Lucene search
K

7262 matches found

ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-15291

The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/id. This is due to the plugin not performing any...

7.5CVSS5.9AI score0.0047EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 5 days ago9 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free information disclosure in CreateSaverWindow()

A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow. A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure...

5.5CVSS6.1AI score0.00141EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 5 days ago3 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free information disclosure in CreateSaverWindow()

A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow. A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure...

5.5CVSS6.1AI score0.00141EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 5 days ago5 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free information disclosure in CreateSaverWindow()

A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow. A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure...

5.5CVSS6.1AI score0.00141EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 5 days ago5 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free information disclosure in CreateSaverWindow()

A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow. A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure...

5.5CVSS6.1AI score0.00141EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 6 days ago12 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free information disclosure in CreateSaverWindow()

A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow. A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure...

5.5CVSS6.1AI score0.00141EPSS
Exploits0References7
NVD
NVD
added 2026/07/02 4:17 a.m.6 views

CVE-2026-13125

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.8CVSS0.00227EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 2:14 a.m.11 views

CVE-2026-13125

GeoWebPlayer (GeoVision addon, also called Web Plugin/WS Player) exposes a websocket server with no authentication. Vulnerable component: GeoWebPlayer version 1.1.1.0. Root cause: missing authentication for critical websocket operations, enabling a malicious page to open a connection and issue pr...

8.8CVSS5.7AI score0.00227EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 2:14 a.m.9 views

EUVD-2026-41241

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.8CVSS5.7AI score0.00227EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:14 a.m.7 views

CVE-2026-13125

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.8CVSS5.7AI score0.00227EPSS
Exploits0References2Affected Software1
Talos
Talos
added 2026/07/01 12:0 a.m.9 views

GeoVision GeoWebPlayer Websocket Server lack of authentication vulnerability

Summary A lack of authentication vulnerability exists in the Websocket Server functionality of GeoWebPlayer versions: 1.1.1.0. A specially crafted websocket connection can lead to execute priviledged operation. An attacker can stage a malicious webpage to trigger this vulnerability. Confirmed...

8.8CVSS5.9AI score0.00227EPSS
Exploits0
CVE
CVE
added 2026/06/30 8:21 p.m.16 views

CVE-2026-9106

The CVE-2026-9106 issue concerns GitHub Enterprise Server where a UI misrepresentation allowed an OAuth app to gain unauthorized access to an organization’s runner management. A victim could be tricked into authorizing an app requesting the manage_runners:org scope because the scope was not shown...

5.5CVSS5.8AI score0.00176EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/06/30 6:0 a.m.12 views

CVE-2026-11581

The CVE-2026-11581 entry concerns the Kali Forms — Contact Form & Drag-and-Drop Builder for WordPress, vulnerable before version 2.4.13. The form captions (columns on the form-entries admin screen) are not sanitized, allowing stored XSS where a user with Contributor-level access (or higher) can i...

5.9CVSS5.8AI score0.0014EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53988

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.22 Description A UI misrepresentation issue allows an OAuth application to obtain unauthorized access to organization runner management. An attacker can exploit this by creating an OAuth application...

5.5CVSS5.8AI score0.00176EPSS
Exploits0References14
NVD
NVD
added 2026/06/28 2:16 a.m.12 views

CVE-2026-58056

RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...

7.6CVSS0.00191EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.33 views

CVE-2026-58056 RustDesk - FileTransfer Session Authorization Scope Bypass

RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...

7.6CVSS0.00191EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/28 1:32 a.m.10 views

EUVD-2026-39976

RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...

7.6CVSS5.8AI score0.00191EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.39 views

CVE-2026-58052 7-Zip - Mark-of-the-Web Bypass via RAR5 Alternate Data Stream Name Collision

7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA' is not matched...

4.8CVSS0.00119EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.230 views

Apache OFBiz - Improper Authorization & Remote Code Execution

Improper Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...

9.8CVSS7.8AI score0.99427EPSS
Exploits10References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:18 p.m.8 views

Malicious code in sypoi1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b22a9450e70ba1095097d2779ad6da01c111c37e940d890fbfc21d1aeb6a0f11 On require, index.js silently bootstraps a full Python runtime on the installer's machine — first via winget install -e --id Python.Python.3.12...

5.9AI score
Exploits0References4
Rows per page
Query Builder