg/api is a control server to manage a fleet of elastic-agents. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the upload endpoint. An attacker can exhaust system memory by submitting...

7.5CVSS6AI score0.00312EPSS
Exploits0References2
Rows per page
Query Builder