Lucene search
K

363816 matches found

NVD
NVD
added 2026/06/20 1:16 p.m.13 views

CVE-2026-48939

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution...

10CVSS0.00564EPSS
Exploits3References5
NVD
NVD
added 2026/06/20 1:16 p.m.11 views

CVE-2026-48908

A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code...

10CVSS0.00803EPSS
Exploits5References5
NVD
NVD
added 2026/06/20 9:16 a.m.13 views

CVE-2026-11912

The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization checks in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete and modify files on the serve. This vulnerability is...

7.5CVSS0.00433EPSS
Exploits0References7
NVD
NVD
added 2026/06/20 9:16 a.m.15 views

CVE-2026-12119

The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check on the 'frontmanage' shortcode attribute in all versions up to, and including, 6.3.7. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS0.00267EPSS
Exploits0References6
NVD
NVD
added 2026/06/20 9:16 a.m.14 views

CVE-2026-11911

The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the eeSFLDeleteFile function in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server,...

7.5CVSS0.0078EPSS
Exploits0References6
NVD
NVD
added 2026/06/20 2:16 a.m.13 views

CVE-2026-9265

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...

9.1CVSS0.00354EPSS
Exploits0References3
NVD
NVD
added 2026/06/20 2:16 a.m.25 views

CVE-2026-9843

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the viewpage function in all versions up to, and including, 1.5.1. This makes it possible for unauthenticated attackers to delete...

8.1CVSS0.00662EPSS
Exploits0References7
NVD
NVD
added 2026/06/20 1:16 a.m.11 views

CVE-2026-56213

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsertversionmeta SECURITY DEFINER function exposed via PostgREST RPC, allowing unauthenticated attackers to insert arbitrary rows into versionmeta for any appid. Attackers can exploit this by calling the RPC...

6.9CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 2026/06/20 1:16 a.m.11 views

CVE-2026-56216

Capgo before 12.128.2 contains a scope escalation vulnerability in the POST /functions/v1/apikey endpoint that allows app-limited API keys to mint unrestricted keys by setting empty limits. Attackers with a compromised app-limited key can create an unrestricted key with org-wide access to resourc...

8.8CVSS0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/06/20 1:16 a.m.13 views

CVE-2026-56212

Capgo before 12.128.2 contains an authentication logic flaw: a user with permission to manage team or organization security settings can enable mandatory two-factor authentication for all team members without first enabling 2FA on their own account. The application fails to verify the initiator's...

5.1CVSS0.00206EPSS
Exploits0References2
NVD
NVD
added 2026/06/20 1:16 a.m.13 views

CVE-2026-56215

Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning endpoint trusts as an account-merge key. Attackers can pre-position their account with a victim's corporate SSO email, causing the provision-user endpoin...

8.7CVSS0.00228EPSS
Exploits0References2
NVD
NVD
added 2026/06/20 1:16 a.m.12 views

CVE-2026-56214

Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints istrialorg and ispayingorg that allows unauthenticated attackers to enumerate organizations and disclose billing status using the public sbpublishable key. Attackers can invoke these endpoin...

8.7CVSS0.00302EPSS
Exploits0References2
NVD
NVD
added 2026/06/20 12:16 a.m.10 views

CVE-2026-11551

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.29. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

9.8CVSS0.00625EPSS
Exploits1References3
NVD
NVD
added 2026/06/19 10:16 p.m.24 views

CVE-2026-56081

Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound to a victim's email address before that email is verified. By enabling two-factor authentication on the pre-registered account, the attacker gains control over the account...

9.3CVSS0.00351EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 10:16 p.m.12 views

CVE-2026-56082

Capgo Cap-go/capgo before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.recordbuildtime, which is granted to the anon role and callable with only the public Supabase publishable sbpublishable anon key. An unauthenticated attacker...

8.7CVSS0.00242EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 10:16 p.m.12 views

CVE-2026-56073

Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying server responses. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely mark verification successful,...

9.4CVSS0.00188EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 10:16 p.m.17 views

CVE-2026-56080

Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not update the password-compliance state. As a result, the backend continues to treat the account as...

6.9CVSS0.00299EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 10:16 p.m.14 views

CVE-2026-56079

Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that allows org-scoped read API keys to access other tenants' webhook secrets and delivery logs. Attackers can query the webhooks and webhookdeliveries endpoints to exfiltrate HMAC signing...

7.1CVSS0.00241EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 9:17 p.m.10 views

CVE-2026-50519

Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...

7.5CVSS0.00514EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 9:17 p.m.12 views

CVE-2026-50559

Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons %3B to smuggle matrix parameters past the security layer,...

7.5CVSS0.00451EPSS
Exploits1References9
NVD
NVD
added 2026/06/19 9:17 p.m.10 views

CVE-2026-49337

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...

4.3CVSS0.00194EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 9:17 p.m.9 views

CVE-2026-48584

Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network...

9.9CVSS0.005EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 9:17 p.m.9 views

CVE-2026-49295

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

7.1CVSS0.00227EPSS
Exploits1References2
NVD
NVD
added 2026/06/19 9:17 p.m.11 views

CVE-2026-49346

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...

