Lucene search
K

360 matches found

Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-52476

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0670 Description The get text props function in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textprop T entries that follow. Because the count ...

6.1CVSS5.8AI score0.00113EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/23 4:14 p.m.6 views

EUVD-2026-38500

A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user could add an unexpected component parameter and inject malicious PHP code into the compiledlimitations field, which would then be executed during banner delivery...

8.8CVSS6.6AI score0.0045EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel up to version 6.7.1, there is a use-after-free in cecqueuemsgfh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c...

5.5CVSS6.6AI score0.00254EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.26 views

CVE-2026-22335 WordPress WooCommerce Frontend Manager – Ultimate plugin < 6.7.7 - SQL Injection vulnerability

Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...

8.5CVSS0.00347EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.10 views

CVE-2026-49078

Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...

7.5CVSS0.00252EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.7 views

CVE-2026-40785

Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...

7.1CVSS0.00385EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:19 p.m.6 views

CVE-2026-49770 WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.7 views

EUVD-2026-36877

Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...

7.5CVSS5.2AI score0.00252EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49444

Unauthenticated Cross Site Scripting XSS in AutomatorWP = 5.6.7 versions...

7.2CVSS5.1AI score0.00195EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 6:21 p.m.26 views

CVE-2026-47248 Parse Server: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2, Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL...

6.9CVSS0.00291EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 10:17 p.m.9 views

CVE-2026-48011

Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.18 and 6.7.10.1 fix the issue...

3.7CVSS0.00223EPSS
Exploits0References3
CVE
CVE
added 2026/06/08 3:7 p.m.296 views

CVE-2026-29167

CVE-2026-29167 is a Use After Free vulnerability in Apache HTTP Server when using mod_ldap in per-directory configuration. The issue affects Apache HTTP Server versions 2.4.0 through 2.4.67. The CVSS base score is 9.8 (Network, N), with high impact on confidentiality, integrity, and availability....

9.8CVSS5.4AI score0.00663EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-45055

CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6.6.x – 6.7.1 builds CCSTOREURL directly from the Host request header at bootstrap, with no allowlist. The constant is embedded verbatim into transactional email links, most critically the password-reset link in...

8.1CVSS5.5AI score0.00147EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/04 1:26 p.m.9 views

WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin WP Travel Engine versions = 6.7.12...

9.8CVSS5.5AI score0.00383EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.10 views

PT-2026-46068

Name of the Vulnerable Software and Affected Versions Active IQ Config Advisor version 6.7.3 Description Hard-coded credentials exist within the software, which could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations. Recommendations At the moment,...

5.3CVSS5.8AI score0.00226EPSS
Exploits0References3
OSV
OSV
added 2026/05/29 3:59 p.m.7 views

GHSA-PJWM-PJ3P-43MV axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)

Summary shouldBypassProxy, introduced in v1.15.0 to fix CVE-2025-62718, does not normalise IPv4-mapped IPv6 addresses. When NOPROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form ::ffff:7f00:1, ::ffff:a9fe:a9fe still routes through the...

8.6CVSS6.6AI score0.01186EPSS
Exploits2References3
Patchstack
Patchstack
added 2026/05/27 5:18 p.m.12 views

WordPress Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin <= 3.6.7 - Cross-Site Request Forgery to Payment Account Hijacking vulnerability

Cross-Site Request Forgery to Payment Account Hijacking vulnerability discovered by type5afe in WordPress Plugin Easy Digital Downloads versions = 3.6.7...

4.3CVSS5.8AI score0.00135EPSS
Exploits0References1Affected Software1
Amazon
Amazon
added 2026/05/26 12:0 a.m.12 views

Important: httpd

Issue Overview: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue. CVE-2026-24072 Heap-based Buffer...

9.8CVSS5.8AI score0.01325EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.14 views

MiracleLinux 8 : kernel-4.18.0-553.124.4.el8_10 (AXSA:2026-707:36)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-707:36 advisory. kernel: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-46300 kernel: ptrace: require CAPSYSPTRACE when task has no ...

7.8CVSS5.3AI score0.03663EPSS
Exploits17References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In btrfsgetrootref in fs/btrfs/disk-io.c within the Linux kernel, up to version 6.7.1, there may be an assertion failure and a crash occurring because a subvolume can be read out too early after its root item is inserted during subvolume creation...

5.5CVSS6.3AI score0.00305EPSS
Exploits0References2
Rows per page
Query Builder