Lucene search
K

40 matches found

NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-52696

Unauthenticated Sensitive Data Exposure in JetBlog = 2.4.8 versions...

7.5CVSS0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 10:43 a.m.29 views

CVE-2022-47150 WordPress WooCommerce Conversion Tracking plugin <= 2.0.10 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site request forgery CSRF vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10...

4.3CVSS0.00113EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 10:16 a.m.10 views

CVE-2025-48977

Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version...

8.5CVSS0.00526EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.5 views

1byte-react-design (>=1.7.1 <=1.14.0), @aaf-comp/graph-widget (>=1.0.0 <=1.0.3) +261 more potentially affected by unknown CVE via @antv/g-canvas (>=2.0.0 <=2.2.0)

@antv/g-canvas NPM version =2.0.0, =1.7.1, =1.0.0, =1.1.43, =5.0.48, =1.0.1, =2.0.0, =2.0.0, =1.0.0, =2.0.0, =3.0.3, =3.0.0, =0.5.6, =1.1.0, =1.1.0, =2.0.0, =2.1.1 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGCANVAS-16754493...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.6 views

@antv/auto-chart (>=2.0.0 <=2.1.0-alpha.0) potentially affected by unknown CVE via @antv/thumbnails-component (=2.0.0)

@antv/thumbnails-component NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/thumbnails-component and may be impacted: - @antv/auto-chart =2.0.0, =2.1.0-alpha.0 Source cves: unknown CVE Source advisory:...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.14 views

PT-2026-40763

Name of the Vulnerable Software and Affected Versions cowboy versions 2.0.0 through 2.14.x Description An issue in multipart header parsing allows an unauthenticated attacker to cause a denial of service via unbounded buffer accumulation. The function read part in src/cowboy req.erl accumulates...

8.2CVSS5.9AI score0.00382EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.3 views

PT-2026-32564

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of the workflow engine. MaxKB only restricts the referencing code path loading MCP config from the...

9.8CVSS6AI score0.00427EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32601

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

9.1CVSS5.8AI score0.00521EPSS
Exploits1References5
NVD
NVD
added 2026/03/25 5:17 p.m.3 views

CVE-2026-32515

Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through 2.1.2...

7.5CVSS0.00291EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/03/24 9:30 a.m.7 views

com.io7m.jsay:com.io7m.jsay (=0.0.2), com.jkoolcloud.tnt4j.streams:tnt4j-streams-jms (>=1.14.2 <=2.3.0) +5 more potentially affected by CVE-2026-32642 via org.apache.activemq:artemis-openwire-protocol (>=2.0.0 <=2.4.0)

org.apache.activemq:artemis-openwire-protocol MAVEN version =2.0.0, =1.14.2, =0.1.0, =0.1.0, =2.0.0, =2.31.1, =2.29.0, =2.44.0 Source cves: CVE-2026-32642 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15791526...

4.3CVSS5.8AI score0.0047EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/21 12:34 p.m.2 views

cy-ai-trainer (>=0.0.1 <=0.0.2), llama-index-packs-vanna (>=0.0.1 <=0.3.0) +2 more potentially affected by CVE-2026-4513 via vanna (>=0.0.30 <=2.0.2)

vanna PYPI version =0.0.30, =0.0.1, =0.0.1, =1.0.0, =2.0.0 Source cves: CVE-2026-4513 Source advisory: SNYK:PYTHON-VANNA-15756488...

6.5CVSS6.5AI score0.00196EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/05 5:54 a.m.2 views

CVE-2026-27541

Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through = 2.2.6...

5.9AI score0.00241EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/19 8:27 a.m.5 views

CVE-2026-25428

Server-Side Request Forgery SSRF vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through = 2.5.5...

5.5AI score0.00199EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/06 6:7 p.m.3 views

EUVD-2026-5624

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application fails to properly sanitize the term parameter before...

8.7CVSS5.9AI score0.00366EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/22 10:8 p.m.12 views

CVE-2026-23516

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or...

8.6CVSS5.9AI score0.00142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.5 views

CVE-2023-49747

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3...

5.9CVSS6.7AI score0.00374EPSS
Exploits0References1
OSV
OSV
added 2025/12/09 4:17 p.m.5 views

CVE-2025-5471

Uncontrolled Search Path Element vulnerability in Yandex Telemost on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.19.1...

7.8CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/02 4:37 a.m.2 views

CVE-2025-13606 Export All Posts, Products, Orders, Refunds & Users <= 2.19 - Cross-Site Request Forgery to Sensitive Information Exposure

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the parseData function. This makes it possible for unauthenticated attackers...

6.5CVSS4.8AI score0.00138EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/08 7:41 a.m.10 views

CVE-2025-64323

kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend...

5.3CVSS6.8AI score0.00165EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-30558

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References2
Rows per page
Query Builder