Lucene search
K

10321 matches found

EUVD
EUVD
added 2026/06/16 9:31 a.m.6 views

EUVD-2026-37060

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.5.1. The plugin chains three independent flaws that together allow an authenticated Agent Agent+ to overwrite a...

7.5CVSS5.3AI score0.00349EPSS
Exploits0References22
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.71 views

Zoho ManageEngine ServiceDesk Plus - Remote Code Execution

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. id: CVE-2021-44077 info: name: Zoho ManageEngine ServiceDesk Plus - Remote Code Execution author: Adam Crosser,gy741...

9.8CVSS9.2AI score0.93514EPSS
Exploits6References5
NVD
NVD
added 2026/06/15 9:16 p.m.7 views

CVE-2026-39511

Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...

9.3CVSS0.00295EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.26 views

CVE-2026-39511 WordPress WP Photo Album Plus plugin <= 9.1.08.001 - SQL Injection vulnerability

Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...

9.3CVSS0.00295EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.18 views

CVE-2026-39511

CVE-2026-39511 affects the WordPress plugin WP Photo Album Plus

9.3CVSS5.7AI score0.00295EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 6:16 p.m.10 views

CVE-2026-6045

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...

6.9CVSS0.0012EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/15 5:18 p.m.4 views

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows vulnerability discovered by ? in WordPress Npm vite-plus versions = 0.1.23...

5.5CVSS5.8AI score0.00322EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:17 p.m.4 views

NPM: vite: `server.fs.deny` bypass on Windows alternate paths

NPM: vite: server.fs.deny bypass on Windows alternate paths vulnerability discovered by ? in WordPress Npm vite-plus versions = 0.1.23...

8.2CVSS5.8AI score0.00393EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/15 4:22 p.m.6 views

CVE-2026-6045 Heap buffer overflow in EMF+ gradient brush import

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...

6.9CVSS5.6AI score0.0012EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 4:22 p.m.24 views

CVE-2026-6045

CVE-2026-6045 : In LibreOffice, importing EMF+ graphics can trigger a heap buffer overflow in the gradient brush import. The file’s gradient blend points are read to compute an allocation size, and an overflow can occur when multiplying that count, causing a small buffer to be filled as if it wer...

6.9CVSS5.6AI score0.0012EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 3:10 p.m.11 views

MAL-2026-5777 Malicious code in field-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0112dc4801bb261e86a2f68d5fd49b6c955bb4e82f872c72e61e49cc638ca91c package.json declares both preinstall and postinstall scripts that run curl against a hardcoded bare-IP HTTP endpoint http://3.7.226.146:9000/callbac...

5.4AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49264

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...

6.9CVSS5.6AI score0.0012EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-6045

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of...

6.9CVSS6.1AI score0.0012EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 8:38 p.m.8 views

Malicious code in chalk-plus-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5351482f03a50cab8a28b6aa7c992c960a55c6889634d2a04bb86a157ac18d1 Package is published under a name riding the popular chalk color-output library but its source tree, README, main entry lib/nodemailer.js, and lib...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/06/12 8:34 p.m.9 views

MAL-2026-5710 Malicious code in chalk-plus-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08276c56353501373a202d28f6af6ee2a7c0b20d28a07d99c4c16309df46269c package.json declares postinstall=node lib/utils/index.js, which spawns a detached child process running lib/utils/smtp-connection/index.js. That...

5.4AI score
Exploits0References1
Patchstack
Patchstack
added 2026/06/12 7:54 p.m.6 views

WordPress Meow Gallery plugin <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation vulnerability

Missing Authorization to Authenticated Author+ Shortcode creation vulnerability discovered by Chawabhon Netisingha JNX03 in WordPress Plugin Meow Gallery versions = 5.4.4...

4.3CVSS5.2AI score0.00214EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/12 4:16 p.m.3 views

UBUNTU-CVE-2026-44967

OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

5.3CVSS5.4AI score0.00206EPSS
Exploits0References6
NVD
NVD
added 2026/06/12 3:16 p.m.10 views

CVE-2026-6853

Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass. This issue affects Pause+ Mobile App: from v1.0.6 before v1.5...

9.8CVSS0.00346EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/12 2:52 p.m.7 views

CVE-2026-44967

OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

5.3CVSS5.3AI score0.00206EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/12 1:50 p.m.7 views

CVE-2026-6853 OTP Bypass in Başbelen Group's Pause+ Mobile App

Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass. This issue affects Pause+ Mobile App: from v1.0.6 before v1.5...

9.8CVSS5.2AI score0.00346EPSS
Exploits0References1
Rows per page
Query Builder