Lucene search
K

823 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/24 9:8 a.m.4 views

CVE-2025-13205

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing or incorrect nonce validation on the...

4.3CVSS5.8AI score0.00127EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/24 12:0 a.m.6 views

SUSE SLES15 Security Update : libsoup (SUSE-SU-2026:0211-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0211-1 advisory. - CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. - CVE-2026-0716: Fixed out-of-bounds...

8.6CVSS6.5AI score0.00557EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/01/24 12:0 a.m.3 views

SUSE SLES15: libsoup-2_4-1 / libsoup2-devel / libsoup2-lang / etc (SUSE-SU-2026:0258-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0258-1 advisory. - CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. - CVE-2026-0719: Fixed overflow for...

8.6CVSS6.7AI score0.00557EPSS
Exploits0References7
EUVD
EUVD
added 2026/01/23 2:58 a.m.6 views

EUVD-2026-4473

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

7.2CVSS6.5AI score0.0148EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/23 12:0 a.m.4 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004834)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004834 advisory. In the Linux kernel, the following vulnerability has been resolved: ceph: avoid putting the realm twice when decoding snaps fails When decoding the snaps fails it...

7.8CVSS5.3AI score0.0019EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/22 4:52 p.m.4 views

EUVD-2026-3819

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through = 6.1...

5.4AI score0.0013EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/01/22 4:8 p.m.5 views

Security update for libsoup2

This update for libsoup2 fixes the following issues: CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. CVE-2026-0719: Fixed overflow for password md4sum bsc1256399 Patch Instructions: To install this SUSE update use the SUSE recommended installation method...

9.2CVSS5.5AI score0.00557EPSS
Exploits0References8
OSV
OSV
added 2026/01/22 4:8 p.m.5 views

SUSE-SU-2026:0253-1 Security update for libsoup2

This update for libsoup2 fixes the following issues: - CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. - CVE-2026-0719: Fixed overflow for password md4sum bsc1256399...

8.6CVSS5.8AI score0.00557EPSS
Exploits0References5
OSV
OSV
added 2026/01/21 4:13 p.m.20 views

GHSA-FQCV-8859-86X2 CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier

SQL Injection in CustomerTransformerController Summary An error-based SQL Injection vulnerability was identified in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading to database error...

6.9CVSS6.2AI score0.00381EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/01/21 4:13 p.m.10 views

CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier

SQL Injection in CustomerTransformerController Summary An error-based SQL Injection vulnerability was identified in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading to database error...

6.9CVSS6.2AI score0.00381EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.8 views

PT-2026-3891

Name of the Vulnerable Software and Affected Versions CoreShop versions prior to 4.1.9 Description An error-based SQL Injection issue exists in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly incorporates user-supplied input into a SQL query,...

6.9CVSS5.9AI score0.00381EPSS
Exploits0References6
EUVD
EUVD
added 2026/01/19 5:2 a.m.5 views

EUVD-2026-3239

A vulnerability has been found in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/ConfigExceptMSN. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used...

9CVSS6AI score0.00855EPSS
Exploits1References5
SUSE Linux
SUSE Linux
added 2026/01/14 1:47 p.m.3 views

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2025-14523: Reject duplicated Host in headers bsc1254876. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed fo...

8.3CVSS7AI score0.00505EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/14 12:31 a.m.8 views

EUVD-2026-2609

EUVD-2026-2609...

8.5CVSS6.4AI score0.00185EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.3 views

MiracleLinux 8 : libsoup-2.62.3-11.el8_10 (AXSA:2026-026:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-026:01 advisory. libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy First- vs Last-Value Wins CVE-2025-14523 Tenable has extracted the preceding...

8.2CVSS5.4AI score0.00505EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/01/13 9:13 p.m.5 views

WordPress WP Duplicate Page plugin <= 1.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Post Duplication vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin WP Duplicate Page versions = 1.8...

5.4CVSS6.8AI score0.00227EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/01/13 11:21 a.m.26 views

CVE-2025-14001 WP Duplicate Page <= 1.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication

The WP Duplicate Page plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'duplicateBulkHandle' and 'duplicateBulkHandleHPOS' functions in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with...

5.4CVSS0.00227EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/13 11:21 a.m.4 views

CVE-2025-14001 WP Duplicate Page <= 1.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication

The WP Duplicate Page plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'duplicateBulkHandle' and 'duplicateBulkHandleHPOS' functions in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with...

5.4CVSS4.9AI score0.00227EPSS
Exploits0References4
CVE
CVE
added 2026/01/13 11:21 a.m.19 views

CVE-2025-14001

CVE-2025-14001 relates to the WordPress plugin WP Duplicate Page (versions

5.4CVSS4.9AI score0.00227EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 11:11 a.m.10 views

CVE-2016-10840

cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication SEC-72...

9CVSS7.8AI score0.02058EPSS
Exploits0References1
Rows per page
Query Builder