Lucene search
+L

617 matches found

CVE
CVE
added 4 days ago17 views

CVE-2026-57798

CVE-2026-57798 affects the WordPress plugin NewsPlus Shortcodes (<= 4.2.0). The issue is described as an Improper Control of Filename for Include/Require Statement in PHP (PHP Remote File Inclusion) vulnerability that allows PHP Local File Inclusion (LFI) . Root cause: improper filename handli...

7.5CVSS6.1AI score0.00496EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-43063

Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0...

6.1AI score0.00159EPSS
Exploits0References2
NVD
NVD
added last week7 views

CVE-2026-13239

Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0...

6.5CVSS0.00159EPSS
Exploits0References1
CVE
CVE
added last week9 views

CVE-2026-13239

Summary: CVE-2026-13239 describes a Missing Authorization vulnerability in WissKI, enabling forceful browsing via the wisski mirador submodule. Affected software: WissKI versions 0.0.0 through 4.2.0. Root cause (per documents): insufficient access checks when parameters are submitted through a ro...

6.5CVSS6.1AI score0.00159EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.8 views

PT-2026-56838

Name of the Vulnerable Software and Affected Versions libmbedtls23 affected versions not specified libeverest affected versions not specified Description Security issues were identified and subsequently fixed in the libmbedtls23 and libeverest packages within the openSUSE Tumbleweed GA media...

6.1AI score
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.9 views

PT-2026-56845

Name of the Vulnerable Software and Affected Versions libmbedtls2 affected versions not specified libeverest affected versions not specified Description Security issues were identified and subsequently fixed in the libmbedtls23-4.2.0-1.1 and libeverest-3.6.7-1.1 packages on the GA media of openSU...

6.1AI score
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.7 views

PT-2026-56849

Name of the Vulnerable Software and Affected Versions libmbedtls2 affected versions not specified libeverest affected versions not specified Description Security issues were identified in the libmbedtls2 and libeverest packages within the openSUSE Tumbleweed GA media. Recommendations Update...

6.1AI score
Exploits0References18
OSV
OSV
added 2026/07/08 12:0 a.m.2 views

OPENSUSE-SU-2026:11215-1 libmbedtls23-4.2.0-1.1 on GA media

These are all security issues fixed in the libmbedtls23-4.2.0-1.1 package on the GA media of openSUSE Tumbleweed...

6.1AI score
Exploits0References10
EUVD
EUVD
added 2026/07/02 8:31 p.m.12 views

EUVD-2026-37813

Steeltoe's sensitive actuators heapdump/env only require Restricted permission...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/07/02 3:0 p.m.7 views

WordPress NewsPlus Shortcodes plugin <= 4.2.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin NewsPlus Shortcodes versions = 4.2.0...

7.5CVSS5.9AI score0.00496EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/22 4:16 p.m.11 views

CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS0.00259EPSS
Exploits1References1
OSV
OSV
added 2026/06/22 4:16 p.m.5 views

UBUNTU-CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/22 2:59 p.m.43 views

CVE-2026-53550 js-yaml: Quadratic-complexity DoS in merge key handling via repeated aliases

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS0.00259EPSS
Exploits1References1
Snyk
Snyk
added 2026/06/18 12:20 a.m.8 views

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the process that handles service bindings from VCAPSERVICES containing TLS client credentials. An attacker can access sensitive private key material by reading temporary files created with...

5.7CVSS5.9AI score0.00065EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 12:20 a.m.5 views

Exposure of Resource to Wrong Sphere

Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere in the TokenKeyResolver function. An attacker can bypass authentication and gain unauthorized access by exploiting the shared static JWKS cache across multiple schemes, allowing a key fetched for one...

7.4CVSS5.9AI score0.0029EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 10:16 p.m.18 views

CVE-2026-50194

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 are configured to listen on an alternate port Management:Endpoints:Port is configured, the...

8.2CVSS0.00238EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 9:3 p.m.27 views

CVE-2026-50194 Steeltoe vulnerable to management-port isolation bypass via spoofed Host header

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 are configured to listen on an alternate port Management:Endpoints:Port is configured, the...

8.2CVSS0.00238EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50568

Name of the Vulnerable Software and Affected Versions Steeltoe.Configuration.Encryption versions 4.0.0 through 4.1.0 Description Steeltoe is an open source project providing libraries for building cloud-native applications. An issue exists where configuring the encrypt:rsa:algorithm variable with...

1.9CVSS5.9AI score0.00046EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/15 5:15 p.m.11 views

Inefficient Algorithmic Complexity

Overview js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the storeMappingPair function in loader.js when handling repeated aliases in merge sequences. An attacker can exhaust CPU resources and...

6.9CVSS5.3AI score0.00259EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/15 5:15 p.m.11 views

Inefficient Algorithmic Complexity

Overview org.webjars.npm:js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the storeMappingPair function in loader.js when handling repeated aliases in merge sequences. An attacker can exhaust CPU...

6.9CVSS5.9AI score0.00259EPSS
Exploits1References2
Rows per page
Query Builder