Lucene search
+L

599 matches found

EUVD
EUVD
added 2026/06/16 4:15 p.m.9 views

EUVD-2026-37131

Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass...

8.6CVSS5.9AI score0.00139EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/15 8:19 p.m.8 views

EUVD-2026-36873

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...

7.5CVSS5.2AI score0.00294EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:19 p.m.29 views

CVE-2026-49066 WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...

7.5CVSS0.00294EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49503

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...

7.5CVSS5.2AI score0.00294EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 7:15 p.m.38 views

CVE-2026-34710 Substance3D - Sampler | Out-of-bounds Write (CWE-787)

Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00144EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 7:15 p.m.18 views

EUVD-2026-35797

Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.1AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.17 views

CVE-2026-47430

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

9.5CVSS5.4AI score0.00723EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Session Fixation

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Session Fixation via session fixation...

6.5CVSS5.3AI score0.00197EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/06/05 8:29 p.m.7 views

17fe-ui23 (>=0.0.0 <=0.0.24), @2kog/pkg-editor (>=0.0.1 <=0.1.3) +584 more potentially affected by CVE-2026-47762 via tinymce (>=6.0.0 <=7.5.1)

tinymce NPM version =6.0.0, =0.0.0, =0.0.1, =12.1.0, =4.1.0, =1.0.0-beta.1, =4.1.2-rc, =1.0.0, =0.1.0, =0.1.19, =0.1.0, =0.1.1 and more Source cves: CVE-2026-47762 Source advisory: OSV:GHSA-V98H-VMPC-FPQV...

8.7CVSS5.7AI score0.00281EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.11 views

CVE-2026-44500

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter...

5.3CVSS5.5AI score0.00362EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.12 views

CVE-2026-44497

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-script version 6.0.0, the fix for CVE-2026-41583 introduced a separate issue due to insufficient error handling of the case where the sighash type is invalid, during sighash computation. Instead of...

9.3CVSS5.5AI score0.00188EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.11 views

CVE-2026-8206

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the password reset request. Thi...

9.8CVSS5.5AI score0.0126EPSS
Exploits5References1
SUSE CVE
SUSE CVE
added 2026/06/03 2:23 a.m.18 views

SUSE CVE-2026-44740

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...

7.5CVSS5.7AI score0.00295EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/02 3:28 a.m.16 views

EUVD-2026-33881

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the password reset request. Thi...

9.8CVSS5.9AI score0.0126EPSS
Exploits5References8
CVE
CVE
added 2026/06/02 3:28 a.m.152 views

CVE-2026-8206

The CVE-2026-8206 entry documents an unauthenticated privilege-escalation vulnerability in the Kirki – Freeform Page Builder for WordPress, affecting versions 6.0.0–6.0.6. The root cause is in the password-reset flow: the vulnerable CompLibFormHandler.php reads an attacker-supplied email from the...

9.8CVSS5.9AI score0.0126EPSS
In wildExploits5References8
Cvelist
Cvelist
added 2026/06/02 3:28 a.m.60 views

CVE-2026-8206 Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the password reset request. Thi...

9.8CVSS0.0126EPSS
Exploits5References8
EUVD
EUVD
added 2026/06/02 12:31 a.m.16 views

EUVD-2026-33850

The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00153EPSS
Exploits0References3
NVD
NVD
added 2026/06/02 12:16 a.m.18 views

CVE-2026-9050

The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00153EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.11 views

WordPress plugin Kirki – Freeform Page Builder, Website Builder & Customizer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS5.5AI score0.0126EPSS
Exploits5References8
Patchstack
Patchstack
added 2026/06/01 5:17 p.m.16 views

WordPress Kirki plugin 6.0.0-6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password' vulnerability

Unauthenticated Privilege Escalation via 'handleforgotpassword' vulnerability discovered by CHOIGYEONGMIN in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions 6.0.0-6.0.6...

9.8CVSS5.8AI score0.0126EPSS
Exploits5References1Affected Software1
Rows per page
Query Builder