Lucene search
K

245 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-41271

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1
NVD
NVD
added 2 days ago6 views

CVE-2026-8480

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 included, 4.4.0 to 4.8.15 included , 5.0.2 EA to 5.0.5 included A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to...

4.3CVSS0.00087EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-40107

Unauthenticated Cross Site Scripting XSS in Jobify = 4.3.2 versions...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added last week34 views

CVE-2025-68063 WordPress Splash - Sport Club WordPress theme for Basketball, Football, Hockey theme <= 4.4.3 - Local File Inclusion vulnerability

Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey = 4.4.3 versions...

7.5CVSS0.0032EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 6:50 a.m.24 views

CVE-2026-12137 SysBasics Customize My Account for WooCommerce <= 4.3.6 - Reflected Cross-Site Scripting via 'tab' Parameter

The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. Thi...

6.1CVSS0.00211EPSS
Exploits0References4
CVE
CVE
added 2026/06/17 5:21 p.m.24 views

CVE-2026-30803

RTI Connext Micro (Core Libraries) is affected by an Integer Underflow (wrap/wraparound) vulnerability that allows overread of buffers. Affected versions are Connext Micro 4.0.0 up to (but not including) 4.3.0. The issue is documented across CVE-2026-30803 entries in NVD and CVE records; no explo...

8.8CVSS5.2AI score0.00276EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36955

Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...

7.1CVSS5.2AI score0.00278EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.8 views

PT-2026-49394

Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...

7.1CVSS5.2AI score0.00278EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 4:37 p.m.28 views

CVE-2026-45154

Nextcloud Collectives vulnerability: from version 2.6.0 through before 4.3.0, if a collective page was deleted and the collective was shared view‑only, guests with access could directly retrieve the deleted pages from the trashbin. Root cause: improper access control. A fix is available in versio...

2.6CVSS5.7AI score0.00189EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.11 views

PT-2026-45470

Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...

2.6CVSS5.7AI score0.00189EPSS
Exploits0References4
CVE
CVE
added 2026/05/27 9:49 a.m.21 views

CVE-2026-42735

The CVE concerns the WordPress KiviCare plugin by Iqonic Design (affected: KiviCare kivicare-clinic-management-system, plugin version

8.2CVSS5.8AI score0.00255EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/26 1:54 a.m.27 views

SUSE CVE-2026-7737

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated...

7.5CVSS5.6AI score0.00631EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-45232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows netwo...

3.7CVSS5.5AI score0.00337EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/18 5:40 p.m.11 views

EUVD-2026-29439

multiparty vulnerable to ReDoS via filename parsing...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/18 5:35 p.m.9 views

EUVD-2026-29441

multiparty vulnerable to Denial of Service via Uncaught Exception in filename parameter parsing...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References4
OSV
OSV
added 2026/05/18 5:35 p.m.9 views

GHSA-XH3C-6GCQ-G4RV multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition: filename=utf-8'' header containing a malformed percent-encoding e.g., %FF, %GG, the parser invokes decodeURI on the value...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/18 5:35 p.m.15 views

multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception

Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property e.g., proto, constructor, toString, the parser invokes .push on the inherited...

7.5CVSS5.8AI score0.00473EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/05/18 1:26 p.m.8 views

CLEANSTART-2026-AN27706 Security fixes for CVE-2026-22815, CVE-2026-30922, CVE-2026-31958, CVE-2026-32597, CVE-2026-33175, CVE-2026-34052, CVE-2026-34073, CVE-2026-34513, CVE-2026-34514, CVE-2026-34515, CVE-2026-34516, CVE-2026-34517, CVE-2026-34518, CVE-2026-34519, CVE-2026-34520, CVE-2026-34525, CVE-2026-44431, CVE-2026-44432, ghsa-752w-5fwx-jx9f, ghsa-78cv-mqj4-43f7, ghsa-gc5v-m9x4-r6x2, ghsa-jr27-m4p2-rc6r, ghsa-m959-cc7f-wv43, ghsa-qjxf-f2mg-c6mc applied in versions: 4.3.2-r0, 4.3.2-r1, 4.3.2-r2, 4.3.2-r3

Multiple security vulnerabilities affect the jupyterhub-k8s-hub package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS7.3AI score0.0068EPSS
Exploits2References43
Cvelist
Cvelist
added 2026/05/14 3:27 a.m.47 views

CVE-2026-7648 LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.5 - Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment via 'quantity' Parameter

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...

4.3CVSS0.00423EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.17 views

PT-2026-40851

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...

4.3CVSS5.8AI score0.00423EPSS
Exploits0References9
Rows per page
Query Builder