Lucene search
K

10397 matches found

Cvelist
Cvelist
added 2026/07/01 4:32 a.m.34 views

CVE-2026-7517 Custom Payment Gateways for WooCommerce <= 2.1.0 - Unauthenticated Stored Cross-Site Scripting via 'alg_wc_cpg_input_fields' Parameter

The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'algwccpginputfields' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.00247EPSS
Exploits0References8
CVE
CVE
added 2026/07/01 4:32 a.m.23 views

CVE-2026-7517

The CVE-2026-7517 entry concerns the Custom Payment Gateways for WooCommerce WordPress plugin. It is vulnerable to Stored Cross-Site Scripting via the alg_wc_cpg_input_fields parameter in all versions up to 2.1.0 due to insufficient input sanitization and output escaping. Exploitation is possible...

7.2CVSS5.9AI score0.00247EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-54785

Name of the Vulnerable Software and Affected Versions Foreman affected versions not specified Description A broken access control issue allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is performed by modifying the mat...

6.5CVSS6AI score0.00242EPSS
Exploits0References10
OSV
OSV
added 2026/06/30 11:39 p.m.3 views

BIT-GHOST-2026-53949 Ghost Content API filter bypass reveals private fields

Ghost is a Node.js content management system. From 5.46.1 until 6.21.2, the validation applied to filters on the public API endpoints could be partially bypassed, making it possible to reveal private fields via a brute force attack. If SQLite was used as the database password hashes were fully...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 7:15 p.m.6 views

EUVD-2026-40383

IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields...

9.8CVSS6.4AI score0.00357EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 6:19 p.m.13 views

EUVD-2026-36100

Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape...

9.9CVSS5.8AI score0.00274EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/30 6:18 p.m.12 views

EUVD-2026-36098

Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover...

9.9CVSS5.8AI score0.003EPSS
Exploits0References7
OSV
OSV
added 2026/06/30 8:22 a.m.3 views

SUSE-SU-2026:2690-1 Security update for sg3_utils

This update for sg3utils fixes the following issue Update to version 1.44763+23.769c9b5b: - sginq: --export output conformance for SCSI name string and ATA fields bsc1267823...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/30 8:21 a.m.5 views

SUSE-SU-2026:2689-1 Security update for sg3_utils

This update for sg3utils fixes the following issue Update to version 1.43+49.47792c16: - sginq: --export output conformance for SCSI name string and ATA fields bsc1267823...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/30 8:21 a.m.4 views

SUSE-SU-2026:2688-1 Security update for sg3_utils

This update for sg3utils fixes the following issue - sginq: --export output conformance for SCSI name string and ATA fields bsc1267823...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/30 8:20 a.m.5 views

SUSE-SU-2026:2687-1 Security update for sg3_utils

This update for sg3utils fixes the following issue Update to version 1.44763+20.e416e091: - sginq: --export output conformance for SCSI name string and ATA fields bsc1267823...

5.8AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/29 5:50 p.m.7 views

atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...

8.4CVSS6.6AI score0.00529EPSS
Exploits1References12
CVE
CVE
added 2026/06/29 5:21 p.m.16 views

CVE-2026-57954

Vulnerability summary (CVE-2026-57954) Elide 7.1.17 has a flaw in SortingImpl.getValidSortingRules where @ReadPermission is not enforced on client-supplied sort expressions. This allows attackers to sort collections by forbidden fields and infer hidden field values via row ordering analysis, leak...

5.3CVSS5.8AI score0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 5:21 p.m.37 views

CVE-2026-57954 Elide 7.1.17 - Permission Bypass in Sort Expression Validation

Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers to sort collections by forbidden fields. Attackers can infer hidden field values through row ordering analysis, leaking relative field ordering across...

5.3CVSS0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 5:15 p.m.34 views

CVE-2026-56781 Teable - Unauthenticated Hidden Field Disclosure via Projection Parameter Override

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...

6.9CVSS0.00231EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/29 5:15 p.m.9 views

CVE-2026-56781 Teable - Unauthenticated Hidden Field Disclosure via Projection Parameter Override

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...

6.9CVSS5.9AI score0.00231EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 5:15 p.m.9 views

CVE-2026-56781

The CVE-2026-56781 entry details an improper access control in Teable prior to 2026-06-15T04-43-24Z.1912 where anonymous attackers can access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs...

6.9CVSS5.9AI score0.00231EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 12:30 p.m.36 views

CVE-2026-13567 code-projects Online Music Site POST Request Feedback.php cross site scripting

A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST Request Handler. The manipulation of the argument fname/femail/faddress/fmessage results in cross site scripting. The attack may be...

5.3CVSS0.00273EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/29 12:30 p.m.8 views

EUVD-2026-40082

A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST Request Handler. The manipulation of the argument fname/femail/faddress/fmessage results in cross site scripting. The attack may be...

5.3CVSS4.4AI score0.00273EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/29 4:49 a.m.7 views

CVE-2026-54270

A flaw was found in protobufjs. This library compiles protobuf definitions into JavaScript JS functions. A remote attacker could send a specially crafted protobuf payload containing numerous unknown fields. This could cause the decoded message to retain substantially more memory than expected,...

5.3CVSS5.8AI score0.00293EPSS
Exploits0References4
Rows per page
Query Builder