Lucene search
K
CvelistMost viewed

366159 matches found

Cvelist
Cvelist
added 2011/07/13 11:0 p.m.58 views

CVE-2011-1870

Integer overflow in the Client/Server Run-time Subsystem aka CSRSS in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service memory corruption via a crafted application that triggers an incorrect...

6.6AI score0.02244EPSS
Exploits1References5
Cvelist
Cvelist
added 2010/12/30 8:0 p.m.58 views

CVE-2010-3862

The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterpris...

6.2AI score0.02611EPSS
Exploits0References12
Cvelist
Cvelist
added 2010/01/13 1:0 a.m.58 views

CVE-2010-0079

Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,...

6.8AI score0.03088EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 1:21 p.m.57 views

CVE-2026-11979 Stack-Based Buffer Overflow in libxml2

libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell function processes user input using fixed-size stack buffers without proper bounds checking. By supplying an overly long input line, an attacker can overflow intern...

1.8CVSS0.00148EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 12:37 p.m.57 views

CVE-2026-54369 acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...

8.4CVSS0.00142EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 8:55 p.m.57 views

CVE-2026-45687 Rocket.Chat: Authenticated Arbitrary Data Export Theft via Mass Assignment in sendFileMessage

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's sendFileMessage DDP method passes the entire attacker-supplied file object into Uploads.updateFileComplete, which merges it...

8.5CVSS0.00205EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 5:0 a.m.57 views

CVE-2026-12866

All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function. Because user-controlled expressions are transformed directly into...

9.8CVSS0.00469EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/17 5:31 p.m.57 views

CVE-2026-11525 undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching

Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example,...

3.7CVSS0.00248EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.57 views

CVE-2026-39438 WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability

Unauthenticated SQL Injection in ListingPro = 2.9.10 versions...

9.3CVSS0.00372EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 8:28 a.m.57 views

CVE-2026-3018 Newsletters <= 4.13 - Unauthenticated SQL Injection via wpmlsubscriber_id Parameter

The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriberid’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS0.01382EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 5:5 p.m.57 views

CVE-2026-47298 Microsoft SharePoint Server Remote Code Execution Vulnerability

...

8CVSS0.00669EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 3:0 a.m.57 views

CVE-2026-11621 Dcat-Admin User Setting upload editorMDUpload unrestricted upload

A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...

5.8CVSS0.00218EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/08 3:46 p.m.57 views

CVE-2026-46305 staging: rtl8723bs: os_dep: avoid NULL pointer dereference in rtw_cbuf_alloc

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: osdep: avoid NULL pointer dereference in rtwcbufalloc The return value of kzallocflex is used without ensuring that the allocation succeeded, and the pointer is dereferenced unconditionally. Guard the access t...

0.001EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 5:45 a.m.57 views

CVE-2026-11493 Tenda AC15 Samba smb.conf weak password

A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etcro/smb.conf of the component Samba. Executing a manipulation can lead to weak password requirements. The attack is only possible within the local network. A high complexity level ...

5CVSS0.00224EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/08 5:30 a.m.57 views

CVE-2026-11492 D-Link DIR-823G vsftpd vsftpd.conf least privilege violation

A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to...

5.3CVSS0.00511EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/05/28 9:19 p.m.57 views

CVE-2026-48116 AnythingLLM: RCE via ripgrep --pre argument injection in filesystem-search-files agent skill

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separato...

7.5CVSS0.00366EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/28 3:10 p.m.57 views

CVE-2026-48523 PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS0.00127EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/27 12:57 p.m.57 views

CVE-2026-46058 media: amphion: Fix race between m2m job_abort and device_run

In the Linux kernel, the following vulnerability has been resolved: media: amphion: Fix race between m2m jobabort and devicerun Fix kernel panic caused by race condition where v4l2m2mctxrelease frees m2mctx while v4l2m2mtryrun is about to call devicerun with the same context. Race sequence:...

7.8CVSS0.00097EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/21 7:35 a.m.57 views

CVE-2026-44072 system() after failed chdir()

Netatalk 2.2.1 through 4.4.2 calls system after a failed chdir without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor service disruption under specific conditions...

3CVSS0.00091EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 5:5 p.m.57 views

CVE-2026-8604 Cross-Site request forgery (CSRF) in ScadaBR

In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage...

8.6CVSS0.00178EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 11:1 a.m.57 views

CVE-2026-7860 Possible information disclosure of environment variables in Vaadin Build Plugins via Failed Frontend Build

A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...

5.8CVSS0.00117EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/18 6:0 a.m.57 views

CVE-2026-6379 WP Photo Album Plus < 9.1.11.001 - Unauthenticated SQL Injection via 'wppa-supersearch' Parameter

The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly sanitize and escape a parameter before using it in a SQL query, allowing unauthenticated users to perform SQL injection attacks...

0.00472EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/17 5:51 p.m.57 views

CVE-2026-46720 Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections

Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

0.00344EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/16 2:26 a.m.57 views

CVE-2026-8681 Essential Chat Support <= 1.0.1 - Missing Authorization to Unauthenticated Settings Reset via 'ecs_reset_settings' Parameter

The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to reset all...

5.3CVSS0.00319EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/15 8:40 p.m.57 views

CVE-2026-45400 Open WebUI: Server-Side Request Forgery (SSRF) bypass in `validate_url`

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, a parsing difference between the urlparse and requests libraries led to an SSRF bypass vulnerability. This vulnerability is fixed in 0.9.5...

8.5CVSS0.00292EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/15 7:54 p.m.57 views

CVE-2026-44553 Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSIONPOOL to disconnect affected sessions. As a result, a user whose admin role has been revoked retains admin...

8.1CVSS0.00284EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/15 7:20 p.m.57 views

CVE-2026-45349 Open WebUI: Broken Access Control for Completions API

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a user just needs to use the API endpoint: /api/chat/completions with their own API key generated in OWUI and the Chat ID of another user to continue the conversation of the other...

7.1CVSS0.00231EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/15 4:40 p.m.57 views

CVE-2026-45037 Tabby: Unsafe protocol handler execution via terminal linkifier allows arbitrary OS protocol invocation

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted termina...

7.1CVSS0.00137EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 3:27 p.m.57 views

CVE-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

0.00381EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 12:58 p.m.57 views

CVE-2026-46333 ptrace: slightly saner 'get_dumpable()' logic

In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'getdumpable' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an...

7.1CVSS0.0138EPSS
Exploits6References8
Cvelist
Cvelist
added 2026/05/15 7:46 a.m.57 views

CVE-2026-8425 Notify Odoo <= 1.0.1 - Cross-Site Request Forgery to Settings Update

The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to ...

4.3CVSS0.00135EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/14 4:8 p.m.57 views

CVE-2026-20210 Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to reda...

5.4CVSS0.00194EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 5:33 a.m.57 views

CVE-2026-8280 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to cause denial of service through excessive memory consumption due to improper input validation...

6.5CVSS0.00295EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 9:53 p.m.57 views

CVE-2026-44194 OPNsense: RCE on user managment

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution RCE vulnerability in the OPNsense core allows a user with user-management privileges to execute arbitrary system commands as root. An attacker can bypass input validation by formatti...

9.1CVSS0.06355EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/13 5:23 p.m.57 views

CVE-2026-44000 vm2: sandbox boundary bypass via host Promise resolution preserving host object identity

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the...

6.5CVSS0.002EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/13 4:56 a.m.57 views

CVE-2026-21019

Improper input validation in FacAtFunction in Galaxy Watch prior to SMR May-2026 Release 1 allows local attacker to execute arbitrary code with system privilege...

8.6CVSS0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 5:14 p.m.57 views

CVE-2026-42141 Xibo: Authenticated Server-Side Request Forgery (SSRF) in Library Upload via URL functionality

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery SSRF vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fr...

7.7CVSS0.00369EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/12 4:35 p.m.57 views

CVE-2025-27723

Use after free for some Linux kernel driver for the IntelR Ethernet 800 series before version 2.3.14 within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may...

6.8CVSS0.00104EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 4:34 p.m.57 views

CVE-2026-20887

Improper access control for some Intel Vision software for all versions within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable remote code execution. This result may potentially...

8.8CVSS0.00478EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 2:9 p.m.57 views

CVE-2026-42260 Open-WebSearch: SSRF in `fetchWebContent` MCP tool: bracketed IPv6 literals and non-resolving hostname check bypass `isPrivateOrLocalHostname`

Open-WebSearch is a multi-engine MCP server, CLI, and local daemon for agent web search and content retrieval. Prior to 2.1.7, isPublicHttpUrl / assertPublicHttpUrl in src/utils/urlSafety.ts do not recognize bracketed IPv6 literals and do not resolve DNS, which combine to allow non-blind SSRF wit...

8.2CVSS0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 7:48 a.m.57 views

CVE-2026-6663 GWD Connect <= 2.9 - Unauthenticated Limited Code Execution via update_agent

The GWD Connect plugin for WordPress is vulnerable to missing authorization to limited code execution in all versions up to, and including, 2.9. This is due to the plugin's standalone agent endpoints gwd-backup.php and gwd-logs.php not verifying authentication when the API key has not been...

4.8CVSS0.00273EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 7:48 a.m.57 views

CVE-2026-7437 AzonPost <= 1.3 - Reflected Cross-Site Scripting

The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the editposhidden parameter in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS0.00204EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 3:25 a.m.57 views

CVE-2026-7256

UNSUPPORTED WHEN ASSIGNED A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow an adjacent attacker on the LAN to execute operating system OS commands on a vulnerable device by sending a crafted HTTP request...

8.8CVSS0.01007EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 4:46 p.m.57 views

CVE-2026-44998 OpenClaw < 2026.4.20 - Tool Policy Bypass via Bundled MCP/LSP Tools

OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restricted tools to the effective tool set after policy filtering, bypassing profile policies, allow/de...

5.4CVSS0.00706EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/10 4:43 a.m.57 views

CVE-2026-7263 DoS attack via DOMNode::C14N()

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

6.3CVSS0.00353EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/10 3:27 a.m.57 views

CVE-2026-6735 XSS within PHP-FPM status endpoint

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

8.8CVSS0.0021EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/09 7:26 p.m.57 views

CVE-2026-42576 apko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discovery

apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as rsa.PublicKey without checking the key type. If a repository JWKS endpoint returns a non-RSA key e.g...

6.5CVSS0.00252EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 2:22 p.m.57 views

CVE-2026-43461 spi: amlogic: spifc-a4: Fix DMA mapping error handling

In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: Fix DMA mapping error handling Fix three bugs in amlsfcdmabuffersetup error paths: 1. Unnecessary goto: When the first DMA mapping sfc-daddr fails, nothing needs cleanup. Use direct return instead of goto...

7.8CVSS0.00119EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/07 10:0 p.m.57 views

CVE-2026-8114 JeecgBoot JSON Object loadTreeData sql injection

A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The explo...

6.5CVSS0.00196EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/07 8:58 p.m.57 views

CVE-2026-26129 M365 Copilot Information Disclosure Vulnerability

...

7.5CVSS0.01135EPSS
Exploits0References1
Total number of security vulnerabilities5000