Lucene search
K

997 matches found

CVE
CVE
added 2 days ago11 views

CVE-2024-56141

Minosoft’s open-source Minecraft Java Edition client (Kotlin) uses AES with an IV equal to the secret key in CryptManager.kt since commit f1ae30e2. The non-random IV makes encryption vulnerable to chosen-ciphertext/plaintext attacks, enabling an attacker who can request specific encryptions to re...

5CVSS6AI score0.00111EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-39557

Unauthenticated PHP Object Injection in NeoBeat = 1.7 versions...

8.1CVSS0.00395EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.7 views

EUVD-2025-210265

Unauthenticated Local File Inclusion in Gunslinger = 1.7 versions...

8.1CVSS5.1AI score0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.17 views

CVE-2025-69166 WordPress Gunslinger theme <= 1.7 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Gunslinger = 1.7 versions...

8.1CVSS0.00435EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:51 a.m.12 views

CVE-2026-40731

The CVE CVE-2026-40731 documents an Unauthenticated Local File Inclusion in the WordPress ChapterOne theme, version

8.1CVSS5.2AI score0.00423EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.23 views

CVE-2026-39557 WordPress NeoBeat theme <= 1.7 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in NeoBeat = 1.7 versions...

8.1CVSS0.00395EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:56 p.m.15 views

CVE-2025-69108

CVE-2025-69108 is an unauthenticated PHP Object Injection in the WordPress theme Hot Coffee (&lt;= 1.7). The description specifies unauthenticated object injection in Hot Coffee

9.8CVSS5.3AI score0.00525EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.10 views

CVE-2026-4138

The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing nonce validation on the plugin's settings form in the dxuc-unanswered-comments-admin-page.php file. This makes it possible for...

4.3CVSS5.4AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.12 views

CVE-2026-39642

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7...

5.3CVSS5.4AI score0.00255EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Heatmiser Wifi Thermostat 安全漏洞

The Heatmiser Wifi Thermostat is a smart temperature control device from the British company Heatmiser, capable of wireless connection and remote control. Version 1.7 of the Heatmiser Wifi Thermostat contains a security vulnerability. This vulnerability stems from accessing the networkSetup.htm...

8.7CVSS5.8AI score0.00313EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/27 10:56 a.m.16 views

SUSE CVE-2026-48847

Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...

3.7CVSS5.9AI score0.00433EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/26 7:51 a.m.12 views

CVE-2026-39642

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7...

5.3CVSS5.8AI score0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 7:51 a.m.48 views

CVE-2026-39642 WordPress Nyla theme <= 1.7 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7...

5.3CVSS0.00255EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 7:51 a.m.25 views

CVE-2026-39642

CVE-2026-39642 concerns the WordPress Nyla theme (versions &lt;= 1.7). The connected documents indicate an Arbitrary Shortcode Execution vulnerability tied to Nyla, with the underlying issue described as improper handling of script-related HTML/shortcodes that enables code execution in affected i...

5.3CVSS5.8AI score0.00255EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/26 7:50 a.m.12 views

WordPress Nyla theme <= 1.7 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Nyla versions = 1.7...

5.3CVSS5.8AI score0.00255EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.19 views

PT-2026-43205

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7...

5.3CVSS5.8AI score0.00255EPSS
Exploits0References1
NVD
NVD
added 2026/05/25 8:16 p.m.15 views

CVE-2026-48843

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...

7.2CVSS0.00301EPSS
Exploits0References5
OSV
OSV
added 2026/05/25 8:16 p.m.6 views

UBUNTU-CVE-2026-48843

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...

7.2CVSS5.8AI score0.00301EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/05/25 8:16 p.m.11 views

CVE-2026-48845

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References6
OSV
OSV
added 2026/05/25 8:16 p.m.16 views

UBUNTU-CVE-2026-48845

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References7
Rows per page
Query Builder