Lucene search
+L

372486 matches found

CVE
CVE
added 3 hours ago5 views

CVE-2026-53370

The CVE pertains to the Linux kernel perf/x86/intel ACR mask handling. The issue involves user-space ACR mask validation (attr.config2) allowing invalid indices to slip in, and an early return bug that skipped subsequent ACR groups. The remediation explicitly: determine the event index group for ...

5.4AI score
Exploits0References3
CVE
CVE
added 3 hours ago7 views

CVE-2026-53369

The CVE-2026-53369 entry describes a Linux kernel UDF parsing flaw in udf_read_tagged where descCRCLength + sizeof(struct tag) can exceed the block size, allowing a crafted UDF image to bypass CRC validation and have the descriptor accepted solely on the 8-bit tag checksum. The fix rejects descri...

5.4AI score
Exploits0References8
CVE
CVE
added 3 hours ago5 views

CVE-2026-53368

CVE-2026-53368 relates to the Linux kernel f2fs filesystem. The root cause was a race between f2fs_need_dentry_mark() and __write_node_folio() where nat_entry/inode state could be inconsistent due to unsynchronized access to flags around the checkpoint path. The fix moves set_dentry_mark() into _...

5.4AI score
Exploits0References3
CVE
CVE
added 3 hours ago6 views

CVE-2026-53367

CVE-2026-53367 concerns the Linux kernel where SELinux’s avdcache auditing was incorrect. The per-task avdcache saved and reused the audited vector produced by avc_audit_required() instead of recomputing it for the currently requested permissions, and it failed to distinguish between denied and a...

5.4AI score
Exploits0References3
CVE
CVE
added 4 hours ago6 views

CVE-2026-16226

SourceCodester Pizzafy Ecommerce System 1.0 is affected. The vulnerability resides in /admin/admin_class_novo.php via the save_settings function, where manipulating the img argument enables unrestricted upload. This can be exploited remotely, with impact limited to uncontrolled file upload. No re...

5.8CVSS4.9AI score
Exploits0References5
CVE
CVE
added 5 hours ago7 views

CVE-2026-16225

Technical details are not publicly available in the provided documents. Monitor for updates.

6.5CVSS6.2AI score
Exploits0References6
CVE
CVE
added 5 hours ago7 views

CVE-2026-16224

The CVE-2026-16224 entry concerns jxxghp MoviePilot (up to version 2.13.5) with the vulnerability located in the /jxxghp/MoviePilot file inside the Application API component. The issue arises from an improper authorization in an unknown function, enabling remote exploitation. A patch is available...

5.3CVSS4.7AI score
Exploits0References7
CVE
CVE
added 5 hours ago5 views

CVE-2026-16223

1Panel-dev CordysCRM up to 1.4.1 is affected in the Third Party Edit Endpoint, specifically the IntegrationConfigService.getSqlBotSrc function. A manipulated appSecret can trigger server-side request forgery (SSRF) and the issue can be exploited remotely. The exploit has been publicly disclosed a...

6.5CVSS6.3AI score
Exploits0References8
CVE
CVE
added 6 hours ago5 views

CVE-2026-16222

CVE-2026-16222 affects 1Panel-dev CordysCRM up to version 1.4.1. The vulnerability involves server-side request forgery caused by manipulating the mkAddress argument in the TokenService.java file under the Third Party Endpoint (backend/crm/src/main/java/cn/cordys/crm/integration/sso/service/Token...

6.5CVSS6.2AI score
Exploits0References8
CVE
CVE
added 6 hours ago7 views

CVE-2026-16220

CVE-2026-16220 affects code-projects Online Examination System 1.0. The vulnerability resides in unknown code handling the parameter eid/n/t in /account.php?q=quiz, enabling cross-site scripting through manipulation of that argument. Impact details stated include remote feasibility with low to mo...

