Lucene search
+L

4302 matches found

nuclei
nuclei
added 13 hours ago14 views

Yonyou YonBIP - Path Traversal

Yonyou YonBIP v3 and before contains a path traversal caused by improper validation in the LoginWithV8 interface of the series data application service system, letting unauthorized attackers access sensitive information. id: CVE-2025-66744 info: name: Yonyou YonBIP - Path Traversal author:...

7.5CVSS7AI score0.01446EPSS
Exploits0References2
nvd
nvd
added 15 hours ago5 views

CVE-2026-12525

The Redux Framework WordPress plugin before 4.5.13 does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate their privileges to Administrator by submitting a crafted value while updating their own profile...

8.8CVSS
Exploits0References1
osv
osv
added 6 days ago4 views

CVE-2026-57219 RabbitMQ: Unauthenticated disclosure of OAuth client credentials via an HTTP API endpoint with certain less common OAuth 2 configurations

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, the obsolete GET /api/auth endpoint can disclose the OAuth 2 client secret on RabbitMQ installations configured with management.oauthclientsecret, exposing credentials to unauthenticated callers when the...

8.7CVSS6.1AI score0.00359EPSS
Exploits0References8
debiancve
debiancve
added 2026/07/08 4:16 p.m.5 views

CVE-2026-59926

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...

6.1CVSS5.8AI score0.00191EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.5 views

PT-2026-56512

Name of the Vulnerable Software and Affected Versions Mistune versions prior to 3.3.0 Description The safe url filter in src/mistune/renderers/html.py fails to block several legacy or chained URI schemes. While it restricts javascript:, vbscript:, file:, and data:, it allows schemes such as feed:...

6.1CVSS6.2AI score0.00198EPSS
Exploits1References31
euvd
euvd
added 2026/07/07 4:40 p.m.7 views

EUVD-2026-42058

Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API...

9.8CVSS6AI score0.0041EPSS
Exploits0References1
patchstack
patchstack
added 2026/07/02 1:38 p.m.5 views

WordPress Kitchor theme <= 1.4.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Kitchor versions = 1.4.3...

7.5CVSS5.9AI score0.00496EPSS
Exploits0Affected Software1
patchstack
patchstack
added 2026/07/02 1:31 p.m.5 views

WordPress Aalto theme <= 1.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Aalto versions = 1.8...

7.5CVSS5.9AI score0.00496EPSS
Exploits0Affected Software1
attackerkb
attackerkb
added 2026/07/01 1:57 p.m.6 views

CVE-2026-6687

FatFs R0.16 and earlier contains a stack overflow bug in fgetlabel because exFAT label length XDIRNumLabel is trusted without enforcing spec maximums. This maps to CWE-121 Stack-based Buffer Overflow. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 7.6, High. The estimate...

7.6CVSS5.8AI score0.00232EPSS
Exploits2References5
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.9 views

PT-2026-54920

Name of the Vulnerable Software and Affected Versions Mediawiki - Cargo Extension versions prior to 1.43.9 Mediawiki - Cargo Extension versions prior to 1.44.6 Mediawiki - Cargo Extension versions prior to 1.45.4 Description Improper neutralization of special elements used in an SQL command allow...

9.8CVSS6AI score0.00283EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/06/30 4:29 p.m.8 views

CVE-2026-10654 RFCOMM session-disconnect race leaks session/L2CAP and denies further RFCOMM service in Zephyr Bluetooth Classic

A race condition in the Zephyr Bluetooth Classic RFCOMM host stack subsys/bluetooth/host/classic/rfcomm.c mishandles a simultaneous bidirectional session disconnect. When the local device has initiated a session teardown state BTRFCOMMSTATEDISCONNECTING, DISC sent, RTX timer armed and the connect...

3.1CVSS5.8AI score0.00128EPSS
Exploits1References2
nvd
nvd
added 2026/06/30 4:16 p.m.11 views

CVE-2026-48313

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read and limited write access. An attacker could exploit this vulnerability to access sensitive...

9.3CVSS0.01577EPSS
Exploits0References1
cve
cve
added 2026/06/30 3:12 p.m.87 views

CVE-2026-48285

CVE-2026-48285 affects ColdFusion versions 2025.9, 2023.20 and earlier. It describes a Server-Side Request Forgery (SSRF) that can bypass security features and grant unauthorized read access without user interaction. The Bug’s scope is reported as changed, and the CVSS v3.1 base score is 8.6 (HIG...

8.6CVSS5.8AI score0.00439EPSS
Exploits0References1Affected Software1
cve
cve
added 2026/06/30 3:11 p.m.62 views

CVE-2026-48283

CVE-2026-48283 affects ColdFusion versions 2025.9, 2023.20 and earlier. The vulnerability is an Unrestricted Upload of File with Dangerous Type (CWE-434) that can lead to arbitrary code execution in the context of the current user. Exploitation requires no user interaction and is network‑visible;...

10CVSS6.4AI score0.0063EPSS
Exploits0References1Affected Software1
cve
cve
added 2026/06/30 1:36 p.m.28 views

CVE-2025-53648

CVE-2025-53648 affects Gravitino UI prior to 1.0.0, where a SQL misconfiguration can allow a malicious user to read or truncate files. The vulnerability is triggered by improper SQL handling in the Gravitino UI, impacting versions 1.0.0 and earlier. Upgrading to version 1.0.0 (as recommended) fix...

5.4CVSS5.7AI score0.00348EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/06/29 5:20 p.m.8 views

EUVD-2026-40168

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

7.1CVSS5.8AI score0.00246EPSS
Exploits0References4
nvd
nvd
added 2026/06/26 10:16 p.m.14 views

CVE-2026-36478

An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsServerApp.exe, DnsServerApp.dll, TechnitiumLibrary.Net/Dns/DnsClient.cs components...

7.5CVSS0.00386EPSS
Exploits0References1
patchstack
patchstack
added 2026/06/26 12:32 p.m.33 views

WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.19.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Vimalatithyan S. Technieum in WordPress Plugin Email Marketing for WooCommerce by Omnisend versions = 1.19.0...

5.4CVSS5.8AI score0.00275EPSS
Exploits0Affected Software1
nvd
nvd
added 2026/06/25 11:17 p.m.12 views

CVE-2026-40082

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing sessionregenerateid after login, leading to Session Fixation. sessionregenerateid is NOT called after successful login. The login flow at authlogin.php:203-207 directly sets $SESSIONSESSUSER...

5.4CVSS0.00183EPSS
Exploits1References3
cve
cve
added 2026/06/25 5:57 p.m.14 views

CVE-2026-12921

In DAQFactory by AzeoTech, versions 21.1 and earlier have a Use After Free vulnerability in a component accessible via specially crafted .ctl files, which can lead to code execution. The CVSSv4.0 metrics indicate a HIGH base score (8.4) with a LOCAL attack vector, LOW attack complexity, and user ...

8.4CVSS5.9AI score0.0014EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder