Lucene search
K

367748 matches found

CVE
CVE
added 2026/05/27 2:31 p.m.22 views

CVE-2026-49102

Webmin versions prior to 2.640 are affected by CVE-2026-49102. The issue is an XSS in the mailboxes/detach.cgi component triggered by viewing an SVG document attachment, caused by using image/svg+xml instead of a safe type (e.g., text/plain). Impact is potential cross-site scripting within the ma...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 2:29 p.m.19 views

CVE-2026-42184

Tauri versions 2.0–2.11.0 contain an Origin Confusion flaw in is_local_url() on Windows and Android. The code checks only the first subdomain of the URL, mapping custom URI schemes to http://.localhost/ due to WebView limitations. An attacker can host a page whose subdomain matches the app’s regi...

8.8CVSS5.8AI score0.00312EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/05/27 2:28 p.m.31 views

CVE-2026-48973

The CVE-2026-48973 entry applies to the WordPress plugin SVG Support (versions up to 2.5.14). The vulnerability is described as a Missing Authorization / Broken Access Control issue caused by incorrectly configured access control security levels, affecting SVG Support. The CVSS 3.1 base score is ...

4.3CVSS5.8AI score0.002EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:26 p.m.23 views

CVE-2026-44988

CVE-2026-44988 concerns LibVNCClient (0.9.15 and earlier) where the Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter and does not reject Wide Tight rectangles. A malicious VNC server can send a FramebufferUpdate rectangle encoded with Tight (NoZlib | Expli...

8.8CVSS5.8AI score0.00242EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 2:26 p.m.19 views

CVE-2026-47119

CVE-2026-47119 concerns Agent Zero before version 1.15, which is affected by a stored XSS via the image_get API endpoint. The vulnerability arises when SVG files are served without proper headers (no Content-Security-Policy, X-Content-Type-Options, or Content-Disposition), allowing an attacker to...

6.1CVSS5.9AI score0.00236EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 2:23 p.m.24 views

CVE-2026-6957

Mattermost Plugin versions ≤ 1.1.5 are affected by a path traversal vulnerability in the export path construction from unsanitized filenames received from federated peers. An attacker — specifically an administrator of a remote federated Mattermost server — can cause files to be written to arbitr...

8CVSS6AI score0.00296EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:22 p.m.19 views

CVE-2026-47118

Agent Zero prior to 1.15 is affected by a path traversal vulnerability in the image_get API that allows unauthenticated attackers to read arbitrary files. The issue stems from relying solely on an extension allowlist while the path containment check is disabled, enabling requests for any file wit...

7.1CVSS5.9AI score0.00375EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 2:20 p.m.16 views

CVE-2026-1248

Technical details (affected components, root cause, remediation) are not publicly available in the provided documents; monitor for updates.

4.3CVSS5.8AI score0.00219EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:19 p.m.19 views

CVE-2026-44830

CVE-2026-44830 affects Nocturne Memory prior to 2.4.1. When API_TOKEN is unset or empty, BearerTokenAuthMiddleware does not enforce authentication for all HTTP requests. Coupled with a default 0.0.0.0 host binding and CORS allow_origins=[""], this lets any LAN-reachable client access the Knowledg...

8.7CVSS5.9AI score0.00215EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:14 p.m.17 views

CVE-2026-9674

CVE-2026-9674 is a CSRF vulnerability in Jenkins Multijob Plugin (versions including 662.vd2e0001f6b_b_d and earlier) that allows an attacker to resume failed Multijob builds. The NVD/NVD-derived data attributes a CVSS v3.1 base score of 4.3 (Medium) with network attack vector, low attack complex...

4.3CVSS5.7AI score0.00152EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.20 views

CVE-2026-48927

CVE-2026-48927 affects the Jenkins plugin buildgraph-view up to version 1.8. The issue is that the plugin does not escape the build URL, leading to a stored cross-site scripting (XSS) vulnerability when a user with permission can configure jobs or views. According to the sources, this vulnerabili...

5.5CVSS5.6AI score0.00176EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.26 views

CVE-2026-48926

The CVE-2026-48926 entry concerns Jenkins Job Import Plugin (versions 143.v044a_2e819b_27 and earlier) where an HTTP endpoint does not enforce a permission check. The flaw enables users with Overall/Read access to enumerate credentials IDs stored in Jenkins, indicating an authorization issue with...

