Lucene search
+L

4193 matches found

nuclei
nuclei
added yesterday17 views

LearnPress < 4.3.0 - Arbitrary Callback Execution to Information Exposure

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/loadcontentviaajax which allows arbitrary callback execution of...

5.3CVSS6.3AI score0.00934EPSS
Exploits0References1
nuclei
nuclei
added yesterday174 views

PHPJabbers Callback Widget v1.0 - Cross-Site Scripting

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0. id: CVE-2023-40755 info: name: PHPJabbers Callback Widget v1.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | There is a Cross Site Scripting...

6.1CVSS6.4AI score0.01202EPSS
Exploits0References2
cve
cve
added yesterday7 views

CVE-2026-15103

The CVE affects the WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell WordPress plugin. All versions up to 3.12.8 are vulnerable to privilege escalation via an insecure update_settings() REST callback that does not validate the group_id path parameter against an allowlis...

8.8CVSS6.1AI score0.00319EPSS
Exploits0References6
nvd
nvd
added 2 days ago4 views

CVE-2026-48799

Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...

7.7CVSS0.00164EPSS
Exploits0References4
cve
cve
added 3 days ago2 views

CVE-2026-58478

SIP 5.2.16 has a server-side request forgery (SSRF) vulnerability when the optional Node-RED plugin is installed. An unauthenticated attacker can supply a malicious callback URL and cause the device to issue arbitrary HTTP requests due to lack of destination validation, aided by the default passp...

6.5CVSS6.2AI score0.00261EPSS
Exploits2References2Affected Software1
cvelist
cvelist
added 3 days ago29 views

CVE-2026-58478 Sustainable Irrigation Platform 5.2.16 SSRF via Node-RED Callback URL

Sustainable Irrigation Platform SIP through version 5.2.16 contains a server-side request forgery SSRF vulnerability that allows unauthenticated attackers to make the device issue arbitrary HTTP requests by supplying a malicious callback URL when the optional Node-RED plugin is installed. Attacke...

6.5CVSS0.00261EPSS
Exploits2References2
osv
osv
added 3 days ago3 views

SUSE-SU-2026:2977-1 Security update for afterburn

This update for afterburn fixes the following issues Update to version 5.10.0.git73.b97f772. Security issues fixed: - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270175. - CVE-2026-41677: openssl: out-of-bounds read in PEM password...

9.8CVSS6.2AI score0.00559EPSS
Exploits1References19
osv
osv
added 4 days ago5 views

MAL-2026-10503 Malicious code in n8n-nodes-rce-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c735b8bb20a784446d7a0a4c49369ca3f2696bfe2e8a004799c763fc0a064aca On require by n8n module-load, top-level code in dist/RceNode.node.js, the package runs a shell command via execSync'/bin/sh',.... The command is tak...

6.2AI score
Exploits0References2
ossf
ossf
added 4 days ago8 views

Malicious code in n8n-nodes-rce-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c735b8bb20a784446d7a0a4c49369ca3f2696bfe2e8a004799c763fc0a064aca On require by n8n module-load, top-level code in dist/RceNode.node.js, the package runs a shell command via execSync'/bin/sh',.... The command is tak...

6.2AI score
Exploits0References2
osv
osv
added 4 days ago2 views

SUSE-SU-2026:2925-1 Security update for curl

This update for curl fixes the following issues - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-8286: wrong STARTTLS connection reuse bsc1268402. - CVE-2026-8458: wrong reuse for different services bsc1268407. - CVE-2026-8924: traling dot domain super cookie...

9.8CVSS6.3AI score0.01064EPSS
Exploits11References23
osv
osv
added last week1 views

OPENSUSE-SU-2026:21294-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270208. - CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length...

9.8CVSS6.2AI score0.00359EPSS
Exploits0References16
susecve
susecve
added last week4 views

SUSE CVE-2026-9080

Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...

5.9CVSS6AI score0.00494EPSS
Exploits1References8
cve
cve
added 2026/07/09 11:30 p.m.11 views

CVE-2026-12597

Summary (CVE-2026-12597) : The LoginPress Pro WordPress plugin (versions up to and including 6.2.3) contains an authentication bypass via the GitHub OAuth callback. The flaw resides in the loginpress_on_github_login() function, which blindly trusts the first element (profile[0]['email']) from Git...

8.1CVSS6AI score0.00422EPSS
Exploits0References2
ibm
ibm
added 2026/07/09 7:20 p.m.4 views

Security Bulletin: Due to use of Golang Go, multiple vulnerabilities affect IBM Cloud Pak System

Summary Due to use of Golang Go multiple vulnerabilities affect IBM Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2026-39827 DESCRIPTION: An authenticated SSH client that repeatedly opened channels which were rejected by the server...

9.1CVSS6.7AI score0.00533EPSS
Exploits0Affected Software2
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.13 views

PT-2026-56660

Name of the Vulnerable Software and Affected Versions Ray Enterprise Translation versions 0.0.0 through 4.0.4 Ray Enterprise Translation versions 4.1.0 through 4.1.4 Ray Enterprise Translation versions 11.0.0 through 11.0.4 Description Cross-Site Request Forgery CSRF occurs when a module fails to...

6.1AI score0.00118EPSS
Exploits0References3
snyk
snyk
added 2026/07/08 12:0 a.m.5 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the opensslverifycallback process during a DTLS handshake. An attacker can cause a process crash and disrupt service availability by sending a certificate with an oversized Subject Distinguished Name that...

8.7CVSS6.2AI score0.0031EPSS
Exploits0References2
nvd
nvd
added 2026/07/07 11:16 p.m.7 views

CVE-2026-55076

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, Coder's OIDC callback checked emailverified with a direct Go bool type assertion. When an IdP returned the claim as a non-boolean for example the string...

7.4CVSS0.00479EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/07/07 4:24 p.m.5 views

CVE-2026-58371

A flaw was found in SeaweedFS. This vulnerability allows a remote attacker to disclose sensitive information by exploiting an unvalidated JSONP JavaScript Object Notation with Padding callback parameter. The system reflects the callback parameter directly into responses without proper validation ...

3.1CVSS5.8AI score0.0021EPSS
Exploits0References8
osv
osv
added 2026/07/06 9:53 p.m.4 views

CVE-2026-43928 FOSSBilling: Payment amount not validated in PayPalEmail adapter allows invoice underpayment

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the PayPalEmail payment adapter accepts PayPal IPN callbacks and credits the IPN-supplied amount mcgross to the client's balance without validating it against the invoice total. Combined with a $0.05...

2.3CVSS5.9AI score0.00274EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/06 8:53 p.m.5 views

CVE-2026-42341

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit...

9.2CVSS6AI score0.00184EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder