Lucene search
K

369315 matches found

CVE
CVE
added 2026/07/01 4:59 p.m.11 views

CVE-2026-49088

Kibana security advisory CVE-2026-49088 describes that when optional APM instrumentation is enabled, sensitive request header values may be logged in application logs, risking information disclosure (CWE-532). Affected versions include Kibana 8.x up to 8.18.8, 8.19.0–8.19.5, and 9.x 9.0.0–9.0.7, ...

4.4CVSS5.7AI score0.00211EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 4:56 p.m.11 views

CVE-2026-57721

The CVE-2026-57721 entry concerns the WordPress WP Reloaded ApplyOnline plugin, affected versions include up to 2.6.7.6. The issue is described as a Missing Authorization vulnerability caused by Incorrectly Configured Access Control security levels, which implies a broken access control condition...

5.3CVSS5.8AI score0.00184EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 4:55 p.m.14 views

CVE-2026-57720

The CVE-2026-57720 entry concerns the WordPress ThumbPress plugin (

4.3CVSS5.8AI score0.00203EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 4:53 p.m.16 views

CVE-2026-12480

CVE-2026-12480 affects Keras up to 3.13.2. The root cause is an incomplete fix for CVE-2026-1669 in H5IOStore._verify_dataset() and file_editor.py, where the code fails to check the dataset.is_virtual property of HDF5 datasets. This allows an attacker to craft a malicious .keras model archive or ...

5.5CVSS6.2AI score0.00127EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:36 p.m.19 views

CVE-2026-57516

Ray prior to 2.56.0 is affected via the WebDataset reader flaw in which _default_decoder() deserializes tar entries using pickle.loads for .pkl/.pickle and torch.load for .pt/.pth, enabling remote code execution inside Ray remote workers when processing a malicious tar archive. Affected component...

8.8CVSS6.6AI score0.00493EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/07/01 4:35 p.m.10 views

CVE-2026-49087

The CVE-2026-49087 issue concerns Kibana: Allocation of Resources Without Limits or Throttling (CWE-770) leading to a denial of service (CAPEC-130). An authenticated user can submit a crafted bulk deletion request that inflates resource use and can render Kibana unavailable. Connected sources spe...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 4:32 p.m.9 views

CVE-2026-56152

Summary: CVE-2026-56152 concerns Elastic Defend. Affected component is the Elastic Defend response actions where an authorization check failure allowed a low-privileged authenticated user to access response action data they should not view (CWE-863, CAPEC-1). Impact details (as described): The vu...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 4:30 p.m.32 views

CVE-2026-20243

CVE-2026-20243 describes a DoS-style vulnerability in ClamAV caused by memory corruption during ALZ archive parsing. The issue stems from improper boundary checks for content in ALZ files, leading to an out-of-bounds buffer write when a crafted ALZ file is scanned by vulnerable ClamAV instances. ...

7.5CVSS6AI score0.00389EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 4:29 p.m.8 views

CVE-2026-56151

This CVE affects Kibana with Fleet: Improper Input Validation (CWE-20) enabling Denial of Service via crafted Fleet policy input. Affected versions include 8.x (8.0.0–8.19.16), 9.x (9.0.0–9.3.5 and 9.4.0–9.4.2). The root cause is input validation failure for Fleet policy inputs, allowing an authe...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 4:28 p.m.21 views

CVE-2026-20244

CVE-2026-20244 affects the DMG file format parser in ClamAV. The root cause is improper boundary checks for DMG content during scanning, which may trigger an integer overflow on 32-bit platforms. An unauthenticated, remote attacker could submit a crafted DMG file for scanning, potentially causing...

7.5CVSS5.9AI score0.00389EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 4:28 p.m.12 views

CVE-2026-20215

CVE-2026-20215 affects ClamAV’s 7z file format parser. The issue stems from improper boundary checks on 7z content during scanning, causing an out-of-bounds memory write that can crash the ClamAV scanning process. This allows an unauthenticated, remote attacker to trigger a DoS (and possibly expa...

7.5CVSS6AI score0.00389EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 4:28 p.m.36 views

CVE-2026-20217

The CVE-2026-20217 entry concerns ClamAV’s PESpin file format parser. The vulnerability arises from improper boundary checks for PESpin content during scanning, causing memory corruption that can lead to an out-of-bounds buffer write. An attacker could submit a crafted PESpin file to be scanned, ...

7.5CVSS6AI score0.00389EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 4:27 p.m.33 views

CVE-2026-20216

CVE-2026-20216 concerns ClamAV’s InstallShield file format parser. The vulnerability arises from improper handling of temporary resources during scanning, enabling an unauthenticated, remote attacker to submit a crafted InstallShield file that can terminate the ClamAV scanning process and tempora...

7.5CVSS5.8AI score0.00389EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 4:27 p.m.43 views

CVE-2026-20213

This CVE (CVE-2026-20213) affects the ClamAV PE file format parser. A crafted PE content file submitted to the scanner can trigger memory corruption due to improper boundary checks, leading to an out-of-bounds write. An unauthenticated, remote attacker could cause the ClamAV scanning process to t...

7.5CVSS6AI score0.00463EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 4:27 p.m.18 views

CVE-2026-20214

CVE-2026-20214 affects ClamAV’s FSG file format parser. The issue arises from improper boundary checks for content in FSG files during scanning, leading to an out-of-bounds buffer write and memory corruption. An unauthenticated, remote attacker could submit a crafted file containing portable exec...

7.5CVSS6AI score0.00463EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 4:27 p.m.95 views

CVE-2026-20191

Cisco Catalyst Center is affected by CVE-2026-20191. The issue arises from insufficient validation of user-supplied input, enabling an unauthenticated remote attacker to read arbitrary files from a restricted container by sending a crafted HTTP request. CVSSv3.1 base score 7.5 (HIGH), with networ...

7.5CVSS6AI score0.00756EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 4:26 p.m.10 views

CVE-2026-56150

MODE C: CVE-2026-56150 affects Elastic Fleet Server via Allocation of Resources Without Limits or Throttling (upload endpoint memory exhaustion). Multiple connected sources describe the vulnerability in Fleet Server's internal API packages and uploader, enabling an attacker to exhaust RAM and pot...

7.5CVSS5.8AI score0.00312EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 4:24 p.m.11 views

CVE-2026-34117

Guardian Language-System is affected by CVE-2026-34117 due to a vulnerability in text_to_subtitles.php where the id GET parameter is passed directly into PHP exec() without sanitization. This allows an unauthenticated, remote attacker to append shell metacharacters and execute arbitrary OS comman...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:23 p.m.14 views

CVE-2026-34116

The CVE-2026-34116 entry concerns the Guardian language-system. The flaw occurs in transcribe.php where the GET parameter id is concatenated into a PHP exec() call without sanitization, enabling an unauthenticated remote attacker to inject shell commands. Affected component: Guardian language-sys...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:22 p.m.10 views

CVE-2026-34115

Guardian Language-System is affected by CVE-2026-34115 where the GET param id is directly appended into a PHP exec() call in transcribe_amazon.php (line 15) without sanitization, enabling an unauthenticated remote attacker to inject shell metacharacters and execute arbitrary OS commands on the se...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
Rows per page
Query Builder