Lucene search
K

23434 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-23697

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS0.00758EPSS
Exploits2References3
Nuclei
Nuclei
added 2 days ago20 views

Joomla! JCE extension < 2.9.99.5 unauthenticated RCE

Joomla JCE editor extension contains an unrestricted file upload vulnerability caused by allowing unauthenticated users to create new editor profiles, letting attackers upload and execute PHP code remotely, exploit requires no authentication. id: CVE-2026-48907 info: name: Joomla! JCE extension...

10CVSS7.5AI score0.80425EPSS
Exploits18References4
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42055

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS6.8AI score0.00758EPSS
Exploits2References3
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-4375 DoLeads Integrator <= 1.2.2 & wp2epub <= 0.65 - Unauthenticated RCE

The DoLeads Integrator WordPress plugin through 0.65, wp2epub WordPress plugin through 0.65 have been seen to be used to achieve RCE, once they are added adding to a blog, for example using a vulnerability where unclosed extensions from wordpress.org can be installed by unauthorized users...

0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-40257

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.21.0 and prior to version 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one erro...

5.5CVSS6AI score0.00109EPSS
Exploits0References2Affected Software1
CVE
CVE
added 3 days ago14 views

CVE-2026-6382

The CVE affects multiple elFinder-based WordPress plugins: FileOrganizer (before 1.1.9), Advanced File Manager (before 5.4.12), File Manager Pro (before 2.1.1), and File Manager (before 8.0.4). The root cause is improper escaping of a parameter passed to a shell command during image operations, e...

9.1CVSS6AI score0.00902EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago26 views

CVE-2026-14776 SourceCodester Onlne Examination & Learning Management System Filename Extension upload_files.php pathinfo unrestricted upload

A security flaw has been discovered in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this vulnerability is the function pathinfo of the file /uploadfiles.php of the component Filename Extension. Performing a manipulation results in unrestricted upload. Remote...

6.5CVSS0.00214EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 4 days ago7 views

Debian dsa-6377 : libapache2-mod-php8.4 - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6377 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6377-1 [email protected] https://www.debian.org/security/ Moritz...

5.6CVSS6.2AI score0.00276EPSS
Exploits0References4
Debian
Debian
added 5 days ago6 views

[SECURITY] [DLA 4669-1] php8.2 security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4669-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta July 04, 2026 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...

5.6CVSS6.1AI score0.00276EPSS
Exploits0
Debian
Debian
added 5 days ago4 views

[SECURITY] [DSA 6377-1] php8.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6377-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 04, 2026 https://www.debian.org/security/faq -...

5.6CVSS6.1AI score0.00276EPSS
Exploits0
Cvelist
Cvelist
added 6 days ago73 views

CVE-2026-14355 ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS0.00276EPSS
Exploits0References1
CVE
CVE
added 6 days ago27 views

CVE-2026-14355

The CVE-2026-14355 issue affects PHP 8.2.x before 8.2.32, 8.3.x before 8.3.32, 8.4.x before 8.4.23, and 8.5.x before 8.5.8. It is caused by a buffer allocation flaw in the AES-WRAP-PAD algorithm within the OpenSSL extension, where the output buffer for AES key-wrap-with-padding is sized from plai...

5.6CVSS6.1AI score0.00276EPSS
Exploits0References2Affected Software1
Nuclei
Nuclei
added 6 days ago81 views

Suprema BioStar <2.8.2 - Local File Inclusion

Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion. id: CVE-2020-15050 info: name: Suprema BioStar 2.8.2 - Local File Inclusion author: gy741 severity: high description: Suprema BioStar before 2.8.2 Video Extensio...

7.5CVSS7.2AI score0.50734EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 6 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-14355

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension...

5.6CVSS6.2AI score0.00276EPSS
Exploits0References3
OSV
OSV
added last week3 views

GHSA-4H7G-5542-V3FC mediawiki/maps has stored XSS through the overlays parameter in the display_map parser function

Summary Stored XSS through wikitext can be performed by inserting malicious HTML into the overlays parameter of the displaymap parser function when using the leaflet service. Details The maps extension doesn't escape overlay names before passing them to leaflet. Leaflet then inserts them as HTML:...

8.6CVSS5.8AI score
Exploits0References2
Patchstack
Patchstack
added last week3 views

WordPress Ninja Forms - File Uploads plugin <= 3.3.29 - File Uploads <= 3.3.29 - Missing Authorization to Unauthenticated Log Disclosure and Deletion vulnerability

WordPress Ninja Forms - File Uploads plugin = 3.3.29 - File Uploads = 3.3.29 - Missing Authorization to Unauthenticated Log Disclosure and Deletion vulnerability discovered by Ad4m5 in WordPress Plugin Ninja Forms File Uploads Extension versions = 3.3.29...

5.3CVSS5.9AI score0.00223EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added last week8 views

EUVD-2026-36316

OpenClaw's marketplace runtime extension metadata could point at unscanned payloads...

8.8CVSS5.8AI score0.00419EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-58517

A flaw was found in The Wikimedia Foundation Mediawiki - WikiLambda Extension. This vulnerability, caused by improper neutralization of input terminators, allows an attacker to bypass authentication. This could lead to unauthorized access to the system. Mitigation To mitigate this vulnerability,...

9.1CVSS5.7AI score0.00342EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added last week6 views

CVE-2026-14363

A flaw was found in the Mediawiki Cargo Extension. This vulnerability, identified as SQL Injection, allows an attacker to execute malicious SQL commands. By exploiting improper handling of special characters in SQL commands, an attacker can potentially access, modify, or delete sensitive data...

9.8CVSS5.8AI score0.00294EPSS
Exploits0References6
Patchstack
Patchstack
added last week7 views

WordPress Ninja Forms - File Uploads plugin <= 3.3.29 - Unauthenticated Arbitrary File Read vulnerability

WordPress Ninja Forms - File Uploads plugin = 3.3.29 - Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin Ninja Forms File Uploads Extension versions = 3.3.29...

7.5CVSS5.8AI score0.00522EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder