Lucene search
+L

1062 matches found

EUVD
EUVD
added 2026/03/23 12:31 a.m.4 views

EUVD-2026-14335

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS5.9AI score0.00444EPSS
Exploits0References5
NVD
NVD
added 2026/03/23 12:16 a.m.4 views

CVE-2026-2580

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS0.00444EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/22 11:24 p.m.1 views

CVE-2026-2580

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS5.9AI score0.00444EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/22 11:24 p.m.2 views

CVE-2026-2580 WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters <= 4.9.1 - Unauthenticated SQL Injection via 'orderby' Parameter

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS5.9AI score0.00444EPSS
Exploits0References4
CVE
CVE
added 2026/03/22 11:24 p.m.11 views

CVE-2026-2580

The CVE-2026-2580 entry concerns the WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory & Filters WordPress plugin (up to v4.9.1). The root cause is insufficient escaping and insufficient preparation of an SQL query, enabling time-based SQL Injection via the ‘orderby’...

7.5CVSS5.9AI score0.00444EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/03/18 1:54 p.m.9 views

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...

9.8CVSS6.7AI score0.00793EPSS
Exploits0References5
Redos
Redos
added 2026/03/18 12:0 a.m.8 views

ROS-20260318-73-0001

A vulnerability in the ModSecurity web application security module exists due to insufficient input validation during URL processing. Exploitation of the vulnerability could allow an attacker acting remotely to bypass WAF rules...

8.6CVSS7.3AI score0.00682EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.10 views

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2026-1588)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The 'zipfile' module would not check the validity of the ZIP64 End ofCentral Directory EOCD Locator record offset value would not be used to loca...

4.3CVSS5.8AI score0.00353EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.6 views

AlmaLinux 9 : opentelemetry-collector (ALSA-2026:4177)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:4177 advisory. golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 crypto/tls: Unexpected session resumption in crypto/tls...

10CVSS7.2AI score0.01945EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/03/11 12:0 a.m.6 views

RockyLinux 9 : opentelemetry-collector (RLSA-2026:4177)

The remote RockyLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:4177 advisory. golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 crypto/tls: Unexpected session resumption in crypto/tls...

10CVSS7.2AI score0.01945EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/10 8:12 p.m.28 views

CVE-2026-30837 Elysia has a string URL format redos

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...

7.5CVSS0.00494EPSS
Exploits1References2
OSV
OSV
added 2026/03/03 3:31 p.m.4 views

GHSA-8P8V-WH79-9R56 Django vulnerable to Uncontrolled Resource Consumption

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...

7.5CVSS5.9AI score0.00734EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/25 6:31 a.m.7 views

EUVD-2026-8513

A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function filegetcontents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed ...

7.5CVSS5.1AI score0.00275EPSS
Exploits1References6
AlmaLinux
AlmaLinux
added 2026/02/25 12:0 a.m.20 views

Important: containernetworking-plugins security update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

10CVSS6.7AI score0.01945EPSS
Exploits3References8
Snyk
Snyk
added 2026/02/24 3:27 a.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the ueId parameter. An attacker can access internal system implementation details and facilitate service fingerprinting by injecting control characters that trigger URL parsing errors. Remediation Upgrade...

8.7CVSS6AI score0.00462EPSS
Exploits1References2
AlmaLinux
AlmaLinux
added 2026/02/24 12:0 a.m.8 views

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query parameter parsing in...

10CVSS5.6AI score0.01945EPSS
Exploits2References8
ATTACKERKB
ATTACKERKB
added 2026/02/22 3:2 p.m.7 views

CVE-2026-2954

A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate th...

6.5CVSS6.3AI score0.00331EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/09 3:11 a.m.2 views

CVE-2025-66608

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate URLs. An attacker could send specially crafted requests to steal files from the web server. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVR...

8.7CVSS5.3AI score0.00385EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.7 views

Yokogawa FAST/TOOLS 安全漏洞

Yokogawa FAST/TOOLS is a real-time operation management and visualization software developed by Yokogawa Electric Corporation. There are security vulnerabilities in the versions of Yokogawa FAST/TOOLS from R9.01 to R10.04. These vulnerabilities stem from improper URL validation, allowing attacker...

8.7CVSS5.8AI score0.00385EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/03 7:25 a.m.7 views

WordPress Store Locator plugin <= 3.98.9 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by Jay Nguyen in WordPress Plugin Store Locator versions 3.98.9...

9.8CVSS5.3AI score0.00901EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder