Lucene search
K

369404 matches found

CVE
CVE
added 2026/07/01 7:34 p.m.33 views

CVE-2026-14265

The CVE affects AWS Advanced JDBC Wrapper (AWR) RemoteQueryCachePlugin versions 3.3.0–4.0.0. Deserialization of untrusted data via ObjectInputStream without class filtering when reading cached query results from Redis or Valkey enables gadget-chain execution, allowing arbitrary code execution on ...

7.7CVSS6.3AI score0.00407EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 7:27 p.m.16 views

CVE-2026-58593

NodeBB is affected by CVE-2026-58593 where inbound ActivityPub objects are not correctly bound to the authenticated remote actor. The middleware verifies the HTTP-signature actor and origin of object.id but does not validate that attributedTo corresponds to the sender, treating attributedTo as a ...

8.7CVSS6AI score0.00191EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/07/01 7:27 p.m.16 views

CVE-2026-58592

Vulnerability summary (CVE-2026-58592, Ladybird): A dangling-reference memory-safety flaw in Ladybird’s WebAssembly ESM integration loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference...

8.9CVSS6.4AI score0.00311EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 7:24 p.m.18 views

CVE-2026-49858

API Platform Core contains a cross-user attribute leak in JSON:API and HAL item normalizers due to a missing isCacheKeySafe gate. Affected versions: 2.6.0 up to 4.1.28, 4.2.25, and 4.3.11 (i.e., before 4.1.29, 4.2.26, 4.3.12). Root cause: componentsCache arrays are keyed on $context['cache_key'] ...

5.9CVSS5.7AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 7:22 p.m.12 views

CVE-2026-58457

CVE-2026-58457 affects Shenzhen Aitemi M300 MT02 (Wi‑Fi Repeater). An unauthenticated OS command injection exists in the commuos web backend via the smacfilter_conf handler. Attackers can append semicolon-delimited payloads to the name, enable, or mac GET parameters, which are unsanitized and pas...

9.8CVSS6.1AI score0.01671EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 7:22 p.m.12 views

CVE-2026-14363

The CVE-2026-14363 issue affects the MediaWiki Cargo Extension for MediaWiki, where improper neutralization of special elements in SQL queries (notably in Special:Drilldown) enables SQL injection. Reported impacts include unauthorized access, modification, or deletion of data in the database. Aff...

9.8CVSS5.8AI score0.00294EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/07/01 7:14 p.m.20 views

CVE-2026-54164

Summary: API Platform Core versions prior to 4.1.30, 4.2.26 and 4.3.12 contain a type-confusion in the serializer’s AbstractItemNormalizer when resolving relation IRIs. An attacker able to submit write requests (POST/PUT/PATCH) to an API endpoint with writable relations can supply a relation IRI ...

6.5CVSS5.7AI score0.00195EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 7:5 p.m.20 views

CVE-2026-13760

CVE-2026-13760 describes an OS command injection in the AWS cdK library’s NodejsFunction Docker bundling pipeline (OsCommand helper). If an attacker can control a project’s package.json dependency version strings during Docker-based bundling with nodeModules, arbitrary commands may be executed on...

7.3CVSS6.1AI score0.0061EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 7:3 p.m.56 views

CVE-2026-55597

CVE-2026-55597 affects ImageMagick prior to 7.1.2-26, where incorrect handling of arguments can cause a heap buffer overwrite in the JP2 encoder. The issue is fixed in 7.1.2-26. This can lead to memory corruption in the JP2 encoding path; upgrading to the fixed release is the advised remediation.

5.5CVSS5.9AI score0.00103EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 7:1 p.m.12 views

CVE-2026-49988

Technical details for CVE-2026-49988 are not publicly available in the provided documents. No affected products, vulnerable components, or remediation information are disclosed. Monitor for updates.

0.00028EPSS
Exploits0References4
CVE
CVE
added 2026/07/01 7:1 p.m.16 views

CVE-2026-49826

Technical details for CVE-2026-49826 are not publicly available in the provided documents. The entry is reserved/placeholder; no affected products, root cause, impact, or remediation are specified. Monitor for updates.

Exploits0References7
CVE
CVE
added 2026/07/01 7:0 p.m.9 views

CVE-2026-49987

Technical details for CVE-2026-49987 are not publicly available in the provided documents. Monitor for updates as information may be released later.

0.00066EPSS
Exploits0References4
CVE
CVE
added 2026/07/01 7:0 p.m.50 views

CVE-2026-55595

ImageMagick is affected by a vulnerability in the connected-components option. Prior to versions 6.9.13-51 and 7.1.2-26, providing invalid arguments to this option can cause an infinite loop (local attack vector, high availability impact) as described in the CVE notes. The issue has been fixed in...

4.7CVSS5.8AI score0.0009EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 6:58 p.m.51 views

CVE-2026-55594

ImageMagick (MVG decoder) is affected by a stack overflow in the MVG decoder due to a missing depth check when processing a crafted image. This affects versions prior to 6.9.13-51 and 7.1.2-26. The issue has been fixed in 6.9.13-51 and 7.1.2-26. According to the CVE entry, the assigned CVSS score...

5.3CVSS5.8AI score0.00241EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 6:56 p.m.54 views

CVE-2026-55577

CVE-2026-55577 affects ImageMagick's MVG decoder. A heap buffer overflow can cause an out-of-bounds write when processing crafted MVG images. Affected versions are prior to 6.9.13-51 and 7.1.2-26. The issue has been fixed in 6.9.13-51 and 7.1.2-26. Mitigation:** upgrade to one of the fixed releas...

5.9CVSS6AI score0.00226EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 6:55 p.m.11 views

CVE-2026-49981

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-49981.

Exploits0References5
CVE
CVE
added 2026/07/01 6:53 p.m.47 views

CVE-2026-55510

ImageMagick vulnerability CVE-2026-55510 affects the ImageMagick suite (ImageMagick) where a use-after-free can occur when identifying an image with a crafted 8BIM profile in a specific format string. The issue is triggered in affected builds prior to 6.9.13-51 and 7.1.2-26 and is fixed in those ...

5.5CVSS5.7AI score0.00103EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 6:50 p.m.48 views

CVE-2026-53467

ImageMagick’s CVE-2026-53467 affects the MNG decoder. Prior to 6.9.13-51 and 7.1.2-26, the decoder can disclose heap information because part of the pixels are left unchanged. Fixed in 6.9.13-51 and 7.1.2-26. Affected software: ImageMagick (Image editing/manipulation tool); component: MNG decoder...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 6:48 p.m.14 views

CVE-2026-14358

The CVE-2026-14358 affects the Wikimedia Foundation MediaWiki Charts Extension and indicates a Cross-Site Scripting (XSS) flaw caused by improper input neutralization during web page generation. Affected versions are before 1.43.9, 1.44.6, and 1.45.4. The vulnerability is described as a stored XS...

6.9CVSS5.8AI score0.00268EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 6:48 p.m.11 views

CVE-2026-41121

Dell Device Management Agent (DDMA) versions before 26.05 are affected by an Improper Link Resolution Before File Access (Link Following) vulnerability. A low-privilege, local attacker could potentially exploit this to achieve Elevation of Privileges. The CVSS3.1 vector is AV:L/AC:L/PR:L/UI:R/S:U...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder