Lucene search
K

367637 matches found

CVE
CVE
added 2026/05/27 3:15 p.m.18 views

CVE-2026-44475

CVE-2026-44475 affects Ella Core (private 5G core). Prior to version 1.10.0, the PathSwitchRequest handling does not verify UE Security Capabilities against locally stored values, allowing a malicious gNB to overwrite a UE’s security capabilities with arbitrary values via a crafted PathSwitchRequ...

6.1CVSS5.9AI score0.00148EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 3:14 p.m.15 views

CVE-2026-44474

Ella Core (5G private-net Core) is affected prior to version 1.10.0 by a race in security procedures: it did not enforce TS 33.501 §6.9.5.1 when Security Mode Command and N2 handover run concurrently. This can cause a KgNB mismatch between the UE and target gNB, leading to handover failure. The i...

3.7CVSS5.8AI score0.00134EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 3:12 p.m.19 views

CVE-2026-49054

CVE-2026-49054 concerns WordPress plugin The Post Grid (versions up to 7.9.2). The issue is a Missing Authorization / Broken Access Control vulnerability caused by misconfigured access control logic, allowing unauthorized access where restrictions should apply. Public sources in the connected rec...

4.3CVSS5.8AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 3:10 p.m.26 views

CVE-2026-44353

CVE-2026-44353 affects Streamlink (CLI) prior to 8.4.0. The HLS/DASH parsers do not validate the URI scheme of segment entries, so a remote .m3u8 or .mpd manifest can reference file:// URIs. Streamlink may read local files and write their contents to the output stream, enabling potential disclosu...

6.5CVSS5.8AI score0.00345EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/05/27 3:9 p.m.54 views

CVE-2026-42790

Erlang OTP has a vulnerability (CVE-2026-42790) in the public_key module (pubkey_cert and public_key) where DNS nameConstraints can be bypassed via CommonName fallback in TLS hostname verification. The issue occurs because pubkey_cert:validate_names/6 only checks SAN DNS entries against nameConst...

8.1CVSS5.8AI score0.00338EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2026/05/27 3:7 p.m.89 views

CVE-2026-44839

RabbitMQ vulnerability (CVE-2026-44839) affects the RabbitMQ server management UI due to unsanitized vhost names, enabling cross-site scripting. Affected versions are 3.7.0 up to but not including 4.1.2 and 4.0.13. The issue is fixed in 4.1.2 and 4.0.13. No exploitation status is provided in the ...

5.6CVSS5.8AI score0.0018EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/27 3:3 p.m.135 views

CVE-2026-44838

RabbitMQ MQTT plugin contains a permission bypass vulnerability: topic-level authorization uses user-supplied client_id substituted into a regex pattern without escaping. From 4.2.0 up to before 4.2.4, an authenticated MQTT user could inject regex operators to bypass topic restrictions. The issue...

8.1CVSS5.8AI score0.0025EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:59 p.m.20 views

CVE-2026-48545

CVE-2026-48545 : Gradio before 6.15.0 is affected by a cookie injection vulnerability due to a shared module‑level HTTP client used by the reverse proxy endpoint. Attackers controlling any HF Space can return a parent‑domain cookie that the shared client stores and automatically replays into subs...

7.6CVSS5.9AI score0.00355EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/27 2:59 p.m.21 views

CVE-2026-45570

Technical details beyond the initial description are not present in the connected documents; monitor for updates.

9.6CVSS5.8AI score0.00365EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:58 p.m.77 views

CVE-2026-49053

CVE-2026-49053 applies to the WordPress plugin ElementsKit Elementor addons Lite (versions

5.3CVSS5.8AI score0.00187EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:57 p.m.28 views

CVE-2026-45571

Summary for CVE-2026-45571 (go-git) : The vulnerability affects the go-git library prior to version 5.19.1 and 6.0.0-alpha.4, where a path validation issue could allow crafted repository data to affect files outside the intended checkout target, including the repository’s .git directory. The root...

5.4CVSS5.8AI score0.00297EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:55 p.m.26 views

CVE-2026-49052

CVE-2026-49052 affects the WordPress ElementsKit Elementor addons Lite plugin up to version 3.9.6. The issue is described as a Missing Authorization/Broken Access Control vulnerability, caused by incorrectly configured access control security levels that potentially allow unauthorized actions wit...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:54 p.m.45 views

CVE-2026-45022

CVE-2026-45022 affects the Go Git library, go-git, where prior to v5.19.0 and v6.0.0-alpha.3 it may parse malformed commit/tag objects differently from upstream Git. The decoded representation can expose values differently and the commit signing/verification may operate on reconstructed data rath...