4.3CVSS5.8AI score0.00178EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.18 views

CVE-2026-48924

The CVE-2026-48924 entry concerns Jenkins Bitbucket OAuth Plugin affected in versions 0.17 and earlier. The root cause is insufficient validation of the redirect URL after login, which enables phishing attacks by deceiving users during OAuth flow. The impact is phishing risk; no exploitation deta...

4.3CVSS5.8AI score0.00216EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.20 views

CVE-2026-48925

CVE-2026-48925 is a CSRF vulnerability in the Jenkins GitHub Integration Plugin, affected

4.3CVSS5.7AI score0.00109EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.20 views

CVE-2026-48923

Jenkins AppSpider Plugin 1.0.17 and earlier is affected by a permission-check bypass in a form-validation method. The issue allows attackers with Overall/Read permissions to connect to an attacker-specified URL, enabling potential external requests from the plugin context. The affected component ...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.23 views

CVE-2026-48921

CVE-2026-48921 affects Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier. The root cause is that the plugin does not prohibit symbolic links in shared libraries, which allows an attacker who can control the library content used by a Pipeline job to read arbitrary files o...

7.5CVSS5.9AI score0.00301EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.20 views

CVE-2026-48922

CVE-2026-48922 affects Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier. The issue is improper sanitization of file names for file and zip file credentials, enabling a job to write files to arbitrary locations on the node filesystem. This can lead to remote code execution if Jenk...

7.5CVSS6.5AI score0.00364EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.20 views

CVE-2026-48920

CVE-2026-48920 affects Jenkins’ Email Extension Plugin (versions up to 1933.v45cec755423f and earlier). The vulnerability arises when inlining images as base64 via the data-inline attribute, with no restrictions on inlined image URLs, enabling an attacker-controlled email to specify file: URLs an...

8.8CVSS5.9AI score0.00299EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.19 views

CVE-2026-48919

CVE-2026-48919 affects Jenkins’ Active Directory Plugin (2.41 and earlier). The root cause is that the plugin deserializes data from LDAP referrals without validation. This leads to potential impact on confidentiality, integrity, and availability (CVSS v3.1 base score 6.6, MEDIUM). The exploitati...

6.6CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.23 views

CVE-2026-48918

Technical details about CVE-2026-48918 are not publicly available in the provided documents; monitor for updates from official advisories (e.g., Jenkins security notices) for new information.

6.6CVSS5.8AI score0.00232EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.19 views

CVE-2026-48917

CVE-2026-48917 affects Jenkins LDAP Plugin (807.v7d7de30930cf and earlier). The issue is that it deserializes data from LDAP referrals without validation, with CVSS 3.1 base score 6.6 (Medium) and impacts on confidentiality, integrity, and availability rated High. Exploitation details are not pro...

6.6CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 2:13 p.m.22 views

CVE-2026-48916

The CVE-2026-48916 entry concerns Jenkins LDAP Plugin up to version 807.v7d7de30930cf and earlier, which follows LDAP referrals. The available connected documents identify the affected component (Jenkins LDAP Plugin) and the specific version range, with CVSSv3.1 vectors indicating Network attack,...

6.6CVSS5.8AI score0.00285EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 1:56 p.m.22 views

CVE-2026-7876

CVE-2026-7876 is an authentication bypass in IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I). Affected CP4I HSTS versions are 1.5.1–1.5.19. The vulnerability (CWE-287) could allow a transfer client to access files in the server’s local storage that should be restricted....

9.1CVSS5.3AI score0.00312EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 1:55 p.m.24 views

CVE-2026-7365

CVE-2026-7365 affects IBM Operations Analytics - Log Analysis (and IBM SmartCloud Analytics - Log Analysis) where default passwords from manufacturing are used during installation, enabling potential authentication bypass. The IBM advisory lists affected versions of IBM Operations Analytics - Log...

8.4CVSS5.8AI score0.00122EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 1:55 p.m.28 views

CVE-2026-9617

CVE-2026-9617 — PostgreSQL Anonymizer: A vulnerability lets a user gain superuser privileges by creating a table and embedding malicious code in a column identifier, executed when a superuser runs the k_anonymity() function. Affected environment includes PostgreSQL Anonymizer extensions; higher r...

8.8CVSS5.9AI score0.0025EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/05/27 1:50 p.m.19 views

CVE-2024-56462

IBM QRadar SIEM 7.5.0 to 7.5.0 UP15 Interim Fix 002 contains a vulnerability where a privileged user can upload a malicious backup archive, which could be restored to gain access to the underlying operating system. Affected versions: 7.5.0 through UP15 IF002. Root cause and exact remediation are ...

