Lucene search
K

30469 matches found

CVE
CVE
added 6 days ago11 views

CVE-2026-38972

Notepad3 versions up to 6.25.822.1 are vulnerable to a DLL search-order hijack in the About-dialog code path (src/Notepad3.c). The application loads MSFTEDIT.DLL via LoadLibrary with a bare DLL name, enabling a local attacker to place a malicious MSFTEDIT.DLL in the application directory or anoth...

7.8CVSS6.4AI score0.00148EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 days ago4 views

CVE-2026-38972

Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibraryL"MSFTEDIT.DLL" with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or...

6.4AI score0.00148EPSS
Exploits0References4
CVE
CVE
added last week17 views

CVE-2026-55790

Summary of CVE-2026-55790 (Craft CMS) : This is a DOM-based cross-site scripting flaw in Craft CMS. Versions affected are 5.0.0-RC1–5.9.22 and 4.0.0-RC1–4.17.15. An attacker with only a GitHub account can insert a JavaScript payload into a craftcms/cms issue title. When a Craft admin uses the Cra...

7.4CVSS5.8AI score0.00311EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 5:16 a.m.6 views

CVE-2026-12110

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'tasksearch' parameter in all versions up to, and including, 5.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.00328EPSS
Exploits0References11
EUVD
EUVD
added 2026/07/01 3:43 a.m.6 views

EUVD-2026-40894

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'tasksearch' parameter in all versions up to, and including, 5.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/30 10:15 p.m.26 views

CVE-2026-54672 electron-updater: Uncontrolled search path elements within `AppImage` built by `app-builder-lib`

electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LDLIBRARYPATH environment variable at runtime. This causes the current working directory to be added to the dynamic linke...

7.8CVSS0.00129EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:15 p.m.14 views

CVE-2026-54672

CVE-2026-54672 : The issue affects electron-updater with AppImage targets built by app-builder-lib prior to 26.15.0. At runtime, an empty path component in LD_LIBRARY_PATH can cause the current working directory to be added to the dynamic linker search path, potentially enabling an attacker to pl...

7.8CVSS6.1AI score0.00129EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 11:48 a.m.12 views

CVE-2026-14209

Technical details (affected product/version, root cause, impact, fixes) are not publicly available in the provided Connected documents. Monitor for updates.

4.3CVSS5.7AI score0.00173EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/30 11:48 a.m.7 views

CVE-2026-14209

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS5.6AI score0.00173EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 10:16 a.m.9 views

CVE-2026-9711

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...

9.8CVSS0.00438EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 9:31 a.m.35 views

CVE-2026-9711 EventON - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection via Search Parameter

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...

9.8CVSS0.00438EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 9:31 a.m.21 views

CVE-2026-9711

CVE-2026-9711 affects the EventON WordPress Virtual Event Calendar Plugin (full) up to version 5.0.11. The root cause is insufficient escaping and lack of prepared statements in the SQL query used when processing the WordPress search parameter, enabling an unauthenticated attacker to append addit...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 9:31 a.m.6 views

CVE-2026-9711

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/30 9:31 a.m.6 views

EUVD-2026-40273

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References2
Imperva Blog
Imperva Blog
added 2026/06/30 9:25 a.m.8 views

AI Agents Are Visiting Your Website. Which Ones Should You Trust?

The internet is changing fast. For years, the main goal of search was simple: to help users find links. A user searched, reviewed results, clicked a website, and consumed the content directly from the source. But AI is changing that model. Increasingly, users ask AI assistants for answers instead...

5.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/06/29 4:27 p.m.16 views

Chromium extension uses AI‑related branding to redirect browser search

In this article 1. Extension overview 2. Key indicators of malicious behavior 3. Dynamic analysis findings 4. Mitigation and protection guidance 5. References 6. Learn more Microsoft Threat Intelligence has identified a malicious Chromium-based extension that spoofs the AI-powered answer engine...

6AI score
Exploits0
Patchstack
Patchstack
added 2026/06/29 2:29 p.m.5 views

WordPress WP Fast Total Search plugin <= 1.80.280 - SQL Injection vulnerability

SQL Injection vulnerability discovered by HaiND in WordPress Plugin WP Fast Total Search versions = 1.80.280...

9.3CVSS5.8AI score0.00247EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-528 Rucio has SQL Injection in FilterEngine Oracle JSON Path via DID Search API

Summary A SQL injection vulnerability in the Oracle path of FilterEngine.createsqlaquery allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. Attacker-controlled filter keys and values are interpolated...

9.9CVSS6.3AI score0.00281EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.4 views

PYSEC-2026-527 Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API

Summary A SQL injection vulnerability in FilterEngine.createpostgresquery allows any authenticated Rucio user to execute arbitrary SQL against the configured PostgreSQL metadata database through the DID search endpoint GET /dids//dids/search. When the external metadata plugin postgresmeta is...

9.9CVSS6.7AI score0.00301EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-260 Aim Web API vulnerable to Remote Code Execution

A critical Remote Code Execution RCE vulnerability was identified in the aimhubio/aim project, specifically within the /api/runs/search/run/ endpoint, affecting versions = 3.0.0. The vulnerability resides in the runsearchapi function of the aim/web/api/runs/views.py file, where improper restricti...

9.8CVSS8AI score0.018EPSS
Exploits1References5
Rows per page
Query Builder