7.5CVSS5.8AI score0.00159EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:53 p.m.18 views

CVE-2026-49051

CVE-2026-49051 affects the WordPress plugin WP Meta and Date Remover up to version 2.3.6. The issue is a Missing Authorization vulnerability caused by broken access control that allows exploitation through incorrectly configured access levels. Documents indicate affected plugin versions and a med...

4.3CVSS5.8AI score0.0022EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:51 p.m.47 views

CVE-2026-49047

The CVE describes a Missing Authorization / Broken Access Control issue in the WordPress DearFlip (DearFlip) plugin, affected versions are WordPress DearFlip up to 2.4.27. The root cause is incorrectly configured access control security levels in DearFlip, enabling a lack of proper authorization ...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:49 p.m.19 views

CVE-2026-49046

The CVE-2026-49046 entry concerns the WordPress plugin Duplicate Page and Post by Arjun Thakur, with an SQL Injection vulnerability caused by improper neutralization of special elements in SQL commands . Affected are plugin versions from unspecified earliest up to 2.9.5 . The CVSS 3.1 baseline sc...

8.5CVSS5.9AI score0.00303EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:49 p.m.38 views

CVE-2026-44902

Summary: CVE-2026-44902 affects the OpenTelemetry JS client, specifically the Prometheus exporter in opentelemetry-js prior to 0.217.0. A single malformed HTTP request to the default metrics endpoint (0.0.0.0:9464) has no URL parsing error handling, causing an uncaught TypeError that crashes the ...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:46 p.m.22 views

CVE-2026-49044

The CVE-2026-49044 entry affects WordPress Plugin Advanced Custom Fields: Font Awesome Field (versions

6.5CVSS5.8AI score0.00182EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:44 p.m.18 views

CVE-2026-49045

The CVE-2026-49045 entry concerns the WordPress Adminimize plugin (versions up to 1.11.11). Affected component: Adminimize’s access control logic, with a Missing Authorization / Broken Access Control vulnerability. Root cause: improperly configured access control security levels that allow exploi...

4.3CVSS5.8AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:43 p.m.19 views

CVE-2026-44971

CVE-2026-44971 affects GuardDog (CLI tool to identify malicious PyPI packages). From version 1.0.0 through 2.9.0, GuardDog’s remote project scanning path rewrites attacker-controlled repository URLs via a blind string replacement and then sends the caller’s GitHub credentials with the resulting r...

8.2CVSS5.8AI score0.00198EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:42 p.m.17 views

CVE-2026-44972

GuardDog (CLI) versions 2.6.0–2.9.0 output attacker-controlled filenames, file locations, messages, and code snippets without escaping terminal control characters. This allows injection of ANSI/OSC escape sequences into analyst terminals or CI logs, enabling terminal manipulation or spoofed outpu...

5CVSS5.9AI score0.00113EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:39 p.m.19 views

CVE-2026-42280

The CVE reports an issue in auth0-js where versions 8.11.0–9.32.0 may improperly return user profile information when a valid access token is used with a crafted invalid ID token, in scenarios where access control relies on Auth0 Actions. Root cause: improper validation in the Auth0.js SDK. Impac...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:37 p.m.22 views

CVE-2026-49103

CVE-2026-49103 affects Webmin prior to 2.640. The issue occurs in the mailboxes/detachall.cgi path where a filename is not safely constructed when saving an attachment, enabling a high-severity impact as indicated by the CVSS: 9.4 (CRITICAL) with CONFIDENTIALITY/INTEGRITY/AVAILABILITY impact. Det...

9.4CVSS5.8AI score0.00303EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 2:37 p.m.23 views

CVE-2026-48544

Taipy 4.1.1 contains a path traversal vulnerability in ElementLibrary.get_resource() within taipy/gui/extension/library.py. The issue arises from an incomplete directory containment check using str.startswith() without a trailing path separator, allowing crafted GET requests with path traversal s...