8.8CVSS5.8AI score0.00463EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 1:48 p.m.10 views

CVE-2024-40684

CVE-2024-40684 affects IBM Operations Analytics – Log Analysis (versions 1.3.5.0–1.3.8.4). The root cause is weaknesses in backend authentication and session management that allow weak password policy enforcement by default, facilitating potential account compromise. Impact is described as a lack...

9.8CVSS5.8AI score0.0036EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 1:47 p.m.14 views

CVE-2024-28765

IBM Security Directory Integrator (SDI) and Security Director/Directory Integrator components are affected: SDI 7.2.0.0–7.2.0.14 and IBM Security Directory Integrator 10.0.0.0–10.0.0.2 could allow a remote attacker to obtain sensitive information via a detailed error message returned in the brows...

5.3CVSS5.8AI score0.00385EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 1:22 p.m.17 views

CVE-2026-48808

Technical details for CVE-2026-48808 are not publicly available in the provided documents. Monitor for updates.

Exploits0References5
CVE
CVE
added 2026/05/27 1:22 p.m.15 views

CVE-2026-48807

Technical details for CVE-2026-48807 are not publicly available in the provided documents. No affected products, root cause, or remediation are disclosed; monitor for updates.

Exploits0References5
CVE
CVE
added 2026/05/27 1:21 p.m.14 views

CVE-2026-48806

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-48806.

Exploits0References5
CVE
CVE
added 2026/05/27 1:21 p.m.20 views

CVE-2026-48805

Technical details about CVE-2026-48805 are not publicly provided in the supplied documents; monitor for updates.

Exploits0References5
CVE
CVE
added 2026/05/27 1:21 p.m.22 views

CVE-2026-9035

IBM Aspera High-Speed Transfer Endpoint (versions 3.7.4–4.4.7 Fix Pack 1) and IBM Aspera High-Speed Transfer Server (same range) are affected by an arbitrary file read in the asperahttpd component. The issue allows an authenticated user to access files in the server’s local storage that should be...

6.5CVSS5.9AI score0.00325EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2026/05/27 1:21 p.m.15 views

CVE-2026-46636

Technical details for CVE-2026-46636 are not publicly available in the provided documents. Monitor for updates; the supplied information does not specify affected products, impact, or remediation.

Exploits0
CVE
CVE
added 2026/05/27 1:21 p.m.36 views

CVE-2026-23679

CVE-2026-23679 affects libusb 0 but is followed by a class-specific descriptor whose bLength exceeds the remaining buffer, causing an early return without allocating the endpoint array. Exploitation vectors include providing crafted descriptors via libusb_get_active_config_descriptor or libusb_g...

6.9CVSS5.9AI score0.00184EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/27 1:20 p.m.17 views

CVE-2026-8405

The vulnerability CVE-2026-8405 affects IBM Guardium Data Protection (Guardium Data Protection add-on) with the Long Term Retention (LTR) feature, where sensitive credentials can be exposed in debug mode. Affected versions are 12.2.1 and 12.2.2; the issue is described as CWE-200 (Exposure of Sens...

6.5CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 1:20 p.m.31 views

CVE-2026-47104

CVE-2026-47104 affects libusb before 1.0.30. The vulnerability is a one-byte out-of-bounds read in parse_iad_array() in descriptor.c, allowing a denial of service when a malformed USB descriptor is supplied with bLength equal to size minus one, causing the bounds check to use the original buffer ...

5.5CVSS5.9AI score0.0013EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/27 1:20 p.m.18 views

CVE-2026-8180

CVE-2026-8180 affects IBM Aspera High-Speed Transfer Endpoint (3.7.4–4.4.7 FP1) and Server (3.7.4–4.4.7 FP1). The asperahttpd component is vulnerable to a denial-of-service that allows an unauthenticated user to crash the asperahttpd service. The connected IBM security bulletin enumerates multipl...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2026/05/27 1:20 p.m.18 views

CVE-2026-48972

SeedProd Pro for WordPress is affected by a Local File Inclusion vulnerability (CVE-2026-48972) due to improper control of filename for include/require in PHP. Affected product/version: SeedProd Pro before 6.19.5. The underlying issue allows PHP Local File Inclusion, as described in multiple sour...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 1:17 p.m.26 views

CVE-2026-8179

CVE-2026-8179 affects IBM Aspera High-Speed Transfer Endpoint/Server 3.7.4–4.4.7 Fix Pack 1, with a buffer overflow in the asperahttpd component. An authenticated user could execute arbitrary code on the system (impact: high). Public details across connected documents confirm the affected product...

