Lucene search
K

362542 matches found

CVE
CVE
added 1 hour ago4 views

CVE-2026-6101

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...

7.5CVSS6.7AI score
Exploits0References10
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-6101 AMP for WP <= 1.1.12 - Authenticated (Author+) Arbitrary File Write via Role-Based Access Configuration with Local Font Upload

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...

7.5CVSS
Exploits0References10
EUVD
EUVD
added 2 hours ago4 views

EUVD-2011-5272

Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence module names passed to load could use that bug to execute arbitrary...

6.1AI score
Exploits0References4
NVD
NVD
added 2 hours ago3 views

CVE-2011-10043

Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence module names passed to load could use that bug to execute arbitrary...

Exploits0References3
CVE
CVE
added 3 hours ago5 views

CVE-2011-10043

Module::Load for Perl versions before 0.22 is vulnerable: passing module names that begin with :: to load can bypass @INC restrictions and allow loading arbitrary modules, enabling arbitrary code execution. The issue stems from improper handling of module paths in the load function, permitting at...

6.1AI score
Exploits0References3
BDU FSTEC
BDU FSTEC
added 3 hours ago16 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS7.2AI score0.00709EPSS
Exploits1References11Affected Software9
BDU FSTEC
BDU FSTEC
added 3 hours ago12 views

The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...

8.5CVSS6.1AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 3 hours ago13 views

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

8.4CVSS6AI score0.00425EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 5 hours ago5 views

perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in send_file()

A flaw was found in HTTP::Daemon, a Perl module used for creating HTTP servers. A remote attacker can exploit this vulnerability by providing specially crafted input to the sendfile function, leading to OS command injection. This allows the attacker to execute arbitrary commands on the system wit...

9.1CVSS6.2AI score0.01231EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 5 hours ago6 views

Important: Red Hat Security Advisory: perl-HTTP-Daemon security update

An update for perl-HTTP-Daemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

9.1CVSS6.5AI score0.01231EPSS
Exploits0References2
EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-42020

A flaw was found in GIMP's PSD parser. An integer overflow in readRLEchannel can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitra...

7.3CVSS6.2AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 8 hours ago3 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume...

8.1CVSS6AI score0.00407EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 8 hours ago2 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory...

8.1CVSS6AI score0.00476EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 8 hours ago2 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume...

8.1CVSS6AI score0.00407EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 8 hours ago3 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory...

8.1CVSS6AI score0.00476EPSS
Exploits0References6
CVE
CVE
added 9 hours ago8 views

CVE-2026-12277

The CVE-2026-12277 entry concerns the Frontend File Manager Plugin for WordPress (≤ 23.6). The vulnerability arises because the plugin does not validate a file path derived from user input before deleting the referenced file, enabling unauthenticated users to delete arbitrary server files (e.g., ...

5.9AI score
Exploits0References1
CVE
CVE
added 9 hours ago9 views

CVE-2026-10834

CVE-2026-10834 affects the WP Travel Engine WordPress plugin prior to 6.8.1. The issue arises from insufficient validation of the source of a user-supplied profile image path before moving the file, enabling authenticated users with subscriber-level access and above to relocate arbitrary files wi...

6AI score
Exploits0References1
EUVD
EUVD
added 9 hours ago6 views

EUVD-2026-42010

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...

6AI score
Exploits0References1
Nuclei
Nuclei
added 12 hours ago66 views

eyoucms v.1.6.5 - Cross-Site Scripting

Cross Site Scripting XSS vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. id: CVE-2024-22927 info: name: eyoucms v.1.6.5 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross Site Scripting XSS...

6.1CVSS6.7AI score0.01028EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago156 views

Dahua Smart Park Management - Arbitrary File Upload

Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePointaddImgIco?. id: CVE-2023-3836 info: name: Dahua Smart Park Management - Arbitrary File Upload...

9.8CVSS6.8AI score0.73525EPSS
Exploits2References5
Rows per page
Query Builder