Lucene search
+L

371 matches found

cve
cve
added 2026/04/14 9:26 p.m.15 views

CVE-2025-15565

The Nexi XPay plugin for WordPress (all versions up to and including 8.3.0) is vulnerable to unauthorized data modification due to missing authorization checks on the redirect function. This allows unauthenticated attackers to mark pending WooCommerce orders as paid or completed. CVSS 3.1 base sc...

5.3CVSS5.8AI score0.00189EPSS
Exploits0References2
cgr
cgr
added 2026/04/10 2:16 p.m.5 views

CVE-2026-39972 vulnerabilities

Vulnerabilities for packages: frankenphp-8.2, frankenphp-8.4, frankenphp-8.3, frankenphp-8.5...

7.1CVSS6.1AI score0.00341EPSS
Exploits0
cgr
cgr
added 2026/04/10 2:13 a.m.6 views

GHSA-HWR4-MQ23-WCV5 vulnerabilities

Vulnerabilities for packages: frankenphp-8.2, frankenphp-8.4, frankenphp-8.3, frankenphp-8.5...

6.1AI score
Exploits0
cgr
cgr
added 2026/04/10 2:13 a.m.5 views

GHSA-W8RR-5GCM-PP58 vulnerabilities

Vulnerabilities for packages: envoy-ratelimit, zot, cilium, beats-fips, docker-cli-buildx-fips, kiali, tempo, falcosidekick, tkn, argo-workflows-fips, net-kourier, opa-fips, flyte, splunk-otel-collector-fips, net-kourier-fips, weaviate, aws-otel-collector, thanos, caddy-fips, opentofu-fips,...

6.1AI score
Exploits0
snyk
snyk
added 2026/04/08 8:13 p.m.4 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the rotateFileVaultKey function in orbit/pkg/useraction/useractiondarwin.go. An attacker can execute arbitrary commands on macOS by supplying a crafted FileVault username or password that is interpolated into the...

8.5CVSS6.3AI score0.00111EPSS
Exploits0References2
osv
osv
added 2026/04/02 7:21 p.m.7 views

ALPINE-CVE-2026-34743

XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an Index that contained no Records, the resulting lzmaindex was left in a state where where a subsequent lzmaindexappend would allocate too little...

5.3CVSS5.8AI score0.00351EPSS
Exploits0References1
cve
cve
added 2026/04/02 6:36 p.m.97 views

CVE-2026-34743

XZ Utils contains a vulnerability (CVE-2026-34743) in lzma_index_append() when decoding an empty index with lzma_index_decoder(), which could leave the index in a state that permits a buffer overflow. The issue affects versions prior to 5.8.3; a patch is available in 5.8.3. Affected component is ...

6.3CVSS6AI score0.00351EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2026/04/02 6:36 p.m.23 views

CVE-2026-34743 XZ Utils: Buffer overflow in lzma_index_append()

XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an Index that contained no Records, the resulting lzmaindex was left in a state where where a subsequent lzmaindexappend would allocate too little...

6.3CVSS0.00351EPSS
Exploits0References3
nessus
nessus
added 2026/04/02 12:0 a.m.6 views

RHEL 9 : grafana-pcp (RHSA-2026:6383)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:6383 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References4
euvd
euvd
added 2026/03/28 9:33 p.m.4 views

EUVD-2026-16943

A flaw has been found in elecV2 elecV2P up to 3.8.3. This issue affects the function pm2run of the file /rpc. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem ear...

7.5CVSS6.7AI score0.01381EPSS
Exploits0References6
osv
osv
added 2026/03/26 7:49 p.m.8 views

CVE-2026-33532 yaml is vulnerable to Stack Overflow via deeply nested YAML collections

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

4.3CVSS6.2AI score0.0047EPSS
Exploits1References6
ptsecurity
ptsecurity
added 2026/03/25 12:0 a.m.7 views

PT-2026-27843

CVE-2026-23971 Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through = 8.3.8. https://t.co/0me4zW3qJ4...

5.9AI score0.00308EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/03/20 12:0 a.m.8 views

PT-2026-26660

Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Befo...

7.6CVSS5.8AI score0.00078EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/03/18 12:0 a.m.5 views

PT-2026-26206

Name of the Vulnerable Software and Affected Versions HAPI FHIR versions prior to 6.9.0 Description HAPI FHIR, a Java implementation of the HL7 FHIR standard, is affected by an issue where HTTP headers, potentially containing privacy-sensitive information, are sent to both the initial host and an...

8.2CVSS5.5AI score0.00264EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/03/11 12:0 a.m.7 views

PT-2026-24842

A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit h...

6.5CVSS5.5AI score0.00228EPSS
Exploits0References7
nessus
nessus
added 2026/03/10 12:0 a.m.5 views

Oracle Linux 10 : mysql8.4 (ELSA-2026-4162)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-4162 advisory. 8.4.8-1 - Rebase to 8.4.8 8.4.7-2 - Skip tests that are failing on Konflux - Resolves: ROK-831 Tenable has extracted the preceding description block...

6.5CVSS5.9AI score0.00337EPSS
Exploits0References7
euvd
euvd
added 2026/03/06 6:31 p.m.6 views

EUVD-2025-208340

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...

8.8CVSS5.8AI score0.0046EPSS
Exploits1References4
cve
cve
added 2026/03/06 4:16 p.m.28 views

CVE-2025-15602

Summary: CVE-2025-15602 affects Snipe-IT

8.8CVSS5.8AI score0.0046EPSS
Exploits1References3Affected Software1
osv
osv
added 2026/03/06 4:16 p.m.6 views

CVE-2025-15602 Snipe-IT < 8.3.7 Mass Assignment Vulnerability Leading to Privilege Escalation

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...

8.7CVSS6AI score0.0046EPSS
Exploits1References5
cnnvd
cnnvd
added 2026/03/06 12:0 a.m.5 views

chartbrew SQL注入漏洞

Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Versions of Chartbrew prior to 4.8.3 contained a SQL injection vulnerability. This vulnerability allows unverified attackers to inject arbitrary SQL queries into the database, potentially leading to...

9.8CVSS6AI score0.00513EPSS
Exploits1References2
Rows per page
Query Builder