8.8CVSS6.5AI score0.00401EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2026/05/27 1:17 p.m.15 views

CVE-2026-8175

IBM Aspera High-Speed Transfer Endpoint 3.7.4–4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4–4.4.7 Fix Pack 1 are affected by a buffer overflow in the asperahttpd component. This can lead to denial of service and may allow authentication bypass or remote code execution. CVSS v3....

9.8CVSS6.4AI score0.0058EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2026/05/27 1:16 p.m.22 views

CVE-2026-7528

IBM Langflow OSS versions 1.0.0–1.9.0 are vulnerable to an unauthenticated file upload that allows unlimited uploads via the deprecated /api/v1/upload/{flow_id} endpoint, enabling DoS through uncontrolled resource consumption and potential absolute path disclosure in API responses. The root cause...

7.5CVSS5.8AI score0.00215EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 1:14 p.m.24 views

CVE-2026-7524

Langflow OSS vulnerable versions 1.0.0–1.9.1 suffer remote code execution due to improper validation of symbolic links during tar archive extraction. An attacker can craft tar files with symlinks to read arbitrary files (path traversal) and process them in the vector database, potentially forging...

9.8CVSS6.4AI score0.00624EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 1:12 p.m.20 views

CVE-2026-7254

IBM OPENBMC firmware FW1110.00–FW1110.11 is vulnerable to denial of service via the BMC HTTPS interface by unauthenticated network users. The IBM bulletin identifies the affected product as OPENBMC and specifies that the vulnerability stems from improper validation in the HTTPS service, with CVSS...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 1:11 p.m.24 views

CVE-2026-6938

IBM Db2 12.1.0–12.1.4 is vulnerable to an authorization bypass when uploading to a remote object storage path using a special query. The root cause is improper authorization (CWE-285). Affected products/versions: IBM Db2 Server 12.1.0–12.1.4 on Linux/Unix. Impact: authorization bypass potential d...

7.5CVSS5.8AI score0.00185EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 1:10 p.m.17 views

CVE-2026-6936

CVE-2026-6936 affects IBM i versions 7.3–7.6 (5770-999). The vulnerability is due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler, enabling an authenticated attacker to cause a denial-of-service by compiling specially crafted source code. CVSS v3.1 base score is 6....

6.5CVSS5.9AI score0.0024EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 1:10 p.m.19 views

CVE-2026-6053

IBM Db2 is affected by CVE-2026-6053: denial of service when a specially crafted query runs against range-partitioned tables. Affected: Db2 Server 11.5.0–11.5.9 and 12.1.0–12.1.4. CVSS v3.1 base score 5.5 (LOCAL attack, low complexity, high impact on availability). Root cause: CWE-770 (unbounded ...

5.5CVSS5.8AI score0.00098EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 1:9 p.m.16 views

CVE-2026-6052

IBM Db2 is vulnerable to memory exhaustion when executing certain queries involving MDC tables. Affected products and versions: IBM Db2 11.5.0–11.5.9 and 12.1.0–12.1.4. IBM’s advisory notes that mitigation includes applying interim special builds (V11.5.9 and V12.1.4) via Fix Central and avoiding...

7.5CVSS5.8AI score0.00243EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 1:7 p.m.19 views

CVE-2026-6051

CVE-2026-6051 affects IBM Db2 11.5.0–11.5.9 and 12.1.0–12.1.4. The vulnerability is a denial of service caused by executing a specially crafted query that consumes the statement heap. Impact is a high availability concern for affected Db2 client and server installations. IBM’s bulletin confirms a...

7.5CVSS5.8AI score0.00177EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 1:0 p.m.25 views

CVE-2026-5516

CVE-2026-5516 affects IBM WebSphere Application Server Liberty 22.0.0.11–26.0.0.5. The vulnerability allows a remote attacker to bypass security under limited conditions by exploiting a timing window. The IBM advisory notes the affected appSecurity-3.0/4.0/5.0 feature settings and lists the base ...

5.9CVSS5.8AI score0.00213EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities367748