Lucene search
+L

307521 matches found

ATTACKERKB
ATTACKERKB
added 3 hours ago3 views

CVE-2026-10525

The NEX-Forms WordPress plugin before 9.2.3 does not sanitise and escape some submitted form data before storing it and outputting it back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability which could allow unauthenticated users to perform Stored Cross-Site Scripting...

Exploits0References1
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-45137

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.1 via the checkanswer. This makes it possible for unauthenticated attackers to extract the correct-answer markers...

7.5CVSS6AI score
Exploits0References14
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-45131

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.0.13 via the 'family' parameter. This makes it possible for authenticated attackers, with editor-level access and above, to delete...

4.9CVSS6.2AI score
Exploits0References10
Circl
Circl
added 9 hours ago4 views

CVE-2026-62241

creationtimestamp| type| source ---|---|--- 2026-07-17 00:24:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqsidieaof2d 2026-07-17 01:30:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116932727657867490 2026-07-17 01:30:28+00:00| seen|...

9.3CVSS6.1AI score
Exploits0References4
CVE
CVE
added 9 hours ago10 views

CVE-2026-62386

The CVE-2026-62386 entry applies to Grav API plugin (getgrav/grav-plugin-api)

8.2CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 9 hours ago5 views

EUVD-2026-45085

clawvet self-hosted API server apps/api before 0.7.5 hard-codes a fallback JWT secret 'clawvet-dev-secret-change-me' in auth.ts and ships it as the default in .env.example. Because GET /api/v1/scans returns scan records containing userId values without authentication, a remote unauthenticated...

9.3CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 9 hours ago5 views

EUVD-2026-45084

OpenRemote before 1.26.0 contain an authenticated SQL injection vulnerability in the datapoint crosstab export endpoint that constructs PostgreSQL queries by concatenating asset display names into raw SQL. An authenticated attacker with asset creation or rename permissions can inject SQL through...

7.2CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 9 hours ago5 views

EUVD-2026-45102

OpenClaw versions before 2026.5.28 Bot Framework contains an improper input validation vulnerability that allows lower-trust callers to expose bot tokens and credentials by failing to properly validate serviceUrl parameters. Attackers can supply malicious serviceUrl values through configured inpu...

6.5CVSS6.1AI score
Exploits0References2
CVE
CVE
added 9 hours ago6 views

CVE-2026-62211

OpenClaw versions prior to 2026.6.1 expose a credential redaction bypass in the trajectory export feature. The flaw allows lower-trust callers to access data that should remain within trusted boundaries by exploiting misconfigured input paths or feature accessibility in the export mechanism. Affe...

5CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-45099

OpenClaw versions before 2026.6.1 contain a credential redaction bypass vulnerability in the trajectory export feature that allows lower-trust callers to access data that should remain within trusted boundaries. Attackers can exploit misconfigured input paths or feature accessibility to expose...

5CVSS6.1AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added yesterday15 views

The vulnerability of the Directum RX ECM system, related to deficiencies in access control, allows a perpetrator to compromise data integrity.

The vulnerability of the Directum RX ECM system is related to deficiencies in access control. Exploiting this vulnerability could allow a remote attacker to compromise data integrity...

5CVSS5.8AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added yesterday19 views

The vulnerability of the Directum HR Pro system, which exists due to insufficient verification of input data, allows a perpetrator to disclose protected information.

The vulnerability of the Directum HR Pro system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information by sending a specially crafted POST request...

7.7CVSS5.7AI score
Exploits0Affected Software1
CVE
CVE
added yesterday6 views

CVE-2026-44435

CVE-2026-44435 : Quicly (QUIC protocol implementation used with H2O) contains an assertion failure that triggers a Denial of Service when the total number of valid handshake messages over a CRYPTO stream within a single packet number space exceeds 32KB. The issue is fixed by commit 937d0e9. Affec...

7.5CVSS6AI score0.00052EPSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-57075

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syckbase64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64xtable with a signed char, so any !!binary byte = 0x80 sign-extends to a negative index and...

Exploits0References3
CVE
CVE
added yesterday18 views

CVE-2026-43977

Summary (CVE-2026-43977) : In wger, versions prior to 2.6 expose an IDOR: any authenticated user can read another user’s private workout data via /logs/ and /stats/ on a routine, because RoutinePermission incorrectly treats is_template=True as readable and RoutineViewSet actions return the owner’...

7.5CVSS6.1AI score0.00051EPSS
Exploits0References1
CVE
CVE
added yesterday14 views

CVE-2026-43978

CVE-2026-43978 describes a privilege-escalation in wger prior to version 2.6 where a gym trainer can chain two trainer-login calls to impersonate higher-privileged users (gym manager/general manager). The root cause is a logic error in wger/core/views/user.py: after the first hop, session["traine...

8.1CVSS6AI score0.00026EPSS
Exploits0References1
CVE
CVE
added yesterday27 views

CVE-2026-45368

Kirby CMS is affected in versions prior to 4.9.1 and 5.4.1 by an XSS in URL handling for several first‑party renderers that emit : the (link: …) KirbyTag, the link parameter of (image: …), the image block's link field, and the HTML importer for blocks. The underlying issue does not filter dangero...

8.4CVSS6.1AI score0.00062EPSS
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-57075

YAML::Syck vulnerability CVE-2026-57075 affects Perl in versions before 1.47. The base64 decoder in the bundled libsyck uses a 256-entry table (b64_xtable) indexed by a signed char; bytes with high bit set (>= 0x80) sign-extend to negative indices and read before the table, triggering an out-o...

6.1AI score
Exploits0References3
CVE
CVE
added yesterday21 views

CVE-2026-44019

Docling Core (docling-core) versions 2.5.0 through before 2.74.1 allow local file:// image references and inline data: content without a decoded-size limit when processing untrusted image references. This could enable access to local files readable by the process or cause excessive memory usage f...

8.1CVSS6.1AI score0.0004EPSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-45036

An out-of-bounds read in the Productivity Suite allows a physical attacker to control the length of data sent to a USB device. This can lead to a system crash or disclosure of kernel memory...

5.9CVSS6.1AI score
Exploits0References3
Rows per page
Query Builder