Lucene search
+L

214 matches found

EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2025-210262

Unauthenticated Local File Inclusion in Gamic = 1.15 versions...

8.1CVSS5.1AI score0.00435EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37658

Unauthenticated Local File Inclusion in EcoBlue = 1.15 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-22338

Unauthenticated Local File Inclusion in EcoBlue = 1.15 versions...

8.1CVSS0.00338EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.10 views

CVE-2025-58924

Unauthenticated Local File Inclusion in Geya = 1.15 versions...

8.1CVSS0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.24 views

CVE-2025-69157 WordPress Gamic theme <= 1.15 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Gamic = 1.15 versions...

8.1CVSS0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.31 views

CVE-2026-22338 WordPress EcoBlue theme <= 1.15 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in EcoBlue = 1.15 versions...

8.1CVSS0.00338EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.12 views

CVE-2026-22338

CVE-2026-22338 : WordPress EcoBlue theme

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:56 p.m.25 views

CVE-2025-58924 WordPress Geya theme <= 1.15 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Geya = 1.15 versions...

8.1CVSS0.00435EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/11 3:32 p.m.8 views

CVE-2026-44494

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle MIT...

8.7CVSS5.2AI score0.01041EPSS
Exploits1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.19 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions 1.7.0 to 1.15.x of Axios contain security vulnerabilities. These vulnerabilities stem from the lack of enforcement of request and response size limits when using the fetch adapter, which may lead to resource exhaustion...

7.5CVSS5.2AI score0.0063EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/10 8:11 p.m.35 views

CVE-2026-46668 SpiceDB: Caveat structures with nested lists can result in improper cache reuse

SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0...

2.3CVSS0.00276EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 3:46 a.m.35 views

EUVD-2026-35318

In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service DoS condition. Affected versions: Micrometer 1.16.0 through 1.16.5; 1.15.0 through 1.15.11...

7.5CVSS5.4AI score0.00474EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

VMware Micrometer 资源管理错误漏洞

VMware Micrometer is an application monitoring metric collection framework developed by the American company VMware. Versions 1.16.0 to 1.16.5 and 1.15.0 to 1.15.11 of VMware Micrometer contain resource management vulnerabilities. These vulnerabilities stem from the ability for users to submit...

7.5CVSS5.3AI score0.00474EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 5:17 p.m.13 views

CVE-2026-45159

Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with access to an end-to-end encrypted files drop link was able to also drop files into other end-to-e...

3.5CVSS0.00203EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 3:16 p.m.25 views

CVE-2026-47118

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

7.1CVSS0.00375EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/27 1:44 p.m.11 views

WordPress Gamic theme <= 1.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gamic versions = 1.15...

8.1CVSS5.8AI score0.00435EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.31 views

PT-2026-44005

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

7.1CVSS5.9AI score0.00375EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.13 views

Agent Zero 跨站脚本漏洞

Agent Zero is an artificial intelligence framework developed by Jan Tomášek. Versions of Agent Zero prior to 1.15 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of security headers when SVG files were provided through the imageget endpoint, which could le...

6.1CVSS5.6AI score0.00236EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.16 views

Astra Linux – Vulnerability in golang-golang-x-net, golang-1.15

In Go, before versions 1.15.12 and 1.16.x, and before version 1.16.4, net/http allowed remote attackers to cause a denial of service panic through a large header sent to ReadRequest or ReadResponse. This issue can affect the Server, Transport, and Client components in certain configurations...

5.9CVSS6.8AI score0.03692EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 3:27 p.m.60 views

CVE-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

0.00381EPSS
Exploits0References1
Rows per page
Query Builder