Lucene search
K

9869 matches found

Cvelist
Cvelist
added yesterday9 views

CVE-2026-57409 WordPress Active Products Tables for WooCommerce plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.1.0...

7.1CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-57409

The CVE describes a DOM-based Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Profit Products Tables for WooCommerce” (Active Products Tables for WooCommerce) by RealMag777, affecting versions up to and including 1.1.0. The issue arises from improper neutralization of input duri...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday137 views

Gogs <= 0.13.3 - Remote Code Execution

Gogs self-hosted Git service versions 0.13.3 and earlier contain a critical symlink bypass vulnerability that circumvents the fix for CVE-2024-55947. Authenticated users can exploit improper symbolic link handling in the PutContents API to overwrite files outside the repository by committing a...

8.8CVSS7.2AI score0.7654EPSS
Exploits19References4
Nuclei
Nuclei
added yesterday113 views

SecurEnvoy Two Factor Authentication - LDAP Injection

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the...

9.8CVSS6.1AI score0.03304EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday110 views

WordPress Redux Framework <=4.2.11 - Information Disclosure

WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 has...

5.3CVSS6.2AI score0.28961EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday24 views

Ocean Extra <= 2.4.6 - Unauthenticated Shortcode Execution

The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to supply arbitrary shortcodes in the contentrechdata parameter that is then executed. This makes it possible for...

9.8CVSS7.3AI score0.01852EPSS
Exploits0References4
NVD
NVD
added 5 days ago9 views

CVE-2026-59269

A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions in the clusters, only if all the following conditions were true: the Pinniped Supervisor server is running with an ActiveDirectoryIdentityProvider resource configured; the...

3.8CVSS0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-59269 Privilege Escalation via Active Directory LDAP injection in Pinniped Supervisor can be executed by an attacker who can edit LDAP Group DN entries

A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions in the clusters, only if all the following conditions were true: the Pinniped Supervisor server is running with an ActiveDirectoryIdentityProvider resource configured; the...

3.8CVSS0.0017EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42530

A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions in the clusters, only if all the following conditions were true: the Pinniped Supervisor server is running with an ActiveDirectoryIdentityProvider resource configured; the...

3.8CVSS5.9AI score0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-59269

A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions in the clusters, only if all the following conditions were true: the Pinniped Supervisor server is running with an ActiveDirectoryIdentityProvider resource configured; the...

3.8CVSS5.9AI score0.0017EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago6 views

CVE-2026-59269

The CVE concerns Pinniped Supervisor authenticating to Kubernetes clusters, where an attacker could achieve elevated cluster permissions under specific AD/LDAP conditions. Affected software: Pinniped (go.pinniped.dev) versions v0.11.0–v0.46.0. Root cause: when an ActiveDirectoryIdentityProvider i...

3.8CVSS5.9AI score0.0017EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 5 days ago5 views

kernel: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change

In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in etsqdiscchange [email protected] says: The vulnerability is a race condition between etsqdiscdequeue and etsqdiscchange. It leads to UAF on stru...

7.5CVSS5.8AI score0.00151EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-56732

Name of the Vulnerable Software and Affected Versions Pinniped go.pinniped.dev versions 0.11.0 through 0.46.0 Description A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions. This occurs when the server is configured with an...

3.8CVSS6.1AI score0.0017EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 6 days ago5 views

github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API

A flaw was found in Prometheus, an open-source monitoring system. The clientsecret field within the Azure Active Directory AD remote write OAuth configuration was incorrectly handled as a plain string instead of a secure Secret type. This misconfiguration allowed any user or process with access t...

7.5CVSS5.9AI score0.00326EPSS
Exploits0References9
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-56284 Capgo - Unauthenticated Metrics Disclosure via get_total_metrics RPC

Capgo Cap-go/capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST RPC function public.gettotalmetricsorgid, which is callable by the anon role using only the public sbpublishable key. An unauthenticated attacker can probe organization existence and leak...

6.9CVSS0.00214EPSS
Exploits0References2
Patchstack
Patchstack
added 6 days ago5 views

WordPress Active Products Tables for WooCommerce plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin Active Products Tables for WooCommerce versions = 1.1.0...

7.1CVSS6.1AI score0.00251EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 6 days ago4 views

CVE-2026-59998

A flaw was found in OpenSSH. The sshd component has an undocumented security-relevant behavior where GSSAPIStrictAcceptorCheck has no value when the server is in a Windows Active Directory environment. This could lead to unintended information disclosure and impact data integrity...

6.5CVSS5.9AI score0.00179EPSS
Exploits0References6
OSV
OSV
added 6 days ago5 views

DEBIAN-CVE-2026-59998

sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory...

6.5CVSS5.9AI score0.00179EPSS
Exploits0References1
NVD
NVD
added 6 days ago10 views

CVE-2026-59998

sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory...

6.5CVSS0.00179EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago114 views

CVE-2026-59998

sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory...

4.8CVSS0.00179EPSS
Exploits0References3
Rows per page
Query Builder