Lucene search
K

2456 matches found

Vulnrichment
Vulnrichment
added 2026/06/09 9:23 a.m.19 views

CVE-2025-10263

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level...

5.4AI score0.0053EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 9:23 a.m.134 views

CVE-2025-10263

CVE-2025-10263 affects Arm architectures (C1-Ultra, C1-Premium; Neoverse V3/V3AE/V2/V1/N2/N1; Cortex-X9/25/4/3/2/1/1C; Cortex-A710/A78/A78AE/A78C/A77/A76/A76A) where a write to a resource may occur under a lower EL than the owner. Impact described as potential privilege escalation to the hypervis...

9.1CVSS5.5AI score0.0053EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-47739

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions prior to 10.4.57 TYPO3 CMS versions 11.0.0 through 11.5.50 TYPO3 CMS versions 12.0.0 through 12.4.45 TYPO3 CMS versions 13.0.0 through 13.4.30 TYPO3 CMS versions 14.0.0 through 14.3.2 Description Backend users with file writ...

7.6CVSS5.9AI score0.00253EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-48128

Name of the Vulnerable Software and Affected Versions AMD uProf affected versions not specified Description Improper access control in AMD uProf allows a local attacker with user privileges to write to the kernel-shared memory section. This issue involves a kernel write primitive in the...

6.8CVSS5.5AI score0.001EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-48270

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.19 through 2025.8 Description Improper input validation allows a low-privileged attacker to bypass security measures and gain unauthorized read and write access. This issue does not require user interaction to be...

8.1CVSS5.2AI score0.0039EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47747

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions prior to 10.4.57 TYPO3 CMS versions 11.0.0 through 11.5.51 TYPO3 CMS versions 12.0.0 through 12.4.46 TYPO3 CMS versions 13.0.0 through 13.4.31 TYPO3 CMS versions 14.0.0 through 14.3.3 Description The cache frontend...

6.3CVSS5.5AI score0.00215EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-48094

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...

3.5CVSS5.4AI score0.00299EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

Adobe ColdFusion 输入验证错误漏洞

Adobe ColdFusion is a rapid application development platform provided by Adobe Inc. This platform includes an integrated development environment and a scripting language. Versions of Adobe ColdFusion such as 2023.19, 2025.8, and earlier versions have a vulnerability related to input validation...

8.1CVSS5.3AI score0.0039EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-48324

Name of the Vulnerable Software and Affected Versions Spring Data REST versions 3.7.0 through 3.7.19 Spring Data REST versions 4.3.0 through 4.3.16 Spring Data REST versions 4.4.0 through 4.4.14 Spring Data REST versions 4.5.0 through 4.5.11 Spring Data REST versions 5.0.0 through 5.0.5 Descripti...

7.5CVSS5.8AI score0.00306EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Adobe Experience Manager 输入验证错误漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...

3.5CVSS5.4AI score0.0041EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/08 6:26 p.m.35 views

CVE-2026-10544

Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider. This issue affects : Devolutions...

0.00196EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 6:26 p.m.13 views

EUVD-2026-35184

Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider. This issue affects : Devolutions...

6.5CVSS5.9AI score0.00196EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 6:26 p.m.7 views

CVE-2026-10544

Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider. This issue affects : Devolutions...

6.5CVSS5.9AI score0.00196EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/08 6:26 p.m.24 views

CVE-2026-10544

This CVE (CVE-2026-10544) affects Devolutions Server, specifically versions 2026.2.4.0 and 2026.1.20.0 and earlier. The issue is described as improper neutralization of special elements in the built-in PAM provider password rotation templates, allowing an authenticated user with write access to a...

6.5CVSS5.9AI score0.00196EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/08 12:16 p.m.15 views

CVE-2026-11569

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS0.00138EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 10:54 a.m.41 views

CVE-2026-11569 Quay: quay: stored xss via filedrop svg upload

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS0.00138EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/08 2:9 a.m.14 views

libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so,...

7CVSS5.4AI score0.00188EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2026/06/08 12:0 a.m.3 views

The vulnerability of the Go “bug” command in the Go programming language allows a hacker to gain access to read and write arbitrary files.

The vulnerability of the Go “bug” in the Go programming language is related to the incorrect definition of symbolic references before accessing files. Exploiting this vulnerability can allow an attacker to gain access to and read/write arbitrary files...

5.3CVSS5.9AI score0.00179EPSS
Exploits0References6Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/05 8:3 p.m.7 views

CVE-2026-11420

Two path traversal vulnerabilities in the Network Installation Service NIS of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No authentication, session...

10CVSS6.4AI score0.00709EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.10 views

CVE-2026-34685

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system write', CIA triad derives 'Security Feature Bypass'. Verify CVSS vector before publishing. are affected by an Improper Input...

3.4CVSS5.4AI score0.00373EPSS
Exploits0References1
Rows per page
Query Builder