Lucene search
+L

888 matches found

OSV
OSV
added 2026/05/19 10:28 p.m.4 views

CVE-2026-6871 Obfuscate - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-033

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Obfuscate allows Cross-Site Scripting XSS. This issue affects Obfuscate: from 0.0.0 before 2.0.2...

6.1CVSS5.9AI score0.00196EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/05/19 10:28 p.m.10 views

CVE-2026-6871

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Obfuscate allows Cross-Site Scripting XSS. This issue affects Obfuscate: from 0.0.0 before 2.0.2...

6.1CVSS5.8AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/18 7:58 p.m.13 views

CVE-2026-42290

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell inste...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/05/18 7:52 a.m.12 views

Security update for zypper-docker

This update for zypper-docker fixes the following issues CVE-2026-2808: github.com/hashicorp/consul: unvalidated user-supplied file paths can lead to arbitrary file reads through the Vault Kubernetes authentication provider bsc1259563. CVE-2026-33186: google.golang.org/grpc: authorization bypass...

8.6CVSS6.9AI score0.01557EPSS
Exploits1References8
Snyk
Snyk
added 2026/05/15 6:30 p.m.18 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the SQL code generation process. An attacker can execute arbitrary code on TaskManagers by submitting specially crafted SQL queries that exploit improper escaping of user-controlled strings in generated Java...

8.6CVSS6.3AI score0.00381EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/15 3:27 p.m.60 views

CVE-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

0.00381EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.18 views

CVE-2026-42290

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell inste...

7.8CVSS0.00132EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 2:50 p.m.9 views

CVE-2026-44295 protobufjs-cli: Code injection in pbjs static output from crafted schema names

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...

8.7CVSS5.9AI score0.00395EPSS
Exploits0References1
OSV
OSV
added 2026/05/13 2:50 p.m.2 views

CVE-2026-44295 protobufjs-cli: Code injection in pbjs static output from crafted schema names

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...

8.7CVSS6.2AI score0.00395EPSS
Exploits0References3
OSV
OSV
added 2026/05/13 2:49 p.m.2 views

CVE-2026-42290 protobufjs-cli: OS Command Injection

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell inste...

7.8CVSS5.9AI score0.00132EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 12:29 p.m.58 views

CVE-2026-3426 RTMKit Addons for Elementor <= 2.0.2 - Authenticated (Author+) Missing Authorization to Widget Configuration Modification

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the savewidget and resetallwidgets functions in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with Author-lev...

4.3CVSS0.00288EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:29 p.m.7 views

CVE-2026-3426

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the savewidget and resetallwidgets functions in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with Author-lev...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.18 views

PT-2026-40595

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the save widget and reset all widgets functions in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

WordPress plugin RTMKit Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.8CVSS6AI score0.00625EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 4:34 p.m.27 views

CVE-2026-20794

Intel Data Center Graphics Driver for VMware ESXi prior to 2.0.2 contains a buffer overflow in Ring 1: Device Drivers that can allow a local privilege escalation. A system software adversary with a privileged user and low attack complexity could potentially execute code locally with no user inter...

9.3CVSS5.9AI score0.00127EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 4:34 p.m.37 views

CVE-2026-20794

Buffer overflow for the IntelR Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This...

9.3CVSS0.00127EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/12 2:59 p.m.9 views

Command Injection

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Command Injection via pbts. An attacker can execute arbitrary shell commands by supplying file paths containing shell...

8.5CVSS6.1AI score0.00132EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/12 12:0 a.m.19 views

WordPress RTMKit plugin <= 2.0.2 - Authenticated (Author+) Missing Authorization to Widget Configuration Modification vulnerability

Authenticated Author+ Missing Authorization to Widget Configuration Modification vulnerability discovered by momopon1415 in WordPress Plugin RTMKit versions = 2.0.2...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References1Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/11 2:57 p.m.10 views

blrec (>=1.8.0 <=2.0.0b5), dagster-looker (>=0.26.6 <=0.29.8) +6 more potentially affected by CVE-2026-45017 via python-liquid (>=1.10.2 <=2.0.2)

python-liquid PYPI version =1.10.2, =1.8.0, =0.26.6, =0.8.0, =0.1.1, =0.1.0, =0.1.0, =0.4.0, =0.0.1, =0.3.0 Source cves: CVE-2026-45017 Source advisory: OSV:GHSA-8P4X-WR7X-3788...

8.2CVSS5.7AI score0.00335EPSS
Exploits0
NVD
NVD
added 2026/05/08 4:16 a.m.20 views

CVE-2026-42275

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.2, the zrok WebDAV drive backend davServer.Dir restricts path traversal through lexical normalization but does not prevent symlink following. When a symbolic link inside the shared DriveRoot points to a...

8.7CVSS0.0033EPSS
Exploits0References3
Rows per page
Query Builder