Lucene search
K
CvelistMost viewed

366239 matches found

Cvelist
Cvelist
added 2026/05/28 7:25 a.m.60 views

CVE-2026-4408 Samba: remote code execution in samr

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

9CVSS0.02501EPSS
Exploits0References17
Cvelist
Cvelist
added 2026/05/27 12:58 p.m.60 views

CVE-2026-46076 KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a UD for VMMCALL if L2 is active, L1 does NOT want to intercept VMMCALL, nestedsvml2tlbflushenabled is true, and the hypercall is something...

7.9CVSS0.00121EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/27 12:17 p.m.60 views

CVE-2026-45912 ext4: don't cache extent during splitting extent

In the Linux kernel, the following vulnerability has been resolved: ext4: don't cache extent during splitting extent Caching extents during the splitting process is risky, as it may result in stale extents remaining in the status tree. Moreover, in most cases, the corresponding extent block entri...

0.00123EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/27 10:2 a.m.60 views

CVE-2026-3012 Samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS0.00261EPSS
Exploits0References13
Cvelist
Cvelist
added 2026/05/26 12:17 a.m.60 views

CVE-2026-42496 Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular...

0.0043EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/21 8:38 a.m.60 views

CVE-2026-5434

...

0.00041EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/20 6:20 p.m.60 views

CVE-2026-9082 Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0...

9.8CVSS0.84631EPSS
Exploits14References1
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.60 views

CVE-2026-6394 Nexa Blocks <= 1.1.1 - Unauthenticated Blind Server-Side Request Forgery via 'demo_json_file' Parameter

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

5.4CVSS0.00316EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/19 9:24 a.m.60 views

CVE-2026-8827 SQL Injection in extension "Address List" (tt_address)

The AddressRepository::getSqlQuery method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore poses no direct risk in a default installation. However, custom extensions that call...

8.2CVSS0.00327EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/18 5:3 p.m.60 views

CVE-2026-42822 Azure Local Disconnected Operations (ALDO) Elevation of Privilege Vulnerability

...

10CVSS0.00494EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/16 11:21 p.m.60 views

CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly

Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...

6.3CVSS0.00351EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/15 4:4 p.m.60 views

CVE-2026-46383 Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install`

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes. When apm install is given a...

5.5CVSS0.0061EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 2:13 a.m.60 views

CVE-2026-2652 Authentication Bypass in mlflow/mlflow

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS0.01502EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/14 6:46 p.m.60 views

CVE-2026-44633 Live Helper Chat: REST API chat update accepts arbitrary chat fields across department boundaries

Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can...

8.1CVSS0.0027EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 6:44 a.m.60 views

CVE-2026-5365 LatePoint <= 5.3.2 - Cross-Site Request Forgery via 'customer_cabinet__request_cancellation' AJAX Route

The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 5.3.2. This is due to missing nonce verification on the requestcancellation function. This makes it possible for unauthenticated attackers to cancel a logged-in customer's bookings v...

4.3CVSS0.00105EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 5:30 a.m.60 views

CVE-2026-5396 Fluent Forms <= 6.1.21 - Authenticated (Subscriber+) Authorization Bypass via 'form_id' Parameter

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied formid quer...

8.2CVSS0.00218EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 8:50 p.m.60 views

CVE-2026-44381 MISP: SQL injection via unvalidated ordering parameters in event and shadow attribute listings

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow attribute listing endpoints. The affected code accepted order or sort values from request paramete...

9.3CVSS0.0054EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 5:29 p.m.60 views

CVE-2026-44002 vm2: Host File Path Disclosure via Stack Trace Information Leak

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's CallSite wrapper class intended as a safe wrapper for V8's native CallSite blocks getThis and getFunction to prevent host object leakage, but allows getFileName to return unsanitized host absolute paths. Any sandboxed code can...

5.8CVSS0.00241EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/13 1:27 p.m.60 views

CVE-2026-4608 ProfileGrid <= 5.9.8.4 - Authenticated (Subscriber+) SQL Injection via 'rid' Parameter

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

6.5CVSS0.00269EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/13 12:1 p.m.60 views

CVE-2026-42062

ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required...

9.8CVSS0.01633EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 8:28 a.m.60 views

CVE-2026-7009 OCSP stapling bypass with Apple SecTrust

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine...

0.00267EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/12 8:37 p.m.60 views

CVE-2026-44240 basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering

basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before...

7.5CVSS0.00465EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 12:36 p.m.60 views

CVE-2026-8391 Other issue in the JavaScript Engine component

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11...

0.00298EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/12 5:49 a.m.60 views

CVE-2026-1185

A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH...

5.4CVSS0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 5:42 a.m.60 views

CVE-2026-0541

ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if a...

6.7CVSS0.00096EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 3:19 p.m.60 views

CVE-2026-42610 Grav: Sensitive Information Disclosure via Accounts Service Bypass

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged user EX: Content Editor with only pages.update permissions can bypass the existing Twig sandbox restrictions by utilizing the grav'accounts' service. Attacker can programmatically load administrative user objects and extra...

6.5CVSS0.0029EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/11 12:15 p.m.60 views

CVE-2026-8288 Open5GS SMF gsm-handler.c denial of service

A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsmhandlepdusessionmodificationqosflowdescriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation of the argument n1SmMsg can lead to denial of service. The attack may be launched...

