Lucene search
K

369161 matches found

CVE
CVE
added 2026/07/01 2:32 p.m.9 views

CVE-2026-13707

CVE-2026-13707 describes a session fixation vulnerability in Wikimedia Foundation OAuth, associated with the file src/Backend/MWOAuthServer.Php. Affected versions include OAuth implementations up to 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The connected documents do not provide explicit root-cause det...

5.8AI score0.00255EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 2:29 p.m.11 views

CVE-2026-13706

The CVE pertains to Wikimedia Foundation’s UrlShortener extension, specifically a vulnerability in the UrlShortenerUtils.Php implementation. The issue is improper input validation caused by a discrepancy between PHP’s URL parsing and WHATWG URL parsing, enabling bypassing of validation in the Url...

5.8AI score0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 2:25 p.m.14 views

CVE-2026-58399

The CVE affects @acastellon/auth (authentication control for microservices). Versions

8.7CVSS5.8AI score0.00543EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 2:24 p.m.22 views

CVE-2026-58031

The CVE-2026-58031 entry describes a stored XSS in MediaWiki (Wikimedia Foundation) via Special:ApiSandbox when a deprecated module is selected. Affected component: resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js; affected software version range: MediaWiki 1.46.0-rc.0 up to prior t...

5.8AI score0.0023EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 2:21 p.m.16 views

CVE-2026-58034

The CVE-2026-58034 entry concerns a Stored XSS in Wikimedia Foundation CheckUser, caused by improper neutralization of input during web page generation. The issue is tied to the file modules/ext.CheckUser.TempAccounts/components/blockConnectedTempAccountsField.Vue and affects CheckUser versions f...

5.8AI score0.00247EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 2:19 p.m.19 views

CVE-2026-6283

CVE-2026-6283 affects DivvyDrive Information Technologies Inc. DivvyDrive (versions 4.8.2.23 up to, but not including, 4.8.3.1) with a Stored XSS due to improper neutralization of input during web page generation. Risk is MEDIUM (CVSS 3.1: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N), requiring user inte...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 2:17 p.m.17 views

CVE-2026-58035

The CVE describes a stored XSS in MediaWiki (Wikimedia Foundation) related to resources/src/mediawiki.Special.Block/SpecialBlock.Vue in the codex version of Special:Block. The issue arises from improper neutralization of user input during web page generation, enabling XSS via a system message. Af...

5.8AI score0.00247EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 2:12 p.m.11 views

CVE-2026-5220

DivvyDrive Information Technologies Inc. DivvyDrive contains a Stored XSS vulnerability caused by improper neutralization of input during web page generation. Affected versions are 4.8.2.23 up to, but not including, 4.8.3.1. CVSS v3.1 base score 6.4 (Medium) with network attack vector, low attack...

6.4CVSS5.8AI score0.00148EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 2:9 p.m.14 views

CVE-2026-14330

CVE-2026-14330 describes an issue in Pipewire’s PulseAudio protocol server, where multiple unbounded alloca() calls can cause a stack overflow. The affected component is the PulseAudio protocol server within Pipewire. Root cause: unbounded alloca() usage leading to potential stack overflow. Accor...

5.5CVSS5.8AI score0.001EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 2:9 p.m.15 views

CVE-2026-14324

CVE-2026-14324 — Pipewire RAOP module vulnerability. The RAOP module accepts unbounded Content-Length values and does not validate the return of pw_array_add(), which can lead to a null dereference. This is a technical detail documented in the CVE record and CVE-list entry. The CVSSv3.1 metrics i...

6.5CVSS5.8AI score0.00175EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 2:8 p.m.14 views

CVE-2026-2891

The CVE-2026-2891 entry concerns Poly Voice IP devices (CCX, Trio, Edge E) and describes a potential DoS if these devices connect to a malicious SIP server sending malformed data. Affected components are the Poly Voice devices themselves; the root cause is triggered by malformed SIP input from a ...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 2:8 p.m.16 views

CVE-2026-5138

Foreman vulnerability CVE-2026-5138 involves the taxonomy_scope controller failing to validate organization and location IDs in nested request parameters. An authenticated user with host-edit permissions can trigger cross-tenant information disclosure, leaking sensitive infrastructure metadata (s...

4.3CVSS5.8AI score0.00247EPSS
Exploits0References6
CVE
CVE
added 2026/07/01 2:8 p.m.11 views

CVE-2026-5135

CVE-2026-5135 concerns Foreman and describes a broken access control vulnerability where an authenticated user with host-edit permissions can retarget an existing lookup value override to a different host by modifying the match field via nested host attributes, effectively bypassing authorisation...

6.5CVSS5.7AI score0.00262EPSS
Exploits0References6
CVE
CVE
added 2026/07/01 2:7 p.m.12 views

CVE-2026-5142

CVE-2026-5142 (Foreman) : A flaw allows authenticated users with the low-privilege permission view_keypairs to bypass taxonomy scoping and download private SSH keys from other organizations by querying key pair IDs. This results in cross-tenant data exposure in multi-tenant deployments. The initi...

6.5CVSS5.7AI score0.0027EPSS
Exploits0References6
CVE
CVE
added 2026/07/01 2:7 p.m.33 views

CVE-2026-12374

CVE-2026-12374 affects the macOS PrivilegedHelperTool in Cato Client prior to v5.13.1. The issue combines improper XPC caller certificate validation with a TOCTOU race, allowing a local authenticated attacker to escalate to root by using a self-signed certificate that bypasses XPC caller verifica...

7.3CVSS5.8AI score0.00055EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 2:3 p.m.8 views

CVE-2026-49089

Kibana ( Elastic 8.x ) is affected by CVE-2026-49089 through an Authorization Bypass via a user-controlled key in AI Assistant conversations, allowing an authenticated user to access or modify another user’s AI Assistant conversation and potentially perform unauthorized data modifications. Affect...

Exploits0References1
CVE
CVE
added 2026/07/01 2:1 p.m.24 views

CVE-2026-6688

CVE-2026-6688 affects FatFs R0.16 and earlier . It is a downstream-caller vulnerability in FatFs long filename handling: with LFN enabled, fno.fname can be up to 255 characters , and callers copy it into short fixed buffers without bounds checks, causing a buffer overflow (CWE-120). CVSS v3.1: AV...

7.6CVSS5.8AI score0.0021EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2026/07/01 1:57 p.m.34 views

CVE-2026-6687

CVE-2026-6687 affects FatFs R0.16 and earlier. Root cause: f_getlabel() trusts exFAT label length (XDIR_NumLabel) beyond the spec maximums, causing a stack-based buffer overflow (CWE-121). Documented impact per CVSS: high for confidentiality, integrity, and availability. Exploitation status is no...

7.6CVSS5.8AI score0.00232EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2026/07/01 1:55 p.m.26 views

CVE-2026-6686

FatFs CVE-2026-6686 affects FatFs R0.16 and earlier. The issue is an uninitialized cluster exposure when f_lseek() extends a file beyond EOF without zero-filling newly allocated clusters, mapping to CWE-908 (Use of Uninitialized Resource). The root cause is not zero-filling or initializing cluste...

4.6CVSS5.8AI score0.00177EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2026/07/01 1:49 p.m.10 views

CVE-2026-23537

The CVE-2026-23537 issue affects the Feast Feature Server, specifically the vulnerable "/save-document" endpoint. An unauthenticated remote attacker can write arbitrary JSON files to the server filesystem, bypassing path restrictions and potentially overwriting vital configurations or startup scr...

9.1CVSS6.2AI score0.00568EPSS
Exploits0References4
Rows per page
Query Builder