Lucene search
K

368710 matches found

CVE
CVE
added 4 days ago18 views

CVE-2026-49352

The connected document reveals a concrete vulnerability in 9router: a publicly known hardcoded fallback JWT secret, "9router-default-secret-change-me", is used when JWT_SECRET is not set. This secret is committed in the public repository and unchanged across releases, enabling any unauthenticated...

0.0019EPSS
Exploits1References6
CVE
CVE
added 4 days ago12 views

CVE-2026-38969

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling...

7.5CVSS5.8AI score0.00162EPSS
Exploits0References2
CVE
CVE
added 4 days ago10 views

CVE-2026-38972

Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibraryL"MSFTEDIT.DLL" with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or...

7.8CVSS6.4AI score0.00178EPSS
Exploits0References3
CVE
CVE
added 4 days ago9 views

CVE-2026-52192

An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub445C5C component...

7.5CVSS5.8AI score0.00204EPSS
Exploits0References2
CVE
CVE
added 4 days ago6 views

CVE-2026-52188

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead//sub497498 component...

6.5CVSS5.8AI score0.00225EPSS
Exploits0References2
CVE
CVE
added 4 days ago6 views

CVE-2026-52191

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub444C8C component...

7.5CVSS5.8AI score0.00225EPSS
Exploits0References2
CVE
CVE
added 4 days ago7 views

CVE-2026-38970

pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseObjectContext and parseArray without enforcing a maximum nesting depth...

7.5CVSS5.8AI score0.00173EPSS
Exploits0References3
CVE
CVE
added 4 days ago6 views

CVE-2026-52189

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub487330 component...

7.5CVSS5.8AI score0.00225EPSS
Exploits0References2
CVE
CVE
added 4 days ago10 views

CVE-2026-38968

ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding...

9.8CVSS5.8AI score0.00155EPSS
Exploits0References2
CVE
CVE
added 4 days ago9 views

CVE-2026-52187

CVE-2026-52187 affects UTT nv518G / nv518G V3, version 2.7-210919-161313. The vulnerability is a Buffer Overflow in the gohead/sub_483ba0 component, leading to remote denial of service. No exploitation status or in-the-wild details are provided in the document. Impact is described as a denial of ...

5.8AI score0.00239EPSS
Exploits0References2
CVE
CVE
added 4 days ago7 views

CVE-2026-38971

ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCSMAVLink/GCSserialcontrol.cpp in GCSMAVLINK::handleserialcontrol...

9.1CVSS5.7AI score0.00166EPSS
Exploits0References3
CVE
CVE
added 5 days ago14 views

CVE-2026-50280

Craft CMS contains an authorization bypass in the entries/move-to-section endpoint (EntriesController::actionMoveToSection). In versions 5.0.0-RC1 through below 5.9.21, destination section gate relies only on viewEntries:$section->uid instead of requiring saveEntries permission; source entry p...

6CVSS5.7AI score0.00273EPSS
Exploits0References2
CVE
CVE
added 5 days ago11 views

CVE-2026-50279

Craft CMS (versions 5.0.0-RC1 through 5.9.20) contains an authorization gap in EntriesController::actionSaveEntry where entry-edit checks precede author changes. The code path allows attacker-supplied authors to mutate the authors list when the current user is among the old authors, without re-ru...

7.6CVSS5.7AI score0.00245EPSS
Exploits0References2
CVE
CVE
added 5 days ago15 views

CVE-2026-55794

Craft CMS

8.7CVSS5.8AI score0.00293EPSS
Exploits0References2
CVE
CVE
added 5 days ago11 views

CVE-2026-55792

Craft CMS is vulnerable in versions 4.0.0-RC1 through 4.17.x and 5.0.0-RC1 through 5.9.x due to dataUrl() being in the Twig sandbox allowlist. A control panel user with the utility:system-messages permission can embed a file-reading payload in system emails, causing the server to read targeted fi...

6CVSS5.8AI score0.00268EPSS
Exploits0References2
CVE
CVE
added 5 days ago31 views

CVE-2026-55791

Craft CMS vulnerability CVE-2026-55791 enables SSRF and Arbitrary JavaScript Injection via /actions/app/resource-js when assetManager.cacheSourcePaths is false and trustedHosts is permissive. An attacker can poison Host/X-Forwarded-Host to hijack $baseUrl, causing Craft::createGuzzleClient()->...

6.9CVSS5.8AI score0.0033EPSS
Exploits0References2
CVE
CVE
added 5 days ago11 views

CVE-2026-14439

CVE-2026-14439 describes a path-traversal in the Git Service shared by Altium Enterprise Server and Altium 365. The vulnerability arises from a post-clone file-manipulation primitive that accepts user-supplied paths without validation, enabling an authenticated user with basic git access to move ...

9.4CVSS6.5AI score0.00601EPSS
Exploits0References1
CVE
CVE
added 5 days ago10 views

CVE-2026-55790

Summary of CVE-2026-55790 (Craft CMS) : This is a DOM-based cross-site scripting flaw in Craft CMS. Versions affected are 5.0.0-RC1–5.9.22 and 4.0.0-RC1–4.17.15. An attacker with only a GitHub account can insert a JavaScript payload into a craftcms/cms issue title. When a Craft admin uses the Cra...

7.4CVSS5.8AI score0.00311EPSS
Exploits0References2
CVE
CVE
added 5 days ago15 views

CVE-2026-50284

Craft CMS (versions 5.0.0-RC1–5.9.21 and 4.0.0-RC1–4.17.14) has a privilege check flaw in AssetsController::actionDeleteFolder: it only enforces deleteAssets: for the target folder and does not enforce deletePeerAssets:, allowing a low-privilege user with folder-management rights on a shared volu...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
CVE
CVE
added 5 days ago15 views

CVE-2026-14440

Summary: CVE-2026-14440 concerns Cloudflare’s Universal SSL: automatic, permissive CAA RRset management on Universal SSL zones supersedes customer CAA records. When customers push stricter CAA via RFC 8657 accounturi or validationmethods, CAs do not observe those parameters during RFC 8659 evalua...

7.6CVSS5.7AI score0.00135EPSS
Exploits0References8
Rows per page
Query Builder