Lucene search
K

368646 matches found

CVE
CVE
added 4 days ago6 views

CVE-2026-38057

Technical details for CVE-2026-38057 are not publicly available in the provided documents. Monitor for updates from official advisories.

Exploits0References1
CVE
CVE
added 4 days ago6 views

CVE-2026-38059

Technical details for CVE-2026-38059 are not publicly available in the provided documents. The entry remains reserved with no disclosed impact, affected products, or remediation in the supplied data. Monitor for updates from official advisories.

Exploits0References1
CVE
CVE
added 4 days ago14 views

CVE-2024-58352

Landray OA contains an unauthenticated HQL injection via the wechatLoginHelper.do endpoint. An attacker can inject malicious HQL into the uid parameter, abusing the string-concatenated filter expression passed to Hibernate findList() to query arbitrary entity classes. This can lead to extraction ...

8.7CVSS6.2AI score0.00564EPSS
In wildExploits0References4
CVE
CVE
added 4 days ago12 views

CVE-2022-50973

Summary: CVE-2022-50973 affects Yonyou KSOA 9.0. The issue is an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet. Exploitation requires no authentication and relies on attacker-controlled filepath and filename parameters, with no validation of file t...

9.8CVSS6.2AI score0.0086EPSS
In wildExploits0References5
CVE
CVE
added 4 days ago15 views

CVE-2024-14037

Redsea Cloud eHR contains an unauthenticated arbitrary file upload vulnerability (CVE-2024-14037) affecting the PtFjk.mob servlet endpoint. An attacker can submit a multipart POST with a JSP webshell disguised by a spoofed image/jpeg Content-Type to bypass extension/MIME validation, uploading the...

9.8CVSS6.5AI score0.00708EPSS
In wildExploits0References4
CVE
CVE
added 4 days ago7 views

CVE-2026-8699

CVE-2026-8699 reports a stored Cross-Site Scripting (XSS) vulnerability in the Archer C5 web-based management interface (v6.8). Root cause: insufficient server-side validation and lack of proper output encoding for a specific input field, allowing an admin-level attacker to inject crafted HTML/JS...

7CVSS6AI score0.00177EPSS
Exploits0References1
CVE
CVE
added 4 days ago14 views

CVE-2026-50282

Craft CMS contains an authorization issue in AssetsController::actionMoveFolder where calling with force=true to move a folder into a destination with a conflicting name can overwrite and delete the destination folder without destination delete permission. Affected versions are 5.0.0-RC1 and abov...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References1
CVE
CVE
added 4 days ago15 views

CVE-2026-54891

The CVE-2026-54891 entry concerns Erlang/OTP ssl (tls_gen_connection.erl) where a network-positioned attacker can inject unauthenticated plaintext during TLS handshake. The tls_gen_connection:handle_protocol_record/3 function rejects APPLICATION_DATA in pre-handshake when acting as a server, but ...

6.3CVSS5.8AI score0.00164EPSS
Exploits0References5
CVE
CVE
added 4 days ago9 views

CVE-2026-55950

This CVE (CVE-2026-55950) describes a TOCTOU race in Erlang/OTP ssl (dtls_packet_demux.erl) where a DTLS listener’s shared demux process can be crashed by an unauthenticated remote attacker sending rapid ClientHello datagrams from the same source IP/port. The race in the internal gb_trees store l...

8.7CVSS5.8AI score0.00406EPSS
Exploits0References5
CVE
CVE
added 4 days ago9 views

CVE-2026-54886

The vulnerability CVE-2026-54886 affects Erlang/OTP's SSH server side (ssh_sftpd) and allows an authenticated SFTP client to trigger an infinite loop on a channel by sending SSH_MSG_CHANNEL_EXTENDED_DATA. The handle_data/4 clause tail-calls itself when a non-zero data_type_code arrives with an em...

5.3CVSS6AI score0.00345EPSS
Exploits0References5
CVE
CVE
added 4 days ago10 views

CVE-2026-55952

Summary: The Erlang/OTP ssl module is vulnerable to a TLS 1.3 denial of service due to a mismatch between PSK identity list and binder list lengths in the ClientHello extension. In tls_handshake_1_3:handle_pre_shared_key/3, an OfferedPreSharedKeys record with unequal identities/binders is passed ...

8.2CVSS5.9AI score0.00464EPSS
Exploits0References7
CVE
CVE
added 4 days ago9 views

CVE-2026-54887

CVE-2026-54887 concerns Erlang/OTP's DTLS server in ssl, where during startup the cookie secret is initialized to an empty binary instead of a random value. This makes DTLS cookie computation deterministic for the first 0–15 seconds, allowing an observer of plaintext ClientHello to forge a valid ...

6.3CVSS5.8AI score0.00389EPSS
Exploits0References5
CVE
CVE
added 4 days ago9 views

CVE-2026-53422

CVE-2026-53422 describes an Observable Response Discrepancy in Erlang OTP ssh_sftpd where the REALPATH path handling bypasses root validation, enabling an authenticated SFTP user to determine the existence of files/directories outside the configured root. The root cause is that SSH_FXP_REALPATH u...

2.3CVSS5.8AI score0.00333EPSS
Exploits0References7
CVE
CVE
added 4 days ago10 views

CVE-2026-50281

Craft CMS vulnerability CVE-2026-50281 affects versions 5.7.0 through 5.9.20. A mass-assignment flaw in the bulk-duplicate element action allows an attacker who can duplicate their own entries to submit an arbitrary id via the newAttributes parameter. The duplication flow clones the source elemen...

7.1CVSS5.9AI score0.00253EPSS
Exploits0References2
CVE
CVE
added 4 days ago14 views

CVE-2026-44935

The vulnerability (CVE-2026-44935) affects SUSE Rancher Fleet’s Helm Deployer where missing validation of valuesFrom references enables cross-tenant access to fleet credentials stored in secrets/config maps on downstream clusters. Affected versions include Fleet 0.15.x before 0.15.2, 0.14.x befor...

9.9CVSS5.8AI score0.00572EPSS
Exploits0References1
CVE
CVE
added 4 days ago6 views

CVE-2026-57805

A concrete vulnerability exists in WordPress Theme Tonda versions

Exploits0
CVE
CVE
added 4 days ago14 views

CVE-2026-50027

Technical details for CVE-2026-50027 are not publicly available in the provided documents. No affected products, components, impact, or remediation are specified. Monitor for updates and additional disclosures.

Exploits0References6
CVE
CVE
added 4 days ago6 views

CVE-2026-57804

The PatchStack entry identifies a Local File Inclusion (LFI) vulnerability in WordPress TheGem Theme Elements for Elementor plugin, affected versions

Exploits0
CVE
CVE
added 4 days ago6 views

CVE-2026-57803

A PatchStack entry ties CVE-2026-57803 to a Local File Inclusion (LFI) vulnerability in the WordPress Struktur Core plugin affecting versions ≤ 2.5.1, discovered by João Pedro S Alcântara (Kinorth). The description confirms the vulnerability class but provides no further details on root cause, im...

Exploits0
CVE
CVE
added 4 days ago6 views

CVE-2026-57802

CVE-2026-57802 corresponds to a Local File Inclusion vulnerability in the WordPress Struktur theme (versions ≤ 2.5.1). It affects the Struktur WordPress theme, with the issue reported by João Pedro S Alcântara (Kinorth) . The connected document explicitly states the vulnerability class but does n...

Exploits0
Rows per page
Query Builder