Lucene search
K

6560 matches found

CVE
CVE
added 6 hours ago5 views

CVE-2026-15296

The CVE-2026-15296 entry identifies a Stored Cross-Site Scripting vulnerability in the affiliate-toolkit – WP Affiliate Plugin with Amazon for WordPress, exploitable via the atkp_product shortcode in all versions

6.4CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-42803

The affiliate-toolkit – WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'atkpproduct' shortcode in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

6.4CVSS6.1AI score
Exploits0References3
Nuclei
Nuclei
added 7 hours ago7 views

WP Extended < 3.0.0 - Stored Cross-Site Scripting

The Ultimate WordPress Toolkit - WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

7.1CVSS6.1AI score0.0063EPSS
Exploits0References4
Nuclei
Nuclei
added 7 hours ago74 views

Uncanny Toolkit for LearnDash - Open Redirection

A vulnerability in the WordPress Uncanny Toolkit for LearnDash Plugin allowed malicious actors to redirect users, posing a potential risk of phishing incidents. The issue has been resolved in version 3.6.4.4, and users are urged to update for security. id: CVE-2023-34020 info: name: Uncanny Toolk...

6.1CVSS7.1AI score0.00963EPSS
Exploits0References3
CVE
CVE
added 2 days ago20 views

CVE-2026-55878

The CVE-2026-55878 issue affects Symfony UX Toolkit. Affected: Symfony UX versions 2.32.0–2.36.0 and 3.0.0–3.1.x (pre-2.36.1/3.2.0). The ux:install console command copies files from a recipe kit using paths listed in copy-files; because Path::isRelative() treats paths like ../../../etc as relativ...

7.8CVSS6AI score0.00146EPSS
Exploits0References4
Wolfi
Wolfi
added 2 days ago5 views

CVE-2026-12243 vulnerabilities

Vulnerabilities for packages: py3-nltk...

7.5CVSS7AI score0.0051EPSS
Exploits1
Wolfi
Wolfi
added 2 days ago4 views

GHSA-P4GQ-832X-FM9V vulnerabilities

Vulnerabilities for packages: py3-nltk...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2 days ago5 views

CVE-2026-54293 vulnerabilities

Vulnerabilities for packages: py3-nltk, apache-beam-python-3.12-sdk...

7.5CVSS5.9AI score0.00378EPSS
Exploits1
RedhatCVE
RedhatCVE
added 4 days ago4 views

CVE-2026-12252

A flaw was found in the nltk library. Several Stanford interface classes within nltk are susceptible to arbitrary code execution. This vulnerability allows a local attacker to execute malicious code by providing an untrusted Java Archive JAR file, as the system lacks integrity verification for...

7.8CVSS6.4AI score0.00158EPSS
Exploits1References4
OSV
OSV
added 6 days ago10 views

DEBIAN-CVE-2026-12252

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS7.7AI score0.00158EPSS
Exploits1References1
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-41656

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

10CVSS7.8AI score0.00809EPSS
Exploits4References1
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-12252

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS7.7AI score0.00158EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.6 views

NVIDIA Container Toolkit < 1.19.1 TOCTOU Race Condition (June 2026)

The version of NVIDIA Container Toolkit installed on the remote host is prior to 1.19.1. It is, therefore, affected by a vulnerability as referenced in the June 2026 advisory. - NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use...

8.5CVSS6.1AI score0.00489EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-685 Path Traversal in nemo-toolkit

NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available...

4.4CVSS6AI score0.00298EPSS
Exploits0References5
NVD
NVD
added 2026/07/01 4:16 p.m.12 views

CVE-2026-24260

NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering...

8.5CVSS0.00489EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 2:34 p.m.33 views

CVE-2026-24260

NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering...

8.5CVSS0.00489EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/07/01 12:59 p.m.20 views

AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android

Cybersecurity researchers have flagged a new malware artifact generated using DeepSeek that constructed a novel attack path combining "unrealistic browser-malware concepts with a real browser capability" to turn it into a working ransomware technique that runs entirely inside the browser on both...

8.8CVSS7.2AI score0.99735EPSS
Exploits9
ATTACKERKB
ATTACKERKB
added 2026/07/01 3:43 a.m.6 views

CVE-2026-12902

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References11
EUVD
EUVD
added 2026/07/01 12:34 a.m.4 views

EUVD-2026-40422

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...

9.8CVSS5.8AI score0.00435EPSS
Exploits0References4
NVD
NVD
added 2026/06/30 10:16 p.m.7 views

CVE-2026-50003

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...

9.8CVSS0.00435EPSS
Exploits0References3
Rows per page
Query Builder