Lucene search
K

76 matches found

ATTACKERKB
ATTACKERKB
added last week8 views

CVE-2026-13383

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS ikestubd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to a...

8.6CVSS6.1AI score0.00466EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/16 9:0 a.m.8 views

EUVD-2025-210166

Unauthenticated Broken Access Control in WP Event SOlution = 4.1.12 versions...

7.5CVSS5.2AI score0.00232EPSS
Exploits0References1
CVE
CVE
added 2026/06/06 9:14 a.m.70 views

CVE-2026-10725

Protocol::HTTP2 for Perl (versions up to 1.12) is vulnerable to an HTTP/2 Bomb. The inbound HPACK path lacks a header-list size limit; headers_decode materialises a full key+value copy per indexed reference with no running size check, and stream_header_block_add appends every CONTINUATION frame u...

7.5CVSS5.7AI score0.00414EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 4:36 p.m.12 views

OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users

This is not applicable if an application is configuring the Secrets Store to store credentials. Please make sure to follow the best practices when deploying in production In OpenMetadata 1.12.1, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the...

8.3CVSS5.8AI score0.00241EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.17 views

PT-2026-41277

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and including, 9.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

4.9CVSS5.9AI score0.00355EPSS
Exploits0References12
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 12:13 p.m.5 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205

Summary IBM Maximo Application Suite - Visual Inspection component uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-27205 DESCRIPTION: Flask is a web...

4.3CVSS5.7AI score0.00374EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/05/01 11:26 a.m.7 views

Deserialization of Untrusted Data

Overview org.apache.mina:mina-core is a network application framework which helps users develop high performance and high scalability network applications easily. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the IoBuffer.getObject function. An attacker...

9.8CVSS7.4AI score0.00657EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

WordPress plugin Minify HTML 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.4CVSS5.7AI score0.00154EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/27 12:52 a.m.19 views

CVE-2026-25105 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...

8CVSS0.01897EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/20 1:27 p.m.4 views

CVE-2026-25323

Missing Authorization vulnerability in MiKa OSM osm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OSM: from n/a through = 6.1.12...

4.3CVSS5.5AI score0.00243EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 9:12 p.m.17 views

CVE-2026-25155

CVE-2026-25155 affects Qwik-related packages where a typo in the isContentType regular expression caused improper parsing of Content-Type headers in related CSRF protection middleware (notably in qwik-city). Affected versions before 1.12.0 are vulnerable; the issue was patched in version 1.12.0. ...

7.1CVSS5.3AI score0.00129EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/01/27 9:15 p.m.6 views

CVE-2025-21589

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router: from 5.6.7 before 5.6.17, from...

9.8CVSS0.01434EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003590)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003590 advisory. An issue was discovered in drivers/scsi/qedi/qedidbg.c in the Linux kernel before 5.1.12. In the qedidbg family of functions, there is an out-of-bounds read. Tenable...

6.7CVSS6.7AI score0.00464EPSS
Exploits0References12
NVD
NVD
added 2026/01/07 12:16 p.m.4 views

CVE-2025-13418

The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'planicons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

6.4CVSS0.00598EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.8 views

WordPress plugin Responsive Pricing Table 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.00598EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/12 6:31 a.m.6 views

EUVD-2025-202998

The WPGancio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gancio-event' shortcode in all versions up to, and including, 1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS4.7AI score0.00228EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-62590

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.12 and 7.2.2. Easily...

8.2CVSS7.1AI score0.00187EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-62587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.12 and 7.2.2. Easily...

8.2CVSS7.1AI score0.00184EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/23 12:0 a.m.7 views

Oracle VM VirtualBox (October 2025 CPU)

The 7.1.12 and 7.2.2 versions of VM VirtualBox installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2025 CPU advisory. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected a...

8.2CVSS6.9AI score0.00191EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/10/22 8:19 p.m.4 views

CVE-2025-61759

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

6.5CVSS6AI score0.00176EPSS
Exploits0References1
Rows per page
Query Builder