7.1CVSS0.00227EPSS
Exploits1References2
NVD
NVD
added 2026/06/19 9:17 p.m.9 views

CVE-2026-48794

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.36.0 through 4.39.19, due to lack of canonicalization of domains in very specific edge cases, an access control rule may b...

2.3CVSS0.00283EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 9:17 p.m.13 views

CVE-2026-48582

Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network...

9.6CVSS0.00389EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 9:16 p.m.17 views

CVE-2026-48129

Kestra is an open-source, event-driven orchestration platform. Prior to versions 1.3.19, 1.2.19, 1.1.19, and 1.0.43, Kestra task inputFiles writes rendered file names directly under the task working directory. When a flow forwards untrusted execution or webhook data into an inputFiles file name, ...

6.5CVSS0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 9:16 p.m.12 views

CVE-2026-47645

Url redirection to untrusted site 'open redirect' in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network...

8.8CVSS0.00408EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 9:16 p.m.11 views

CVE-2026-47203

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.38.0 through 4.39.19, when a user authenticates via Basic Auth i.e via the Authorization header with the Basic scheme on t...

6.3CVSS0.00308EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 9:16 p.m.12 views

CVE-2026-45480

Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network...

10CVSS0.00562EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 9:16 p.m.16 views

CVE-2026-42895

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...

7.5CVSS0.00399EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 9:16 p.m.11 views

CVE-2026-32208

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Entra ID allows an authorized attacker to perform spoofing over a network...

8.8CVSS0.00282EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 8:16 p.m.15 views

CVE-2026-49344

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query Engine /admin/queries/execute accepts a JSON DSL from / select / filters / traverse / output, translates it into an Eloquent query, and returns results as JSON...

7.1CVSS0.00281EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 8:16 p.m.13 views

CVE-2026-49345

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery SSRF vulnerability exists in Mercator's CVE configuration panel /admin/config/parameters. The testProvider method in ConfigurationController passes...

5.3CVSS0.0054EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 8:16 p.m.13 views

CVE-2026-48787

gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then...

8.7CVSS0.0047EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 8:16 p.m.12 views

CVE-2026-49342

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS0.00273EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 8:16 p.m.14 views

CVE-2026-48774

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS0.00226EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 8:16 p.m.24 views

CVE-2026-48772

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the PROXY UNKNOWN \r\n PP1 frame as a well-formed PROXY protocol header. The HAProxy PROXY protocol v1 specification says that when the protocol token is UNKNOW...

10CVSS0.00185EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 8:16 p.m.11 views

CVE-2026-48715

radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the radvdump utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, printff copies up to 2032 bytes from attacker-controlled...

8.8CVSS0.00203EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 8:16 p.m.13 views

CVE-2026-48773

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authentication heap memory corruption vulnerability in the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can declare an oversized first packet length, and...

9.8CVSS0.00358EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 8:16 p.m.11 views

CVE-2026-48089

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create,...

7.1CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 7:16 p.m.10 views

CVE-2026-49288

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and content for resources they don't have permission to view, including entries, assets, users, roles, groups, and other configured resources...

4.3CVSS0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 7:16 p.m.8 views

CVE-2026-49291

mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at /mcp requires only OAuth read scope for all requests, then dispatches tools/call directly to handlers that include mutating tools. A read-only OAuth client can call...

8.1CVSS0.00264EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 7:16 p.m.8 views

CVE-2026-49336

@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, @microsoft/kiota-http-fetchlibrary's RedirectHandler is documented as stripping Authorization and Cookie from cross-origin redirect targets, bu...

6.9CVSS0.0065EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 7:16 p.m.7 views

CVE-2026-9375

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...

7.5CVSS0.00304EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 7:16 p.m.15 views

CVE-2026-49339

gonic is a music streaming server / free-software subsonic server API implementation. The maintainer's fix in commit 6dd71e6a3c966867ef8c900d359a7df75789f410 added an ownership check based on playlist.UserID. However, playlist.UserID is derived from the first path segment of the attacker-controll...

7.1CVSS0.00262EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 7:16 p.m.11 views

CVE-2026-49340

gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, a logic error in ServeCreateOrUpdatePlaylist allows any authenticated Subsonic user including non-admin to write playlist M3U content to an attacker-controlled absolute filesystem path o...

8.1CVSS0.00269EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 7:16 p.m.10 views

CVE-2026-49338

gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, the Subsonic API endpoints /rest/deletePlaylist.view and /rest/getPlaylist.view perform no per-resource authorization. Once authenticated as any user admin or not, an attacker can delete...

7.1CVSS0.00168EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 7:16 p.m.16 views

CVE-2026-49293

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written parseBigInt loop that multiplies a BigInt accumulator by the radix once per input digit. Each iteration...

7.5CVSS0.00415EPSS
Exploits1References3
NVD
NVD
added 2026/06/19 7:16 p.m.10 views

CVE-2026-27878

A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service...

6.5CVSS0.00235EPSS
Exploits0References1
Total number of security vulnerabilities363816