5.3CVSS3.7AI score
Exploits0References6
CVE
CVE
added 7 hours ago6 views

CVE-2026-16219

CVE-2026-16219 affects Croogo CMS versions up to 4.0.7. The vulnerability lies in the Admin File Manager component, specifically FileManager::isEditable in FileManager/src/Utility/FileManager.php, leading to path traversal. Exploitation can be performed remotely; a working exploit has been publis...

6.5CVSS6.2AI score
Exploits0References6
CVE
CVE
added 7 hours ago10 views

CVE-2026-16218

Technical details for CVE-2026-16218 are not publicly available in the provided documents; no affected versions, root cause specifics, or remediation are disclosed here. Monitor for updates.

2.6CVSS4AI score
Exploits0References6
CVE
CVE
added 7 hours ago10 views

CVE-2026-16217

CVE-2026-16217 affects guohongze adminset up to 0.61. The vulnerability lies in delivery/deli.py where manipulating project_id bypasses authorization, enabling a remote attack. Public exploit disclosed; project maintainer notified early via issue report but no response. CVSS metrics indicate MEDI...

6.5CVSS6.2AI score
Exploits0References6
CVE
CVE
added 8 hours ago12 views

CVE-2026-16216

Geex-arts django-jet up to 1.0.8 contains a CSRF flaw in the OAuth Handler that can be exploited remotely. The vulnerability enables cross-site request forgery and is public, with no response from the project to the issue. The CVE reports a MEDIUM severity (CVSS 3.x/4.x family) and indicates no l...

5.3CVSS4.6AI score
Exploits0References6
CVE
CVE
added 8 hours ago8 views

CVE-2026-16215

CVE-2026-16215 concerns geex-arts django-jet up to 1.0.8. The flaw affects the OAuth Credential Revoke Handler component; a manipulation can lead to missing authorization. The vulnerability is exploitable remotely, with public exploit availability reported. Affected status is stated, but the exac...

6.9CVSS6.2AI score
Exploits0References6
CVE
CVE
added 8 hours ago7 views

CVE-2026-16214

CVE-2026-16214 affects geex-arts django-jet up to version 1.0.8, specifically the Dashboard Module’s jet/dashboard/views.py component. The documentation reports an authorization bypass vulnerability caused by manipulation of an unknown function, with remote exploitation possible and a publicly av...

6.5CVSS6.2AI score
Exploits0References6
CVE
CVE
added 9 hours ago5 views

CVE-2026-16213

Summary of vulnerability (CVE-2026-16213) : In Fantomas42 django-blog-zinnia (up to 0.20), a flaw affects an unknown function in the file zinnia/views/mixins/entry_protection.py (Protected Entry Password Handler). The manipulation leads to the cleartext storage of sensitive information . Exploita...

4.8CVSS4.3AI score
Exploits0References6
CVE
CVE
added 9 hours ago6 views

CVE-2026-16212

CVE-2026-16212 affects awesto django-shop up to 1.2.4. The vulnerability targets an unknown function in the file shop/models/inventory.py of the Purchase Stock Handler, causing a race condition. The issue can be exploited remotely with high complexity; exploitation status is publicly available (P...

4.2CVSS4.5AI score
Exploits0References6
CVE
CVE
added 9 hours ago8 views

CVE-2026-16211

CVE-2026-16211 affects Allegro Ralph, specifically the Hostname Allocation Handler’s function AssetLastHostname.increment_hostname in the file src/ralph/assets/models/assets.py . The vulnerability arises from a manipulation of the argument counter that can cause a race condition . Documents indic...

2.6CVSS4.1AI score
Exploits0References5
CVE
CVE
added 9 hours ago12 views

CVE-2026-16210

The CVE-2026-16210 entry affects newpanjing simpleui version 2026.01.13, specifically the AjaxAdmin AJAX Endpoint in the file simpleui/admin.py. The issue stems from the function self.get_action, where manipulated input leads to missing authentication, enabling remote exploitation. An exploit has...

7.5CVSS7AI score
Exploits0References6
Rows per page
Query Builder