Lucene search
K

363650 matches found

NVD
NVD
•added 2026/06/29 4:16 p.m.•7 views

CVE-2026-13746

Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing Snowflake CLI to execute unintended SQL in the...

5.4CVSS0.0013EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 4:16 p.m.•19 views

CVE-2026-13749

Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19 allowed arbitrary code execution during application bundling or deployment. An attacker could exploit this by supplying crafted project content that is interpolated into generate...

8.8CVSS0.0037EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 4:16 p.m.•8 views

CVE-2026-41052

Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10...

9.4CVSS0.00319EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 4:16 p.m.•10 views

CVE-2026-13750

Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. An attacker could exploit this by obtaining read access to the affected user's local log files, causing credentials such as...

5.5CVSS0.00108EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 4:16 p.m.•9 views

CVE-2026-13580

A security vulnerability has been detected in Edimax EW-7478APC 1.04. This affects the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. Remote exploitation of the attack is possible. The exploit...

9CVSS0.00445EPSS
Exploits0References5
NVD
NVD
•added 2026/06/29 4:16 p.m.•8 views

CVE-2026-13582

A flaw has been found in Edimax EW-7478APC 1.04. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. This manipulation of the argument UserName/Password causes buffer overflow. The attack is possible to be carried out remotely...

9CVSS0.00455EPSS
Exploits0References5
NVD
NVD
•added 2026/06/29 4:16 p.m.•8 views

CVE-2026-13587

A vulnerability was found in seladb PcapPlusPlus 25.05. The affected element is the function parsebyblocktype of the file lightpcapng.c of the component LightPcapNg Parser. Performing a manipulation of the argument capturedpacketlength results in heap-based buffer overflow. It is possible to...

6.3CVSS0.00419EPSS
Exploits0References7
NVD
NVD
•added 2026/06/29 4:16 p.m.•11 views

CVE-2026-13581

A vulnerability was detected in Edimax EW-7478APC 1.04. This vulnerability affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack can be executed remotel...

6.5CVSS0.01158EPSS
Exploits0References5
NVD
NVD
•added 2026/06/29 4:16 p.m.•9 views

CVE-2026-13583

A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. Such manipulation of the argument ShareName/SelectName leads to buffer overflow. The attack may be performed from remote. The...

9CVSS0.00445EPSS
Exploits0References5
NVD
NVD
•added 2026/06/29 4:16 p.m.•14 views

CVE-2026-13437

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API...

6.5CVSS0.00255EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•9 views

CVE-2026-57523

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
NVD
NVD
•added 2026/06/29 3:16 p.m.•8 views

CVE-2026-57525

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
NVD
NVD
•added 2026/06/29 3:16 p.m.•8 views

CVE-2026-57336

Unauthenticated Cross Site Scripting XSS in Jobify = 4.3.2 versions...

7.1CVSS0.00146EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•9 views

CVE-2026-57337

Unauthenticated Cross Site Scripting XSS in Landing Page Builder = 1.5.3.5 versions...

7.1CVSS0.00146EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•10 views

CVE-2026-57338

Unauthenticated Cross Site Scripting XSS in ARForms = 7.1.2 versions...

7.1CVSS0.00146EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•8 views

CVE-2026-57339

Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...

6.5CVSS0.00196EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•7 views

CVE-2026-57340

Unauthenticated Broken Access Control in Japanized For WooCommerce = 2.9.12 versions...

6.5CVSS0.00196EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•8 views

CVE-2026-57341

Unauthenticated Insecure Direct Object References IDOR in Colissimo Officiel : Méthodes de livraison pour WooCommerce = 2.9.0 versions...

6.5CVSS0.00258EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•9 views

CVE-2026-57333

Unauthenticated Cross Site Scripting XSS in Link Whisper Free = 0.9.4 versions...

7.1CVSS0.00146EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•8 views

CVE-2026-57334

Unauthenticated Broken Access Control in WP User Frontend = 4.3.7 versions...

6.5CVSS0.00196EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•8 views

CVE-2026-57328

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.5CVSS0.00211EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•8 views

CVE-2026-57330

Subscriber Cross Site Scripting XSS in MasterStudy LMS = 3.7.27 versions...

6.5CVSS0.00171EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•11 views

CVE-2026-57331

Performer Arbitrary File Deletion in Paid Videochat Turnkey Site = 7.4.8 versions...

9.9CVSS0.00344EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•8 views

CVE-2026-57332

Subscriber Broken Access Control in Wallet System for WooCommerce = 2.7.6 versions...

7.1CVSS0.00256EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•8 views

CVE-2026-57329

Subscriber Cross Site Scripting XSS in WooCommerce Designer Pro = 1.9.34 versions...

