Lucene search
+L

372145 matches found

cve
cve
added 2026/07/02 2:36 p.m.11 views

CVE-2026-12168

The CVE-2026-12168 entry concerns the Little Orbit GFAC product, specifically the GFAC_Sys_x64.sys driver. The vulnerability is described as an improper validation in the Minifilter communication port handling, allowing a local attacker to escalate privileges to SYSTEM and execute arbitrary kerne...

7.8CVSS6.1AI score0.00169EPSS
Exploits0References3
cve
cve
added 2026/07/02 2:36 p.m.13 views

CVE-2026-12166

CVE-2026-12166 concerns a NULL pointer dereference in the Little Orbit GFAC driver GFAC_Sys_x64.sys that allows a local attacker to crash the system (DoS) via crafted requests. Related entries for the same GFAC driver describe additional local‑privilege/privilege‑escalation vectors: CVE-2026-1216...

5.5CVSS5.8AI score0.00169EPSS
Exploits0References3
cve
cve
added 2026/07/02 2:35 p.m.12 views

CVE-2026-12167

The CVE-2026-12167 issue affects Little Orbit GFAC: the Minifilter communication port for driver GFAC_Sys_x64.sys exposes a interface with inadequate access controls. This local flaw lets an attacker access privileged driver functionality, potentially enabling kernel-mode actions. Some sources al...

7.8CVSS5.8AI score0.0011EPSS
Exploits0References3
cve
cve
added 2026/07/02 2:3 p.m.18 views

CVE-2026-8079

Progress Flowmon is affected in versions prior to 12.5.9 and 13.0.11, where an authenticated low-privileged user can craft a PDF-generation request that causes operations to run with another user’s privileges, potentially exposing sensitive data and enabling unintended configuration changes. The ...

8.7CVSS5.8AI score0.00182EPSS
Exploits0References1Affected Software1
cve
cve
added 2026/07/02 2:2 p.m.26 views

CVE-2026-9272

CVE-2026-9272 affects Progress Flowmon ADS prior to 12.5.6 and 13.0.5. An adversary authenticated as a low-privileged ADS user can send specially crafted requests that lead to unauthorized access to and modification of application data. The CVE’s metrics indicate HIGH impact on confidentiality, i...

8.7CVSS5.8AI score0.00247EPSS
Exploits0References1Affected Software1
cve
cve
added 2026/07/02 1:43 p.m.15 views

CVE-2026-53358

The CVE-2026-53358 issue is in the Linux kernel Bluetooth L2CAP code. The vulnerability related to channel cleanup in cleanup_listen() was fixed by not calling l2cap_chan_close() under the incorrect lock order; instead, it now schedules l2cap_chan_timeout with a delay of 0 to close the channel as...

5.8AI score0.00165EPSS
Exploits0References8
cve
cve
added 2026/07/02 1:43 p.m.40 views

CVE-2026-53357

CVE-2026-53357 triggers a use-after-free in the Linux kernel Bluetooth stack (l2cap) when closing a listening socket: bt_accept_dequeue() temporarily holds the child, then cleanup_listen() may operate on a sk that has already been freed by l2cap_conn_del() during an HCI disconnect. The race occur...

5.8AI score0.00165EPSS
Exploits0References8
cve
cve
added 2026/07/02 1:12 p.m.19 views

CVE-2026-4767

Technical details (affected product/version, root cause, impact, or remediation) are not publicly provided in the supplied documents. Monitor for updates.

9.8CVSS5.8AI score0.00333EPSS
Exploits0References1
cve
cve
added 2026/07/02 12:50 p.m.27 views

CVE-2026-4772

CVE-2026-4772 describes a stored cross-site scripting vulnerability in TR7 Cyber Defense Inc. WAF-ASP. Affected versions range from v1.0.324.900 up to, but not including, v1.4.0.117. The issue arises from improper neutralization of input during web page generation. The CVE is confirmed by multipl...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References1
cve
cve
added 2026/07/02 12:37 p.m.29 views

CVE-2026-4770

The CVE-2026-4770 entry concerns TR7 Cyber Defense Inc. Web Application Firewall (WAF). The affected component is the Web Application Firewall, with versions from 1.0.42.239 up to, but not including, 1.4.0.117. The vulnerability is a DOM-Based Cross-Site Scripting (XSS) issue arising from imprope...

