Lucene search
K

486644 matches found

CNNVD
CNNVD
added 2026/06/06 12:0 a.m.9 views

VERTEX 操作系统命令注入漏洞

VERTEX is an integrated management tool developed by the individual developer of lswl.in, designed for binge-watching and stream watching. Versions of vertex-app and vertex released on February 12, 2026, and earlier have a vulnerability related to operating system command injection. This...

6.5CVSS6.6AI score0.01114EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.8 views

WordPress plugin MDJM Event Management 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.2CVSS5.9AI score0.00659EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.12 views

RHEL 9 : flatpak (RHSA-2026:23418)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23418 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...

10CVSS8.3AI score0.0168EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.7 views

EulerOS Virtualization 2.10.0 : python-ply (EulerOS-SA-2026-2062)

According to the versions of the python-ply package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile...

9.8CVSS6.5AI score0.16903EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.10 views

EulerOS Virtualization 2.13.0 : python-ply (EulerOS-SA-2026-2184)

According to the versions of the python-ply package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile...

9.8CVSS6.2AI score0.16903EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.62 views

Google Chrome < 149.0.7827.53 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 149.0.7827.53. It is, therefore, affected by multiple vulnerabilities as referenced in the 202606stable-channel-update-for-desktop advisory. - Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a...

9.6CVSS6.4AI score0.00985EPSS
Exploits1References859
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.11 views

RHEL 9 : redis (RHSA-2026:23229)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:23229 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...

8.8CVSS6.4AI score0.02995EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.16 views

Google Chrome < 149.0.7827.53 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 149.0.7827.53. It is, therefore, affected by multiple vulnerabilities as referenced in the 202606stable-channel-update-for-desktop advisory. - Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a...

9.6CVSS6.4AI score0.00985EPSS
Exploits1References859
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.6 views

RHEL 9 : flatpak (RHSA-2026:23417)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23417 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...

10CVSS8.3AI score0.0168EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.6 views

RHEL 9 : flatpak (RHSA-2026:23419)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23419 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...

10CVSS8.3AI score0.0168EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.7 views

EulerOS Virtualization 2.12.0 : python-ply (EulerOS-SA-2026-2112)

According to the versions of the python-ply packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile...

9.8CVSS8.6AI score0.16903EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.8 views

RHEL 8 : httpd:2.4 (RHSA-2026:22140)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22140 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP...

9.8CVSS6.4AI score0.04409EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.8 views

EulerOS Virtualization 2.10.1 : python-ply (EulerOS-SA-2026-2035)

According to the versions of the python-ply package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile...

9.8CVSS8.6AI score0.16903EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 11:28 p.m.8 views

CVE-2026-9290

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the profile template scope function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files...

7.5CVSS6.3AI score0.02403EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2026/06/05 11:28 p.m.8 views

CVE-2026-9290 WP User Manager <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion via 'tab' Query Parameter

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the profile template scope function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files...

7.5CVSS6.3AI score0.02403EPSS
Exploits0References13
NVD
NVD
added 2026/06/05 11:16 p.m.11 views

CVE-2026-7654

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...

8.8CVSS0.00652EPSS
Exploits1References10
GithubExploit
GithubExploit
added 2026/06/05 11:9 p.m.67 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell CVE-2025-55182 Next.js: CVE-2025-66478Unauthenti...

10CVSS8AI score0.99562EPSS
Exploits386
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:28 p.m.7 views

CVE-2026-7654

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...

8.8CVSS6.6AI score0.00652EPSS
Exploits1References11
Cvelist
Cvelist
added 2026/06/05 10:28 p.m.32 views

CVE-2026-7654 Admin Columns <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution via Custom Field Meta Value

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...

8.8CVSS0.00652EPSS
Exploits1References10
Vulnrichment
Vulnrichment
added 2026/06/05 10:28 p.m.7 views

CVE-2026-7654 Admin Columns <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution via Custom Field Meta Value

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...

8.8CVSS6.6AI score0.00652EPSS
Exploits1References10
Rows per page
Query Builder