Lucene search
K

457709 matches found

CVE
CVE
โ€ขadded 2026/06/17 4:32 a.m.โ€ข17 views

CVE-2026-12360

The CVE concerns the JetEngine WordPress plugin โ‰ค 3.8.10.1, where the listing_load_more AJAX endpoint mishandles the filtered_query field. Specifically, meta_query row values are not sanitized before being merged into SQL, and these values are excluded from the HMAC signature check to support fro...

7.5CVSS5.7AI score0.00322EPSS
Exploits0References6
SUSE CVE
SUSE CVE
โ€ขadded 2026/06/17 2:23 a.m.โ€ข10 views

SUSE CVE-2026-6893

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

8.8CVSS6AI score0.01131EPSS
Exploits0References7
Debian CVE
Debian CVE
โ€ขadded 2026/06/17 1:38 a.m.โ€ข7 views

CVE-2026-12463

Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

4.7CVSS5.6AI score0.00133EPSS
Exploits0
OSV
OSV
โ€ขadded 2026/06/17 12:0 a.m.โ€ข5 views

ALSA-2026:26532 Important: dracut security update

The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...

7.5CVSS5.9AI score0.01131EPSS
Exploits0References4
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/17 12:0 a.m.โ€ข14 views

PT-2026-50416

Name of the Vulnerable Software and Affected Versions WP Travel Gutenberg Blocks versions prior to 3.9.4 Description Improper Neutralization of Special Elements used in an SQL Command allows Blind SQL Injection. Blind SQL Injection is a type of attack where the application does not return data...

9.3CVSS5.7AI score0.00317EPSS
Exploits0References4
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/17 12:0 a.m.โ€ข15 views

PT-2026-50410

Name of the Vulnerable Software and Affected Versions Apache Shiro versions prior to 2.2.1 Apache Shiro versions prior to 3.0.0-alpha-2 Description A remote attacker can inject LDAP special characters into the Distinguished Name DN construction within the DefaultLdapRealm class. User-supplied...

9.1CVSS5.3AI score0.00494EPSS
Exploits0References9
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/17 12:0 a.m.โ€ข16 views

PT-2026-50330

Name of the Vulnerable Software and Affected Versions JetSmartFilters versions prior to 3.8.2 Description An unauthenticated SQL Injection allows an attacker to interfere with the queries that an application makes to its database. This occurs in the JetSmartFilters WordPress plugin. Recommendatio...

9.3CVSS6AI score0.00372EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
โ€ขadded 2026/06/17 12:0 a.m.โ€ข3 views

Bosch Security Systems IP Cameras Improper Input Validation (CVE-2023-39509)

A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

7.2CVSS7.1AI score0.0146EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
โ€ขadded 2026/06/17 12:0 a.m.โ€ข9 views

VulnCheck KEV: CVE-2026-27760

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...

9.2CVSS6AI score0.22189EPSS
In wildExploits0References10
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/17 12:0 a.m.โ€ข13 views

PT-2026-50516

Name of the Vulnerable Software and Affected Versions undici versions 6.x prior to 6.26.0 undici versions 7.0.0 through 7.27.x undici versions 8.x prior to 8.5.0 Description The cookie parser in the parseSetCookie function percent-decodes cookie values using qsUnescape, which converts encoded...

5.9CVSS5.5AI score0.00257EPSS
Exploits0References58
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/17 12:0 a.m.โ€ข13 views

PT-2026-50359

Unauthenticated PHP Object Injection in WP Activity Log = 5.6.3.1 versions...

9.8CVSS5.4AI score0.00588EPSS
Exploits1References3
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/17 12:0 a.m.โ€ข11 views

PT-2026-50428

Name of the Vulnerable Software and Affected Versions Plane CE version 1.3.1 Description A low-privileged project member can submit arbitrary HTML and JavaScript via the description html field. This occurs when creating an intake work item through the 'API v1 intake' endpoint. Recommendations At...

6.9CVSS5.9AI score0.00165EPSS
Exploits1References5
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/17 12:0 a.m.โ€ข20 views

PT-2026-50404

Name of the Vulnerable Software and Affected Versions ShiftUp versions 1.3 and earlier Description An unauthenticated PHP Object Injection issue exists in the software. PHP Object Injection occurs when user-supplied input is passed to the unserialize function without proper validation, potentiall...

8.1CVSS5.7AI score0.00308EPSS
Exploits0References3
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/17 12:0 a.m.โ€ข8 views

PT-2026-50464

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description An improper neutralization of special elements used in an SQL command allows a low privileged attacker with adjacent network access to perform SQL injection, which could...

8CVSS5.8AI score0.00229EPSS
Exploits0References4
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/17 12:0 a.m.โ€ข13 views

PT-2026-50433

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description A missing authentication for critical function issue exists. An unauthenticated attacker with adjacent network access could exploit this to achieve code execution, denial of...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/17 12:0 a.m.โ€ข16 views

PT-2026-50240

In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.9AI score0.00148EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
โ€ขadded 2026/06/17 12:0 a.m.โ€ข11 views

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.28 RCE (7276560)

The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7276560 advisory. - IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, when using Intelligent Management with the...

9.8CVSS6.5AI score0.00409EPSS
Exploits0References4
OSV
OSV
โ€ขadded 2026/06/17 12:0 a.m.โ€ข4 views

ALSA-2026:26533 Important: dracut security update

The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...

7.5CVSS5.8AI score0.01131EPSS
Exploits0References4
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/17 12:0 a.m.โ€ข14 views

PT-2026-50463

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description An improper neutralization of special elements used in an SQL command, known as SQL Injection, allows a low privileged attacker with adjacent network access to potentially caus...

5.7CVSS5.8AI score0.00192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/17 12:0 a.m.โ€ข18 views

PT-2026-50537

Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description An injection issue exists in the NGINX configuration generator component of NGINX Gateway Fabric when NGINX Plus or NGINX Open Source is used as the data plane. User-supplied...

8.6CVSS5.4AI score0.00492EPSS
Exploits0References9
Rows per page
Query Builder