Lucene search
K

107 matches found

NVD
NVD
added 2026/06/29 3:16 p.m.14 views

CVE-2026-49049

The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters...

7.5CVSS0.00228EPSS
Exploits4References1
CVE
CVE
added 2026/06/29 2:34 p.m.127 views

CVE-2026-49049

The CVE-2026-49049 entry concerns the Helix3 Joomla extension by joomshaper. The vulnerability arises from an exposed ajax handler task within Helix3 that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files, and update template parameters. This indicates a remot...

7.5CVSS5.9AI score0.00228EPSS
Exploits4References1Affected Software1
CVE
CVE
added 2026/06/09 5:34 p.m.35 views

CVE-2026-50636

CVE-2026-50636 affects LimeSurvey’s RemoteControl API, specifically the invite_participants and remind_participants methods. The root cause is that caller-supplied token-ID arrays are concatenated directly into a tid IN ('...') clause in TokenDynamic::findUninvited() without parameterization or i...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.12 views

CVE-2025-54511

Improper handling of insufficient privileges in the AMD Secure Processor ASP could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability...

5.3CVSS5.5AI score0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 2:45 a.m.11 views

CVE-2025-54511

Improper handling of insufficient privileges in the AMD Secure Processor ASP could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/04 5:28 p.m.11 views

Missing Authorization

Overview org.apache.polaris:polaris-runtime-service is an a catalog for data lakes. It provides new levels of choice, flexibility and control over data, with full enterprise security and Apache Iceberg interoperability across a multitude of engines and infrastructure Affected versions of this...

9.9CVSS6AI score0.00355EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/04 4:22 p.m.34 views

CVE-2026-42809 Apache Polaris: staged table creation could vend storage credentials for unvalidated locations

Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...

9.9CVSS0.00355EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 4:22 p.m.5 views

CVE-2026-42809 Apache Polaris: staged table creation could vend storage credentials for unvalidated locations

Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...

9.4CVSS5.9AI score0.00355EPSS
Exploits0References4
NVD
NVD
added 2026/04/21 9:16 p.m.5 views

CVE-2026-34274

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successf...

6.1CVSS0.00179EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/01 10:58 p.m.2 views

CVE-2026-32925

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Opening a crafted V7 file may lead to arbitrary code execution on the affected product...

8.4CVSS6.7AI score0.00209EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/06 7:7 a.m.18 views

CVE-2025-15080

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in the affected...

8.8CVSS5.5AI score0.00539EPSS
Exploits0References1
NVD
NVD
added 2026/02/05 6:15 a.m.12 views

CVE-2025-15080

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in the affected...

8.8CVSS0.00539EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/05 5:16 a.m.8 views

EUVD-2025-206873

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in the affected...

8.8CVSS5.5AI score0.00539EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/05 5:16 a.m.6 views

CVE-2025-15080

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in the affected...

8.8CVSS5.5AI score0.00539EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/05 12:24 a.m.7 views

SUSE CVE-2026-23092

In the Linux kernel, the following vulnerability has been resolved: iio: dac: ad3552r-hs: fix out-of-bound write in ad3552rhswritedatasource When simplewritetobuffer succeeds, it returns the number of bytes actually copied to the buffer. The code incorrectly uses 'count' as the index for null...

7.8CVSS5.5AI score0.00186EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/04 5:16 p.m.6 views

CVE-2026-23092

In the Linux kernel, the following vulnerability has been resolved: iio: dac: ad3552r-hs: fix out-of-bound write in ad3552rhswritedatasource When simplewritetobuffer succeeds, it returns the number of bytes actually copied to the buffer. The code incorrectly uses 'count' as the index for null...

7.8CVSS6.8AI score0.00186EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/04 4:8 p.m.33 views

CVE-2026-23092 iio: dac: ad3552r-hs: fix out-of-bound write in ad3552r_hs_write_data_source

In the Linux kernel, the following vulnerability has been resolved: iio: dac: ad3552r-hs: fix out-of-bound write in ad3552rhswritedatasource When simplewritetobuffer succeeds, it returns the number of bytes actually copied to the buffer. The code incorrectly uses 'count' as the index for null...

0.00186EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.9 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from incorrectly sized write data, which could lead to a buffer overflow...

6.5AI score0.00167EPSS
Exploits0References4
CVE
CVE
added 2025/12/02 10:39 a.m.30 views

CVE-2025-41742

The CVE-2025-41742 entry concerns Sprecher Automations SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3. Affected components are the system’s cryptographic keys, with a root cause described as the use of default cryptographic keys that can be exploited by an unauthorized remote attacker. Consequences s...

9.8CVSS6.7AI score0.00435EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2025/12/01 9:43 p.m.4 views

Directory Traversal

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Directory Traversal due to using Frontmatter form. An attacker can access arbitrary files on the server, including sensitive user account file...

8.5CVSS7.6AI score0.00397EPSS
Exploits1References2
Rows per page
Query Builder