Lucene search
+L

86 matches found

Positive Technologies
Positive Technologies
added 4 days ago13 views

PT-2026-60324

Name of the Vulnerable Software and Affected Versions Wekan versions prior to 9.37 Description Authenticated users with write access to their own board can move cards, lists, or swimlanes into a private board they are not members of. This occurs because DDP update allow rules in...

8.5CVSS5.3AI score0.00243EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/10 12:0 a.m.10 views

CVE-2026-44918

OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization...

5.5CVSS5.9AI score0.00426EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/24 6:13 p.m.47 views

CVE-2026-53943

The CVE-2026-53943 entry describes a Ghost CMS vulnerability where, on sites behind a shared caching layer, an unauthenticated user can send an x-ghost-preview header that poisons cached responses, altering rendered frontend output. In affected configurations, this cached, request-specific previe...

9.6CVSS5.9AI score0.00244EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.31 views

CVE-2026-40783 WordPress Blocksy Companion Pro plugin <= 2.1.37 - Remote Code Execution (RCE) vulnerability

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.37 versions...

9.9CVSS0.00541EPSS
Exploits0References1
OSV
OSV
added 2026/06/16 3:1 p.m.9 views

MINI-MCP2-RJ27-37X4

Bulletin has no description...

2.5CVSS5.1AI score0.00231EPSS
Exploits1
CVE
CVE
added 2026/06/16 11:52 a.m.73 views

CVE-2026-12289

CVE-2026-12289 describes a privilege-escalation vulnerability in the Graphics: WebRender component. The public description and connected advisories indicate this affects Mozilla Firefox and Thunderbird products, with fixes shipped in: Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbi...

8.8CVSS5.2AI score0.00395EPSS
Exploits0References30Affected Software2
OSV
OSV
added 2026/06/05 12:17 a.m.9 views

PYSEC-2026-216

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

7.5CVSS5.3AI score0.00433EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/13 8:53 p.m.9 views

EUVD-2026-30166

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...

5.3CVSS5.9AI score0.00178EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.13 views

RHEL 9 : OpenShift Container Platform 4.18.37 (RHSA-2026:6552)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6552 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud...

10CVSS6.8AI score0.00765EPSS
Exploits1References5
NVD
NVD
added 2026/03/13 7:54 p.m.13 views

CVE-2026-32357

Server-Side Request Forgery SSRF vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through = 2.37...

6.4CVSS0.00175EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:54 p.m.4 views

CVE-2026-32330

Cross-Site Request Forgery CSRF vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.37...

4.3CVSS0.00107EPSS
Exploits0References1
OSV
OSV
added 2026/03/04 5:28 a.m.4 views

MINI-FXXV-37MV-HFHC

Bulletin has no description...

4.3CVSS5.9AI score0.00136EPSS
Exploits0
Cvelist
Cvelist
added 2026/02/25 3:37 p.m.25 views

CVE-2026-27730 esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route

esm.sh is a no-build content delivery network CDN for web development. Versions up to and including 137 have an SSRF vulnerability CWE-918 in esm.sh’s /https fetch route. The service tries to block localhost/internal targets, but the validation is based on hostname string checks and can be bypass...

8.6CVSS0.00339EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/18 12:28 p.m.4 views

CVE-2026-1317 WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the filename parameter which is stored in the database during file upload and later used in raw SQL queri...

6.5CVSS6AI score0.00242EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:51 p.m.1 views

CVE-2025-49049

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ZoomIt DZS Video Gallery dzs-videogallery allows SQL Injection.This issue affects DZS Video Gallery: from n/a through = 12.37...

8.8CVSS5.6AI score0.00386EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.7 views

WordPress plugin DZS Video Gallery has a SQL injection vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.5CVSS5.9AI score0.00386EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 7 : qemu-kvm-1.5.3-126.el7 (AXSA:2016-1109:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-1109:04 advisory. qemu-kvm is an open source virtualizer that provides hardware emulation for the KVM hypervisor. qemu-kvm acts as a virtual machine monitor together...

5.5CVSS6.7AI score0.00513EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.8 views

MiracleLinux 3 : gtk2-2.10.4-29.0.1.AXS3 (AXSA:2013-34:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-34:01 advisory. GTK+ is a multi-platform toolkit for creating graphical user interfaces. Offering a complete set of widgets, GTK+ is suitable for projects ranging from small...

5CVSS6.7AI score0.04096EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 8:49 a.m.7 views

CVE-2025-47552

Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37...

9.8CVSS5.2AI score0.0032EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/07 12:38 p.m.47 views

CVE-2025-47552 WordPress DZS Video Gallery plugin <= 12.37 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37...

9.8CVSS0.0032EPSS
Exploits0References1
Rows per page
Query Builder