Lucene search
K

951 matches found

OSV
OSV
added 11 hours ago6 views

ROOT-OS-UBUNTU-2404-CVE-2025-71192 CVE-2025-71192 in rootio-linux - Patched by Root

Root has patched CVE-2025-71192 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.4AI score0.00156EPSS
Exploits0
NVD
NVD
added 14 hours ago6 views

CVE-2026-12133

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in versions up to, and including, 5.7.8. This is due to a missing capability check in the joomsportseasongroupdel AJAX handler, which only...

4.3CVSS
Exploits0References10
Nuclei
Nuclei
added 16 hours ago20 views

JoomSport <= 5.7.7 - SQL Injection

The JoomSport WordPress plugin through 5.7.7 is vulnerable to unauthenticated time-based blind SQL injection via the 'sortf' GET parameter in the player list view. The parameter value is backtick-wrapped and directly concatenated into an ORDER BY clause. id: CVE-2026-42647 info: name: JoomSport =...

9.3CVSS5.8AI score0.01323EPSS
Exploits1References4
OSV
OSV
added 2026/06/22 2:0 p.m.3 views

MINI-MX7M-PFRJ-5X7M

Bulletin has no description...

8CVSS5.8AI score0.00472EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Squid

A buffer overflow was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers were vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations were sent to a...

8.6CVSS7.8AI score0.0282EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Mariadb 10.3

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. The supported versions affected are 5.7.33 and earlier, as well as 8.0.23 and earlier. This easily exploitable vulnerability allows a highly privileged attacker with network access via multiple protocols to compromi...

4.9CVSS6.7AI score0.04643EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 7:42 p.m.36 views

CVE-2026-48814

Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions

9.1CVSS5.3AI score0.00297EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 5:7 p.m.6 views

EUVD-2026-37767

In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists...

4.3CVSS5.3AI score0.00217EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-50174

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description The MicrosoftAgent365Trigger and StripeTrigger nodes fail to validate inbound requests. This allows an unauthenticated attacker with knowledge of the webhook URL to submit a...

7.2CVSS6AI score0.00276EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 8:18 p.m.6 views

EUVD-2026-36839

Unauthenticated Cross Site Scripting XSS in AutomatorWP = 5.7.2 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 9:4 p.m.7 views

CVE-2026-42647 WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7...

9.3CVSS5.6AI score0.01323EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.11 views

CVE-2026-53694

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2...

7.3CVSS5.4AI score0.00131EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.7 views

CVE-2026-42266

A flaw was found in JupyterLab, an extensible environment for interactive computing. The PyPI Extension Manager, responsible for installing extensions, failed to properly enforce its allow-list of approved extensions. This vulnerability allowed for the installation of unauthorized extensions from...

8.8CVSS6.4AI score0.0053EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.17 views

PHP 8.5.x < 8.5.7 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.5.7. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.5.7 advisory. - In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal. CVE-2026-44928 - In uriparse...

5.3CVSS5.6AI score0.00211EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/03 1:22 p.m.7 views

WordPress AutomatorWP plugin <= 5.7.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin AutomatorWP versions = 5.7.2...

7.1CVSS5.5AI score0.00175EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.5 views

DesDev DedeCMS SQL注入漏洞

DesDev DedeCMS is an open-source content management system CMS developed by DesDev Corporation. It is built using PHP. This system offers functions such as content publishing, content management, content editing, and content retrieval. Version 5.7.88 of DesDev DedeCMS contains a SQL injection...

7.5CVSS5.6AI score0.00308EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/15 9:17 p.m.9 views

CVE-2026-45345 Open WebUI: Missing authorization check at the model update function - models from other users can be updated

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.7, a user can modify another user's model even if its visibility is set to Private. By changing the access permissions during editing, unauthorized access can be gained. This...

6.5CVSS5.8AI score0.00226EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 9:17 p.m.6 views

CVE-2026-45345

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.7, a user can modify another user's model even if its visibility is set to Private. By changing the access permissions during editing, unauthorized access can be gained. This...

6.5CVSS5.8AI score0.00226EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/15 8:41 a.m.6 views

BIT-JUPYTER-BASE-NOTEBOOK-2026-42557 jupyterlab: Command linker attributes in HTML enable one-click command execution from untrusted content

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...

9.6CVSS6.3AI score0.00386EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 5:29 a.m.16 views

CVE-2026-6929

The CVE pertains to the JoomSport WordPress plugin (Team & League, Football, Hockey & more). Affected versions are up to and including 5.7.7, with a time-based blind SQL Injection via the sortf parameter caused by insufficient escaping and inadequate preparation of the SQL query. The vulnerabilit...

7.5CVSS5.9AI score0.00322EPSS
Exploits0References6
Rows per page
Query Builder