Lucene search
K

363567 matches found

NVD
NVD
added 5 days ago5 views

CVE-2026-53467

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible heap information disclosure vulnerability because part of the pixels are left unchanged. This issue has been fixed in versio...

5.3CVSS0.00197EPSS
Exploits0References1
NVD
NVD
added 5 days ago6 views

CVE-2026-55577

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in...

5.9CVSS0.00226EPSS
Exploits0References1
NVD
NVD
added 5 days ago6 views

CVE-2026-50160

Hoppscotch is an API development ecosystem. In self-hosted deployments of hoppscotch-backend from version 2026.4.1 and earlier, the unauthenticated POST /v1/onboarding/config endpoint is vulnerable to mass assignment. The global NestJS ValidationPipe is configured without whitelist: true, so extr...

10CVSS0.0059EPSS
Exploits1References3
NVD
NVD
added 5 days ago6 views

CVE-2026-50195

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods ca...

9.9CVSS0.00354EPSS
Exploits0References1
NVD
NVD
added 5 days ago6 views

CVE-2026-51947

An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip fixed in Pivotal CRM 6.6.5.10 and PatchCWE50220260316.zip allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of ...

9.8CVSS0.0113EPSS
Exploits0References3
NVD
NVD
added 5 days ago6 views

CVE-2026-49119

Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess method that allows unauthenticated attackers to escape the configured root directory by supplying path segments containing directory traversal sequences or absolute paths. Attackers can provide...

8.7CVSS0.0069EPSS
Exploits0References4
NVD
NVD
added 5 days ago7 views

CVE-2026-47262

containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service DoS condition. When creating a container from this image, memory exhaustion occurs, leading to an...

5.5CVSS0.00317EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-38142

An unauthenticated command injection vulnerability in the /goform/fastsettinginternetset endpoint of Tenda AC18 v15.03.05.05 allows attackers to execute arbitrary commands via a crafted payload injected into the mac parameter...

6.5CVSS0.00685EPSS
Exploits0References1
NVD
NVD
added 5 days ago6 views

CVE-2026-41121

Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution Before File Access 'Link Following’ vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges...

7.8CVSS0.00124EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-14358

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Charts Extension allows Cross-Site Scripting XSS. This issue affects Mediawiki - Charts Extension: from before 1.43.9,1.44.6,1.45.4...

6.9CVSS0.00268EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-13769

Overly permissive file permissions in AWS CLI before 1.44.78 v1 and 2.34.29 v2 on Unix-like systems where the umask has not been configured to restrict file permissions the default on most systems may allow other local users on the same host to read credentials written by certain CLI subcommands...

6.8CVSS0.00101EPSS
Exploits0References4
NVD
NVD
added 5 days ago7 views

CVE-2026-13760

OS command injection in the NodejsFunction Docker bundling pipeline OsCommand helper in AWS aws-cdk-lib on all platforms might allow a actor who controls dependency version strings in a project's package.json file to execute arbitrary commands on the host running the CDK toolchain via injected...

7.3CVSS0.0061EPSS
Exploits0References3
NVD
NVD
added 5 days ago6 views

CVE-2026-58521

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...

9.8CVSS0.00247EPSS
Exploits0References2
NVD
NVD
added 5 days ago9 views

CVE-2026-5051

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...

4.4CVSS0.00278EPSS
Exploits0References1
NVD
NVD
added 5 days ago6 views

CVE-2026-57723

Cross-Site Request Forgery CSRF vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Path Traversal. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.12...

7.4CVSS0.00124EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-57736

Insertion of Sensitive Information Into Sent Data vulnerability in HubSpot allows Retrieve Embedded Sensitive Data. This issue affects HubSpot: from n/a through 11.3.51...

7.4CVSS0.00175EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-57722

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1...

5.9CVSS0.00148EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-57737

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta LTD Shortcodes and extra features for Phlox theme allows DOM-Based XSS. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.16...

6.5CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-58520

URL redirection to untrusted site 'open redirect' vulnerability in The Wikimedia Foundation Mediawiki - UrlShortener Extension allows Cross-Site Flashing. This issue affects Mediawiki - UrlShortener Extension: from before 1.43.9, 1.44.6, 1.45.4...

6.9CVSS0.0026EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-49091

Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection via Log Injection-Tampering-Forging CAPEC-93. An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal tha...

8CVSS0.00201EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-54428

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...

