Lucene search
K

647 matches found

Patchstack
Patchstack
added last week5 views

WordPress Events Manager plugin <= 7.3.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by dutafi in WordPress Plugin Events Manager versions = 7.3.6...

8.8CVSS6.1AI score0.00317EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/07/06 5:31 p.m.21 views

CVE-2026-12154

The CVE concerns the WordPress plugin Reviews Widgets for Google, Yelp & TripAdvisor (fb-reviews-widget)

6.4CVSS6AI score0.00193EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 7:9 p.m.4 views

GHSA-3VCG-PV95-PQ54 SFTPGo has stored XSS via inline parameter on public shares and user file download

Summary The inline query parameter on the browsable-share file download and on the authenticated user file download suppressed Content-Disposition: attachment, so an HTML file stored in a share or home directory could be served as text/html and execute in SFTPGo's web origin stored XSS. Impact Lo...

3.7CVSS5.8AI score0.00028EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 7:9 p.m.4 views

GHSA-H64P-8H4R-6GFH SFTPGo has path confinement bypass in public browsable share partial ZIP download

Summary The public web-client endpoint for partial ZIP downloads of a browsable share did not correctly confine the client-supplied files entries to the shared directory. A requester able to reach a public share could read files located outside the shared directory, as long as the target's...

5.9CVSS5.8AI score0.00057EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 7:13 p.m.2 views

CVE-2026-53622 Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake...

7.8CVSS6AI score0.0024EPSS
Exploits1References7
NVD
NVD
added 2026/06/22 8:16 p.m.10 views

CVE-2026-10852

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server...

7.5CVSS0.00271EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 7:32 p.m.41 views

CVE-2026-10852

CVE-2026-10852 affects IBM WebSphere Application Server and IBM WebSphere Application Server Liberty via the WebSphere WebServer Plug-in. The IBM and NVD entries describe a denial-of-service vulnerability triggered by crafted requests to the web server. Affected versions include IBM WebSphere App...

7.5CVSS5.8AI score0.00271EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/22 7:32 p.m.5 views

EUVD-2026-38346

IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server...

5.9CVSS5.8AI score0.00271EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 4:16 p.m.11 views

CVE-2025-52465

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web pa...

7.2CVSS0.00353EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/06/18 2:21 p.m.6 views

WordPress APIExperts Square for WooCommerce plugin <= 4.7.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou in WordPress Plugin APIExperts Square for WooCommerce versions = 4.7.3...

8.3CVSS5.8AI score0.00182EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/17 1:20 p.m.11 views

CVE-2026-49080

Unauthenticated SQL Injection in wpDataTables = 7.3.6 versions...

9.3CVSS0.00312EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 2:34 p.m.37 views

CVE-2026-7870

CVE-2026-7870 affects IBM i 7.3–7.6 (5770-SS1). Root cause: an unqualified library call (CWE-427) could let a user’s code run with administrator privileges, enabling privilege escalation. Impact: allows elevated rights, with CVSSv3.1 base score 8.8 (HIGH) — attack vector: network, complexity: low...

8.8CVSS5.5AI score0.00343EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.19 views

PT-2026-48675

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...

8.8CVSS5.5AI score0.00343EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 6:0 a.m.12 views

EUVD-2026-35985

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

8.6CVSS5.6AI score0.00969EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-46311

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitive user data...

7.5CVSS5.4AI score0.00231EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/04 9:7 a.m.11 views

WordPress ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 7.3.1 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin ARMember Premium versions = 7.3.1...

6.5CVSS5.9AI score0.00308EPSS
Exploits1References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2026/06/04 12:0 a.m.12 views

VulnCheck KEV: CVE-2026-5073

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS5.7AI score0.01383EPSS
In wildExploits1References2
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.10 views

NetApp Active IQ OneCollect 安全漏洞

NetApp Active IQ OneCollect is a platform provided by the US-based NetApp company that collects, analyzes, and validates diagnostic data from storage infrastructure. Version 2.7.3 of NetApp Active IQ OneCollect contains a security vulnerability. This vulnerability stems from the use of hardcoded...

8.8CVSS5.3AI score0.00237EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.16 views

PT-2026-46068

Name of the Vulnerable Software and Affected Versions Active IQ Config Advisor version 6.7.3 Description Hard-coded credentials exist within the software, which could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations. Recommendations At the moment,...

8.8CVSS5.8AI score0.00237EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/02 6:30 p.m.15 views

EUVD-2026-34005

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS5.9AI score0.01383EPSS
Exploits1References2
Rows per page
Query Builder