4.6CVSS5.8AI score0.00133EPSS
Exploits0References1
cve
cve
added 2026/07/02 12:34 p.m.27 views

CVE-2026-5524

The Divi Form Builder plugin for WordPress (versions up to and including 5.1.8) is vulnerable to Unauthenticated Arbitrary File Upload leading to Remote Code Execution. The root cause is insufficient file extension validation in the do_image_upload() function where user-supplied input from accept...

9.8CVSS6AI score0.00542EPSS
In wildExploits0References2
cve
cve
added 2026/07/02 12:34 p.m.20 views

CVE-2026-58653

CVE-2026-58653 affects PraisonAI prior to 0.1.7, where issue creation/update does not validate that project_id matches the URL workspace. This allows an attacker to reference projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace co...

5.3CVSS5.8AI score0.00158EPSS
Exploits0References2
cve
cve
added 2026/07/02 12:28 p.m.23 views

CVE-2026-58652

The issue affects luci-app-travelmate and the travelmate package. A LuCI/rpcd session with the luci-app-travelmate write ACL gains config-wide UCI write access to the travelmate configuration, and the backend travelmate service (running as root) reads raw UCI values for script and script_args and...

7.7CVSS6.1AI score0.00482EPSS
Exploits0References7
cve
cve
added 2026/07/02 11:47 a.m.16 views

CVE-2026-14449

CVE-2026-14449 affects u5CMS up to v12.8.8 and is a reflected XSS via the ‘thanks’ parameter in multiple form components. The issue is described as a reflected XSS with a CVSS v4.0 base score of 6.4 (Medium) with network attack vector, no privileges required, and user interaction required. The un...

6.4CVSS5.8AI score0.00269EPSS
Exploits0References1
cve
cve
added 2026/07/02 11:33 a.m.15 views

CVE-2026-57760

CVE-2026-57760 affects the WordPress Sendcloud Shipping plugin

5.3CVSS5.8AI score0.00184EPSS
Exploits0References1
cve
cve
added 2026/07/02 11:32 a.m.18 views

CVE-2026-57678

CVE-2026-57678 concerns the WordPress Slider Revolution plugin by ThemePunch, affecting versions 7.0.0 through 7.0.16. The issue is a Reflected Cross-Site Scripting (XSS) vulnerability arising from improper neutralization of input during web page generation. The CVSSv3.1 metrics indicate a NETWOR...

7.1CVSS5.8AI score0.00155EPSS
Exploits0References1
cve
cve
added 2026/07/02 11:30 a.m.26 views

CVE-2026-56037

The CVE-2026-56037 affects Themify Popup (WordPress plugin) ≤ 1.4.3. It describes a Deserialization of Untrusted Data vulnerability that allows PHP Object Injection through deserialized data. The underlying issue is the ability to inject or manipulate objects via untrusted input, enabling high-ri...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References1
cve
cve
added 2026/07/02 11:16 a.m.17 views

CVE-2026-57766

This CVE covers an Unauthenticated Cross Site Request Forgery (CSRF) in the WordPress WPIDE – File Manager & Code Editor plugin, affecting versions

8.8CVSS5.8AI score0.00142EPSS
Exploits0References1
cve
cve
added 2026/07/02 11:16 a.m.21 views

CVE-2026-57765

WP EasyCart WordPress plugin versions

8.5CVSS5.8AI score0.0022EPSS
Exploits0References1
cve
cve
added 2026/07/02 11:16 a.m.20 views

CVE-2026-57763

CVE-2026-57763 affects the WordPress Structured Content plugin (versions ≤ 1.7.0). The description notes a Contributor Cross Site Scripting (XSS) vulnerability; the provided documents do not specify the exact root cause, impacted file(s), or remediation steps.

6.5CVSS5.8AI score0.00139EPSS
Exploits0References1
Rows per page
Query Builder