Lucene search
K

1737 matches found

CVE
CVE
added 2026/05/07 1:28 p.m.26 views

CVE-2026-41554

CVE-2026-41554 concerns WordPress Bricks Builder theme, affecting versions from n/a through 1.9.2 to 2.2. The issue is an Improper Neutralization of Input During Web Page Generation leading to a Reflected Cross-Site Scripting (XSS) vulnerability. The vulnerable component is the Bricks Builder the...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/07 1:28 p.m.11 views

CVE-2026-41554 WordPress Bricks Builder theme 1.9.2-2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38436

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References2
OSV
OSV
added 2026/05/06 2:45 p.m.5 views

BIT-JAVA-MIN-2024-54534

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption...

9.8CVSS7.1AI score0.01061EPSS
Exploits0References14
GithubExploit
GithubExploit
added 2026/05/02 8:26 a.m.143 views

Exploit for Deserialization of Untrusted Data in Apache Mina

CVE-2026-42779 — Apache MINA Deserialization Filter Bypass to...

9.8CVSS6AI score0.00902EPSS
Exploits1
OSV
OSV
added 2026/05/01 12:30 p.m.6 views

GHSA-VF5J-865M-MQ7C Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41635 Incomplete Fix)

The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname...

9.8CVSS6AI score0.00902EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/30 9:28 p.m.6 views

EUVD-2025-209603

IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions...

5.3CVSS5.2AI score0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 12:0 a.m.25 views

CVE-2026-38527

A Server-Side Request Forgery SSRF in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request...

8.5CVSS0.00249EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.6 views

Webkul Krayin CRM 安全漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses from the Indian company Webkul. Version 2.2.x of Webkul Krayin CRM contains a security vulnerability. This vulnerability stems from an object-level authorization flaw in the /Settings/UserController.php...

8.8CVSS5.8AI score0.00624EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

Webkul Krayin CRM 安全漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses from the Indian company Webkul. Version 2.2.x of Webkul Krayin CRM contains a security vulnerability. This vulnerability stems from the admin/tinymce/upload endpoint, where an authenticated arbitrary fi...

9.9CVSS6.1AI score0.02759EPSS
Exploits9References3
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

LoLLMs 安全漏洞

LoLLMs is a large language and multimodal system personally developed by Saifeddine ALOUI. Versions of LoLLMs prior to 2.2.0 contained a security vulnerability. This vulnerability stemmed from the createpost function not properly cleaning the content provided by users, which could lead to...

9.6CVSS7.2AI score0.00405EPSS
Exploits1References2
CVE
CVE
added 2026/04/07 12:9 p.m.6 views

CVE-2025-39666

CVE-2025-39666 affects Checkmk in multiple versions: 2.2.0 (EOL), 2.3.0 before 2.3.0p46, 2.4.0 before 2.4.0p25, and 2.5.0 beta before 2.5.0b3. A site user can escalate to root by manipulating files in the site context that are processed when the omd command is run by root. This yields a local pri...

9.3CVSS5.8AI score0.00121EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 5:4 p.m.5 views

CVE-2026-25458

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through = 2.2...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 5:16 p.m.6 views

CVE-2026-25452

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPDO Remoji remoji allows Stored XSS.This issue affects Remoji: from n/a through = 2.2...

7.1CVSS0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.7 views

CVE-2026-25452 WordPress Remoji plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPDO Remoji remoji allows Stored XSS.This issue affects Remoji: from n/a through = 2.2...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.5 views

PT-2026-27954

Name of the Vulnerable Software and Affected Versions Select-Themes Moments versions n/a through 2.2 Description A flaw exists in the handling of file names within the include/require statements of a PHP program, specifically a PHP Local File Inclusion issue in Select-Themes Moments. This allows...

8.1CVSS5.9AI score0.00403EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

WordPress plugin Moments 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/03/19 5:25 p.m.5 views

ahwaz (=2.2.3), arkive (>=0.1.1 <=0.3.1) +46 more potentially affected by CVE-2026-32889 via tinytag (>=1.10.0 <=2.2.0)

tinytag PYPI version =1.10.0, =0.1.1, =7.8.2, =4.8.0, =0.0.20, =1.0.20, =0.0.4, =1.0.0, =1.9.0, =0.1.0, =0.0.1, =3.8.5, =1.1.0b12, =1.1.0b17 and more Source cves: CVE-2026-32889 Source advisory: OSV:GHSA-F4RQ-2259-HV29...

6.5CVSS5.4AI score0.0041EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.8 views

PT-2026-22095

The Custom Logo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS5.6AI score0.00193EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/18 7:30 p.m.6 views

CVE-2026-2620

A weakness has been identified in Huace Monitoring and Early Warning System 2.2. Affected by this issue is some unknown functionality of the file /Web/SysManage/ProjectRole.aspx. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. T...

7.5CVSS5.6AI score0.00254EPSS
Exploits0References1
Rows per page
Query Builder