Lucene search
K

457739 matches found

CVE
CVE
added 2026/06/16 8:56 p.m.13 views

CVE-2025-69108

CVE-2025-69108 is an unauthenticated PHP Object Injection in the WordPress theme Hot Coffee (<= 1.7). The description specifies unauthenticated object injection in Hot Coffee

9.8CVSS5.3AI score0.00525EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:56 p.m.27 views

CVE-2025-69108 WordPress Hot Coffee theme <= 1.7 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Hot Coffee = 1.7 versions...

9.8CVSS0.00525EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:56 p.m.19 views

CVE-2026-54194 WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Fusion Builder = 3.15.4 versions...

9.8CVSS0.00386EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:56 p.m.14 views

CVE-2026-54194

CVE-2026-54194 concerns the WordPress Fusion Builder plugin, affected versions ≤ 3.15.4, with a PHP Object Injection vulnerability identified in the CVE record. The provided information confirms the affected component (Fusion Builder), the vulnerable version range, and the nature of the issue (PH...

9.8CVSS5.3AI score0.00386EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 8:16 p.m.7 views

CVE-2026-22313

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying...

9.1CVSS0.00921EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 8:16 p.m.9 views

CVE-2026-12425

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting XSS. This issue affects Employee Access Center: 23.10. It is possible to add in javascript code after the login URL and have it...

7.4CVSS0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 8:16 p.m.7 views

CVE-2026-10303

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...

7.4CVSS0.00757EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/16 8:15 p.m.14 views

LobeHub: Unauthenticated SSRF in `/webapi/proxy`

Unauthenticated SSRF in /webapi/proxy allows anyone to proxy requests and inject cookies on lobehub.com Summary The /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. This is the same proxy code that was vulnerable in...

9CVSS8.4AI score0.52964EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2026/06/16 8:15 p.m.4 views

GHSA-XMWJ-C75X-6346 LobeHub: Unauthenticated SSRF in `/webapi/proxy`

Unauthenticated SSRF in /webapi/proxy allows anyone to proxy requests and inject cookies on lobehub.com Summary The /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. This is the same proxy code that was vulnerable in...

9CVSS5.8AI score0.0178EPSS
Exploits0References2
Debian
Debian
added 2026/06/16 7:50 p.m.4 views

[SECURITY] [DLA 4632-1] atril security update

Debian LTS Advisory DLA-4632-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson June 16, 2026 https://wiki.debian.org/LTS Package : atril Version : 1.26.0-2+deb12u4 CVE ID : CVE-2026-46529 Debian Bug : 1139874 It was discovered that atril, a simple multi-page...

8.4CVSS5.3AI score0.00529EPSS
Exploits0
NVD
NVD
added 2026/06/16 7:17 p.m.11 views

CVE-2026-53858

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATEDIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATEDIRECTORY variable to load runtime dependencies from unintended local paths, potentially...

7.1CVSS0.00124EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 7:17 p.m.12 views

CVE-2026-53842

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selection through CLOUDSDKPYTHON during Gmail setup gcloud execution. Attackers with repository access can manipulate the CLOUDSDKPYTHON variable to execute...

7.1CVSS0.00133EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/16 7:7 p.m.14 views

Deno: Command Injection via spawnSync & spawn on Windows

Summary Deno's node:childprocess implementation provided an escapeShellArg helper used when callers passed shell: true to spawn / spawnSync / exec and friends. On Windows, the helper failed to quote arguments that contained cmd.exe metacharacters such as &, |, , ^, !, , , and did not neutralize %...

9.8CVSS5.8AI score0.02213EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2026/06/16 7:7 p.m.4 views

GHSA-7XH3-MHG9-JCW8 Deno: Command Injection via spawnSync & spawn on Windows

Summary Deno's node:childprocess implementation provided an escapeShellArg helper used when callers passed shell: true to spawn / spawnSync / exec and friends. On Windows, the helper failed to quote arguments that contained cmd.exe metacharacters such as &, |, , ^, !, , , and did not neutralize %...

8.1CVSS6AI score0.00283EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/06/16 6:59 p.m.4 views

NPM: n8n: NoSQL Injection in MongoDB Node Find And Replace Operation

NPM: n8n: NoSQL Injection in MongoDB Node Find And Replace Operation vulnerability discovered by ? in WordPress Npm n8n versions 2.24.0...

7.7CVSS5.9AI score0.0026EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 6:59 p.m.17 views

n8n: NoSQL Injection in MongoDB Node Find And Replace Operation

Impact An authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing unintended documents to be matched and overwritten with...

7.7CVSS5.3AI score0.0026EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/16 6:36 p.m.8 views

CVE-2026-22313

The CVE-2026-22313 entry concerns Radiflow iSAP Smart Collector. A webserver exposes a REST API on the management network protected only by a token. An OS command injection vulnerability allows an authenticated attacker to execute arbitrary commands as the underlying OS user with administrative p...

9.1CVSS5.4AI score0.00921EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 6:36 p.m.22 views

CVE-2026-22313 OS Commands Executed with Administrative Permissions in Radiflow iSAP Smart Collector

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying...

9.1CVSS0.00921EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 6:34 p.m.13 views

CVE-2026-12425

CVE-2026-12425 is a reflected/DOM-based XSS in PowerSchool Employee Access Center 23.10. The issue allows injection of JavaScript after the login URL that can be eval()’d in the user’s browser context, enabling an attacker to run code with the user’s privileges. The CVSS metrics indicate network ...

7.4CVSS5.5AI score0.00149EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 6:26 p.m.6 views

Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software

Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the...

7.5CVSS6.3AI score0.00864EPSS
Exploits3Affected Software1
Rows per page
Query Builder