Lucene search
K

3644 matches found

NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56060

Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce = 7.1.1 versions...

7.5CVSS0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/26 2:56 p.m.12 views

CVE-2026-52946

A flaw was found in the Linux kernel. A lock order deadlock can occur in the sendsigio and sendsigurg functions when a process group receives a signal. This vulnerability, caused by an unsafe lock order during software interrupts SOFTIRQ in asynchronous I/O fasync signaling, could allow a remote...

7.5CVSS5.8AI score0.00612EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.35 views

CVE-2026-56060 WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 7.1.1 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce = 7.1.1 versions...

7.5CVSS0.00303EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.7 views

EUVD-2026-39714

Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce = 7.1.1 versions...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.10 views

CVE-2026-56060

The CVE concerns the WordPress plugin Print Invoice & Delivery Notes for WooCommerce . Affected: WooCommerce plugin versions up to and including 7.1.1 . Vulnerability: Unauthenticated Sensitive Data Exposure when generating prints for invoices and delivery notes, allowing access to confidential d...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:43 p.m.32 views

CVE-2026-45256

CVE-2026-45256 affects FreeBSD thr_kill2(2). The kernel failed to verify the result of p_cansignal() before delivering a signal, allowing unprivileged local users who know target PIDs to signal processes they normally could not, including root-owned ones. This can lead to stopping or terminating ...

5.5CVSS5.9AI score0.00092EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/25 9:16 a.m.8 views

CVE-2026-53241

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: dummy: fix UMP event stack overread The dummy sequencer port forwards events by copying an incoming struct sndseqevent into a stack temporary, rewriting source and destination, and dispatching the temporary to...

0.00175EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 5:16 a.m.9 views

CVE-2026-8330

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed sensitive information to be written to application logs due to insufficient filtering in a CI/CD API endpoint...

4.4CVSS0.0013EPSS
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2026/06/24 12:30 p.m.20 views

StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them

In this article 1. The role of infostealers: From credential theft to intrusion 2. StealC: Infostealer for rent 3. Amadey: Malware-as-a-service for delivery of infostealers 4. Defending against StealC and Amadey intrusions 5. Microsoft Defender detections 6. Indicators of compromise Infostealers...

6.2AI score
Exploits0
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.30 views

CVE-2026-8628 EntreDroppers <= 1.1.2 - Reflected Cross-Site Scripting via PHP_SELF Parameter

The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

6.1CVSS0.00205EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 5:17 p.m.8 views

CVE-2026-44959

A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user could add an unexpected component parameter and inject malicious PHP code into the compiledlimitations field, which would then be executed during banner delivery...

8.8CVSS0.0045EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 5:16 p.m.7 views

CVE-2026-34916

A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical parameter to inject malicious PHP code into the compiledlimitations field on the database and have it executed during banner delivery. Inpu...

8.8CVSS0.00499EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:14 p.m.5 views

EUVD-2026-38507

A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical parameter to inject malicious PHP code into the compiledlimitations field on the database and have it executed during banner delivery. Inpu...

8.8CVSS6.7AI score0.00499EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:14 p.m.32 views

CVE-2026-34916

A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical parameter to inject malicious PHP code into the compiledlimitations field on the database and have it executed during banner delivery. Inpu...

8.8CVSS0.00499EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:14 p.m.33 views

CVE-2026-44959

A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user could add an unexpected component parameter and inject malicious PHP code into the compiledlimitations field, which would then be executed during banner delivery...

8.8CVSS0.0045EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 4:14 p.m.17 views

CVE-2026-34916

CVE-2026-34916 affects Revive Adserver 6.0.6 and earlier. A missing validation of user input when saving delivery limitations could allow a low‑privileged user to use the logical parameter to inject PHP code into the compiledlimitations field, which could be executed during banner delivery. The a...

8.8CVSS6.6AI score0.00499EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 4:14 p.m.21 views

CVE-2026-44959

CVE-2026-44959 affects Revive Adserver up to version 6.0.6. The issue is a missing validation of user input when saving delivery limitations, allowing a low-privileged user to add an unexpected component parameter and inject malicious PHP into the compiledlimitations field, which could be execute...

8.8CVSS6.6AI score0.0045EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 3:35 p.m.5 views

CVE-2026-56693

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the createagent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke createagent to create arbitrary agent groups, container...

6.8CVSS6AI score0.00113EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/23 3:35 p.m.7 views

EUVD-2026-38465

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the createagent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke createagent to create arbitrary agent groups, container...

6.8CVSS6AI score0.00113EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/20 12:34 a.m.8 views

EUVD-2026-38093

Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that allows org-scoped read API keys to access other tenants' webhook secrets and delivery logs. Attackers can query the webhooks and webhookdeliveries endpoints to exfiltrate HMAC signing...

7.1CVSS5.9AI score0.00241EPSS
Exploits0References3
Rows per page
Query Builder