Lucene search
+L

886 matches found

EUVD
EUVD
added 2 days ago5 views

EUVD-2026-44647

Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...

7.1CVSS6.1AI score0.00247EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/08 12:48 p.m.6 views

WordPress MailerPress plugin <= 2.0.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by anhcd05 in WordPress Plugin MailerPress versions = 2.0.2...

8.8CVSS6.1AI score0.00286EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/02 12:17 p.m.9 views

CVE-2026-57757

Unauthenticated Cross Site Request Forgery CSRF in pCloud WP Backup = 2.0.2 versions...

7.1CVSS0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.35 views

CVE-2026-57757 WordPress pCloud WP Backup plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in pCloud WP Backup = 2.0.2 versions...

7.1CVSS0.00116EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.7 views

PT-2026-55045

Name of the Vulnerable Software and Affected Versions pCloud WP Backup versions prior to 2.0.3 Description An unauthenticated Cross Site Request Forgery CSRF issue exists in the pCloud WP Backup plugin. CSRF is a flaw that allows an attacker to trick a victim into performing actions they did not...

7.1CVSS6AI score0.00116EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/30 11:46 a.m.5 views

CVE-2026-8403

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Stored XSS. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.4.0. NOTE: The vendor was contacted and it...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 11:36 a.m.26 views

CVE-2026-8402

CVE-2026-8402 describes an SQL injection vulnerability in Eksagate’s SYSGUARD 6001, specifically a blind SQL injection due to improper neutralization of special elements in SQL commands. Affected versions are 2.0.2 up to but not including 6.1.16.0. The vendor reportedly states the product is not ...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48404

Name of the Vulnerable Software and Affected Versions image-size versions prior to 2.0.3 Description A denial of service issue exists where remote attackers can permanently block the Node.js event loop by providing a specially crafted ICNS image buffer. By supplying an ICNS buffer with valid magi...

8.7CVSS5.5AI score0.0043EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-49328

Server-Side Request Forgery SSRF in the UrlImageConverter component of Apache Fesod Incubating fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to...

5.3CVSS5.4AI score0.00502EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-6508

Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2...

9.8CVSS5.4AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.14 views

CVE-2026-20879

Out-of-bounds write for the IntelR Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data corruption. This result...

8.3CVSS5.3AI score0.0012EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 10:10 a.m.35 views

CVE-2026-49328 Apache Fesod (Incubating): Improper validation of user-supplied URLs leading to SSRF

Server-Side Request Forgery SSRF in the UrlImageConverter component of Apache Fesod Incubating fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to...

0.00502EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.16 views

PT-2026-45399

Name of the Vulnerable Software and Affected Versions Apache Fesod Incubating fesod-sheet versions prior to 2.0.2-incubating Description Server-Side Request Forgery SSRF in the UrlImageConverter component allows attackers to trigger outbound network requests to internal or restricted resources by...

5.3CVSS5.8AI score0.00502EPSS
Exploits0References9
NVD
NVD
added 2026/05/22 9:16 a.m.19 views

CVE-2026-8679

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handleplaylistendpoint function hooked to templateredirect accepting a user-controlled playlist ID via the audioigniterplaylistid query var or the...

7.5CVSS0.01508EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/22 7:50 a.m.13 views

EUVD-2026-31421

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handleplaylistendpoint function hooked to templateredirect accepting a user-controlled playlist ID via the audioigniterplaylistid query var or the...

7.5CVSS5.8AI score0.01508EPSS
Exploits0References5
CVE
CVE
added 2026/05/22 7:50 a.m.23 views

CVE-2026-8679

The AudioIgniter WordPress plugin (up to v2.0.2) is affected by an Insecure Direct Object Reference. The handle_playlist_endpoint() function, mounted on template_redirect, accepts a user-controlled playlist ID via the audioigniter_playlist_id query var or the /audioigniter/playlist/{id}/ rewrite,...

7.5CVSS5.8AI score0.01508EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/22 7:50 a.m.13 views

CVE-2026-8679

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handleplaylistendpoint function hooked to templateredirect accepting a user-controlled playlist ID via the audioigniterplaylistid query var or the...

7.5CVSS5.8AI score0.01508EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/19 10:28 p.m.41 views

CVE-2026-6871 Obfuscate - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-033

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Obfuscate allows Cross-Site Scripting XSS. This issue affects Obfuscate: from 0.0.0 before 2.0.2...

0.00196EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 10:28 p.m.17 views

CVE-2026-6871

CVE-2026-6871 concerns the Drupal Obfuscate module. The issue is an XSS vulnerability caused by improper neutralization of input during web page generation. Affected versions are from 0.0.0 up to, but not including, 2.0.2. The root cause is insufficient sanitization when obfuscated emails are pro...

6.1CVSS5.8AI score0.00196EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/19 10:28 p.m.10 views

CVE-2026-6871 Obfuscate - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-033

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Obfuscate allows Cross-Site Scripting XSS. This issue affects Obfuscate: from 0.0.0 before 2.0.2...

5.8AI score0.00196EPSS
Exploits0References1
Rows per page
Query Builder