Lucene search
K

8191 matches found

Nuclei
Nuclei
added yesterday1420 views

Microsoft FrontPage Extensions - Information Disclosure

Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /vtibin/ virtual directory. id: CVE-2000-0114 info: name: Microsoft FrontPage Extensions - Information Disclosure author: r3naissance,matejsmycka severity...

5CVSS6.1AI score0.47595EPSS
Exploits1References3
NVD
NVD
added 2 days ago6 views

CVE-2026-58101

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3EXTd2iext returns NULL when an extension's DER value fails to parse. basicC, ia5string, and authatt dereference its result without a NULL check. keyiddata also dereferences akid-keyid,...

7.5CVSS0.00106EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-58102 Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...

0.00106EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-58101 Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3EXTd2iext returns NULL when an extension's DER value fails to parse. basicC, ia5string, and authatt dereference its result without a NULL check. keyiddata also dereferences akid-keyid,...

0.00106EPSS
Exploits0References2
CVE
CVE
added 2 days ago12 views

CVE-2026-58101

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3EXTd2iext returns NULL when an extension's DER value fails to parse. basicC, ia5string, and authatt dereference its result without a NULL check. keyiddata also dereferences akid-keyid,...

7.5CVSS6.1AI score0.00106EPSS
Exploits0References2
NVD
NVD
added 2 days ago5 views

CVE-2026-58409

ChurchCRM is an open-source church management system. Prior to version 7.4.0, an authenticated administrator can achieve Remote Code Execution RCE on the server by installing a malicious plugin ZIP archive containing a PHP webshell. The application explicitly includes 'php' in its ALLOWEDEXTENSIO...

9.1CVSS0.00456EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-58409 ChurchCRM: Authenticated Remote Code Execution (RCE) via Malicious Plugin Upload

ChurchCRM is an open-source church management system. Prior to version 7.4.0, an authenticated administrator can achieve Remote Code Execution RCE on the server by installing a malicious plugin ZIP archive containing a PHP webshell. The application explicitly includes 'php' in its ALLOWEDEXTENSIO...

9.1CVSS0.00456EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-57745

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Reflected XSS.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-57743

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local File Inclusion.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

8.1CVSS0.00415EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-57744

Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

9.8CVSS0.00313EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-57743 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local File Inclusion.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

8.1CVSS0.00415EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-57745 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Reflected XSS.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-57744 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

9.8CVSS0.00313EPSS
Exploits0References1
CVE
CVE
added 2 days ago13 views

CVE-2026-57745

CVE-2026-57745 concerns a Reflected Cross-Site Scripting vulnerability in the WordPress RT-Theme 18 Extensions (rt18-extensions) plugin, affecting version &lt;= 2.5. The issue is described as improper neutralization of input during web page generation, enabling reflected XSS. Affected product/com...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2 days ago11 views

CVE-2026-57744

The CVE-2026-57744 entry describes a PHP Object Injection vulnerability in the WordPress plugin RT-Theme 18 Extensions, affected versions up to and including 2.5. The root cause is Deserialization of Untrusted Data, enabling object injection. Impact is rated high (CVSS 3.1: 9.8, Confidentiality/I...

9.8CVSS6.1AI score0.00313EPSS
Exploits0References1
CVE
CVE
added 2 days ago14 views

CVE-2026-57743

CVE-2026-57743 describes animproper control of the filename for include/require in the PHP program, enabling a PHP Local File Inclusion vulnerability in the WordPress plugin set RT-Theme 18 | Extensions (rt18-extensions). Affected: RT-Theme 18 Extensions versions up to and including 2.5. The issu...

8.1CVSS6.1AI score0.00415EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-39125

SiYuan: Unauthenticated Admin API Access via Blanket chrome-extension:// Origin Allowlist...

9.2CVSS6.1AI score0.00607EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 6 days ago6 views

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the...

9.1CVSS6AI score0.00525EPSS
Exploits0References8
NVD
NVD
added 6 days ago17 views

CVE-2026-15158

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS0.00995EPSS
Exploits0References3
CVE
CVE
added 6 days ago20 views

CVE-2026-15158

Blocksy Companion

9.8CVSS6.6AI score0.00995EPSS
Exploits0References3
Rows per page
Query Builder