Lucene search
K

742 matches found

Nuclei
Nuclei
added yesterday39 views

Langflow < 1.9.0 - Remote Code Execution

Langflow versions prior to 1.9.0 are vulnerable to unauthenticated remote code execution RCE via the buildpublictmp endpoint. Attackers can submit a manipulated flow JSON containing Python code that is executed during the build process without proper sandboxing. id: CVE-2026-33017 info: name:...

9.8CVSS7.5AI score0.98191EPSS
Exploits20References3
CVE
CVE
added 2026/06/24 5:33 a.m.10 views

CVE-2026-9721

CVE-2026-9721 affects the Book a Room Event Calendar plugin for WordPress (versions up to 1.9). The vulnerability is a Cross-Site Request Forgery due to missing nonce validation on the settings_form()/update_settings() flow. The plugin’s settings page accepts POST actions and persists configurati...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/17 6:35 p.m.14 views

EUVD-2025-210237

Unauthenticated Privilege Escalation in Support Ticket Management System = 1.9 versions...

9.8CVSS5.1AI score0.0045EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 2:17 p.m.12 views

CVE-2025-60230

Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9...

9.8CVSS0.00426EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.16 views

CVE-2025-69179

Unauthenticated Privilege Escalation in Support Ticket Management System = 1.9 versions...

9.8CVSS0.0045EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 1:15 p.m.20 views

CVE-2025-60230 WordPress The Barber Shop theme <= 1.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9...

9.8CVSS0.00426EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 1:15 p.m.16 views

EUVD-2025-210244

Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9...

9.8CVSS5.2AI score0.00426EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.11 views

CVE-2026-9566

A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried...

5.3CVSS3.7AI score0.00282EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 4:16 p.m.19 views

CVE-2026-48861

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the HTTP/1...

2.1CVSS0.00166EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/28 8:54 a.m.12 views

WordPress Support Ticket Management System plugin <= 1.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO in WordPress Plugin Support Ticket Management System versions = 1.9...

9.8CVSS5.8AI score0.0045EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/05/26 5:0 p.m.20 views

EUVD-2026-31906

A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried...

5.3CVSS4.1AI score0.00282EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.13 views

PT-2026-43372

A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried...

5.3CVSS4.1AI score0.00282EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in libjackson-json-java

A flaw was discovered in the org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities, similar to CVE-2016-3720, also affect the codehaus jackson-mapper-asl libraries, but in different classes...

7.5CVSS6.5AI score0.17044EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.6 views

PT-2026-36568

Name of the Vulnerable Software and Affected Versions WP Mail Gateway versions prior to 1.9 Description The plugin is subject to unauthorized access because of a missing capability check on the 'wmg save provider config' AJAX action. Authenticated attackers with Subscriber-level access or higher...

8.8CVSS5.8AI score0.00396EPSS
Exploits0References12
EUVD
EUVD
added 2026/04/09 12:31 a.m.5 views

EUVD-2026-20769

parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsanitized into an os.popen shell command, allowing arbitrary command execution via crafted .lnk filenames containing shell metacharacters. An attacker can craft a .lnk filename wi...

8.5CVSS6.2AI score0.00805EPSS
Exploits0References5
CVE
CVE
added 2026/04/08 9:35 p.m.7 views

CVE-2026-40030

Technical details about CVE-2026-40030 are not provided in the connected documents. Public specifics (affected components, root cause, fixes) are unavailable here; monitor for updates.

8.4CVSS6AI score0.0075EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31467

parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument -v flag is passed unsanitized into an os.popen shell command with ls, allowing arbitrary command injection via crafted volume path arguments containing shell metacharacters. An attacker can...

8.4CVSS6AI score0.0075EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

parseusbs 操作系统命令注入漏洞

Parseusbs is a USB-connected recording and forensic analysis tool developed by Khyrenz Ltd. Versions of Parseusbs prior to 1.9 contained a vulnerability related to operating system command injection. This vulnerability arose from the fact that the volume list path parameters were passed directly ...

8.4CVSS6AI score0.0075EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 5:2 p.m.4 views

CVE-2026-27087

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in G5Theme Wolverine Framework wolverine-framework allows Reflected XSS.This issue affects Wolverine Framework: from n/a through = 1.9...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.25 views

CVE-2026-27087 WordPress Wolverine Framework plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in G5Theme Wolverine Framework wolverine-framework allows Reflected XSS.This issue affects Wolverine Framework: from n/a through = 1.9...

7.1CVSS0.00175EPSS
Exploits0References1
Rows per page
Query Builder