Lucene search
+L

2246 matches found

Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.16 views

PT-2026-45952

Name of the Vulnerable Software and Affected Versions CactusViewer version 2.3.0 Description A DLL hijacking issue in CactusViewer allows attackers to escalate privileges and execute arbitrary code by using a crafted DLL. DLL hijacking is a technique where an application is tricked into loading a...

7.8CVSS5.9AI score0.00137EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/02 10:22 p.m.14 views

CVE-2026-31942 LibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite other users' API keys

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...

7.1CVSS5.7AI score0.00206EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 6:30 p.m.13 views

CVE-2026-5074 ARMember Premium <= 7.3.1 - Authenticated (Subscriber+) SQL Injection via 'sSortDir_0' Parameter

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir0' parameter of the getprivatecontentdata AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient sanitization of the user-supplied parameter which is concatenated directly into...

6.5CVSS5.9AI score0.00308EPSS
Exploits1References2
CVE
CVE
added 2026/06/02 9:52 a.m.21 views

CVE-2025-53346

CVE-2025-53346 : WordPress Thim Core plugin

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 9:52 a.m.14 views

CVE-2025-53346 WordPress Thim Core Plugin <= 2.3.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in ThimPress Thim Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Core: from n/a through 2.3.3...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 9:51 p.m.12 views

EUVD-2026-33839

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:46 p.m.9 views

CVE-2026-24754

Kiteworks is a private data network PDN. Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

5.4CVSS6.1AI score0.00136EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/01 9:46 p.m.13 views

EUVD-2026-33837

Kiteworks is a private data network PDN. Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

5.4CVSS6.1AI score0.00136EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 9:45 p.m.27 views

CVE-2026-24753

Kiteworks (PDN) prior to 9.3.0 is affected by an Insecure Direct Object Reference (IDOR) in Secure Data Forms. An authenticated user can modify resources belonging to other users due to insufficient authorization checks on resource ownership. A patch is available in version 9.3.0 and later; upgra...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/01 9:43 p.m.30 views

CVE-2026-24752

CVE-2026-24752 affects Kiteworks Secure Data Forms prior to version 9.3.0. A reflected XSS could cause a user to execute arbitrary JavaScript, with patch provided in 9.3.0+. CVSSv3.1 base score 8.2 (HIGH): attack vector NETWORK, privileges required NONE, user interaction REQUIRED, scope CHANGED, ...

8.2CVSS5.9AI score0.00283EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/01 4:37 p.m.33 views

CVE-2026-45154

Nextcloud Collectives vulnerability: from version 2.6.0 through before 4.3.0, if a collective page was deleted and the collective was shared view‑only, guests with access could directly retrieve the deleted pages from the trashbin. Root cause: improper access control. A fix is available in versio...

2.6CVSS5.7AI score0.00189EPSS
Exploits0References3
OSV
OSV
added 2026/06/01 4:37 p.m.5 views

CVE-2026-45154 Nextcloud: Improper Access Control in Collectives

Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...

2.6CVSS5.9AI score0.00189EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.16 views

PT-2026-45470

Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...

2.6CVSS5.7AI score0.00189EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/28 4:25 p.m.22 views

EUVD-2026-32947

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning entity Contact, Lead, Account, or User without performing an ACL check. An authenticated user with...

6.5CVSS5.8AI score0.00346EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.26 views

CVE-2026-42735

The CVE concerns the WordPress KiviCare plugin by Iqonic Design (affected: KiviCare kivicare-clinic-management-system, plugin version

8.2CVSS5.8AI score0.00255EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 7:16 a.m.18 views

CVE-2026-8884

The Instant-Quote.co Quotation Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00217EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 5:31 a.m.19 views

EUVD-2026-32078

The Tuxquote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'TUXQUOTE' shortcode in versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes 'title', 'align', and 'width' in the tuxquotebuildforma...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.7 views

Fedora 42 : rust-rpm-sequoia / rust-sequoia-chameleon-gnupg / rust-sequoia-git / etc (2026-8df732be8a)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-8df732be8a advisory. Update sequoia-openpgp to version 2.3.0. This includes three security relevant fixes assigned CVE-2026-42783, CVE-2026-42784, and CVE-not-...

5.5CVSS5.8AI score0.00085EPSS
Exploits0References4
OSV
OSV
added 2026/05/26 6:0 p.m.3 views

CVE-2026-9568 ThingsBoard YAML provision getGatewayDockerComposeFile code injection

A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...

2.3CVSS5.4AI score0.00219EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/26 1:54 a.m.30 views

SUSE CVE-2026-7737

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated...

7.5CVSS5.6AI score0.00631EPSS
Exploits0References3
Rows per page
Query Builder