Lucene search
K

30442 matches found

CVE
CVE
added 3 days ago10 views

CVE-2026-38972

Notepad3 (up to version 6.25.822.1) is vulnerable to a DLL search-order hijacking in the About-dialog path (src/Notepad3.c). The code calls LoadLibrary(L"MSFTEDIT.DLL") with a bare DLL name, allowing a local attacker to drop a malicious MSFTEDIT.DLL in the application directory or another DLL sea...

6.4AI score0.00178EPSS
Exploits0References3
CVE
CVE
added 4 days ago9 views

CVE-2026-55790

Summary of CVE-2026-55790 (Craft CMS) : This is a DOM-based cross-site scripting flaw in Craft CMS. Versions affected are 5.0.0-RC1–5.9.22 and 4.0.0-RC1–4.17.15. An attacker with only a GitHub account can insert a JavaScript payload into a craftcms/cms issue title. When a Craft admin uses the Cra...

7.4CVSS5.8AI score0.00311EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-12110

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'tasksearch' parameter in all versions up to, and including, 5.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.00328EPSS
Exploits0References11
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40894

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'tasksearch' parameter in all versions up to, and including, 5.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References11
Cvelist
Cvelist
added 5 days ago26 views

CVE-2026-54672 electron-updater: Uncontrolled search path elements within `AppImage` built by `app-builder-lib`

electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LDLIBRARYPATH environment variable at runtime. This causes the current working directory to be added to the dynamic linke...

7.8CVSS0.00129EPSS
Exploits0References2
CVE
CVE
added 5 days ago11 views

CVE-2026-54672

CVE-2026-54672 : The issue affects electron-updater with AppImage targets built by app-builder-lib prior to 26.15.0. At runtime, an empty path component in LD_LIBRARY_PATH can cause the current working directory to be added to the dynamic linker search path, potentially enabling an attacker to pl...

7.8CVSS6.1AI score0.00129EPSS
Exploits0References2
CVE
CVE
added 5 days ago11 views

CVE-2026-14209

Technical details (affected product/version, root cause, impact, fixes) are not publicly available in the provided Connected documents. Monitor for updates.

4.3CVSS5.7AI score0.00173EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 5 days ago7 views

CVE-2026-14209

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS5.6AI score0.00173EPSS
Exploits0References3
NVD
NVD
added 5 days ago8 views

CVE-2026-9711

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...

9.8CVSS0.00438EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-9711 EventON - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection via Search Parameter

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...

9.8CVSS0.00438EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-9711

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40273

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References2
CVE
CVE
added 5 days ago19 views

CVE-2026-9711

CVE-2026-9711 affects the EventON WordPress Virtual Event Calendar Plugin (full) up to version 5.0.11. The root cause is insufficient escaping and lack of prepared statements in the SQL query used when processing the WordPress search parameter, enabling an unauthenticated attacker to append addit...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References2
Imperva Blog
Imperva Blog
added 5 days ago7 views

AI Agents Are Visiting Your Website. Which Ones Should You Trust?

The internet is changing fast. For years, the main goal of search was simple: to help users find links. A user searched, reviewed results, clicked a website, and consumed the content directly from the source. But AI is changing that model. Increasingly, users ask AI assistants for answers instead...

5.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 6 days ago15 views

Chromium extension uses AI‑related branding to redirect browser search

In this article 1. Extension overview 2. Key indicators of malicious behavior 3. Dynamic analysis findings 4. Mitigation and protection guidance 5. References 6. Learn more Microsoft Threat Intelligence has identified a malicious Chromium-based extension that spoofs the AI-powered answer engine...

6AI score
Exploits0
Patchstack
Patchstack
added 6 days ago5 views

WordPress WP Fast Total Search plugin <= 1.80.280 - SQL Injection vulnerability

SQL Injection vulnerability discovered by HaiND in WordPress Plugin WP Fast Total Search versions = 1.80.280...

9.3CVSS5.8AI score0.00247EPSS
Exploits0Affected Software1
OSV
OSV
added 6 days ago5 views

PYSEC-2026-528 Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API

Summary A SQL injection vulnerability in the Oracle path of FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. Attacker-controlled filter keys and values are interpolated...

9.9CVSS6.3AI score0.00281EPSS
Exploits0References5
OSV
OSV
added 6 days ago4 views

PYSEC-2026-527 Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API

Summary A SQL injection vulnerability in FilterEngine.createpostgresquery allows any authenticated Rucio user to execute arbitrary SQL against the configured PostgreSQL metadata database through the DID search endpoint GET /dids//dids/search. When the external metadata plugin postgresmeta is...

9.9CVSS6.7AI score0.00301EPSS
Exploits0References5
OSV
OSV
added 6 days ago5 views

PYSEC-2026-260 Aim Web API vulnerable to Remote Code Execution

A critical Remote Code Execution RCE vulnerability was identified in the aimhubio/aim project, specifically within the /api/runs/search/run/ endpoint, affecting versions = 3.0.0. The vulnerability resides in the runsearchapi function of the aim/web/api/runs/views.py file, where improper restricti...

9.8CVSS8AI score0.018EPSS
Exploits1References5
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago7 views

Malicious code in rebrandly-domains-search-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d4464320c8530d582d35f85ce95045182d82e1dd63a830644bcb68f05bdf10e Package [email protected] is an empty module index.js exports an empty object whose package.json preinstall hook runs node...

5.8AI score
Exploits0References2
Rows per page
Query Builder