Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

CVE güvenlik açıkları, KEV etiketleri, detay sayfaları ve kategori bazlı listeleme.
Toplam kayıt69,406
Sayfa1 / 3471
FiltreYok
High CVSS: 8.1 Yayın: 2026-04-17 18:16:32

CVE-2026-5718

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.6. This is due to insufficient file type validation that occurs when custom blacklist types…
High CVSS: 7.5 Yayın: 2026-04-17 18:16:32

CVE-2026-5710

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary File Read in versions up to and including 1.3.9.6. This is due to the plugin using client-supplied mfile[] POST values…
Medium CVSS: 5.4 Yayın: 2026-04-17 18:16:32

CVE-2026-40320

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template() constructor, silently interpreting template expressions at runtime. If…
Low CVSS: 1.0 Yayın: 2026-04-17 18:16:32

CVE-2026-40319

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search() without any timeout or complexity guard. A crafted reg…
High CVSS: 7.9 Yayın: 2026-04-17 18:16:30

CVE-2025-65104

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue…
High CVSS: 7.1 Yayın: 2026-04-17 17:17:09

CVE-2026-40518

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute pat…
High CVSS: 7.8 Yayın: 2026-04-17 17:17:09

CVE-2026-40516

OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation…
High CVSS: 8.7 Yayın: 2026-04-17 17:17:09

CVE-2026-40515

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools wi…
High CVSS: 8.8 Yayın: 2026-04-17 17:17:07

CVE-2026-3464

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajax_attach_file' function in all versions up to, and including, 8.3.4. This makes it possible for authentica…
High CVSS: 7.3 Yayın: 2026-04-17 17:16:35

CVE-2026-21733

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files. This is caused by improper handling of GPU memory reservation protections.
Medium CVSS: 5.3 Yayın: 2026-04-17 16:17:07

CVE-2026-6497

A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the component File Upload Handler. This manipulation of the a…
Critical CVSS: 9.3 Yayın: 2026-04-17 16:17:07

CVE-2026-6284

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.
Unknown CVSS: - Yayın: 2026-04-17 16:16:36

CVE-2026-21709

A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement.
Medium CVSS: 5.3 Yayın: 2026-04-17 15:16:52

CVE-2026-6496

A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file[] results in path traversal. The attack ma…
Medium CVSS: 5.1 Yayın: 2026-04-17 15:16:52

CVE-2026-6493

A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/[locale]/(auth)/reset-password/components/reset-password-form.tsx of the component Reset Password Handler. Executing a manipulation o…
Medium CVSS: 5.8 Yayın: 2026-04-17 15:16:51

CVE-2026-41153

In JetBrains Junie before 252.549.29 command execution was possible via malicious project file
Critical CVSS: 9.8 Yayın: 2026-04-17 15:16:51

CVE-2026-37749

A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php.
Medium CVSS: 5.5 Yayın: 2026-04-17 14:16:35

CVE-2026-6492

A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of the component Health Check Endpoint. Performing a…
Medium CVSS: 4.8 Yayın: 2026-04-17 14:16:35

CVE-2026-6491

A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based…
Medium CVSS: 6.9 Yayın: 2026-04-17 14:16:34

CVE-2026-6490

A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Parameter Handler. This manipulation of the argument ID ca…