Lucene search
K

369369 matches found

CVE
CVE
added 2026/07/01 6:16 p.m.17 views

CVE-2026-58451

CVE-2026-58451 concerns Horde IMP prior to 7.0.1. A path traversal flaw in lib/Compose.php enables an authenticated attacker to read arbitrary server files by inserting traversal sequences after the CKEditor path prefix in img src URLs. The issue circumvents prefix validation by appending travers...

7.1CVSS5.9AI score0.00379EPSS
Exploits0References7
CVE
CVE
added 2026/07/01 6:14 p.m.10 views

CVE-2026-49856

Technical details for CVE-2026-49856 are not publicly available in the provided documents. Monitor for updates; no affected products, impact, or remediation can be stated from the current data.

Exploits0References4
CVE
CVE
added 2026/07/01 6:10 p.m.36 views

CVE-2026-53489

CVE-2026-53489 affects containerd CRI: when checkpoint restore occurs, the CRI plugin may read a host file by following a symlink for container.log. Vulnerable versions are prior to 2.3.2, 2.2.5 and 2.1.9. Impact described as arbitrary host file read via kubectl logs, with LOCAL attack potential ...

8.2CVSS5.9AI score0.00208EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 5:59 p.m.36 views

CVE-2026-53492

Summary: CVE-2026-53492 affects containerd’s CRI checkpoint restoration, where CDI annotations in untrusted checkpoint metadata are trusted, allowing injection of CDI edits (device nodes/host mounts) into restored containers if CDI is enabled and a matching host CDI spec exists. The issue affects...

9.6CVSS5.9AI score0.00412EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 5:57 p.m.10 views

CVE-2026-46487

Technical details for CVE-2026-46487 are not publicly available in the provided documents; monitor for updates.

Exploits0References4
CVE
CVE
added 2026/07/01 5:56 p.m.14 views

CVE-2026-39379

Technical details are not publicly available in the provided documents for CVE-2026-39379. Monitor for updates.

Exploits0References3
CVE
CVE
added 2026/07/01 5:55 p.m.10 views

CVE-2025-36374

Technical details for CVE-2025-36374 are not publicly available in the provided documents. There is no information on affected products, root cause, or remediation. Monitor for updates.

Exploits0
CVE
CVE
added 2026/07/01 5:52 p.m.10 views

CVE-2026-12733

Technical details for CVE-2026-12733 are not publicly available in the provided documents. Monitor for updates.

Exploits0
CVE
CVE
added 2026/07/01 5:50 p.m.38 views

CVE-2026-50195

Containerd CVE-2026-50195 affects CRI checkpoint import: unvalidated image references in a checkpoint config allow an attacker with pod-creation permissions to trigger pulling a malicious image and assign it a local tag, poisoning the node’s local image cache. Subsequent pods on the same node usi...

9.9CVSS6.1AI score0.00354EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 5:48 p.m.23 views

CVE-2026-50160

Hoppscotch self-hosted deployments (Hoppscotch-backend

10CVSS6.1AI score0.0059EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/07/01 5:48 p.m.73 views

CVE-2026-47262

CVE-2026-47262 affects containerd where a maliciously crafted image can trigger a Denial of Service by exhausting memory during container creation, causing an Out-Of-Memory (OOM) kill of the containerd process and making the runtime API unavailable (impacting clients like Docker Engine and Kubern...

5.5CVSS5.7AI score0.00317EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 5:42 p.m.13 views

CVE-2026-57737

Affect: WordPress plugin Shortcodes and extra features for Phlox theme (Averta LTD). Vulnerability: Cross-Site Scripting (XSS) of DOM-based type due to improper neutralization of input during web page generation. Affected versions: from n/a through 2.17.16. Context: The issue is documented across...

6.5CVSS5.8AI score0.00139EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 5:40 p.m.15 views

CVE-2026-57736

CVE-2026-57736 affects the WordPress HubSpot plugin (versions

7.4CVSS5.8AI score0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 5:40 p.m.184 views

CVE-2026-46680

CVE-2026-46680 concerns containerd, the container runtime. A flaw in how numeric User directives are parsed (not a 32-bit integer) can cause such values to be treated as usernames, enabling runAsNonRoot evasion. If a crafted image supplies an /etc/passwd mapping that maps this large numeric strin...

7.8CVSS5.7AI score0.00221EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/07/01 5:30 p.m.15 views

CVE-2026-58521

The CVE-2026-58521 entry concerns an SQL injection in the Wikimedia Foundation MediaWiki Cargo Extension. According to connected sources, the vulnerability arises from improper neutralization of special elements in SQL commands, affecting MediaWiki Cargo Extension versions before 1.43.9, 1.44.6, ...

9.8CVSS5.8AI score0.00283EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 5:21 p.m.15 views

CVE-2026-49091

CVE-2026-49091 affects Kibana and is caused by improper output neutralization for logs (CWE-117), enabling log injection when log content is viewed in terminals that interpret control sequences. Affected: Kibana 7.x up to 7.17.14 and 8.x up to 8.11.0. Remedies: upgrade to 7.17.15 or 8.11.1; mitig...

8CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 5:15 p.m.16 views

CVE-2026-49090

CVE-2026-49090 affects Elasticsearch and is caused by Uncontrolled Resource Consumption (CWE-400) via the bulk API, where an authenticated user can submit specially crafted bulk requests that trigger sustained high CPU and can render a node unresponsive. The issue is publicly discussed in Elastic...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 5:14 p.m.10 views

CVE-2026-58520

CVE-2026-58520 affects the Wikimedia Foundation Mediawiki UrlShortener Extension. The issue is an open redirect: URL redirection to an untrusted site in the UrlShortener extension, impacting versions from before 1.43.9, 1.44.6, and 1.45.4. The connected documents provide the vulnerability descrip...

6.9CVSS5.6AI score0.0026EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 5:10 p.m.67 views

CVE-2026-5051

CVE-2026-5051 affects HashiCorp Vault and Vault Enterprise prior to 2.0.1. The audit device plugin directory guard could be bypassed when using the legacy file audit path option, because the file audit backend accepted the legacy path as a fallback and did not validate the destination against the...

4.4CVSS5.8AI score0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 5:8 p.m.13 views

CVE-2026-57723

CVE-2026-57723 affects the WordPress plugin VikBooking Hotel Booking Engine & PMS (e4jvikwp) up to version 1.8.12. The vulnerability is a CSRF to Arbitrary File Deletion issue, described as enabling path traversal that can delete arbitrary files. The CVE notes a HIGH impact with a CVSS 3.1 score ...

7.4CVSS5.8AI score0.00124EPSS
Exploits0References1
Rows per page
Query Builder