6.5CVSS0.00211EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•11 views

CVE-2026-57335

Subscriber Broken Access Control in Ads by WPQuads = 3.0.3 versions...

6.5CVSS0.00229EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•9 views

CVE-2026-57320

Unauthenticated Cross Site Scripting XSS in BEAR = 1.1.8 versions...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•7 views

CVE-2026-56124

phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the comple...

8.7CVSS0.00365EPSS
Exploits0References4
NVD
NVD
•added 2026/06/29 3:16 p.m.•7 views

CVE-2026-57327

Subscriber Broken Access Control in MainWP = 6.1.1 versions...

6.3CVSS0.00249EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•9 views

CVE-2026-57326

Unauthenticated Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.1CVSS0.00181EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•10 views

CVE-2026-56290

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS0.00356EPSS
Exploits2References3
NVD
NVD
•added 2026/06/29 3:16 p.m.•9 views

CVE-2026-46406

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...

6.1CVSS0.00149EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•10 views

CVE-2026-49049

The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters...

7.5CVSS0.00228EPSS
Exploits2References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•12 views

CVE-2026-55844

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores the SSID allowlist for internal networks. The app uses SSID to detect when to use the internal URL, but whenever the app cannot find any other URL to ...

7.5CVSS0.00161EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•7 views

CVE-2026-55607

Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor...

8.8CVSS0.0071EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 3:16 p.m.•12 views

CVE-2026-13579

A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /patientchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be launched remotely. The...

6.5CVSS0.002EPSS
Exploits0References6
NVD
NVD
•added 2026/06/29 3:16 p.m.•8 views

CVE-2026-13578

A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patientdetail.php. Performing a manipulation of the argument editid results in sql injection. The attack may be initiated remotely. The explo...

6.5CVSS0.002EPSS
Exploits0References6
NVD
NVD
•added 2026/06/29 3:16 p.m.•9 views

CVE-2026-13571

A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument itemprice can lead to business logic errors. The attack may be performed from remote. The exploit has been published...

6.9CVSS0.00383EPSS
Exploits0References6
NVD
NVD
•added 2026/06/29 3:16 p.m.•10 views

CVE-2026-13573

A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The...

4.8CVSS0.00124EPSS
Exploits0References7
NVD
NVD
•added 2026/06/29 3:16 p.m.•10 views

CVE-2026-13574

A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on th...

4.8CVSS0.00124EPSS
Exploits0References7
NVD
NVD
•added 2026/06/29 3:16 p.m.•7 views

CVE-2026-13572

A vulnerability has been found in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /insertbillingrecord.php. The manipulation of the argument patientid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

6.5CVSS0.002EPSS
Exploits0References6
NVD
NVD
•added 2026/06/29 2:16 p.m.•11 views

CVE-2026-56457

HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain sensitive values related to that step...

4.3CVSS0.0018EPSS
Exploits0References1
NVD
NVD
•added 2026/06/29 2:16 p.m.•8 views

CVE-2026-54370

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS0.00091EPSS
Exploits0References3
NVD
NVD
•added 2026/06/29 2:16 p.m.•8 views

CVE-2026-54369

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...

8.4CVSS0.00142EPSS
Exploits0References7
NVD
NVD
•added 2026/06/29 2:16 p.m.•8 views

CVE-2026-54371

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...

8.4CVSS0.00136EPSS
Exploits0References7
NVD
NVD
•added 2026/06/29 2:16 p.m.•10 views

CVE-2026-40523

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SAGLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM2 and PARAM3 POST parameters. Attackers can exploit...

8.1CVSS0.00276EPSS
Exploits0References4
NVD
NVD
•added 2026/06/29 2:16 p.m.•9 views

CVE-2026-40524

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...

8.1CVSS0.00276EPSS
Exploits0References4
NVD
NVD
•added 2026/06/29 2:16 p.m.•11 views

CVE-2026-40521

FrontAccounting before 2.4.20 contains a path traversal vulnerability in the attachment upload handler that allows authenticated attackers to execute arbitrary code by uploading files with traversal sequences in the uniquename parameter. Attackers can supply path traversal sequences...

8.8CVSS0.00627EPSS
Exploits0References4
NVD
NVD
•added 2026/06/29 2:16 p.m.•9 views

CVE-2026-40522

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS0.00148EPSS
Exploits0References4
NVD
NVD
•added 2026/06/29 2:16 p.m.•11 views

CVE-2026-13567

A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST Request Handler. The manipulation of the argument fname/femail/faddress/fmessage results in cross site scripting. The attack may be...

5.3CVSS0.00273EPSS
Exploits0References6
Total number of security vulnerabilities363650