Lucene search
K

1092 matches found

Patchstack
Patchstack
added 2 days ago4 views

WordPress BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin <= 4.6.0 - Authenticated (Custom+) SQL Injection vulnerability

Authenticated Custom+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin BetterDocs versions = 4.6.0...

6.5CVSS6AI score0.0026EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 3 days ago5 views

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.10.2 release.

Red Hat Developer Hub 1.10.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

10CVSS7AI score0.01186EPSS
Exploits11References39
OSV
OSV
added 4 days ago4 views

PYSEC-2026-1292 dbt allows Binding to an Unrestricted IP Address via socketsocket

Summary Binding to INADDRANY 0.0.0.0 or IN6ADDRANY :: exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDRANY by passing "" as the address. This...

5.3CVSS5.8AI score0.0071EPSS
Exploits0References15
NVD
NVD
added 2026/07/03 2:16 a.m.8 views

CVE-2026-12729

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 2.3.0. This is due to a missing capability check on the domigration function registered as the wedocsmigratebetterdocstowedocs...

4.3CVSS0.00213EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/03 1:28 a.m.7 views

CVE-2026-12729

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 2.3.0. This is due to a missing capability check on the domigration function registered as the wedocsmigratebetterdocstowedocs...

4.3CVSS5.6AI score0.00213EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/03 1:28 a.m.38 views

CVE-2026-12729 weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot <= 2.3.0 - Missing Authorization to Authenticated (Subscriber+) Data Migration via wedocs_migrate_betterdocs_to_wedocs AJAX Action

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 2.3.0. This is due to a missing capability check on the domigration function registered as the wedocsmigratebetterdocstowedocs...

4.3CVSS0.00213EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55440

Name of the Vulnerable Software and Affected Versions weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot versions prior to 2.3.1 Description The plugin contains a missing authorization flaw. The do migration function, registered as the wedocs migrate betterdocs to wedocs AJ...

4.3CVSS5.9AI score0.00213EPSS
Exploits0References10
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/30 12:0 a.m.5 views

Security update for gleam (moderate)

openSUSE security update: security update for gleam ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21143-1 Rating: moderate References: bsc1267396 bsc1267397 bsc1267398 Cross-References: CVE-2026-32685 CVE-2026-42795 CVE-2026-43965 Affected Product...

5.6CVSS6.2AI score0.00152EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 7:28 a.m.10 views

MAL-2026-6590 Malicious code in envfile-sync-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 097a9a647e6d99cd53b881cae4fdd747d03b319388107c946c70b8804d3d917b On every import of envfile-sync-cli, src/index.js calls process.dlopen on bin/native/parser.node — a 2.9MB Windows PE executable sha256...

5.8AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/25 1:2 p.m.9 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: libssh2: libssh2-1.11.1-8.hum1 aarch64, x8664 libssh2-devel-1.11.1-8.hum1 aarch64, x8664 libssh2-docs-1.11.1-8.hum1 noarch libssh2-1.11.1-8.hum1.src src...

9.2CVSS7.3AI score0.00732EPSS
Exploits11References4
OSV
OSV
added 2026/06/23 9:40 a.m.2 views

OPENSUSE-SU-2026:21143-1 Security update for gleam

This update for gleam fixes the following issues: Changes in gleam: - Update to 1.17.0: Fixed security vulnerabilities: - Restrict custom documentation page path and source values so gleam docs build cannot escape the docs output directory or project root bsc1267396, CVE-2026-32685 - Restrict...

5.6CVSS5.8AI score0.00152EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 3:12 a.m.7 views

Malicious code in @mastra/mcp-docs-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 477f5b90c17486d7cf04f5aa840c94a66509022040515038a955e610a31c88e4 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/16 9:33 a.m.10 views

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.9.5 release.

Red Hat Developer Hub 1.9.5 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

10CVSS7.1AI score0.01186EPSS
Exploits15References29
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36783

Incorrect access control in the share-based read endpoints of Sismics Docs Teedy v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request...

5.2AI score0.00287EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 p.m.10 views

CVE-2026-50885

Incorrect access control in the share-based read endpoints of Sismics Docs Teedy v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request...

7.5CVSS0.00287EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 6:26 p.m.17 views

MAL-2026-5802 Malicious code in cardano-addresses-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d99ae2a620ac8a3db31cde344d6d1e46914f785b3d5f4b8debdb20d64fa9c75 package.json declares a preinstall hook node index.js that runs automatically on npm install. index.js collects host identifiers os.hostname,...

5.4AI score
Exploits0References1
Veracode
Veracode
added 2026/06/15 7:20 a.m.11 views

XXE Injection

Spring REST Docs is vulnerable to XML External Entity XXE Injection. The vulnerability is due to unsafe processing of XML content when documenting remote APIs, where a compromised or malicious API can supply crafted XML containing external entities. When documentation-generating tests are execute...

5.9CVSS5.3AI score0.00223EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49326

Name of the Vulnerable Software and Affected Versions Sismics Docs Teedy version 1.11 Description Incorrect access control in the share-based read endpoints allows unauthorized attackers to access sensitive endpoints by sending a crafted request. Recommendations At the moment, there is no...

7.5CVSS5.9AI score0.00287EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.32 views

CVE-2026-50885

Incorrect access control in the share-based read endpoints of Sismics Docs Teedy v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request...

0.00287EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 12:0 a.m.15 views

CVE-2026-50885

CVE-2026-50885 concerns Sismics Docs (Teedy) with version v1.11, where an incorrect access control flaw in the share-based read endpoints enables unauthorized attackers to access sensitive endpoints via a crafted request. The related advisories consistently describe limited information about root...

7.5CVSS5.3AI score0.00287EPSS
Exploits0References1
Rows per page
Query Builder