Lucene search
K

1397 matches found

Cvelist
Cvelist
added 2026/04/26 1:15 p.m.43 views

CVE-2026-7043 GreenCMS index.php pluginAddLocal unrestricted upload

A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Th...

6.5CVSS0.00201EPSS
Exploits0References4
OSV
OSV
added 2026/04/10 3:59 p.m.3 views

CVE-2026-35596 Vikunja has Broken Access Control on Label Read via SQL Operator Precedence Bug

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the hasAccessToLabel function contains a SQL operator precedence bug that allows any authenticated user to read any label that has at least one task association, regardless of project access. Label titles, description...

4.3CVSS6AI score0.00272EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 6:1 a.m.9 views

Security Bulletin: runc File Descriptor Leak Leads to Container Escape Vulnerability (Fixed in 1.1.12), affects watsonx.data

Summary runc ≤ 1.1.11 contains a file descriptor leak vulnerability that can allow container processes to access the host filesystem, leading to potential container escape and host compromise. Fixed in version 1.1.12. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-21626...

8.6CVSS6.9AI score0.18087EPSS
Exploits18Affected Software1
UbuntuCve
UbuntuCve
added 2026/04/10 12:0 a.m.4 views

CVE-2026-33457

Livestatus injection in the prediction graph page in Checkmk 2.5.0b4, 2.4.0p26, and 2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted service name parameter due to insufficient sanitization of the service description value...

6.3CVSS5.8AI score0.00175EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.7 views

WordPress plugin AddFunc Head & Footer Code 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.7AI score0.002EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 10:45 a.m.8 views

Security Bulletin: MCP Python SDK DNS Rebinding Vulnerability in HTTP Servers (Fixed in 1.23.0) affects watsonx.data

Summary The MCP Python SDK mcp prior to 1.23.0 did not enable DNS rebinding protection by default for HTTP-based servers. This could allow a malicious website to bypass same-origin policies and send requests to a local MCP server running without authentication. This can affect watsonx.data...

8.1CVSS5.8AI score0.00463EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/04/07 12:9 p.m.8 views

CVE-2025-39666

CVE-2025-39666 affects Checkmk in multiple versions: 2.2.0 (EOL), 2.3.0 before 2.3.0p46, 2.4.0 before 2.4.0p25, and 2.5.0 beta before 2.5.0b3. A site user can escalate to root by manipulating files in the site context that are processed when the omd command is run by root. This yields a local pri...

9.3CVSS5.8AI score0.00121EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 10:59 a.m.6 views

Security Bulletin: Memory Exhaustion via Excessive Cookies in HTTP Servers, affects watsonx.data

Summary HTTP servers may be vulnerable to memory exhaustion because, while HTTP headers have a 1MB limit, there is no limit on the number of cookies parsed. An attacker can send many small cookies e.g., a=; to trigger excessive memory allocation, potentially leading to high memory usage or...

5.3CVSS7.1AI score0.00534EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/04 1:51 p.m.3 views

CVE-2016-20061 sheed AntiVirus 2.3 Unquoted Service Path Privilege Escalation

sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquoted path and trigger service restart or system reboot to...

8.5CVSS6.1AI score0.00123EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/03/25 8:0 p.m.217 views

Exploit for Race Condition in Openbsd Openssh

CVE-2018-15473 — SSH Username Enumeration Tool A Python 3 r...

5.9CVSS6.8AI score0.98631EPSS
Exploits23
NVD
NVD
added 2026/03/21 1:16 p.m.5 views

CVE-2019-25550

Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog to trigger an...

6.9CVSS0.00177EPSS
Exploits1References3
CVE
CVE
added 2026/03/21 12:46 p.m.13 views

CVE-2019-25550

Encrypt PDF 2.3 has a local-denial-of-service vulnerability caused by a buffer overflow in password fields. An attacker can crash the application by pasting a ~1000-byte buffer into either the User Password or Master Password field in the Settings dialog during PDF import. The CVSS metrics indica...

6.9CVSS6.1AI score0.00177EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/06 7:53 a.m.5 views

CVE-2026-28101

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup UberSlider MouseInteraction uberSlidermouseinteraction allows Reflected XSS.This issue affects UberSlider MouseInteraction: from n/a through = 2.3...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 6:30 a.m.5 views

EUVD-2026-9756

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup UberSlider MouseInteraction uberSlidermouseinteraction allows Reflected XSS.This issue affects UberSlider MouseInteraction: from n/a through = 2.3...

7.1CVSS5.9AI score0.0018EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/05 6:30 a.m.5 views

EUVD-2026-9574

Deserialization of Untrusted Data vulnerability in ThemeREX Pets Club petclub allows Object Injection.This issue affects Pets Club: from n/a through = 2.3...

5.9AI score0.0051EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/05 5:54 a.m.3 views

CVE-2026-28101

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup UberSlider MouseInteraction uberSlidermouseinteraction allows Reflected XSS.This issue affects UberSlider MouseInteraction: from n/a through = 2.3...

5.9AI score0.0018EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/05 5:53 a.m.3 views

CVE-2026-22419 WordPress Honor theme <= 2.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Honor honor allows PHP Local File Inclusion.This issue affects Honor: from n/a through = 2.3...

8.1CVSS5.8AI score0.00504EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.6 views

PT-2026-23195

Name of the Vulnerable Software and Affected Versions ThemeREX Pets Club versions prior to 2.3 Description A flaw exists in ThemeREX Pets Club that allows for object injection due to deserialization of untrusted data. This issue impacts the petclub component. Recommendations Update to a version...

5.8AI score0.0051EPSS
Exploits0References3
OSV
OSV
added 2026/03/01 11:32 a.m.8 views

CVE-2026-3391 FascinatedBox lily lily_emitter.c clear_storages out-of-bounds

A security flaw has been discovered in FascinatedBox lily up to 2.3. Impacted is the function clearstorages of the file src/lilyemitter.c. The manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit has been released to the public and may be used for...

4.8CVSS5.4AI score0.00209EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/02/26 12:11 a.m.22 views

CVE-2026-27831 rldns Vulnerable to Heap-based Out-of-Bounds Read

rldns is an open source DNS server. Version 1.3 has a heap-based out-of-bounds read that leads to denial of service. Version 1.4 contains a patch for the issue...

7.5CVSS0.00425EPSS
Exploits1References4
Rows per page
Query Builder