Lucene search
K

952833 matches found

Patchstack
Patchstack
added 2026/06/18 8:49 a.m.11 views

WordPress Offload, AI & Optimize with Cloudflare Images plugin <= 1.10.2 - Authenticated (Author+) Remote Code Execution vulnerability

Authenticated Author+ Remote Code Execution vulnerability discovered by Yat in WordPress Plugin Offload, AI & Optimize with Cloudflare Images versions = 1.10.2...

8.8CVSS5.5AI score0.00577EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/18 8:16 a.m.12 views

CVE-2026-55742

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the administration rights handler. In system/admin/admin.rights.php, the rights update action 'a=update' modifies group access rights including via cotauthaddgroup without calling cotcheckxg to validate th...

9.6CVSS0.00227EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 6:16 a.m.13 views

CVE-2026-9860

The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.2 via the 'account-id' parameter parameter. This is due to insufficient privilege enforcement on the cfimagesdosetup AJAX handler, which require...

8.8CVSS0.00577EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/18 6:6 a.m.9 views

EUVD-2026-37855

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.main.php, the file upload action 'a=upload' processes uploaded files without calling cotcheckxg to validate the anti-CSRF token, even though...

8.6CVSS5.4AI score0.00177EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 6:5 a.m.9 views

EUVD-2026-37854

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the administration rights handler. In system/admin/admin.rights.php, the rights update action 'a=update' modifies group access rights including via cotauthaddgroup without calling cotcheckxg to validate th...

9.6CVSS5.8AI score0.00227EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 6:0 a.m.21 views

CVE-2026-9815

The CVE-2026-9815 entry concerns the MagicForm WordPress plugin (versions up to 0.1.3). The affected component is the file upload path via an unauthenticated AJAX action, where the per-field extension allowlist being empty leads to improper validation of uploaded file types. As a result, unauthen...

6.5CVSS6AI score0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 6:0 a.m.20 views

CVE-2026-9815 MagicForm <= 0.1.3 - Unauthenticated Arbitrary File Upload to RCE

The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded through an unauthenticated AJAX action when a form's per-field extension allowlist is left empty, allowing unauthenticated attackers to upload PHP files and execute arbitrary code on the server...

0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 4:31 a.m.24 views

CVE-2026-9860 Offload, AI & Optimize with Cloudflare Images <= 1.10.2 - Authenticated (Author+) Remote Code Execution via 'api-key' / 'account-id' Parameters in cf_images_do_setup AJAX Action

The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.2 via the 'account-id' parameter parameter. This is due to insufficient privilege enforcement on the cfimagesdosetup AJAX handler, which require...

8.8CVSS0.00577EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/18 4:31 a.m.9 views

EUVD-2026-37840

The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.2 via the 'account-id' parameter parameter. This is due to insufficient privilege enforcement on the cfimagesdosetup AJAX handler, which require...

8.8CVSS6AI score0.00577EPSS
Exploits0References6
CVE
CVE
added 2026/06/18 4:31 a.m.42 views

CVE-2026-9860

The CVE-2026-9860 entry concerns the WordPress plugin “Offload, AI & Optimize with Cloudflare Images” (versions

8.8CVSS6AI score0.00577EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/18 4:9 a.m.7 views

Malicious code in stackus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a8032b910c8971e79e7d8b0e250ce4d61fd2a2206d6b319a5aed50e32490456 On require, lib/writer.js loaded transitively from the package's main pino.js collects the installer's full process.env together with host identifier...

5.8AI score
Exploits0References2
Debian
Debian
added 2026/06/18 3:0 a.m.4 views

[SECURITY] [DLA 4634-1] nginx security update

Debian LTS Advisory DLA-4634-1 [email protected] https://www.debian.org/lts/security/ Carlos Henrique Lima Melara June 17, 2026 https://wiki.debian.org/LTS Package : nginx Version : 1.18.0-6.1+deb11u7 CVE ID : CVE-2026-9256 Debian Bug : 1137339 A vulnerability was discoverd in Nginx, a...

9.2CVSS6.2AI score0.04261EPSS
Exploits3
SUSE CVE
SUSE CVE
added 2026/06/18 2:0 a.m.10 views

SUSE CVE-2026-10649

A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption, leading to a denial...

7.5CVSS5.4AI score0.0044EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 2:0 a.m.8 views

SUSE CVE-2026-12441

Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS5.5AI score0.00301EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 2:0 a.m.7 views

SUSE CVE-2026-12442

Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.00387EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 2:0 a.m.7 views

SUSE CVE-2026-12443

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.00601EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 2:0 a.m.8 views

SUSE CVE-2026-12447

Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.3AI score0.00417EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 2:0 a.m.9 views

SUSE CVE-2026-12448

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.3AI score0.00255EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.9 views

SUSE CVE-2026-12455

Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

7.5CVSS5.5AI score0.00227EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.7 views

SUSE CVE-2026-12458

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.3AI score0.0019EPSS
Exploits0References3
Rows per page
Query Builder