Lucene search
K

484 matches found

Patchstack
Patchstack
added 3 days ago5 views

WordPress Novalnet Payment Gateway for WooCommerce plugin <= 12.10.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by qdtad in WordPress Plugin Novalnet Payment Gateway for WooCommerce versions = 12.10.3...

9.8CVSS5.8AI score
Exploits0Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: The separate reset and clock enable bits are removed for the 8MQ VPU. For the i.MX8MQ platform, the ADB in the VPUMIX domain does not have separate reset and clock enable bits. Instead, both are enabled...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

Due to a vulnerability in the iouring subsystem, it is possible for kernel memory information to be leaked to the user process. timensinstall calls currentissinglethreaded to determine whether the current process is single-threaded. However, this call does not take into account iouring’s ioworker...

5.5CVSS6.6AI score0.00268EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: NFSD: Protection against send buffer overflow in NFSv2 READ Since the time before the advent of Git, NFSD has managed the number of pages held by each nfsd thread by combining the RPC receive and send buffers into a single array ...

7.8CVSS6.2AI score0.0017EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb:typec:ucsi: Do not attempt to resume ports before they exist. This fix addresses a null pointer dereference issue that occurred when the driver attempted to resume ports that were not yet registered...

5.5CVSS5.5AI score0.00197EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: Fix memory leak in netlblcipsov4addstd Reported by syzkaller: BUG: Memory leak Unreferenced object: 0xffff888105df7000 size 64 Process: “syz-executor842”, PID: 360, Jiffies: 4294824824 Age: 22.546 seconds Hex dump firs...

5.5CVSS6.2AI score0.00236EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk. Starting from version 7.0.8 and before version 7.0.10, authenticated users could use the MSETNX command to trigger a runtime assertion and terminate the Redis server process. This issue was fixed in Redis version 7.0.10...

5.5CVSS5.2AI score0.54978EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 5:34 a.m.26 views

CVE-2026-11360

The CVE-2026-11360 entry concerns the WordPress plugin Advanced Order Export For WooCommerce (WooCommerce), affected up to version 4.0.10. The vulnerability is a generic SQL Injection via the sort_direction parameter caused by insufficient escaping and inadequate SQL query preparation. Exploitati...

4.9CVSS5.9AI score0.00369EPSS
Exploits0References14
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2025-69164

Unauthenticated Local File Inclusion in Skyward = 1.10 versions...

8.1CVSS0.00348EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.6 views

CVE-2026-47277

Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only...

6.5CVSS0.00399EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 3:2 p.m.1 views

CLEANSTART-2026-XV65906 Security fixes for CVE-2023-45288, CVE-2023-48795, CVE-2024-24786, CVE-2024-45337, CVE-2024-45338, CVE-2025-22868, CVE-2025-22869, CVE-2025-22870, CVE-2025-22872, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27140, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598 applied in versions: 2.10.1-r0, 2.10.1-r1, 2.10.1-r2

Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7.6AI score0.93305EPSS
Exploits11References111
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.7 views

CVE-2025-14362

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

7.3CVSS5.4AI score0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.9 views

CVE-2026-33121

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...

8.8CVSS5.7AI score0.00328EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/29 10:9 p.m.10 views

Sequence of Processor Instructions Leads to Unexpected Behavior

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Sequence of Processor Instructions Leads to Unexpected Behavior through the fielddelete process. An attacker can permanently remove...

7.1CVSS5.8AI score0.00029EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.13 views

archive-tar-new 安全漏洞

archive-tar-new is a Perl module developed by Jos Boumans, used for creating and manipulating tar files in memory. Versions of archive-tar-new prior to version 3.10 contained security vulnerabilities. These vulnerabilities stemmed from the readtar function, which did not set an upper limit when...

7.5CVSS5.9AI score0.00437EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/25 5:37 p.m.88 views

Exploit for CVE-2012-1803

CVE-2012-1803 Critical vulnerability in Siemens Rugge...

8.5CVSS5.8AI score0.49114EPSS
Exploits8
Cvelist
Cvelist
added 2026/05/23 6:30 p.m.29 views

CVE-2018-25351 Joomla! Component EkRishta 2.10 SQL Injection via username

Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads ...

8.8CVSS0.00358EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/23 6:30 p.m.14 views

CVE-2018-25348 Joomla! Component Ek Rishta 2.10 SQL Injection via user_detail

Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the userdetail view with malicious cid values containing SQL commands t...

8.8CVSS0.00358EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/19 12:31 p.m.11 views

MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...

9.6CVSS6.1AI score0.00371EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/05/18 6:34 a.m.13 views

EUVD-2026-30739

Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the setadd method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue...

5.8AI score0.00306EPSS
Exploits0References2
Rows per page
Query Builder