Lucene search
K

1681 matches found

Nuclei
Nuclei
added yesterday36 views

WordPress Like Button Rating <2.6.32 - Server-Side Request Forgery

WordPress Like Button Rating plugin before 2.6.32 is susceptible to server-side request forgery. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-24150 info: name: WordPress Like Button Rating 2.6.32 - Server-Side Request Forgery...

7.5CVSS7.1AI score0.04337EPSS
Exploits1References3
Nuclei
Nuclei
added 2 days ago22 views

Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection

The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

7.5CVSS6AI score0.02101EPSS
Exploits4References3
Chainguard
Chainguard
added 6 days ago3 views

CVE-2026-12029 vulnerabilities

Vulnerabilities for packages: chromium...

8.3CVSS5.8AI score0.00191EPSS
Exploits0
Wolfi
Wolfi
added 6 days ago6 views

CVE-2026-11232 vulnerabilities

Vulnerabilities for packages: chromium...

5.4CVSS6AI score0.00146EPSS
Exploits0
Wolfi
Wolfi
added 6 days ago3 views

CVE-2026-11248 vulnerabilities

Vulnerabilities for packages: chromium...

8.8CVSS5.8AI score0.00241EPSS
Exploits0
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-54637

Name of the Vulnerable Software and Affected Versions AWS CLI versions prior to 1.44.78 v1 AWS CLI versions prior to 2.34.29 v2 Description On Unix-like systems where the umask is not configured to restrict file permissions, overly permissive file permissions may allow local users on the same hos...

6.8CVSS5.8AI score0.00101EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 2:16 p.m.8 views

CVE-2026-13569

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument clicklike leads to sql injection. The attack can be executed remotely. The exploit has been...

5.8CVSS0.0021EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/29 1:0 p.m.7 views

EUVD-2026-40089

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument clicklike leads to sql injection. The attack can be executed remotely. The exploit has been...

5.8CVSS5.6AI score0.0021EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/29 1:0 p.m.34 views

CVE-2026-13569 weng-xianhu EyouCMS API index.php sql injection

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument clicklike leads to sql injection. The attack can be executed remotely. The exploit has been...

5.8CVSS0.0021EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/06/24 4:30 p.m.4 views

CVE-2026-53087

In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix leaking freebds While reclaiming the tx queue we fast forward the write pointer to drop any data in flight. These dropped frames are not added back to the pool of free bds. We also need to tell the netdev that ...

7.5CVSS5.7AI score0.00376EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/24 4:28 p.m.5 views

CVE-2026-52949

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttmboshrink infinite LRU walk on backup failure Apply the same fix as b2ed01e7ad "drm/ttm: Fix ttmboswapout infinite LRU walk on swapout failure" to the ttmboshrink path. Move delbulkmove from before the backup to...

5.7AI score0.00162EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/20 3:21 p.m.28 views

CVE-2026-56325 Capgo - App ID Confusion via ILIKE Wildcard in Preview Subdomain Lookup

Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for appid lookup in the preview subdomain resolver, allowing underscore characters in appid to act as SQL wildcards. Attackers can create apps with appids differing by one character at underscore positions to cause...

3.1CVSS0.00215EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Netty

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high-performance protocol servers and clients. Before version 4.1.59.Final, there was a vulnerability on Unix-like systems involving an insecure temporary file. When Netty’s...

6.2CVSS6.7AI score0.01777EPSS
Exploits1References1
OSV
OSV
added 2026/06/15 5:37 p.m.6 views

MAL-2026-5823 Malicious code in sl-pgp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 53bd44f0ef91bd7b2757153e06bc9a7b697aba1af30af9bc6a6ccb71d7a3012a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.6AI score
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.28 views

CVE-2026-50889

An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service DoS via sending a crafted refresh-token header...

0.00482EPSS
Exploits1References1
HackRead
HackRead
added 2026/06/12 6:17 p.m.32 views

Atomic Arch Campaign Hijacks 20+ Linux AUR Packages to Deliver Malware

Over 20 Linux packages were compromised in the Atomic Arch campaign, which abuses AUR ownership transfers to drop rootkit-like malware...

5.4AI score
Exploits0
Chainguard
Chainguard
added 2026/06/12 1:17 a.m.4 views

GHSA-282G-W5FH-9Q49 vulnerabilities

Vulnerabilities for packages: chromium...

5.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-49035

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description A policy enforcement issue exists in the system.run safe-bin allowlist validation on POSIX nodes. This flaw allows shell expansion to modify how commands are interpreted. Authenticated operators...

8.3CVSS5.2AI score0.00191EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/11 1:9 p.m.8 views

openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.

A flaw was found in OpenSSL. An integer truncation vulnerability in the ASN.1 decoder can occur when processing a crafted DER-encoded ASN.1 structure with a primitive element exceeding 2 gigabytes. A remote attacker could exploit this to cause a heap buffer over-read. This may lead to an...

7.5CVSS5.6AI score0.00513EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 12:2 p.m.11 views

Malicious code in bibip-bip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2b153c90d83d4653660dd79a5a0935af85bd804fd98163c42995403bca240a6 pyproject.toml declares a PEP 517 build requirement that points to an arbitrary tarball hosted on webhook.site, an anonymous request-inspection /...

6.3AI score
Exploits0References2
Rows per page
Query Builder