Lucene search
+L

1062 matches found

CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

WordPress plugin Store Locator 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

3.5CVSS5.1AI score0.00138EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48388

The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store Locator WordPress plugin before 1.6.6 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks...

5.5AI score0.00138EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 12:5 p.m.36 views

CVE-2026-7186

CVE-2026-7186 describes a stored cross-site scripting flaw in the Dashboard URL widget of Checkmk for versions <2.5.0p5, <2.4.0p31,

8.5CVSS5.2AI score0.00136EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.12 views

CVE-2026-34069

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. Sending a RequestMacroChain message where the...

5.3CVSS5.4AI score0.00297EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.12 views

CVE-2026-3361

The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsladdress' post meta value in versions up to, and including, 2.2.261 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.13 views

CVE-2026-40118

UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product to a dummy URL, the product may unintentionally communicate with the dummy domain, causing...

6.3CVSS6.5AI score0.00178EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 1:22 p.m.9 views

CVE-2019-25735 AllPlayer 7.4 Local Buffer Overflow via SEH Unicode

AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger SEH-based code...

8.6CVSS6.4AI score0.00148EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.18 views

RockyLinux 10 : delve (RLSA-2026:19013)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19013 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion ...

10CVSS7.3AI score0.01945EPSS
Exploits3References7
ATTACKERKB
ATTACKERKB
added 2026/06/02 11:13 a.m.17 views

CVE-2026-8993

D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF Server Side...

6.5CVSS5.8AI score0.00225EPSS
Exploits0References3
OSV
OSV
added 2026/05/28 4:16 p.m.39 views

UBUNTU-CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

4.2CVSS6AI score0.00181EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Music Player Daemon 安全漏洞

Music Player Daemon is an open-source music playback daemon developed by Music Player Daemon project. Versions of Music Player Daemon prior to 0.24.11 contained security vulnerabilities. These vulnerabilities stemmed from path traversal issues in functions like LocalStorage::MapFSOrThrow and...

8.7CVSS5.9AI score0.00501EPSS
Exploits0References7
OSV
OSV
added 2026/05/21 4:24 p.m.21 views

RLSA-2026:3898 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: golang:...

7.5CVSS7AI score0.01945EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Zabbix

The URL validation scheme receives input from a user and then parses it to identify its various components. This validation scheme ensures that all URL components comply with internet standards...

5.7CVSS5.6AI score0.00556EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Firefox and Thunderbird

The Content-Security-Policy-Report-Only header could allow an attacker to leak the unredacted URI of a child iframe when interaction with that iframe triggers a redirect. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

6.5CVSS6.9AI score0.00672EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 9:25 a.m.12 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the EqualsUri function. An attacker can cause incorrect URI comparisons by supplying specially crafted input values. Remediation Upgrade uriparser to version 1.0.2 or higher. References -...

5.3CVSS5.3AI score0.00211EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 4:16 a.m.43 views

CVE-2026-42272

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall handles URL-encoded slashes %2F in a case-sensitive manner, while percent-encoding is defined to be case-insensitive. As a result, the lowercase equivalent %2f is not recognized...

7.8CVSS0.00396EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/07 6:30 p.m.13 views

EUVD-2026-28403

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/apitools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

6.5CVSS5.3AI score0.00215EPSS
Exploits0References5
OSV
OSV
added 2026/05/07 4:59 a.m.13 views

CLSA-2026-1778129970 python3.11: Fix of 7 CVEs

CVE-2026-0672: reject control characters in http.cookies cookie names, values, and parameters to prevent header injection - CVE-2026-3644: reject control characters in Morsel.update, |= operator, and unpickling paths missed by CVE-2026-0672; add output validation to BaseCookie.jsoutput -...

7.5CVSS6.4AI score0.00575EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 5:52 a.m.8 views

CVE-2026-43861

mutt before 2.3.2 does not check for '\0' in urlpctdecode...

3.7CVSS5.8AI score0.00162EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/01 10:20 a.m.9 views

CVE-2026-42996

A flaw was found in JS8Call and JS8Call-improved. A remote attacker can exploit a stack-based buffer overflow by sending a specially crafted radio transmission containing "@APRSIS GRID" followed by an excessively long Maidenhead locator. This vulnerability, occurring in the grid2deg function, cou...

10CVSS6.6AI score0.00479EPSS
Exploits0References2
Rows per page
Query Builder