Lucene search
K

1848 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-57738

Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object Injection.This issue affects 777: from n/a through = 1.13.0...

9.8CVSS0.00386EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-57418

Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.13...

6.5CVSS0.00248EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-57369

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Builder themify-builder allows Reflected XSS.This issue affects Themify Builder: from n/a through = 7.7.4...

7.1CVSS0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-57586

Name of the Vulnerable Software and Affected Versions AREA 17 Twill CMS versions prior to 3.6.1 Description An unrestricted upload issue exists in the Media Library Insert Page component. A remote attacker can exploit this by manipulating the qqfilename argument within the...

5.8CVSS6.1AI score0.00248EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-58306

Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before ef525f337fafddecde77a3c426212a84bb20cb98...

6.1CVSS6.2AI score0.00116EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 days ago8 views

CVE-2026-13080

The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.12.7 via the 'logKey' parameter parameter. This makes it possible for authenticated attackers, with administrator-leve...

6.6CVSS6.5AI score0.0071EPSS
Exploits0References11
NVD
NVD
added 2026/07/08 3:16 p.m.7 views

CVE-2026-10699

Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...

7.5CVSS0.00283EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 9:3 p.m.40 views

CVE-2026-45796

Summary of CVE-2026-45796 : Coder versions prior to 2.33.3 (and older releases in the 2.32.2, 2.31.12, 2.30.8, 2.29.13, and 2.24.5 lines) are vulnerable to an unauthenticated semi-blind SSRF via the Azure Instance Identity Endpoint at POST /api/v2/workspaceagents/azure-instance-identity. An attac...

6.5CVSS6.1AI score0.00335EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:28 p.m.6 views

CVE-2026-34167

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the ActivityMonitor Livewire component exposes a public $activityId property without Livewire's Locked attribute. It loads activities via Activity::find$this-activityId wit...

5CVSS6AI score0.00199EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/07/02 7:46 p.m.5 views

GHSA-HHM7-QRV5-H4R6 Zebra: Repeated Non-Finalized Shielded Transaction Aborts Zebra Before Duplicate-Nullifier Rejection

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node processes blocks past the checkpoint height non-finalized state is active. 3. The network has NU5 or later activated. All default configurations are affected. Summary Chain::push in the non-finalized sta...

5.9CVSS5.7AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.9 views

CVE-2026-57681

Subscriber Server Side Request Forgery SSRF in GeoDirectory = 2.8.161 versions...

6.4CVSS5.8AI score0.0023EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 11:16 p.m.8 views

CVE-2026-14395

Out of bounds write in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

8.8CVSS0.00275EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 11:59 a.m.7 views

EUVD-2026-40954

MCO is vulnerable to User Enumeration through authentication-related functionalities. The application returns distinguishable responses for valid and invalid users during username reminder and password reset operations. An attacker can leverage these differences to enumerate valid usernames and...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54792

Name of the Vulnerable Software and Affected Versions UTT nv518G nv518GV3 version 3.2.7-210919-161313 Description A buffer overflow occurs in the gohead/sub 448384 component, which allows a remote attacker to cause a denial of service. A buffer overflow is a condition where a program writes more...

7.5CVSS6.1AI score0.00452EPSS
Exploits0References6
NVD
NVD
added 2026/06/30 11:17 p.m.8 views

CVE-2026-13981

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS0.0023EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/30 10:39 p.m.5 views

CVE-2026-14031

Inappropriate implementation in File Input in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00169EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.5 views

CVE-2026-13981

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.0023EPSS
Exploits0
OSV
OSV
added 2026/06/30 1:36 p.m.5 views

CVE-2025-53648 Apache Gravitino: SQL misconfiguration can access or truncate files

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue...

5.4CVSS5.9AI score0.00348EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/28 4:30 a.m.35 views

CVE-2026-13482 skypilot-org skypilot User ID server.py username.encode weak hash

A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by hig...

6.3CVSS0.00189EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/26 2:52 p.m.6 views

EUVD-2026-39702

Unauthenticated Cross Site Scripting XSS in Gutenverse Form = 2.4.7 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Rows per page
Query Builder