Lucene search
K

364799 matches found

NVD
NVD
added 2026/06/10 11:16 p.m.9 views

CVE-2024-21944

Improper input validation for DIMM serial presence detect SPD metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integri...

5.3CVSS0.00222EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:17 p.m.10 views

CVE-2026-53738

Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdpactionhandling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...

8.1CVSS0.00248EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:17 p.m.14 views

CVE-2026-53739

Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicatepostdismissnotice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicatepostshownotice site option, suppressing...

5.1CVSS0.00104EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:17 p.m.12 views

CVE-2026-53740

Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...

5.4CVSS0.00141EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:17 p.m.10 views

CVE-2026-53741

Simple Link Directory through 9.0.4 interpolates the sldnoresultsfound option into a JavaScript string literal without encoding. Because sanitizetextfield leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor...

5.4CVSS0.00141EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:17 p.m.12 views

CVE-2026-53742

Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser...

5.4CVSS0.00141EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:17 p.m.11 views

CVE-2026-53634

Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints of the Quick Creation Command feature did not enforce any authorization check. An authenticated Sharp user without create permission on a given entit...

4.3CVSS0.00213EPSS
Exploits0References4
NVD
NVD
added 2026/06/10 10:17 p.m.14 views

CVE-2026-53737

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...

6.1CVSS0.00158EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:17 p.m.12 views

CVE-2026-53736

Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicatepost action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type...

5.1CVSS0.00104EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:17 p.m.9 views

CVE-2026-50131

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validation before runtime document and media fetching. However, the IPv4 validation logic present starting...

8.6CVSS0.00269EPSS
Exploits1References1
NVD
NVD
added 2026/06/10 10:17 p.m.16 views

CVE-2026-48108

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing...

5.3CVSS0.00277EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:17 p.m.13 views

CVE-2026-48110

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH peer could se...

7.5CVSS0.00268EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:17 p.m.11 views

CVE-2026-46679

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node with default options. This issue has been patched in version 15.0.23...

7.5CVSS0.00278EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:17 p.m.25 views

CVE-2026-48107

Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count direct...

6.5CVSS0.00232EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:17 p.m.11 views

CVE-2026-46689

Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds...

8.7CVSS0.00317EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:17 p.m.12 views

CVE-2026-46669

OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's tryhonestpairingcheck function invokes Theorem 3 of https://eprint.iacr.org/2024/640.pdf but does not check that the scaling factor s is in a...

8.7CVSS0.00226EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:17 p.m.11 views

CVE-2026-46702

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer...

7.5CVSS0.00268EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:17 p.m.13 views

CVE-2026-46705

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user nam...

5.3CVSS0.00218EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:17 p.m.13 views

CVE-2026-48011

Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.18 and 6.7.10.1 fix the issue...

3.7CVSS0.00223EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 10:17 p.m.14 views

CVE-2026-46673

Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth...

7.5CVSS0.00263EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:16 p.m.10 views

CVE-2026-46654

Plonky3 is a toolkit for polynomial IOPs PIOPs. Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5...

8.9CVSS0.00108EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:16 p.m.10 views

CVE-2026-46523

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger a heap-use-after-free. Versions 7.1.2.23 and 6.9.13-48 fix the issue...

7.5CVSS0.00301EPSS
Exploits0References5
NVD
NVD
added 2026/06/10 10:16 p.m.11 views

CVE-2026-46668

SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0...

2.3CVSS0.00276EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 10:16 p.m.12 views

CVE-2026-45783

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. N...

7.5CVSS0.00354EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:16 p.m.8 views

CVE-2026-46520

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different dimensions an out of bounds heap write can occur. This issue has been patched in versions 6.9.13-48 and 7.1.2-23...

7.5CVSS0.00441EPSS
Exploits0References5
NVD
NVD
added 2026/06/10 10:16 p.m.13 views

CVE-2026-46522

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and 6.9.13-48 fix the iss...

7.5CVSS0.01849EPSS
Exploits4References5
NVD
NVD
added 2026/06/10 10:16 p.m.10 views

CVE-2026-46625

JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property,...

7.5CVSS0.00432EPSS
Exploits0References8
NVD
NVD
added 2026/06/10 10:16 p.m.16 views

CVE-2026-45380

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink allows an attacker to craft a .7z archive that, when extracted with bit7z on any non-Windows platform,...

3.6CVSS0.00116EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:16 p.m.10 views

CVE-2026-45384

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12...

6.1CVSS0.00125EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:16 p.m.12 views

CVE-2026-45359

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation. This issue has been...

7.1CVSS0.00122EPSS
Exploits0References4
NVD
NVD
added 2026/06/10 10:16 p.m.9 views

CVE-2026-45664

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use...

7.5CVSS0.00441EPSS
Exploits0References5
NVD
NVD
added 2026/06/10 10:16 p.m.10 views

CVE-2026-45624

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an out of bounds over-read of 24 bytes can occur when specifying specific arguments. This issue has been patched in...

5.1CVSS0.0012EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:16 p.m.14 views

CVE-2026-44692

Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the...

7.7CVSS0.00262EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:16 p.m.11 views

CVE-2026-42462

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its...

7CVSS0.00171EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:16 p.m.12 views

CVE-2026-42542

TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version...

7.5CVSS0.00539EPSS
Exploits1References2
NVD
NVD
added 2026/06/10 10:16 p.m.11 views

CVE-2026-42326

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte. This issue has been patched in versions 6.9.13-47 an...

5.1CVSS0.0012EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:16 p.m.12 views

CVE-2026-45031

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, due to a missing check in the PSD decoder it would be possible to bypass the list-length resource policy when decoding a PSD image. Other security limits would...

7.5CVSS0.00495EPSS
Exploits0References5
NVD
NVD
added 2026/06/10 10:16 p.m.11 views

CVE-2026-45358

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder. This issue has been patched in versions 6.9.13-47...

5.3CVSS0.0024EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:16 p.m.25 views

CVE-2026-2049

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS0.00615EPSS
Exploits0References5
NVD
NVD
added 2026/06/10 10:16 p.m.18 views

CVE-2026-10143

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.processserverfirstmessage...

8.7CVSS0.00517EPSS
Exploits0References10
NVD
NVD
added 2026/06/10 10:16 p.m.10 views

CVE-2026-10142

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a...

8.7CVSS0.00348EPSS
Exploits0References4
NVD
NVD
added 2026/06/10 10:16 p.m.10 views

CVE-2026-11604

An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win version 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kernel memory corruption via a crafted data packet, resulting in a system crash denial of service...

5.6CVSS0.00148EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:16 p.m.27 views

CVE-2026-0274

An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources...

9.3CVSS0.00315EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:16 p.m.15 views

CVE-2026-0272

A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface CLI to perform actions on the device with root privileges. The security risk posed by this issue is significantly minimized when CLI access i...

8.5CVSS0.00242EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:16 p.m.15 views

CVE-2026-0273

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security risk posed...

8.6CVSS0.01193EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:16 p.m.12 views

CVE-2026-0271

A privilege escalation PE vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...

8.5CVSS0.00107EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:16 p.m.14 views

CVE-2026-0268

A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...

6.9CVSS0.00115EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:16 p.m.15 views

CVE-2026-0269

A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Panorama,...

6.9CVSS0.00192EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:16 p.m.11 views

CVE-2026-0270

A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle MITM attack, to write arbitrary files to the...

7.5CVSS0.00156EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 10:16 p.m.11 views

CVE-2026-0267

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...

6.9CVSS0.00104EPSS
Exploits0References2
Total number of security vulnerabilities364799