Lucene search
K

230110 matches found

CVE
CVE
added 3 days ago13 views

CVE-2026-13733

The CVE-2026-13733 entry affects the WordPress Download Manager plugin (versions up to 3.3.60). A Stored Cross-Site Scripting flaw exists in the no_data_msg shortcode attribute due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level a...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References8
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-13733 Download Manager <= 3.3.60 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'no_data_msg' Shortcode Attribute

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'nodatamsg' Shortcode Attribute in all versions up to, and including, 3.3.60 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00206EPSS
Exploits0References8
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-10540 Weak password hash protection in Control-M/Entreprise Manager

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...

5.6CVSS0.00078EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-40933

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...

5.6CVSS5.8AI score0.00078EPSS
Exploits0References1
OSV
OSV
added 3 days ago5 views

ROOT-APP-NPM-CVE-2026-5079 CVE-2026-5079 in @rootio/multer - Patched by Root

Root has patched CVE-2026-5079 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00278EPSS
Exploits0
NVD
NVD
added 3 days ago11 views

CVE-2026-58518

Cross-Site request forgery CSRF vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: from before 1.3.3...

6.9CVSS0.00157EPSS
Exploits0References2
Nuclei
Nuclei
added 3 days ago307 views

Sitecore - Remote Code Execution

Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. id: CVE-2023-35813 info: name: Sitecore - Remote Code Execution author: DhiyaneshDk,iamnoooob severity: critical description: | Multiple Sitecore...

9.8CVSS7.6AI score0.86685EPSS
Exploits7References5
Nuclei
Nuclei
added 3 days ago13 views

IBM Data Risk Manager - Authentication Bypass via SAML

IBM Data Risk Manager versions 2.0.1 through 2.0.6 are vulnerable to authentication bypass when configured with SAML authentication. A remote attacker can bypass security restrictions by sending a specially crafted HTTP request to the SAML idpSelection endpoint, allowing them to bypass the...

9.8CVSS7.4AI score0.70031EPSS
Exploits8References4
RedHat Linux
RedHat Linux
added 3 days ago9 views

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabilit...

9.8CVSS6.3AI score0.00514EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 3 days ago7 views

kernel: dlm: validate length in dlm_search_rsb_tree

A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...

9.8CVSS6.4AI score0.00426EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 3 days ago8 views

kernel: dlm: validate length in dlm_search_rsb_tree

A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...

9.8CVSS6.4AI score0.00426EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-13449 XXE attack in IBM Business Automation Manager Open Editions

IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

7.6CVSS0.00406EPSS
Exploits0References1
Patchstack
Patchstack
added 4 days ago5 views

WordPress Download Manager plugin <= 3.3.60 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin Download Manager versions = 3.3.60...

6.4CVSS5.8AI score0.00206EPSS
Exploits0References1Affected Software1
OSV
OSV
added 4 days ago4 views

ROOT-APP-NPM-CVE-2026-44979 CVE-2026-44979 in @rootio/hapi__wreck - Patched by Root

Root has patched CVE-2026-44979 in the @rootio/hapiwreck package for Root:npm. Multiple fixed versions available...

5.8AI score0.00054EPSS
Exploits0
OSV
OSV
added 4 days ago8 views

ROOT-APP-NPM-CVE-2026-1526 CVE-2026-1526 in @rootio/undici - Patched by Root

Root has patched CVE-2026-1526 in the @rootio/undici package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.0115EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago3 views

Security Bulletin: Security vulnerability has been found in WebSphere Application Server shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)

Summary WebSphere Application Server is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed...

9.8CVSS5.8AI score0.00418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago3 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.5.0 Vulnerability Details CVEID:CVE-2026-13449 DESCRIPTION: IBM Business Automation Manager Open Editions is vulnerable t...

9.1CVSS5.8AI score0.00406EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago5 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.5.0 Vulnerability Details CVEID:CVE-2026-33871 DESCRIPTION: Netty is an asynchronous, event-driven network application...

8.7CVSS6.8AI score0.01125EPSS
Exploits0Affected Software1
OSV
OSV
added 4 days ago10 views

ROOT-APP-NPM-CVE-2022-24772 CVE-2022-24772 in @rootio/node-forge - Patched by Root

Root has patched CVE-2022-24772 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

7.5CVSS6.8AI score0.01015EPSS
Exploits0
OSV
OSV
added 4 days ago6 views

ROOT-APP-NPM-CVE-2025-12816 CVE-2025-12816 in @rootio/node-forge - Patched by Root

Root has patched CVE-2025-12816 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

8.6CVSS5.4AI score0.00689EPSS
Exploits1
Rows per page
Query Builder