Lucene search
K

18850 matches found

NVD
NVD
added yesterday6 views

CVE-2026-9711

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...

9.8CVSS0.00438EPSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-40273

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40128

A flaw has been found in Edimax EW-7478APC 1.04. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. This manipulation of the argument UserName/Password causes buffer overflow. The attack is possible to be carried out remotely...

9CVSS7.7AI score0.00455EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40073

A flaw has been found in Edimax EW-7478APC 1.04. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. This manipulation of the argument selSSID causes buffer overflow. It is possible to initiate the attack remotely. The exploit...

9CVSS7.5AI score0.00445EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-40044

A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project wa...

6.5CVSS5.4AI score0.00214EPSS
Exploits0References8
CVE
CVE
added 2 days ago13 views

CVE-2026-13544

The CVE refers to Feehi CMS (up to version 2.1.1) with an issue in the API component, specifically the /api/users endpoint. The flaw allows manipulation that leads to improper access controls, enabling remote initiation of an attack. Public exploit appears to be available, and the vendor/maintain...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References8
NVD
NVD
added 2 days ago8 views

CVE-2026-13517

A flaw has been found in Tenda JD12L 16.03.53.23. The impacted element is the function formWifiBasicSet of the file /goform/WifiBasicSet. Executing a manipulation of the argument security5g can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publishe...

9CVSS0.00466EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-40014

A flaw has been found in Tenda JD12L 16.03.53.23. The impacted element is the function formWifiBasicSet of the file /goform/WifiBasicSet. Executing a manipulation of the argument security5g can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publishe...

9CVSS8AI score0.00466EPSS
Exploits0References6
CVE
CVE
added 3 days ago14 views

CVE-2026-13502

The CVE-2026-13502 entry concerns antlr ANTLR4 up to 4.13.2. It affects the function ObjectInputStream.readObject in the antlr4-maven-plugin’s GrammarDependencies.java, indicating a time-of-check time-of-use issue. The attack is restricted to local execution and requires a high degree of complexi...

4.5CVSS5.2AI score0.00091EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-40000

A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Maven Plugin. This manipulation causes time-of-check time-of-use. The attack is...

4.5CVSS5.2AI score0.00091EPSS
Exploits0References5
NVD
NVD
added 3 days ago7 views

CVE-2026-13493

A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversationapi.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can lead to improper control of resource identifiers. The atta...

3.1CVSS0.00232EPSS
Exploits0References7
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-13493 AIDC-AI ComfyUI-Copilot Workflow Checkpoint Restore conversation_api.py resource injection

A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversationapi.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can lead to improper control of resource identifiers. The atta...

3.1CVSS0.00232EPSS
Exploits0References7
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-39983

A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encryptcredentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the...

3.1CVSS4.9AI score0.00095EPSS
Exploits0References7
NVD
NVD
added 5 days ago9 views

CVE-2026-54350

Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collection and, where the builder has published a PUBLIC write...

10CVSS0.00427EPSS
Exploits1References1
CVE
CVE
added 5 days ago27 views

CVE-2026-54350

Budibase CVE-2026-54350 describes an unauthenticated NoSQL injection against published Budibase apps. EnrichContext substitutes query parameters into the JSON body and JSON.parse can lift attacker-controlled fields into the parsed filter, allowing an attacker with a PUBLIC query to read (and for ...

10CVSS5.8AI score0.00427EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 5 days ago23 views

CVE-2026-54350 Budibase: Anonymous NoSQL operator injection via published-app query templates

Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collection and, where the builder has published a PUBLIC write...

10CVSS0.00427EPSS
Exploits1References1
Snyk
Snyk
added 2026/06/22 10:21 p.m.6 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the HTTP Agent. An attacker can cause a client to accept a response as valid before the client has sent its request by exploiting the timing of HTTP responses. Remediation A fix was...

6.3CVSS6.2AI score0.00336EPSS
Exploits1References2
NVD
NVD
added 2026/06/21 8:16 p.m.12 views

CVE-2026-12805

A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

7.5CVSS0.00279EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/21 5:11 p.m.4 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of integer values in the copyString function. An attacker can cause memory corruption or potentially execute arbitrary code by providing specially crafted input that triggers the...

7.5CVSS6.2AI score0.00102EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/21 5:9 p.m.4 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper validation in the XMLParseBuffer function. An attacker can cause unexpected behavior, including potential data corruption or application crashes, by providing specially crafted input that...

7.5CVSS5.9AI score0.00102EPSS
Exploits0References2
Rows per page
Query Builder