Lucene search
K

56015 matches found

Circl
Circl
added 5 hours ago4 views

CVE-2026-10660

creationtimestamp| type| source ---|---|--- 2026-07-11 17:28:57+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqf6sm6c6o2f 2026-07-11 19:32:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqffoyschb2q...

6.4CVSS6.1AI score
Exploits0References2
Circl
Circl
added 8 hours ago7 views

CVE-2026-61454

creationtimestamp| type| source ---|---|--- 2026-07-11 14:33:56+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqeuzo3gme2w 2026-07-11 16:07:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqf2azlsnp27...

8.7CVSS6.1AI score
Exploits0References2
CVE
CVE
added 10 hours ago7 views

CVE-2026-56296

Cap-go before 12.128.2 has an information disclosure flaw in the public.transfer_app RPC that returns distinct error messages for existing versus non-existing app IDs. This enables unauthenticated attackers to enumerate valid app IDs by observing error message differences when calling transfer_ap...

6.9CVSS6.1AI score
Exploits0References2
Circl
Circl
added 15 hours ago7 views

CVE-2026-15010

creationtimestamp| type| source ---|---|--- 2026-07-11 07:37:19+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqe5qoz5cx22 2026-07-11 07:37:19+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mqe5qog3a22o 2026-07-11 08:07:12+00:00| seen|...

6.4CVSS6.1AI score
Exploits0References3
CVE
CVE
added 19 hours ago8 views

CVE-2026-13116

CVE-2026-13116 affects the PDF Invoices & Packing Slips for WooCommerce plugin (WordPress) ≤ 5.14.0. Issue: Insecure Direct Object Reference via generate_document_shortcode caused by missing validation on a user-controlled key. Consequence: authenticated attackers with contributor+ access can min...

4.3CVSS6.1AI score
Exploits0References8
Nuclei
Nuclei
added 20 hours ago13 views

Cloudlog - SQL Injection

Cloudlog 2.6.15 contains a SQL injection caused by unsanitized input in oqrs.php requestform, letting attackers execute arbitrary SQL commands via stationid or callsign, exploit requires sending crafted request. id: CVE-2024-48259 info: name: Cloudlog - SQL Injection author: s4e-io severity: high...

7.3CVSS6.3AI score0.0087EPSS
Exploits1References3
Nuclei
Nuclei
added 20 hours ago12 views

Schneider Electric U.motion Builder - SQL Injection

The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter. id: CVE-2018-7765 info: name: Schneider Electric U.motion...

8.8CVSS7.1AI score0.02917EPSS
Exploits3References2
Nuclei
Nuclei
added 20 hours ago42 views

Sante PACS Server.exe - Path Traversal Information Disclosure

A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed. id: CVE-2025-2264 info: name: Sante PACS Server.exe - Path Traversal...

7.5CVSS7.2AI score0.38656EPSS
Exploits2References1
Nuclei
Nuclei
added 20 hours ago79 views

InstaWP Connect < 0.1.0.86 - Local PHP File Inclusion

The InstaWP Connect - 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files ...

8.1CVSS7.4AI score0.10305EPSS
Exploits0References3
Nuclei
Nuclei
added 20 hours ago56 views

WP-Recall – Plugin <= 16.26.10 - Unauthenticated SQL Injection

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection via the 'databeat' parameter in all versions up to, and including, 16.26.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

9.8CVSS7AI score0.02886EPSS
Exploits1References2
Nuclei
Nuclei
added 20 hours ago52 views

Contact Form Generator <= 2.5.5 - Cross-Site Scripting

The Contact Form Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in wp-admin/admin.php in versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.1CVSS6.8AI score0.01231EPSS
Exploits3References2
Nuclei
Nuclei
added 20 hours ago72 views

Control iD iDSecure - Authentication Bypass

An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative use...

9.8CVSS7AI score0.65237EPSS
Exploits6
Nuclei
Nuclei
added 20 hours ago53 views

Altenergy Power Control Software - SQL Injection

A vulnerability classified as critical was found in Altenergy Power Control Software up to 20241108. This vulnerability affects the function getstatuszigbee of the file /index.php/display/statuszigbee. The manipulation of the argument date leads to sql injection. The attack can be initiated...

6.5CVSS6.5AI score0.03725EPSS
Exploits0References3
Nuclei
Nuclei
added 20 hours ago77 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6.1AI score0.01331EPSS
Exploits1References2
Nuclei
Nuclei
added 20 hours ago31 views

LumisXP - Cross-site Scripting

A cross-site scripting XSS vulnerability in the XsltResultControllerHtml.jsp component of LumisXP v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via the lumPageID parameter. id: CVE-2024-33326 info: name: LumisXP - Cross-site Scripting author: 0xr2r severity: medium...

6.1CVSS6.2AI score0.0081EPSS
Exploits1References3
Nuclei
Nuclei
added 20 hours ago178 views

ThinVNC - Authentication Bypass

ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via a specific command, potentially leading to unauthorized access and code execution. id: CVE-2022-25226 info: name: ThinVNC - Authentication Bypass author: ritikchaddha severity: critical description: |...

10CVSS7.1AI score0.11027EPSS
Exploits2
Nuclei
Nuclei
added 20 hours ago79 views

AVM FRITZ!Box 7530 AX - Unauthorized Access

An access control issue in the component /juisboxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication. id: CVE-2024-54767 info: name: AVM FRITZ!Box 7530 AX - Unauthorized Access author: DhiyaneshDK severity: high description: | An access...

7.5CVSS6AI score0.01787EPSS
Exploits0References1
CVE
CVE
added 20 hours ago7 views

CVE-2026-3367

The CVE-2026-3367 entry concerns the WordPress plugin Lockme Cal­endars Integration (

4.4CVSS6.2AI score
Exploits0References14
EUVD
EUVD
added 20 hours ago6 views

EUVD-2026-43124

The Lockme OAuth2 calendars integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'App ID' setting in all versions up to, and including, 2.11.0. This is due to insufficient input sanitization and output escaping. The registersetting call on line 197 lacks a sanitiz...

4.4CVSS6.2AI score
Exploits0References14
Wolfi
Wolfi
added 20 hours ago8 views

CVE-2026-49838 vulnerabilities

Vulnerabilities for packages: kube-vip...

6.1AI score
Exploits0
Rows per page
Query Builder