8.7CVSS5.8AI score0.00409EPSS
Exploits0References4
CVE
CVE
added 2026/05/27 2:35 p.m.22 views

CVE-2026-9712

CVE-2026-9712 concerns the pretix API where exporting creates a UUID for the export job and later a download request uses that UUID. The root cause is that one API endpoint did not verify that the download UUID actually corresponds to a file that is downloadable and belongs to the correct user. T...

7CVSS5.8AI score0.00219EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:33 p.m.19 views

CVE-2026-49059

CVE-2026-49059 : Open Redirect vulnerability in WordPress Facebook for WooCommerce plugin (

4.7CVSS5.8AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:31 p.m.22 views

CVE-2026-49102

Webmin versions prior to 2.640 are affected by CVE-2026-49102. The issue is an XSS in the mailboxes/detach.cgi component triggered by viewing an SVG document attachment, caused by using image/svg+xml instead of a safe type (e.g., text/plain). Impact is potential cross-site scripting within the ma...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 2:29 p.m.19 views

CVE-2026-42184

Tauri versions 2.0–2.11.0 contain an Origin Confusion flaw in is_local_url() on Windows and Android. The code checks only the first subdomain of the URL, mapping custom URI schemes to http://.localhost/ due to WebView limitations. An attacker can host a page whose subdomain matches the app’s regi...

8.8CVSS5.8AI score0.00312EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/05/27 2:28 p.m.30 views

CVE-2026-48973

The CVE-2026-48973 entry applies to the WordPress plugin SVG Support (versions up to 2.5.14). The vulnerability is described as a Missing Authorization / Broken Access Control issue caused by incorrectly configured access control security levels, affecting SVG Support. The CVSS 3.1 base score is ...

4.3CVSS5.8AI score0.002EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:26 p.m.23 views

CVE-2026-44988

CVE-2026-44988 concerns LibVNCClient (0.9.15 and earlier) where the Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter and does not reject Wide Tight rectangles. A malicious VNC server can send a FramebufferUpdate rectangle encoded with Tight (NoZlib | Expli...

8.8CVSS5.8AI score0.00242EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 2:26 p.m.19 views

CVE-2026-47119

CVE-2026-47119 concerns Agent Zero before version 1.15, which is affected by a stored XSS via the image_get API endpoint. The vulnerability arises when SVG files are served without proper headers (no Content-Security-Policy, X-Content-Type-Options, or Content-Disposition), allowing an attacker to...

6.1CVSS5.9AI score0.00236EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 2:23 p.m.24 views

CVE-2026-6957

Mattermost Plugin versions ≤ 1.1.5 are affected by a path traversal vulnerability in the export path construction from unsanitized filenames received from federated peers. An attacker — specifically an administrator of a remote federated Mattermost server — can cause files to be written to arbitr...

8CVSS6AI score0.00296EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:22 p.m.19 views

CVE-2026-47118

Agent Zero prior to 1.15 is affected by a path traversal vulnerability in the image_get API that allows unauthenticated attackers to read arbitrary files. The issue stems from relying solely on an extension allowlist while the path containment check is disabled, enabling requests for any file wit...

7.1CVSS5.9AI score0.00375EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 2:20 p.m.16 views

CVE-2026-1248

Technical details (affected components, root cause, remediation) are not publicly available in the provided documents; monitor for updates.

4.3CVSS5.8AI score0.00219EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:19 p.m.19 views

CVE-2026-44830

CVE-2026-44830 affects Nocturne Memory prior to 2.4.1. When API_TOKEN is unset or empty, BearerTokenAuthMiddleware does not enforce authentication for all HTTP requests. Coupled with a default 0.0.0.0 host binding and CORS allow_origins=[""], this lets any LAN-reachable client access the Knowledg...

8.7CVSS5.9AI score0.00215EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:14 p.m.17 views

CVE-2026-9674

CVE-2026-9674 is a CSRF vulnerability in Jenkins Multijob Plugin (versions including 662.vd2e0001f6b_b_d and earlier) that allows an attacker to resume failed Multijob builds. The NVD/NVD-derived data attributes a CVSS v3.1 base score of 4.3 (Medium) with network attack vector, low attack complex...

4.3CVSS5.7AI score0.00152EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.20 views

CVE-2026-48927

CVE-2026-48927 affects the Jenkins plugin buildgraph-view up to version 1.8. The issue is that the plugin does not escape the build URL, leading to a stored cross-site scripting (XSS) vulnerability when a user with permission can configure jobs or views. According to the sources, this vulnerabili...

