Lucene search
K

115 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/06/12 12:0 a.m.13 views

VulnCheck KEV: CVE-2020-6286

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal...

5.3CVSS6.2AI score0.28312EPSS
In wildExploits3References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.14 views

MiracleLinux 8 : kernel-4.18.0-553.124.4.el8_10 (AXSA:2026-707:36)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-707:36 advisory. kernel: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-46300 kernel: ptrace: require CAPSYSPTRACE when task has no ...

7.8CVSS5.3AI score0.03663EPSS
Exploits17References3
OSV
OSV
added 2026/05/18 1:43 p.m.14 views

CLEANSTART-2026-DI23929 Security fixes for CVE-2014-0138, CVE-2014-0139, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9594, CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000257, CVE-2017-2629, CVE-2017-7407, CVE-2017-7468, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-0500, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000300, CVE-2018-1000301, CVE-2018-14618, CVE-2018-16839, CVE-2018-16840, CVE-2018-16842, CVE-2018-16890, CVE-2019-3822, CVE-2019-3823, CVE-2019-5435, CVE-2019-5436, CVE-2019-5481, CVE-2019-5482, CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890, CVE-2021-22898, CVE-2021-22901, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-32221, CVE-2022-35252, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916, CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38039, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218, CVE-2023-46219, CVE-2024-0853, CVE-2024-11053, CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8096, CVE-2024-9681, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-10148, CVE-2025-4947, CVE-2025-5025, CVE-2025-5399, CVE-2025-9086 applied in versions: 7.36.0-r0, 7.50.1-r0, 7.50.2-r0, 7.50.3-r0, 7.51.0-r0, 7.52.1-r0, 7.53.0-r0, 7.53.1-r2, 7.54.0-r0, 7.55.0-r0, 7.56.1-r0, 7.57.0-r0, 7.59.0-r0, 7.60.0-r0, 7.61.0-r0, 7.61.1-r0, 7.62.0-r0, 7.64.0-r0, 7.65.0-r0, 7.66.0-r0, 7.71.0-r0, 7.72.0-r0, 7.74.0-r0, 7.76.0-r0, 7.77.0-r0, 7.78.0-r0, 7.79.0-r0, 7.83.0-r0, 7.83.1-r0, 7.84.0-r0, 7.85.0-r0, 7.86.0-r0, 7.87.0-r0, 7.88.0-r0, 8.0.0-r0, 8.1.0-r0, 8.10.0-r0, 8.11.0-r0, 8.11.1-r0, 8.12.0-r0, 8.14.0-r0, 8.14.1-r0, 8.15.0-r0, 8.3.0-r0, 8.4.0-r0, 8.5.0-r0, 8.6.0-r0, 8.7.1-r0, 8.9.0-r0, 8.9.1-r0

Multiple security vulnerabilities affect the curl package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7.2AI score0.78483EPSS
Exploits80References243
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.11 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017737)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017737 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily...

4.9CVSS6.7AI score0.0278EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/18 12:28 p.m.4 views

CVE-2026-1317 WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the filename parameter which is stored in the database during file upload and later used in raw SQL queri...

6.5CVSS6AI score0.00242EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/01/17 12:47 a.m.9 views

SUSE CVE-2022-21589

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromi...

4.3CVSS4.6AI score0.00911EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/01 4:19 p.m.5 views

EUVD-2026-0012

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.35. This is due to inadequate validation of the resolved URL after following Bitly shortlink redirects in the uploadfunction method...

6.4CVSS5.4AI score0.00237EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/01/01 7:31 a.m.6 views

WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin <= 7.35 - Authenticated (Contributor+) Server-Side Request Forgery via Bitly Shortlink Bypass vulnerability

WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin = 7.35 - Authenticated Contributor+ Server-Side Request Forgery via Bitly Shortlink Bypass vulnerability discovered by WordFence in WordPress Plugin WP Ultimate CSV Importer versions = 7.35...

6.4CVSS6.8AI score0.00237EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/11/12 8:28 a.m.9 views

CVE-2025-12732 WP Import – Ultimate CSV XML Importer for WordPress <= 7.33 - Missing Authorization to Authenticated (Author+) Sensitive Information Exposure

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of sensitive information due to a missing authorization check on the showsetting function in all versions up to, and including, 7.33. This makes it possible for authenticated attacker...

4.3CVSS0.00231EPSS
Exploits0References4
CVE
CVE
added 2025/11/12 8:28 a.m.11 views

CVE-2025-12732

CVE-2025-12732 impacts the WordPress plugin “WP Import – Ultimate CSV XML Importer for WordPress” (versions

4.3CVSS4.7AI score0.00231EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.6 views

PT-2025-46579

Name of the Vulnerable Software and Affected Versions WP Import – Ultimate CSV XML Importer for WordPress plugin versions prior to 7.34 Description The WP Import – Ultimate CSV XML Importer for WordPress plugin contains a flaw that allows unauthorized access to sensitive information. This is due ...

4.3CVSS6.3AI score0.00231EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: mysql (UTSA-2025-986146)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986146 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily...

4.9CVSS6.3AI score0.02308EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: mysql (UTSA-2025-986142)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986142 advisory. Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult...

7.1CVSS6.8AI score0.03028EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2025/06/23 7:0 a.m.4 views

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

...

4.9CVSS7.7AI score0.00605EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/06/23 7:0 a.m.6 views

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

...

6.5CVSS7.7AI score0.00744EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/06/23 7:0 a.m.10 views

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

...

4.9CVSS7.7AI score0.00774EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/06/23 7:0 a.m.5 views

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

...

4.4CVSS7.7AI score0.00661EPSS
Exploits0
CNNVD
CNNVD
added 2025/01/02 12:0 a.m.2 views

WordPress plugin WP Custom Admin Interface 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.7AI score0.00319EPSS
Exploits0References1
OSV
OSV
added 2024/12/29 7:15 a.m.8 views

AZL-54692 CVE-2024-56738 affecting package grub2 2.06-16

GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...

5.3CVSS7.3AI score0.00386EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/21 12:0 a.m.4 views

ILIAS 安全漏洞

ILIAS is an open source learning management system. A security vulnerability exists in ILIAS versions 7.x prior to 7.30 and 8.x prior to 8.11, which stems from a stored cross-site scripting XSS vulnerability that could allow a remote, authenticated attacker to inject arbitrary web script or HTML...

5.4CVSS5.2AI score0.00473EPSS
Exploits1References2
Rows per page
Query Builder