Lucene search
K

61323 matches found

NVD
NVD
added 2026/06/16 10:16 a.m.11 views

CVE-2026-2381

The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxpayfororder function in all versions up to, and including, 10.7.0 This is due to a missing order ownership or orderkey verification when...

6.5CVSS0.00267EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 9:37 a.m.6 views

Malicious code in check-ulid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea848e496c2022409208a3e4a7d9b364c9437699a15554a5a1ee953d4428f230 check-ulid is a typosquat of the legitimate ulid package README is copied verbatim, homepage and bugs link to github.com/ulid/javascript whose...

5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/16 9:37 a.m.8 views

MAL-2026-5877 Malicious code in check-ulid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea848e496c2022409208a3e4a7d9b364c9437699a15554a5a1ee953d4428f230 check-ulid is a typosquat of the legitimate ulid package README is copied verbatim, homepage and bugs link to github.com/ulid/javascript whose...

5.5AI score
Exploits0References2
CVE
CVE
added 2026/06/16 9:31 a.m.43 views

CVE-2026-2381

The CVE concerns the WooCommerce Stripe Payment Gateway plugin for WordPress, affected in all versions up to 10.7.0. Root cause: missing capability check and missing order ownership/order_key verification in the wc_stripe_pay_for_order WC‑AJAX endpoint, with only a nonce validation. Impact: unaut...

6.5CVSS5.3AI score0.00267EPSS
Exploits0References6
OSV
OSV
added 2026/06/16 7:31 a.m.5 views

USN-8349-3 rsync regression

USN-8349-1 fixed vulnerabilities in rsync. Unfortunately that update introduced multiple regressions in rsync functionality. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Calum Hutton discovered that rsync contained a heap-based out-of-bounds read...

8.1CVSS5.6AI score0.0078EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.53 views

Joomla! Webservice - Password Disclosure

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. id: CVE-2023-23752 info: name: Joomla! Webservice - Password Disclosure author: badboycxcc,Sascha Brendel severity: medium description: | An issue was discovered in...

7.5CVSS6.7AI score0.99827EPSS
Exploits43References5
Vulnrichment
Vulnrichment
added 2026/06/16 6:26 a.m.3 views

CVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcfpeditact computes the COW range for skbensurewritable once before the key loop using tcfpoffmaxhint, but the hint does not account for the runtime header offset...

7.8CVSS6.2AI score0.00259EPSS
Exploits9References4
Cvelist
Cvelist
added 2026/06/16 5:33 a.m.28 views

CVE-2026-5149 RTMKit <= 2.0.7 - Authenticated (Contributor+) Missing Authorization to Arbitrary Form Submission Access via 'entries_id' Parameter

The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the getsubmissioncontent AJAX endpoint lacking a capability check to verify that a user has permission to access the requested form submission data. This makes it...

6.5CVSS0.00238EPSS
Exploits0References5
CVE
CVE
added 2026/06/16 5:33 a.m.12 views

CVE-2026-5149

The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization up to version 2.0.7 due to get_submission_content lacking a capability check, enabling authenticated attackers with Contributor-level access to view arbitrary form submissions by iterating the entries_id parameter. Affected:...

6.5CVSS5.5AI score0.00238EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-50153

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.8.1 Description When the fetch function is called, the runtime validates the destination hostname against --deny-net rules but fails to re-verify the IP addresses that the hostname resolves to. This allows an...

5.2CVSS5.9AI score0.00101EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.8 views

PT-2026-49814

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A memory safety issue exists in the checkSsrcCollisionOnRcv function within the RtpSession.cpp file due to a missing null check. This flaw allows a remote attack...

7.5CVSS6.1AI score0.00223EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-49785

Name of the Vulnerable Software and Affected Versions WC-Radio affected versions not specified Description A missing bounds check in WC-Radio allows for an out-of-bounds write, which is a memory corruption occurance where data is written outside the intended buffer. This can lead to remote code...

9.8CVSS6.5AI score0.00277EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.12 views

PT-2026-50149

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.8.1 Description The node:crypto.checkPrime and crypto.checkPrimeSync functions failed to perform Miller-Rabin rounds when the options.checks variable was left at its default value of 0. In this state, the software only...

7.4CVSS5.8AI score0.00149EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.18 views

PT-2026-49817

In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.30 views

PT-2026-50134

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description A scope escalation issue exists in the web archive download endpoint. A personal access token with any non-repository scope, such as read:issue or read:misc, can be used to download full...

5.3CVSS5.8AI score0.00024EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.9 views

PT-2026-51505

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.8 Description An arbitrary file write issue exists in the screenshot and PDF endpoints. Unauthenticated remote attackers can write files outside the intended directory by exploiting insufficient path validation a...

9.2CVSS6.4AI score0.00656EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-49738

Name of the Vulnerable Software and Affected Versions NLTK versions prior to 3.10.0-rc1 Description The nltk.data.load function is subject to path traversal when using the nltk: URL scheme. The issue arises because the UNSAFE NO PROTOCOL RE regex check is performed on the raw resource string befo...

7.5CVSS6AI score0.00378EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.10 views

PT-2026-49792

In smmu attach dev of arm-smmu-v3.c, there is a possible way to sign malicious Android Runtime bootclass artifacts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.5AI score0.00067EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-49804

In mfc core get dec metadata sei nal of mfc core reg api.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.2AI score0.00277EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-49800

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A missing bounds check in the decodeAppPacket function within RtcpAppPacket.cpp allows for an out-of-bounds read. This condition can lead to remote information...

4.3CVSS6.1AI score0.002EPSS
Exploits0References4
Rows per page
Query Builder