Lucene search
K

3347 matches found

Debian CVE
Debian CVE
added 6 days ago4 views

CVE-2026-59926

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...

6.1CVSS5.8AI score0.00191EPSS
Exploits0
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-56512

Name of the Vulnerable Software and Affected Versions Mistune versions prior to 3.3.0 Description The safe url filter in src/mistune/renderers/html.py fails to block several legacy or chained URI schemes. While it restricts javascript:, vbscript:, file:, and data:, it allows schemes such as feed:...

6.1CVSS6.2AI score0.00198EPSS
Exploits1References10
Patchstack
Patchstack
added 2026/07/02 1:38 p.m.5 views

WordPress Kitchor theme <= 1.4.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Kitchor versions = 1.4.3...

7.5CVSS5.9AI score0.00496EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/02 1:31 p.m.5 views

WordPress Aalto theme <= 1.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Aalto versions = 1.8...

7.5CVSS5.9AI score0.00496EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54920

Name of the Vulnerable Software and Affected Versions Mediawiki - Cargo Extension versions prior to 1.43.9 Mediawiki - Cargo Extension versions prior to 1.44.6 Mediawiki - Cargo Extension versions prior to 1.45.4 Description Improper neutralization of special elements used in an SQL command allow...

9.8CVSS6AI score0.00283EPSS
Exploits0References5
NVD
NVD
added 2026/06/30 4:16 p.m.11 views

CVE-2026-48313

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read and limited write access. An attacker could exploit this vulnerability to access sensitive...

9.3CVSS0.01577EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 3:12 p.m.87 views

CVE-2026-48285

CVE-2026-48285 affects ColdFusion versions 2025.9, 2023.20 and earlier. It describes a Server-Side Request Forgery (SSRF) that can bypass security features and grant unauthorized read access without user interaction. The Bug’s scope is reported as changed, and the CVSS v3.1 base score is 8.6 (HIG...

8.6CVSS5.8AI score0.00439EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/30 3:11 p.m.59 views

CVE-2026-48283

CVE-2026-48283 affects ColdFusion versions 2025.9, 2023.20 and earlier. The vulnerability is an Unrestricted Upload of File with Dangerous Type (CWE-434) that can lead to arbitrary code execution in the context of the current user. Exploitation requires no user interaction and is network‑visible;...

10CVSS6.4AI score0.0063EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/26 12:32 p.m.33 views

WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.19.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Vimalatithyan S. Technieum in WordPress Plugin Email Marketing for WooCommerce by Omnisend versions = 1.19.0...

5.4CVSS5.8AI score0.00275EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/25 11:17 p.m.10 views

CVE-2026-40082

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing sessionregenerateid after login, leading to Session Fixation. sessionregenerateid is NOT called after successful login. The login flow at authlogin.php:203-207 directly sets $SESSIONSESSUSER...

5.4CVSS0.00183EPSS
Exploits1References3
CVE
CVE
added 2026/06/25 5:57 p.m.10 views

CVE-2026-12921

In DAQFactory by AzeoTech, versions 21.1 and earlier have a Use After Free vulnerability in a component accessible via specially crafted .ctl files, which can lead to code execution. The CVSSv4.0 metrics indicate a HIGH base score (8.4) with a LOCAL attack vector, LOW attack complexity, and user ...

8.4CVSS5.9AI score0.0014EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52615

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Description The Custom MCP feature, used for executing OS commands like launching local MCP servers, is unsandboxed. Due to a minimal authentication and authorization model lacking role-based access control, and...

9.8CVSS6AI score0.00757EPSS
Exploits1References7
NVD
NVD
added 2026/06/19 2:16 p.m.11 views

CVE-2026-48137

There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially...

9.8CVSS0.00549EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 12:0 a.m.24 views

CVE-2026-38714

CVE-2026-38714 affects InHand Networks IR912 and IR915 devices (firmware v1.0.0.r20042 and earlier). A command-injection flaw exists in the Python configuration function, allowing remote attackers to execute arbitrary commands as root via a crafted input. Documents do not specify exploited vector...

9.8CVSS6AI score0.01316EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-39557

Unauthenticated PHP Object Injection in NeoBeat = 1.7 versions...

8.1CVSS0.00395EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.32 views

CVE-2026-45436 WordPress WPBakery Page Builder plugin <= 8.7.2 - Broken Access Control vulnerability

Subscriber Broken Access Control in WPBakery Page Builder = 8.7.2 versions...

6.5CVSS0.00304EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50564

Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.16.0 Steeltoe affected versions not specified Description TypeBot contains an Insecure Direct Object Reference IDOR issue—a flaw where an application provides direct access to objects based on user-supplied...

7.1CVSS5.2AI score0.00202EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/16 11:52 a.m.7 views

CVE-2026-12326 Memory safety bugs fixed in Firefox 152 and Thunderbird 152

Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.8AI score0.00251EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.12 views

PT-2026-50087

Unauthenticated Privilege Escalation in Support Board 3.8.9 versions...

9.8CVSS5.2AI score0.00345EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 8:18 p.m.10 views

EUVD-2026-36837

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

6.5CVSS5.2AI score0.00144EPSS
Exploits0References1
Rows per page
Query Builder