Lucene search
K

709 matches found

NVD
NVD
added 11 hours ago3 views

CVE-2026-57388

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through = 1.1.44...

7.1CVSS
Exploits0References1
CVE
CVE
added 12 hours ago6 views

CVE-2026-57388

CVE-2026-57388 describes a Stored XSS vulnerability in Themefic Hydra Booking (WordPress Hydra Booking plugin, hydra-booking) affecting versions up to and including 1.1.44. The root cause is improper neutralization of input during web page generation. Impact is cross-site scripting with low to mo...

7.1CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 12 hours ago4 views

CVE-2026-57388 WordPress Hydra Booking plugin <= 1.1.44 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through = 1.1.44...

7.1CVSS
Exploits0References1
Nuclei
Nuclei
added 17 hours ago22 views

MPDV Mikrolab GmbH HYDRA X, MIP 2 & FEDRA 2 - Path Traversal

MPDV Mikrolab GmbH HYDRA X, MIP 2, and FEDRA 2 = Maintenance Pack 36 with Servicepack 8 week 36/2025 contain an unauthenticated local file disclosure vulnerability caused by improper validation of the "Filename" parameter in the public $SCHEMAS$ resource, letting attackers read arbitrary Windows ...

7.5CVSS7.1AI score0.03625EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42550

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS5.9AI score0.00435EPSS
Exploits0References10
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-12433 Hydra Booking <= 1.2.1 - Authenticated (Custom+) Insecure Direct Object Reference to Sensitive Information Exposure via 'booking_id' Parameter

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS0.00435EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-12433

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS5.9AI score0.00435EPSS
Exploits0References11
Patchstack
Patchstack
added 5 days ago5 views

WordPress Hydra Booking plugin <= 1.1.44 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by HaiND in WordPress Plugin Hydra Booking versions = 1.1.44...

7.1CVSS6.1AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-56766

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and...

8.8CVSS6.9AI score0.01325EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/06/29 9:20 a.m.7 views

CVE-2026-56766

A flaw was found in Hydra. A malicious server can exploit a stack buffer overflow vulnerability in the NTLM authentication modules by sending a specially crafted NTLM Type-2 challenge. This can lead to an overflow of a stack buffer, potentially enabling remote code execution on systems that lack...

8.8CVSS6.5AI score0.01325EPSS
Exploits2References5
SUSE CVE
SUSE CVE
added 2026/06/27 1:52 a.m.8 views

SUSE CVE-2026-56766

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS6.6AI score0.01325EPSS
Exploits2References3
OSV
OSV
added 2026/06/27 12:0 a.m.3 views

OPENSUSE-SU-2026:11131-1 hydra-9.7+git20.gbccaea1-1.1 on GA media

These are all security issues fixed in the hydra-9.7+git20.gbccaea1-1.1 package on the GA media of openSUSE Tumbleweed...

8.8CVSS5.8AI score0.01325EPSS
Exploits2References1
NVD
NVD
added 2026/06/25 7:16 p.m.10 views

CVE-2026-56766

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS0.01325EPSS
Exploits2References2
OSV
OSV
added 2026/06/25 7:16 p.m.5 views

UBUNTU-CVE-2026-56766

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS6.6AI score0.01325EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/06/25 6:1 p.m.29 views

CVE-2026-56766 Hydra - Stack Buffer Overflow in NTLM Authentication Handler

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS0.01325EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 6:1 p.m.5 views

CVE-2026-56766

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS6.8AI score0.01325EPSS
Exploits2References3
CVE
CVE
added 2026/06/25 6:1 p.m.25 views

CVE-2026-56766

Hydra before 9.7 contains a stack buffer overflow in the NTLM authentication handler used by SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing crafted NTLM Type-2 challenges. A malicious server can send a long domain in NTLM Type-2, overflowing a 500-byte st...

8.8CVSS6.8AI score0.01325EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.11 views

CVE-2026-42675

Missing Authorization vulnerability in Themefic Hydra Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hydra Booking: from n/a through 1.1.41...

7.3CVSS5.4AI score0.00178EPSS
Exploits0References1
Wolfi
Wolfi
added 2026/06/02 1:48 a.m.22 views

GHSA-CG87-VWWH-XVGJ vulnerabilities

Vulnerabilities for packages: flux, glab, kubernetes-dashboard, crossplane-provider-azure-storage, argo-cd, minio, hubble, step, opentelemetry-collector, helm, kots, ingress-nginx-controller, prometheus-operator, karpenter, kubernetes, kyverno, zot, prometheus, crossplane-provider-aws-elasticache...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/02 1:48 a.m.19 views

GHSA-5CV4-JP36-H3MW vulnerabilities

Vulnerabilities for packages: flux, glab, kubernetes-dashboard, crossplane-provider-azure-storage, argo-cd, minio, hubble, step, opentelemetry-collector, helm, kots, ingress-nginx-controller, prometheus-operator, karpenter, kubernetes, kyverno, zot, prometheus, crossplane-provider-aws-elasticache...

6.1AI score
Exploits0
Rows per page
Query Builder