Lucene search
+L

381 matches found

osv
osv
added yesterday5 views

ROOT-OS-DEBIAN-13-CVE-2026-53106 CVE-2026-53106 in rootio-linux - Patched by Root

Root has patched CVE-2026-53106 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.8AI score0.00145EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/07/10 12:0 a.m.8 views

PT-2026-57334

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 16.16.0 Frappe versions prior to 15.106.0 Description User enumeration is possible through the 'reset password' endpoint. User enumeration is a technique used to verify if a specific user exists within a system by...

6.9CVSS6.1AI score0.00354EPSS
Exploits0References11
cve
cve
added 2026/07/08 8:50 p.m.16 views

CVE-2026-15163

CVE-2026-15163 affects Wireshark up to 4.6.6 and 4.4.16, where multiple protocol dissectors can enter infinite loops due to an unreachable exit condition, causing denial of service (application unresponsiveness). Severity varies by source: NVD lists CVSSv3.1 impact as High (AV:N/AC:L/PR:N/UI:N/S:...

7.5CVSS5.9AI score0.00187EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2026/07/06 2:30 a.m.41 views

CVE-2026-14791 crater-invoice-inc crater Invoice Note InvoicesRequest.php getFormattedString cross site scripting

A weakness has been identified in crater-invoice-inc crater up to 6.0.6. This affects the function getFormattedString of the file app/Http/Requests/InvoicesRequest.php of the component Invoice Note Handler. Executing a manipulation of the argument notes can lead to cross site scripting. The attac...

5.1CVSS0.00203EPSS
Exploits0References6
osv
osv
added 2026/06/30 10:16 a.m.4 views

DEBIAN-CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.12 views

PT-2026-52476

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0670 Description The get text props function in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textprop T entries that follow. Because the count ...

6.1CVSS5.8AI score0.00113EPSS
Exploits0References5
euvd
euvd
added 2026/06/24 12:49 a.m.18 views

EUVD-2026-38641

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended ...

8.9CVSS6.2AI score0.00191EPSS
Exploits0References3
nvd
nvd
added 2026/06/17 1:20 p.m.9 views

CVE-2026-40721

Contributor Local File Inclusion in Element Pack Pro = 9.0.6 versions...

7.5CVSS0.004EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/17 9:50 a.m.32 views

CVE-2026-40721 WordPress Element Pack Pro plugin <= 9.0.6 - Local File Inclusion vulnerability

Contributor Local File Inclusion in Element Pack Pro = 9.0.6 versions...

7.5CVSS0.004EPSS
Exploits0References1
circl
circl
added 2026/06/16 5:0 a.m.10 views

CVE-2026-0646

creationtimestamp| type| source ---|---|--- 2026-06-16 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-05 2026-06-16 16:12:33+00:00| seen| https://bsky.app/profile/boredchilada.bsky.social/post/3mog6uxnajr2d 2026-06-16 17:25:57+00:00| seen|...

8.7CVSS4.9AI score0.00343EPSS
Exploits0References3
euvd
euvd
added 2026/06/15 8:18 p.m.7 views

EUVD-2026-36840

Unauthenticated Cross Site Scripting XSS in Product Filter Widget for Elementor = 1.0.6 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 6:1 p.m.185 views

CVE-2026-12143 form-data does not escape CR/LF/quote in multipart field names and filenames (CRLF injection)

form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header without escaping carriage return CR, line feed LF, or double-quote "...

8.7CVSS5.4AI score0.00409EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.21 views

PT-2026-47639

Name of the Vulnerable Software and Affected Versions Product Filter Widget for Elementor versions prior to 1.0.7 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts. This is achieved via a CSRF-style form auto-submission...

6.1CVSS5.7AI score0.00205EPSS
Exploits0References6
githubexploit
githubexploit
added 2026/06/05 8:28 p.m.303 views

Exploit for CVE-2026-34908

UniFi OS Server Unauth RCE Chain Detection Script A safe dete...

10CVSS6.4AI score0.78555EPSS
Exploits4
redhatcve
redhatcve
added 2026/06/05 7:16 p.m.12 views

CVE-2026-42747

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through = 4.0.6...

9.3CVSS5.6AI score0.00236EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:14 p.m.10 views

CVE-2026-40108

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7...

7.1CVSS5.3AI score0.00268EPSS
Exploits0References1
snyk
snyk
added 2026/06/03 4:25 p.m.12 views

Incomplete Comparison with Missing Factors

Overview Affected versions of this package are vulnerable to Incomplete Comparison with Missing Factors in the hasvaryheader function. An attacker can gain access to cached responses intended for other users by sending requests with whitespace-padded Vary header values. Remediation Upgrade django...

5.9CVSS5.4AI score0.00354EPSS
Exploits0References2
ibm
ibm
added 2026/06/03 2:39 p.m.10 views

Security Bulletin: A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests. (CVE-2026-4096)

Summary A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests. Version 3.0.7 addresses the vulnerability. Vulnerability Details CVEID:CVE-2026-4096 DESCRIPTION: IBM DevOps Plan is vulnerable t...

6.5CVSS5.7AI score0.00149EPSS
Exploits0Affected Software1
pypa
pypa
added 2026/06/03 2:16 p.m.21 views

PYSEC-2026-197

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS5.4AI score0.00359EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/06/03 1:16 p.m.12 views

CVE-2026-7666

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

3.1CVSS5.8AI score0.0015EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder