Lucene search
K
CvelistMost viewed

364828 matches found

Cvelist
Cvelist
added 2026/05/20 4:32 p.m.54 views

CVE-2026-20239 Sensitive Information Disclosure through Log Files in Splunk Enterprise

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...

7.5CVSS0.00485EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 9:18 a.m.54 views

CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

10CVSS0.01272EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 6:28 a.m.54 views

CVE-2026-47313

Memory allocation with excessive size value vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3...

5.5CVSS0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 4:58 a.m.54 views

CVE-2026-47311

Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3...

7.8CVSS0.00286EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/18 12:0 a.m.54 views

CVE-2026-39079

An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components...

0.0031EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/17 10:45 p.m.54 views

CVE-2026-8768 vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...

7.5CVSS0.00385EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/05/17 1:45 p.m.54 views

CVE-2026-8758 Metasoft 美特软件 MetaCRM upload3.jsp unrestricted upload

A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly...

7.5CVSS0.00278EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/17 7:30 a.m.54 views

CVE-2026-8738 Sanluan PublicCMS Trade Payment Flow TradeOrderController.java AccountGatewayComponent.pay logic error

A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeOrderController.java of the...

6.9CVSS0.00331EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/15 9:31 p.m.54 views

CVE-2026-45314 Open WebUI: XSS via SVG in /api/v1/channels/webhooks/{webhook_id}/profile/image

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the channel webhook create/update flow accepts arbitrary profileimageurl values, including data:image/svg+xml;base64,... payloads. The profile image endpoint then decodes and serves...

7.4CVSS0.00212EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/15 9:15 p.m.54 views

CVE-2026-45346 Open WebUI: Stored Cross-Site Scripting in SVG Renderer

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.31, there is a Cross-Site Scripting vulnerability in Open WebUI SVG renderer implementation. This vulnerability is fixed in 0.6.31...

5.1CVSS0.00165EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/15 12:31 p.m.54 views

CVE-2026-41553 Remote Code Execution in PDF Export Module

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed...

10CVSS0.00648EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/15 7:46 a.m.54 views

CVE-2026-6403 Quick Playground <= 1.3.3 - Unauthenticated Path Traversal to Arbitrary File Read via 'stylesheet' Parameter

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckplyziptheme function, which appends a user-controlled 'stylesheet' parameter directly to the theme root directory path without...

7.5CVSS0.00811EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/05/15 1:53 a.m.54 views

CVE-2025-29938

An unchecked return value within the AMD Platform Management Framework PMF could allow an attacker to write to an arbitrary memory address resulting in denial of service or arbitrary code execution...

7.1CVSS0.00114EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 1:51 a.m.54 views

CVE-2025-48513

Use of uninitialized resource within the AMD Platform Management Framework PMF could allow an attacker to read a uninitialized kernel memory resulting in loss of confidentiality or availability...

6.9CVSS0.00104EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 12:0 a.m.54 views

CVE-2025-67437

Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...

0.00218EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 4:17 p.m.54 views

CVE-2025-62305 HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions

HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allow exposure of data to external systems under specific conditions...

5.1CVSS0.00109EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 3:11 p.m.54 views

CVE-2026-42589 Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...

9.8CVSS0.0295EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/05/14 6:44 a.m.54 views

CVE-2026-6252 Meta Field Block <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tagName' Block Attribute

The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...

6.4CVSS0.00156EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 6:44 a.m.54 views

CVE-2026-6506 InfusedWoo Pro <= 5.1.2 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation via Arbitrary User Meta Update

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoogdprupddata function missing authorization and capability checks, as well as lacking restrictions on which user meta keys can be updated. This...

8.8CVSS0.0029EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 6:19 p.m.54 views

CVE-2026-33583 Arqit SKA-Platform Vulnerable to Key Exposure

Exposure of the QKEY used as input into the ‘OTA-Quantum’ device registration process and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03...

8.7CVSS0.00208EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 3:41 p.m.54 views

CVE-2026-44470 Claude Desktop: Local Privilege Escalation via Directory Junction in CoworkVMService

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real directory or an NT...

8.5CVSS0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 3:8 p.m.54 views

CVE-2026-43478 ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spkmodeput The correct helper to use in rt1011recvspkmodeput to retrieve the DAPM context is sndsoccomponenttodapm, from kcontrol we will receive NULL pointer...

0.001EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 3:8 p.m.54 views

CVE-2026-43476 iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas()

In the Linux kernel, the following vulnerability has been resolved: iio: chemical: sps30i2c: fix buffer size in sps30i2creadmeas sizeofnum evaluates to sizeofsizet 8 bytes on 64-bit instead of the intended be32 element size 4 bytes. Use sizeofmeas to correctly match the buffer element type...

7.8CVSS0.00121EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/13 2:43 p.m.54 views

CVE-2026-44293 protobufjs: Code injection through bytes field defaults in generated toObject code

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default...

7.7CVSS0.00392EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 10:35 p.m.54 views

CVE-2026-41901 Thymeleaf: Improper recognition of unauthorized syntax patterns in sandboxed Thymeleaf expressions

Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf. Although the library provides mechanisms to avoid the execution of potentially dangerous...

9CVSS0.00427EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 9:9 p.m.54 views

CVE-2026-45225 Heym < 0.0.21 Path Traversal File Upload via upload_file()

Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in th...

7.6CVSS0.00355EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/12 4:35 p.m.54 views

CVE-2025-27723

Use after free for some Linux kernel driver for the IntelR Ethernet 800 series before version 2.3.14 within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may...

6.8CVSS0.00104EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 4:21 p.m.54 views

CVE-2026-43989 JunoClaw: upload_wasm accepted arbitrary filesystem paths without validation

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...

8.5CVSS0.00147EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 8:50 a.m.55 views

CVE-2026-8161 multiparty vulnerable to Denial of Service via Prototype Pollution leading to Uncaught Exception

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...

7.5CVSS0.00473EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/11 10:0 p.m.54 views

CVE-2026-8345 D-Link DIR-816 singlePortForward sub_445E7C command injection

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05R1B011D88210. Affected by this issue is the function sub445E7C of the file /goform/singlePortForward. Such manipulation of the argument ipaddress leads to command injection. It is possible to launch the attack remotely. The...

6.5CVSS0.03156EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/05/11 6:23 p.m.54 views

CVE-2026-42866 Tookie: Arbitrary file write via path traversal in -u username / -U userfile output filename

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's writetxt, writecsv, writejson, and commented-but-shipping scanfile helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A userna...

6.7CVSS0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 3:22 p.m.54 views

CVE-2026-42612 Grav: Publisher-Level Stored XSS via Unquoted Event Attributes

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting XSS vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The issue arises from a blacklist bypass in the detectXss function when handling unquoted HTML event attribute...

8.5CVSS0.00238EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/11 4:0 a.m.54 views

CVE-2026-8271 D-Link DNS-320 network_mgr.cgi cgi_upnp_edit os command injection

A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgispeed/cgidhcpdlease/cgiddns/cgisetip/cgiupnpdel/cgidhcpd/cgiupnpadd/cgiupnpedit of the file /cgi-bin/networkmgr.cgi. The manipulation leads to os command injection. The attack is possible to be carri...

5.8CVSS0.04637EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/05/09 12:0 p.m.54 views

CVE-2026-8186 Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out-of-bounds

A vulnerability was detected in Open5GS up to 2.7.7. This affects the function ogssbiclientsendviascporsepp in the library lib/sbi/client.c of the component NF. Performing a manipulation results in out-of-bounds read. The attack is possible to be carried out remotely. The patch is named...

6.9CVSS0.00519EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/05/09 3:19 a.m.54 views

CVE-2026-8209

Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful exploitation requires Teacher or higher privileges...

6.9CVSS0.00293EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/08 10:10 p.m.54 views

CVE-2026-42344 FastGPT: DNS rebinding TOCTOU bypass in isInternalAddress allows SSRF on all protected endpoints

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding TOCTOU — Time-of-Check to Time-of-Use. The function resolves the hostname via dns.resolve4/dns.resolve6 and check...

6.3CVSS0.00148EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 6:36 p.m.54 views

CVE-2026-8178 Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application...

9.2CVSS0.00573EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 2:22 p.m.54 views

CVE-2026-43431 xhci: Fix NULL pointer dereference when reading portli debugfs files

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files Oops is caused when there are more port registers counted ...

0.00107EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/08 1:31 p.m.54 views

CVE-2026-43339 ipv6: prevent possible UaF in addrconf_permanent_addr()

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UaF in addrconfpermanentaddr The mentioned helper try to warn the user about an exceptional condition, but the message is delivered too late, accessing the ipv6 after its possible deletion. Reorder the...

7.8CVSS0.00121EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/08 1:26 p.m.54 views

CVE-2026-43320 drm/amd/display: Fix dsc eDP issue

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dsc eDP issue why Need to add function hook check before use...

0.00122EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/07 11:45 p.m.54 views

CVE-2026-8117 SourceCodester Pizzafy Ecommerce System index.php cross site scripting

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects some unknown processing of the file /admin/index.php. Such manipulation of the argument page leads to cross site scripting. The attack may be launched remotely. The exploit has been...

5.3CVSS0.00269EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/07 8:15 p.m.54 views

CVE-2026-8097 CodeAstro Online Classroom askquery.php sql injection

A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may...

6.5CVSS0.00192EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/07 6:14 p.m.54 views

CVE-2026-42214 Improper Control of Generation of Code ('Code Injection') in dail8859/NotepadNext

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...

7.8CVSS0.00242EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/07 12:0 a.m.54 views

CVE-2026-40213

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

7.4CVSS0.00206EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/06 6:12 p.m.54 views

CVE-2026-7957

Out of bounds write in Media in Google Chrome on Mac, iOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

0.00291EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/06 3:46 p.m.54 views

CVE-2026-6787 Usage of a hard-coded cryptographic key in WatchGuard Agent allows inclusion of code into existing process

Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000...

8.5CVSS0.00108EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 1:49 p.m.54 views

CVE-2025-31976 HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials

HCL BigFix Service Management SM is vulnerable to insufficiently protected credentials for a short duration while communicating with a backend, internal application which could allow an attacker to potentially misuse them, if exfiltrated...

4.8CVSS0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 11:28 a.m.54 views

CVE-2026-43256 media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update()

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: vfe: Fix out-of-bounds access in vfeisrregupdate vfeisr iterates using MSMVFEIMAGEMASTERSNUM7 as the loop bound and passes the index to vfeisrregupdate. However, vfe-line array is defined with VFELINENUMMAX4:...

7.8CVSS0.00129EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/06 7:8 a.m.54 views

CVE-2026-35254

Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in...

6.1CVSS0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/05 6:35 p.m.54 views

CVE-2026-27960 OpenCTI privilege escalation and unauthenticated access via default admin account

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admi...

9.8CVSS0.0048EPSS
Exploits1References1
Total number of security vulnerabilities5000