7.5CVSS0.0041EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-51946

SQL Injection vulnerability in GoAdminGroup GoAdmin last release v1.2.26 allows a remote attacker to execute arbitrary code and obtain sensitive information via the the sorttype URL parameter on all /admin/info/table endpoints...

6.5CVSS0.00336EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-49090

Uncontrolled Resource Consumption CWE-400 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process request...

6.5CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-46680

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...

7.8CVSS0.00221EPSS
Exploits1References1
NVD
NVD
added 5 days ago5 views

CVE-2026-58453

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anykaipc HTTP service on port 80...

9.8CVSS0.0169EPSS
Exploits0References3
NVD
NVD
added 5 days ago6 views

CVE-2026-58452

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying a malicious Wireless parameter to the HTTP PUT NetSDK/Factory SetMAC endpoint. Attackers can craft a...

8.8CVSS0.02422EPSS
Exploits0References3
NVD
NVD
added 5 days ago8 views

CVE-2026-58454

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTT...

7.7CVSS0.00523EPSS
Exploits0References3
NVD
NVD
added 5 days ago9 views

CVE-2026-56151

Improper Input Validation CWE-20 in Kibana can lead to a denial of service via Input Data Manipulation CAPEC-153. An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality...

6.5CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added 5 days ago6 views

CVE-2026-57721

Missing Authorization vulnerability in WP Reloaded ApplyOnline allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ApplyOnline: from n/a through 2.6.7.6...

5.3CVSS0.00184EPSS
Exploits0References1
NVD
NVD
added 5 days ago8 views

CVE-2026-56150

Allocation of Resources Without Limits or Throttling CWE-770 in Fleet Server can lead to a denial of service via Excessive Allocation CAPEC-130. An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server...

7.5CVSS0.00302EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-57516

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...

8.8CVSS0.00483EPSS
Exploits1References5
NVD
NVD
added 5 days ago9 views

CVE-2026-56152

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS0.00181EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-57720

Missing Authorization vulnerability in Codexpert Inc ThumbPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThumbPress: from n/a through 6.3.2...

4.3CVSS0.00203EPSS
Exploits0References1
NVD
NVD
added 5 days ago4 views

CVE-2026-56148

Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...

6.5CVSS0.00309EPSS
Exploits0References1
NVD
NVD
added 5 days ago9 views

CVE-2026-56149

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the...

4.9CVSS0.00324EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-54399

Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...

7.5CVSS0.0041EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-34116

Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribe.php line 15 without sanitization: exec"php jobs/transcribe.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00549EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-49088

Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to information disclosure. When the optional application performance monitoring APM instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to...

4.4CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 5 days ago4 views

CVE-2026-49087

Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk deletion request that causes excessive resource consumption, which may render Kibana unavailable...

6.5CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-34117

Guardian language-system passes the id GET parameter directly into a PHP exec call in texttosubtitles.php line 19 without sanitization: exec"php jobs/texttosubtitles.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00537EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-34110

Guardian language-system passes the id GET parameter directly into a PHP exec call in complexstart.php line 14 without sanitization: exec"php jobs/complex.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS0.00549EPSS
Exploits0References2
NVD
NVD
added 5 days ago9 views

CVE-2026-34109

Guardian language-system passes the id GET parameter directly into a PHP exec call in speech.php line 18 without sanitization: exec"php jobs/speechaudio.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS0.00537EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-34111

Guardian language-system passes the id GET parameter directly into a PHP exec call in speechmactext.php line 18 without sanitization: exec"php jobs/speechaudiomactext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00549EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-34114

Guardian language-system passes the id GET parameter directly into a PHP exec call in translatetext.php line 18 without sanitization: exec"php jobs/translatetext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00537EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-34115

Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribeamazon.php line 15 without sanitization: exec"php jobs/transcribeamazon.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00537EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-34112

Guardian language-system passes the id GET parameter directly into a PHP exec call in speechmac.php line 18 without sanitization: exec"php jobs/speechaudiomac.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00537EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-34113

Guardian language-system passes the id GET parameter directly into a PHP exec call in speechtext.php line 18 without sanitization: exec"php jobs/speechaudiotext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00537EPSS
Exploits0References2
NVD
NVD
added 5 days ago9 views

CVE-2026-34103

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php line 16: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS0.00373EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-34104

Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php line 124: SELECT FROM complex WHERE name='".$GET'name'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS0.00373EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-34102

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfoget.php line 16: SELECT FROM jobs where input1 = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS0.00373EPSS
Exploits0References2
Total number of security vulnerabilities363567