5.5CVSS5.6AI score0.00176EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.26 views

CVE-2026-48926

The CVE-2026-48926 entry concerns Jenkins Job Import Plugin (versions 143.v044a_2e819b_27 and earlier) where an HTTP endpoint does not enforce a permission check. The flaw enables users with Overall/Read access to enumerate credentials IDs stored in Jenkins, indicating an authorization issue with...

4.3CVSS5.8AI score0.00178EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.18 views

CVE-2026-48924

The CVE-2026-48924 entry concerns Jenkins Bitbucket OAuth Plugin affected in versions 0.17 and earlier. The root cause is insufficient validation of the redirect URL after login, which enables phishing attacks by deceiving users during OAuth flow. The impact is phishing risk; no exploitation deta...

4.3CVSS5.8AI score0.00216EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.20 views

CVE-2026-48925

CVE-2026-48925 is a CSRF vulnerability in the Jenkins GitHub Integration Plugin, affected

4.3CVSS5.7AI score0.00109EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.20 views

CVE-2026-48923

Jenkins AppSpider Plugin 1.0.17 and earlier is affected by a permission-check bypass in a form-validation method. The issue allows attackers with Overall/Read permissions to connect to an attacker-specified URL, enabling potential external requests from the plugin context. The affected component ...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.23 views

CVE-2026-48921

CVE-2026-48921 affects Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier. The root cause is that the plugin does not prohibit symbolic links in shared libraries, which allows an attacker who can control the library content used by a Pipeline job to read arbitrary files o...

7.5CVSS5.9AI score0.00301EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.20 views

CVE-2026-48922

CVE-2026-48922 affects Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier. The issue is improper sanitization of file names for file and zip file credentials, enabling a job to write files to arbitrary locations on the node filesystem. This can lead to remote code execution if Jenk...

7.5CVSS6.5AI score0.00364EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.20 views

CVE-2026-48920

CVE-2026-48920 affects Jenkins’ Email Extension Plugin (versions up to 1933.v45cec755423f and earlier). The vulnerability arises when inlining images as base64 via the data-inline attribute, with no restrictions on inlined image URLs, enabling an attacker-controlled email to specify file: URLs an...

8.8CVSS5.9AI score0.00299EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.19 views

CVE-2026-48919

CVE-2026-48919 affects Jenkins’ Active Directory Plugin (2.41 and earlier). The root cause is that the plugin deserializes data from LDAP referrals without validation. This leads to potential impact on confidentiality, integrity, and availability (CVSS v3.1 base score 6.6, MEDIUM). The exploitati...

6.6CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.23 views

CVE-2026-48918

Technical details about CVE-2026-48918 are not publicly available in the provided documents; monitor for updates from official advisories (e.g., Jenkins security notices) for new information.

6.6CVSS5.8AI score0.00232EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.19 views

CVE-2026-48917

CVE-2026-48917 affects Jenkins LDAP Plugin (807.v7d7de30930cf and earlier). The issue is that it deserializes data from LDAP referrals without validation, with CVSS 3.1 base score 6.6 (Medium) and impacts on confidentiality, integrity, and availability rated High. Exploitation details are not pro...

6.6CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.22 views

CVE-2026-48916

The CVE-2026-48916 entry concerns Jenkins LDAP Plugin up to version 807.v7d7de30930cf and earlier, which follows LDAP referrals. The available connected documents identify the affected component (Jenkins LDAP Plugin) and the specific version range, with CVSSv3.1 vectors indicating Network attack,...

6.6CVSS5.8AI score0.00285EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 1:56 p.m.22 views

CVE-2026-7876

CVE-2026-7876 is an authentication bypass in IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I). Affected CP4I HSTS versions are 1.5.1–1.5.19. The vulnerability (CWE-287) could allow a transfer client to access files in the server’s local storage that should be restricted....

9.1CVSS5.3AI score0.00312EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 1:55 p.m.24 views

CVE-2026-7365

CVE-2026-7365 affects IBM Operations Analytics - Log Analysis (and IBM SmartCloud Analytics - Log Analysis) where default passwords from manufacturing are used during installation, enabling potential authentication bypass. The IBM advisory lists affected versions of IBM Operations Analytics - Log...

8.4CVSS5.8AI score0.00122EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities367637