Lucene search
+L

2744 matches found

Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.14 views

PT-2026-36874

Name of the Vulnerable Software and Affected Versions Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier Description A hardcoded authentication bypass exists in the QR code scanning functionality. Unauthenticated remote attackers can bypass hash verification by providing...

8.7CVSS5.9AI score0.00448EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.11 views

Amazon Linux 2023 : nerdctl (ALAS2023-2026-1605)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1605 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...

9.8CVSS6AI score0.00651EPSS
Exploits0References22
OSV
OSV
added 2026/04/27 6:33 p.m.13 views

JLSEC-2026-219 Null pointer deference in openssl-src

Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm i...

7.5CVSS6.2AI score0.53336EPSS
Exploits2References42
vulnersOsv
vulnersOsv
added 2026/04/21 12:0 a.m.12 views

ch.admin.bit.jeap:jeap-oauth-mock-server (>=3.1.0 <=3.44.0), ch.admin.bit.jeap:jeap-oauth-mock-server-instance (>=3.1.0 <=3.44.0) +79 more potentially affected by CVE-2026-22752 via org.springframework.security:spring-security-oauth2-authorization-server (>=1.3.0 <=1.5.6)

org.springframework.security:spring-security-oauth2-authorization-server MAVEN version =1.3.0, =3.1.0, =3.1.0, =1.0.0, =1.0.1, =1.0.0, =3.0.0, =3.5.5.3, =3.5.5.3, =3.3.0.0, =3.5.5.3, =3.5.5.3, =3.5.5.3, =3.3.0.0, =3.3.0.0, =3.5.5.2 and more Source cves: CVE-2026-22752 Source advisory:...

5.8AI score0.00425EPSS
Exploits0
Patchstack
Patchstack
added 2026/04/20 11:10 a.m.9 views

WordPress TechLink theme <= 1.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme TechLink versions = 1.3...

5.8AI score0.0025EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/04/15 9:16 a.m.7 views

CVE-2026-3998

The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shortcode attribute of the jqmath shortcode in all versions up to and including 1.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The...

6.4CVSS0.00265EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/15 8:28 a.m.3 views

CVE-2026-3998

The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shortcode attribute of the jqmath shortcode in all versions up to and including 1.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The...

6.4CVSS5.9AI score0.00265EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/10 12:31 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in NIO SSL transport processing. An attacker can cause the...

8.7CVSS5.8AI score0.00896EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/10 12:31 p.m.8 views

Apache ActiveMQ: Denial of Service via Out of Memory vulnerability

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes...

7.5CVSS5.8AI score0.00896EPSS
Exploits0References4Affected Software4
Vulnrichment
Vulnrichment
added 2026/04/10 10:54 a.m.3 views

CVE-2026-39304 Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incorrect handling of TLSv1.3 KeyUpdate can be exploited to cause DoS via OOM

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes...

5.8AI score0.00896EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/10 12:0 a.m.4 views

CVE-2026-5460

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/09 11:29 p.m.3 views

CVE-2026-5460 Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...

6.3CVSS5.8AI score0.00275EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/09 10:16 p.m.4 views

CVE-2026-5264

Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow...

9.8CVSS6.1AI score0.00446EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/09 9:43 p.m.4 views

CVE-2026-5264

Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow...

9.8CVSS5.8AI score0.00446EPSS
Exploits0
OpenVAS
OpenVAS
added 2026/04/09 12:0 a.m.6 views

Ubuntu: Security Advisory (USN-8155-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS5.9AI score0.01059EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/08 9:31 a.m.5 views

EUVD-2026-20319

Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iGMS Direct Booking: from n/a through = 1.3...

5.9AI score0.0019EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.4 views

CVE-2026-39652

Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iGMS Direct Booking: from n/a through = 1.3...

5.3CVSS0.0019EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.5 views

CVE-2026-39652

Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iGMS Direct Booking: from n/a through = 1.3...

5.9AI score0.0019EPSS
Exploits0References2
CVE
CVE
added 2026/04/08 8:30 a.m.9 views

CVE-2026-39652

CVE-2026-39652 affects the WordPress igms-direct-booking plugin (versions up to 1.3). The issue is a Broken/ Missing Authorization due to incorrectly configured access control, allowing unauthorized access as described in multiple feeds (NVD/Red Hat/CVE listing). The provided documents do not inc...

5.3CVSS5.9AI score0.0019EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39652 WordPress iGMS Direct Booking plugin <= 1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iGMS Direct Booking: from n/a through = 1.3...

5.9AI score0.0019EPSS
Exploits0References1
Rows per page
Query Builder