Lucene search
+L

2904 matches found

Cvelist
Cvelist
added 2026/06/15 8:18 p.m.29 views

CVE-2026-42663 WordPress Simple Membership plugin <= 4.7.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Simple Membership = 4.7.2 versions...

6.5CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.10 views

CVE-2026-42663

CVE-2026-42663 affects WordPress plug‑in Simple Membership (versions ≤ 4.7.2). Unauthenticated Cross Site Scripting (XSS) vulnerability reported. Connected sources confirm the impact type but do not provide concrete exploit details, affected files, root cause, or remediation steps within the supp...

6.5CVSS5.1AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.31 views

CVE-2026-34886 WordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...

7.5CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.13 views

CVE-2026-34886

The CVE-2026-34886 entry affects WordPress WordPress Simple Membership plugin versions

7.5CVSS5.1AI score0.00251EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:17 p.m.9 views

CVE-2026-34886 WordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...

7.5CVSS5.2AI score0.00251EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49454

Unauthenticated Cross Site Scripting XSS in Simple Membership = 4.7.2 versions...

6.5CVSS5.1AI score0.00161EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49362

Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...

7.5CVSS5.1AI score0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 7:16 p.m.18 views

CVE-2026-53726

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.80 and 9.9.1-alpha.6, a relation query using the $relatedTo operator could read the membership of a Relation field even when that field was hidden from the requesting clie...

6.9CVSS0.00276EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 6:37 p.m.11 views

CVE-2026-53726 Parse Server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.80 and 9.9.1-alpha.6, a relation query using the $relatedTo operator could read the membership of a Relation field even when that field was hidden from the requesting clie...

6.9CVSS5.4AI score0.00276EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 6:37 p.m.4 views

CVE-2026-53726 Parse Server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.80 and 9.9.1-alpha.6, a relation query using the $relatedTo operator could read the membership of a Relation field even when that field was hidden from the requesting clie...

6.9CVSS5.8AI score0.00276EPSS
Exploits0References5
NCSC
NCSC
added 2026/06/12 7:39 a.m.13 views

Vulnerabilities managed in GitLab Enterprise Edition

GitLab has identified several vulnerabilities in the GitLab Community Edition and Enterprise Edition versions, ranging from 12.0 to 19.0.2, including important releases such as 17.x, 18.10.8, 18.11.5, and 19.0.2. These vulnerabilities affect various components of GitLab CE & EE. Authorized users...

8.7CVSS5.9AI score0.0037EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.23 views

PT-2026-48962

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.80 Parse Server versions prior to 9.9.1-alpha.6 Description A relation query using the $relatedTo operator allows an unauthenticated client to read the membership of a Relation field. This occurs even if the...

6.9CVSS5.2AI score0.00276EPSS
Exploits0References7
NVD
NVD
added 2026/06/10 4:17 p.m.16 views

CVE-2026-45569

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 "Expand validation to block .. in configfilename and configver for improved security" added a line in app/modules/config/config.py:462. This is tuple-membership, no...

8.1CVSS0.00316EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 3:38 p.m.10 views

CVE-2026-45569 Roxy-WI: Path-traversal patch in commit d4d10006 is a no-op (tuple-membership bug)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 "Expand validation to block .. in configfilename and configver for improved security" added a line in app/modules/config/config.py:462. This is tuple-membership, no...

8.1CVSS5.5AI score0.00316EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 3:38 p.m.34 views

CVE-2026-45569 Roxy-WI: Path-traversal patch in commit d4d10006 is a no-op (tuple-membership bug)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 "Expand validation to block .. in configfilename and configver for improved security" added a line in app/modules/config/config.py:462. This is tuple-membership, no...

8.1CVSS0.00316EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 3:38 p.m.24 views

CVE-2026-45569

Roxy-WI path-traversal patch in commit d4d10006 uses a tuple-membership check, which can bypass common ../../ payloads; no publicly available patches yet.

8.1CVSS5.5AI score0.00316EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 3:38 p.m.5 views

CVE-2026-45569 Roxy-WI: Path-traversal patch in commit d4d10006 is a no-op (tuple-membership bug)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 "Expand validation to block .. in configfilename and configver for improved security" added a line in app/modules/config/config.py:462. This is tuple-membership, no...

8.1CVSS5.9AI score0.00316EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48460

Name of the Vulnerable Software and Affected Versions Roxy-WI versions prior to 8.2.6.5 Description A path-traversal issue exists in the web interface used for managing Haproxy, Nginx, Apache, and Keepalived servers. A security check implemented in the config.py file within the app/modules/config...

8.1CVSS5.2AI score0.00316EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.7 views

CVE-2026-42770

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

3.7CVSS5.4AI score0.00259EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/06/09 4:29 a.m.69 views

wisp

Wisp — the open-source Ghost alternative, built in Elixir & Ph...

5.7AI score
Exploits0
Rows per page
Query Builder