Lucene search
K

36 matches found

NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-39595

Author Broken Access Control in W3 Total Cache = 2.9.1 versions...

4.7CVSS0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-45413

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...

6.9CVSS5.5AI score0.00083EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 10:53 a.m.18 views

CVE-2025-41273

CVE-2025-41273 affects Waterfall WF-500 TX and RX Hosts (version 7.9.1.0 R2502171040). Nozomi Networks Labs describe CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI, enabling remote unauthenticated attackers to bypass authentication and perform actions as an...

9.8CVSS5.8AI score0.00407EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/26 8:12 p.m.35 views

CVE-2026-45413 MaxKB: Unsalted MD5 Password Hashing

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...

6.9CVSS0.00083EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.11 views

CVE-2026-41250

Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1...

5.7CVSS5.8AI score0.00284EPSS
Exploits0References1
NVD
NVD
added 2026/05/09 8:16 p.m.25 views

CVE-2026-8195

A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site...

5.3CVSS0.00269EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.7 views

PT-2026-32979

Name of the Vulnerable Software and Affected Versions next-intl versions prior to 4.9.1 Description Applications using the middleware with localePrefix: 'as-needed' could construct URLs where path handling and the WHATWG URL parser resolved a relative redirect target to another host. This occurs...

6.9CVSS5.8AI score0.00339EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/04/08 7:34 p.m.3 views

CVE-2026-39355

Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to transfer ownership of arbitrary non-personal teams to themselves. This enables complete takeover of other users’ team workspaces...

9.9CVSS6.1AI score0.00315EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:54 a.m.10 views

CVE-2026-27384

Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through = 2.9.1...

9CVSS5.8AI score0.00304EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/02/20 8:26 p.m.184 views

Exploit for CVE-2025-2304

CVE-2025-2304-Camaleon-C...

9.4CVSS5.3AI score0.00566EPSS
Exploits16
CVE
CVE
added 2026/02/09 7:16 p.m.26 views

CVE-2026-25057

CVE-2026-25057 affects MarkUs prior to version 2.9.1. Instructors can upload a zip file to create an assignment from an exported configuration, and the zip entry names are used to construct paths for writing files to disk without validating those paths. This can allow arbitrary path usage during ...

9.1CVSS5.6AI score0.00469EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.7 views

MarkUs 安全漏洞

MarkUs is an open-source Ruby on Rails and React web application used for submitting and grading student assignments. Versions of MarkUs prior to 2.9.1 contained a security vulnerability due to insufficient file path checking, which could allow arbitrary file writing...

9.1CVSS5.9AI score0.00469EPSS
Exploits0References4
OSV
OSV
added 2025/12/11 5:15 p.m.4 views

CVE-2025-66043

Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 3...

9.8CVSS6.5AI score
Exploits0References1
CVE
CVE
added 2025/12/11 3:27 a.m.26 views

CVE-2025-10163

Summary: WordPress plugin List category posts (versions

6.5CVSS6.2AI score0.00286EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-28096

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00431EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.6 views

PT-2025-33156 · Unknown · Pressforward

Name of the Vulnerable Software and Affected Versions: PressForward versions n/a through 5.9.1 Description: A Server-Side Request Forgery SSRF vulnerability exists in PressForward. This issue allows attackers to perform Server Side Request Forgery. Recommendations: Update PressForward to a versio...

6.4CVSS7.2AI score0.00202EPSS
Exploits0References3
Fedora
Fedora
added 2025/06/11 2:46 a.m.7 views

[SECURITY] Fedora 42 Update: qt6-qtquick3dphysics-6.9.1-1.fc42

The Qt 6 Quick3D Physics library...

8.4CVSS7.3AI score0.00309EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 7:41 a.m.5 views

CVE-2019-19664

A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server Web settings at RAPR/WebSettingsGeneralSet.html...

7.1CVSS7AI score0.00372EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/08 11:13 a.m.22 views

CVE-2025-3468 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Stored Cross-Site Scripting

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cleanhtml and formfields parameters in all versions up to, and including, 8.9.1 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS0.00182EPSS
Exploits0References2
OSV
OSV
added 2025/03/05 10:15 a.m.3 views

CVE-2024-13777

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.91 via deserialization of untrusted input from the 'margs' parameter. This makes it possible for unauthenticated attackers to inject a PHP...

9.8CVSS7.5AI score
Exploits0References2
Rows per page
Query Builder