Lucene search
K

1274 matches found

Nuclei
Nuclei
added 3 days ago18 views

Better Search Replace < 1.4.5 - PHP Object Injection

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

9.8CVSS7.5AI score0.68047EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-50283

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in the AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId...

5.3CVSS5.8AI score0.00265EPSS
Exploits0References3Affected Software1
NVD
NVD
added 4 days ago7 views

CVE-2026-57722

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1...

5.9CVSS0.00148EPSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2026-57722

The CVE-2026-57722 entry concerns the WordPress plugin Enable Media Replace (versions up to and including 4.2.1). The vulnerability is described as a Stored Cross-Site Scripting (XSS) caused by improper neutralization of input during web page generation. Affected component: the Enable Media Repla...

5.9CVSS5.8AI score0.00148EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-57722 WordPress Enable Media Replace plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1...

5.9CVSS0.00148EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-41096

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1...

5.9CVSS5.8AI score0.00148EPSS
Exploits0References1
Patchstack
Patchstack
added 4 days ago5 views

WordPress Enable Media Replace plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Enable Media Replace versions = 4.2.1...

5.9CVSS5.8AI score0.00148EPSS
Exploits0Affected Software1
NVD
NVD
added 5 days ago8 views

CVE-2026-58012

A flaw was found in GLib. A buffer over-read can occur in the gregexreplace function when used with the GREGEXRAW compile flag and case-change replacement escapes because the stringappend function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the stri...

8.2CVSS0.00322EPSS
Exploits1References3
OSV
OSV
added 2026/06/25 9:16 a.m.5 views

UBUNTU-CVE-2026-53145

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix changehandle ioctl, attempt 4 airlied: just added some comments on how to reenable On-list because the cat is out of the bag and we're clearly not good enough to figure this out in private. The story thus far:...

7.8CVSS5.8AI score0.00102EPSS
Exploits0References6
NVD
NVD
added 2026/06/23 9:16 p.m.7 views

CVE-2026-47377

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the client-side hashRedirect plugin called window.location.replace on a path extracted from the URL hash fragment after only checking hashPath.startsWith'/'. Protocol-relative URLs //attacker.com/… also satisfy that...

5.1CVSS0.00239EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 4:17 p.m.8 views

CVE-2026-54313

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing...

7.7CVSS0.0026EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:31 p.m.6 views

EUVD-2026-38459

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing...

6.5CVSS5.8AI score0.0026EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 3:31 p.m.11 views

CVE-2026-54313

n8n: NoSQL Injection in MongoDB Node Find And Replace Operation (CVE-2026-54313). Affected software: n8n open-source workflow automation platform. Vulnerable component: MongoDB node’s Find And Replace operation prior to version 2.24.0. Root cause: An authenticated user with workflow edit access c...

7.7CVSS5.8AI score0.0026EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 3:31 p.m.36 views

CVE-2026-54313 n8n: NoSQL Injection in MongoDB Node Find And Replace Operation

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing...

6.5CVSS0.0026EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 12:31 a.m.11 views

EUVD-2026-38197

A weakness has been identified in kortix-ai suna up to 0.8.38. Affected by this issue is the function router.replace/router.push of the file apps/frontend/src/app/auth/page.tsx of the component Auth Endpoint. Executing a manipulation of the argument returnURL can lead to cross site scripting. The...

5.3CVSS4AI score0.00288EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51300

Name of the Vulnerable Software and Affected Versions ArubaSign versions prior to 4.6.6 Description Incorrect default permissions are assigned during the installation of the software. The main executable and other program files located in "C:Program Files" have excessive permissions for the...

8.8CVSS6.2AI score0.00122EPSS
Exploits0References6
NVD
NVD
added 2026/06/21 11:16 p.m.10 views

CVE-2026-12811

A weakness has been identified in kortix-ai suna up to 0.8.38. Affected by this issue is the function router.replace/router.push of the file apps/frontend/src/app/auth/page.tsx of the component Auth Endpoint. Executing a manipulation of the argument returnURL can lead to cross site scripting. The...

5.3CVSS0.00288EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

In the nsTArrayImpl::ReplaceElementsAt function, an integer overflow could occur when the number of elements to be replaced is too large for the container. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

8.8CVSS6.8AI score0.00776EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in PostgresSQL 11

A vulnerability was discovered in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the...

8CVSS7.1AI score0.0152EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Block layer: Fixed a deadlock between bdlinkdiskholder and partitionscan. The openmutex of gendisk is used to protect the opening and closing of block devices. However, in bdlinkdiskholder, it is used to protect the creation of...

5.5CVSS5.9AI score0.0021EPSS
Exploits0References2
Rows per page
Query Builder