Lucene search
K

363781 matches found

NVD
NVD
•added 2026/06/24 5:17 p.m.•5 views

CVE-2026-52956

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in cephxdecrypt In cephxdecrypt, a part of the buffer p is interpreted as a cephxencryptheader, and the magic field of this struct is accessed. This happens without any guarantee that t...

7.5CVSS0.00359EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 5:17 p.m.•8 views

CVE-2026-52947

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix refcount saturation and potential UAF in qrtrportremove In qrtrportremove, the socket reference count is decremented via sockput before the port is removed from the qrtrports XArray and before the RCU grace period...

7.8CVSS0.00135EPSS
Exploits0References8
NVD
NVD
•added 2026/06/24 5:17 p.m.•7 views

CVE-2026-52948

In the Linux kernel, the following vulnerability has been resolved: i2c: dev: prevent integer overflow in I2CTIMEOUT ioctl While fuzzing with Syzkaller, a persistent scheduletimeout: wrong timeout value warning was observed, accompanied by SMBus controller state machine corruption. The I2CTIMEOUT...

0.00185EPSS
Exploits0References8
NVD
NVD
•added 2026/06/24 5:17 p.m.•8 views

CVE-2026-52946

In the Linux kernel, the following vulnerability has been resolved: fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling A SOFTIRQ-safe to SOFTIRQ-unsafe lock order deadlock can occur in sendsigio and sendsigurg when a process group receives a signal. When FASYNC is configured for a proces...

7.5CVSS0.00612EPSS
Exploits0References9
NVD
NVD
•added 2026/06/24 5:17 p.m.•6 views

CVE-2026-52945

In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user report...

7.5CVSS0.00307EPSS
Exploits0References4
NVD
NVD
•added 2026/06/24 5:16 p.m.•6 views

CVE-2026-13164

Missing Authentication for Critical Function CWE-306 in the RegisterView apps/accounts/views.py, exposed at POST /api/auth/register/, in MailerUp 1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, becaus...

8.8CVSS0.00406EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 4:16 p.m.•11 views

CVE-2026-56119

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
NVD
NVD
•added 2026/06/24 4:16 p.m.•8 views

CVE-2026-56118

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
NVD
NVD
•added 2026/06/24 4:16 p.m.•7 views

CVE-2026-56121

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The userdefinedfunction.body field of an OnDemandFeatureView spec is decoded from...

9.8CVSS0.00862EPSS
Exploits1References7
NVD
NVD
•added 2026/06/24 4:16 p.m.•9 views

CVE-2026-55488

motionEye mEye is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versions prior to 0.44.0 contain an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files fro...

8.7CVSS0.00623EPSS
Exploits1References1
NVD
NVD
•added 2026/06/24 4:16 p.m.•8 views

CVE-2026-56111

Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESHBEDLEVELING enabled, contains an out-of-bounds write vulnerability in the M421 G-code handler that allows attackers to corrupt firmware memory by supplying out-of-range X and Y grid indices. Attackers can send a single...

9.1CVSS0.00542EPSS
Exploits1References4
NVD
NVD
•added 2026/06/24 4:16 p.m.•7 views

CVE-2026-50703

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer...

4.8CVSS0.00239EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 4:16 p.m.•7 views

CVE-2026-50709

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications Events panel...

4.8CVSS0.00239EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 4:16 p.m.•9 views

CVE-2026-50708

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component...

4.8CVSS0.00239EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 4:16 p.m.•8 views

CVE-2026-50711

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component...

4.6CVSS0.00256EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 4:16 p.m.•8 views

CVE-2026-50710

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component...

4.6CVSS0.00256EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 4:16 p.m.•9 views

CVE-2026-50701

A Reflected Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component...

5.1CVSS0.00268EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 4:16 p.m.•12 views

CVE-2026-50705

A Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer...

4.6CVSS0.00256EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 4:16 p.m.•12 views

CVE-2026-50704

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer...

4.6CVSS0.00256EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 4:16 p.m.•9 views

CVE-2026-50712

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component...

4.8CVSS0.00239EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 4:16 p.m.•10 views

CVE-2026-49269

Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by a separate sandboxed victim app. In the proof of concept, GPUVictim.app generates a fresh random...

8.6CVSS0.00303EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 4:16 p.m.•12 views

CVE-2026-50700

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.getavatar function...

4.6CVSS0.00256EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 3:16 p.m.•10 views

CVE-2026-50699

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in referencedocument using a whitelisted write path and trigger script execution when users open the affected Auto...

4.6CVSS0.00313EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 3:16 p.m.•9 views

CVE-2026-50698

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component...

4.6CVSS0.00256EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 3:16 p.m.•7 views

CVE-2026-12986

A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...

8.8CVSS0.00181EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 3:16 p.m.•9 views

CVE-2026-11878

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText Access Manager allows Cross-Site Scripting XSS. This issue affects Access Manager: from 5.1 through 5.1.2...

8.2CVSS0.0013EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 3:16 p.m.•9 views

CVE-2026-11877

An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3...

7.5CVSS0.00178EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•10 views

CVE-2026-57300

A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access...

4.3CVSS0.00178EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•8 views

CVE-2026-57301

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller...

8.8CVSS0.0042EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•11 views

CVE-2026-57306

A cross-site request forgery CSRF vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS0.0011EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•12 views

CVE-2026-57302

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system...

4.3CVSS0.00178EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•9 views

CVE-2026-57307

A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS0.0014EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•9 views

CVE-2026-57303

Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery...

7.1CVSS0.00224EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•8 views

CVE-2026-57304

A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password...

5.4CVSS0.00161EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•9 views

CVE-2026-57305

A cross-site request forgery CSRF vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username and password...

5.4CVSS0.00128EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•9 views

CVE-2026-57299

Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata...

4.3CVSS0.00167EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•12 views

CVE-2026-57288

Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native ADSI authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a...

3.7CVSS0.00224EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•9 views

CVE-2026-57289

Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to...

4.8CVSS0.00108EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•8 views

CVE-2026-57294

A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

5.4CVSS0.00161EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•10 views

CVE-2026-57290

A cross-site request forgery CSRF vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b84449 and earlier allows attackers to overwrite the global job priority configuration...

4.3CVSS0.00152EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•8 views

CVE-2026-57295

A cross-site request forgery CSRF vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a81c3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

5.4CVSS0.00128EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•10 views

CVE-2026-57292

A cross-site request forgery CSRF vulnerability in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS0.00101EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•10 views

CVE-2026-57291

Missing permission checks in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS0.00145EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•8 views

CVE-2026-57293

An incorrect permission check in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS0.0017EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•11 views

CVE-2026-57296

Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, allowing attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, which can...

8.8CVSS0.00595EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•9 views

CVE-2026-57298

A cross-site request forgery CSRF vulnerability in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers to have Jenkins connect to an attacker-specified URL using an attacker-specified username, API key, and service key...

5.4CVSS0.00101EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•11 views

CVE-2026-57297

A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, API key, and service key...

5.4CVSS0.00167EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•7 views

CVE-2026-57282

Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent...

5CVSS0.00207EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•9 views

CVE-2026-57284

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps...

4.3CVSS0.00275EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 2:17 p.m.•9 views

CVE-2026-57285

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration...

4.3CVSS0.00216EPSS
Exploits0References1
Total number of security vulnerabilities363781