Lucene search
K

24594 matches found

Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53718

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A kernel issue exists where an application may be able to leak sensitive kernel state. The problem is related to insufficient input...

5.5CVSS6AI score0.00147EPSS
Exploits0References6
Apple
Apple
added 2026/06/29 12:0 a.m.11 views

About the security content of iOS 26.5.2 and iPadOS 26.5.2

About the security content of iOS 26.5.2 and iPadOS 26.5.2 This update delivers security fixes that were first made available in the iOS 26.6 and iPadOS 26.6 betas. This document describes the security content of iOS 26.5.2 and iPadOS 26.5.2. About Apple security updates For our customers'...

9.1CVSS5.8AI score0.00371EPSS
Exploits2References1Affected Software2
Apple
Apple
added 2026/06/29 12:0 a.m.8 views

About the security content of macOS Tahoe 26.5.2

About the security content of macOS Tahoe 26.5.2 This update delivers security fixes that were first made available in the macOS Tahoe 26.6 beta. This document describes the security content of macOS Tahoe 26.5.2. About Apple security updates For our customers' protection, Apple doesn't disclose,...

9.1CVSS5.8AI score0.00371EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.12 views

PT-2026-53719

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Insufficient input sanitization in Apple platforms allows an app to reach sensitive kernel code paths. This improper input validation...

7.8CVSS6.5AI score0.00142EPSS
Exploits0References17
CVE
CVE
added 2026/06/27 6:50 a.m.15 views

CVE-2026-12399

The Gutenverse WordPress plugin (Blocks, Page Builder & Site Editor) is affected by a Stored Cross-Site Scripting vulnerability up to version 3.8.0. The issue arises from insufficient input sanitization and output escaping in admin settings, allowing authenticated users with editor-level permissi...

4.4CVSS5.9AI score0.00246EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/27 5:33 a.m.37 views

CVE-2026-13245 MaxButtons <= 9.8.5 - Reflected Cross-Site Scripting via 'view' Parameter

The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00211EPSS
Exploits0References4
CVE
CVE
added 2026/06/27 1:27 a.m.15 views

CVE-2026-11356

The Ivory Search – WordPress Search Plugin for WordPress is affected by a Stored Cross-Site Scripting vulnerability in the settings fields menu_title and menu_magnifier_color, affecting all versions up to and including 5.5.15. The root cause is insufficient input sanitization and output escaping....

4.4CVSS5.9AI score0.00251EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/06/27 1:27 a.m.8 views

CVE-2026-13335

The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'cpmpoint' Post Meta in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.0021EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.12 views

PT-2026-53051

Name of the Vulnerable Software and Affected Versions Dokan: AI Powered WooCommerce Multivendor Marketplace Solution versions prior to 5.0.5 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with custom-level access ...

6.4CVSS5.8AI score0.0022EPSS
Exploits0References14
Nuclei
Nuclei
added 2026/06/25 5:45 a.m.34 views

Grafana Post-Auth DuckDB - SQL Injection To File Read

The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or highe...

9.9CVSS6.6AI score0.97781EPSS
Exploits10References3
CVE
CVE
added 2026/06/25 5:3 a.m.38 views

CVE-2026-10086

GitLab: CVE-2026-10086 affects GitLab EE versions 16.4–before 18.11.6, 19.0–before 19.0.3, and 19.1–before 19.1.1. Affected condition allowed an authenticated user with developer permissions to execute arbitrary client-side code in another user’s session due to improper sanitization. Impact per C...

8.7CVSS6.2AI score0.00231EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/25 5:3 a.m.5 views

EUVD-2026-39181

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code in the context of...

8.7CVSS6.2AI score0.00231EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:56 a.m.6 views

CVE-2026-8658

OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction...

6CVSS6.2AI score0.00833EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 1:12 a.m.30 views

CVE-2026-8665 OS Command Injection in Rapid7 InsightConnect Translate Plugin

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction...

7.7CVSS0.00675EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 a.m.9 views

EUVD-2026-39158

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 a.m.14 views

CVE-2026-8665

CVE-2026-8665 affects the Rapid7 InsightConnect Translate Plugin (Linux) via the TR action. The root cause is insufficient input sanitization in shell command construction within the TR action, allowing an attacker to supply text or expression parameters that leads to OS command execution. Docume...

9.8CVSS6.3AI score0.00675EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.7 views

GitLab 16.4 < 18.11.6 / 19.0 < 19.0.3 / 19.1 < 19.1.1 (CVE-2026-10086)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticate...

8.7CVSS6.2AI score0.00231EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 11:56 p.m.15 views

CVE-2026-8663

CVE-2026-8663 describes an OS Command Injection in the Rapid7 InsightConnect RPM Plugin for Linux. The vulnerability arises from insufficient input sanitization during shell command construction, allowing an authenticated attacker to cause arbitrary OS command execution via the repo, key, or name...

8.8CVSS6.2AI score0.00833EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/24 11:56 p.m.32 views

CVE-2026-8663 OS Command Injection in Rapid7 InsightConnect RPM Plugin

OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name parameters due to insufficient input sanitization in shell command construction...

6CVSS0.00833EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 5:33 a.m.7 views

EUVD-2026-38683

The Avalon23 Products Filter for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'avalon23qr' shortcode in all versions up to, and including, 1.1.6. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notab...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
Rows per page
Query Builder