5.3CVSS0.00378EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/05/10 12:12 p.m.60 views

CVE-2022-50960 WordPress International Sms Contact Form 7 Integration 1.2 XSS

WordPress International SMS for Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Attackers can inject malicious scripts through the page parameter in class-sms-log-display.php to execute arbitrary...

6.1CVSS0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/09 8:15 p.m.60 views

CVE-2026-8196 JeecgBoot mLogin Endpoint LoginController.java authorization

A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack...

6.3CVSS0.00463EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/09 2:25 a.m.60 views

CVE-2026-7652 LatePoint <= 5.5.0 - Unauthenticated Account Takeover via Weak Password Recovery Mechanism

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...

5.3CVSS0.00719EPSS
Exploits0References15
Cvelist
Cvelist
added 2026/05/08 1:15 p.m.60 views

CVE-2025-71301 drm/tests: shmem: Hold reservation lock around vmap/vunmap

In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around vmap/vunmap Acquire and release the GEM object's reservation lock around vmap and vunmap operations. The tests use vmaplocked, which led to errors such as show below. 122.292030...

0.00121EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 12:22 p.m.60 views

CVE-2026-25199 Apache CloudStack: Proxmox Extension Allows Unauthorized Cross-Tenant Instance Access

Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants. This issue affects Apache CloudStack: from 4.21.0.0 through 4.22.0.0. The Proxmox extension for CloudStack improperly uses a user-editable instance setting, proxmoxvmid, to associate...

0.005EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 12:0 a.m.60 views

CVE-2025-69599

RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to control the environment is a site-specific misconfiguration...

0.00389EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 7:44 a.m.60 views

CVE-2025-68060 WordPress Team Member plugin <= 8.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPMart Team Member allows Blind SQL Injection. This issue affects Team Member: from n/a through 8.5...

7.6CVSS0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 7:40 a.m.60 views

CVE-2026-43108 soc: qcom: pd-mapper: Fix element length in servreg_loc_pfr_req_ei

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fix element length in servreglocpfrreqei It looks element length declared in servreglocpfrreqei for reason not matching servreglocpfrreq's reason field due which we could observe decoding error on PD crash...

0.00114EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/06 3:27 a.m.60 views

CVE-2026-3208 Mercado Pago payments for WooCommerce <= 8.7.11 - Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure

The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mppiximage' WooCommerce API endpoint in all versions up to, and including, 8.7.11. This makes it possible for unauthenticated attackers to retrieve...

5.3CVSS0.00499EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/05 2:41 p.m.60 views

CVE-2026-34000 Xwayland: xorg: x.org x server: information disclosure and denial of service via out-of-bounds read in xkb geometry processing.

A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the CheckSetGeom and XkbAddGeomKeyAlias functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server,...

6.1CVSS0.00489EPSS
Exploits0References27
Cvelist
Cvelist
added 2026/05/05 11:25 a.m.60 views

CVE-2026-43534 OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events

OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context...

9.3CVSS0.0019EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/04 7:15 a.m.60 views

CVE-2026-7743 CodeAstro Online Classroom studentdetails sql injection

A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS0.00241EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/23 10:19 p.m.60 views

CVE-2026-6732 Libxml2: libxml2: denial of service via crafted xsd-validated document

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that...

6.5CVSS0.00632EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/09 1:47 p.m.60 views

CVE-2026-4660 Go-getter may allow to arbitrary filesystem reads through git operations

HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...

7.5CVSS0.00583EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/17 11:14 a.m.60 views

CVE-2026-4271 Libsoup: libsoup: denial of service via use-after-free in http/2 server

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

5.3CVSS0.00829EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/13 11:58 a.m.60 views

CVE-2026-2443 Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure

A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server...

5.3CVSS0.0043EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/28 7:30 p.m.60 views

CVE-2025-61726 Memory exhaustion in query parameter parsing in net/url

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...

0.01945EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/11 7:11 a.m.60 views

CVE-2025-14512 Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...

6.5CVSS0.00524EPSS
Exploits0References21
Cvelist
Cvelist
added 2025/10/22 10:19 p.m.60 views

CVE-2025-62710 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl

Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...

5.9CVSS0.00182EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/16 4:16 p.m.60 views

CVE-2025-20288 Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP...

5.8CVSS0.00323EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/27 7:57 p.m.60 views

CVE-2025-53094 ESPAsyncWebServer Vulnerable to CRLF Injection in AsyncWebHeader.cpp

ESPAsyncWebServer is an asynchronous HTTP and WebSocket server library for ESP32, ESP8266, RP2040 and RP2350. In versions up to and including 3.7.8, a CRLF Carriage Return Line Feed injection vulnerability exists in the construction and output of HTTP headers within AsyncWebHeader.cpp. Unsanitize...

8.7CVSS0.00363EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/05 12:0 a.m.60 views

CVE-2025-5622 D-Link DIR-816 wirelessApcli_5g stack-based overflow

A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli5g of the file /goform/wirelessApcli5g. The manipulation of the argument apclimode5g/apclienc5g/apclidefaultkey5g leads to stack-based buffer overflow. The attack...

10CVSS0.02009EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/05/06 8:18 p.m.60 views

CVE-2025-46572 passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a val...

9.3CVSS0.00369EPSS
Exploits0References2
Total number of security vulnerabilities5000