Lucene search
K

6907 matches found

NVD
NVD
added 5 hours ago3 views

CVE-2026-57773

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Zorem Advanced Shipment Tracking for WooCommerce woo-advanced-shipment-tracking allows Blind SQL Injection.This issue affects Advanced Shipment Tracking for WooCommerce: from n/a through = 4.0...

7.6CVSS
Exploits0References1
Cvelist
Cvelist
added 6 hours ago3 views

CVE-2026-57773 WordPress Advanced Shipment Tracking for WooCommerce plugin <= 4.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Zorem Advanced Shipment Tracking for WooCommerce woo-advanced-shipment-tracking allows Blind SQL Injection.This issue affects Advanced Shipment Tracking for WooCommerce: from n/a through = 4.0...

7.6CVSS
Exploits0References1
CVE
CVE
added 6 hours ago10 views

CVE-2026-57773

The CVE-2026-57773 entry covers a SQL Injection vulnerability in the WordPress plugin “WooCommerce Advanced Shipment Tracking” (woo-advanced-shipment-tracking) up to version 4.0. The issue is described as an Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) that l...

7.6CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 10 hours ago44 views

JS Help Desk <= 2.8.1 - SQL Injection

The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘email' and 'trackingid' parameters in all versions up to 2.8.2 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

9.8CVSS7AI score0.02041EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago52 views

Traccar - Unrestricted File Upload

Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this...

8.5CVSS7.3AI score0.54413EPSS
Exploits9References3
CVE
CVE
added yesterday14 views

CVE-2026-10667

Zephyr CVE-2026-10667 affects SMP builds with CONFIG_USERSPACE and dynamic objects (CONFIG_DYNAMIC_OBJECTS). The bug is a use-after-free in the dynamic kernel-object tracker: k_object_wordlist_foreach() iterates obj_list under lists_lock while removals and frees occur under objfree_lock/obj_lock,...

7.8CVSS6.1AI score
Exploits0References2
The Hacker News
The Hacker News
added 3 days ago7 views

Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking

Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the basics people install a VPN for, i.e., keeping their traffic private and secure. The apps flagged with at least one problem have been installed more than 2.4...

6.1AI score
Exploits0
Circl
Circl
added 4 days ago6 views

CVE-2017-5528

creationtimestamp| type| source ---|---|--- 2026-07-09 14:37:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mq7ubig7sp2f...

8.8CVSS6.5AI score0.00565EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-55195

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expan...

8.7CVSS0.00321EPSS
Exploits0References3
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the tracked-time list endpoint. An attacker can access time tracking information without proper authorization by sending crafted requests to this endpoint. Remediation Upgrade...

6.9CVSS6AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00286EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/02 1:24 p.m.6 views

WordPress Advanced Shipment Tracking for WooCommerce plugin <= 4.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Advanced Shipment Tracking for WooCommerce versions = 4.0...

7.6CVSS6AI score
Exploits0Affected Software1
OSV
OSV
added 2026/07/01 1:35 p.m.3 views

SUSE-SU-2026:2722-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs bsc1266290. - CVE-2025-68822: Input: alps - fix use-after-free bugs caused by dev3registerwor...

9.8CVSS6.9AI score0.0053EPSS
Exploits0References133
EUVD
EUVD
added 2026/07/01 1:32 p.m.7 views

EUVD-2026-40983

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrack: destroy stale expectfn expectations on unregister NAT helpers such as nfnath323 store a raw pointer to module text in exp-expectfn e.g. ipnatq931expect. nfcthelperexpectfnunregister only unlinks the callba...

5.9AI score0.00161EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/01 12:20 a.m.9 views

kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...

9.1CVSS5.7AI score0.00514EPSS
Exploits0References5
NVD
NVD
added 2026/06/30 6:16 a.m.12 views

CVE-2026-8944

The Plugin for Google Analytics by IO technologies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the Google Analytics settings page ga.php. This makes it possible for unauthenticated...

4.3CVSS0.00102EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53812

Name of the Vulnerable Software and Affected Versions Plugin for Google Analytics by IO technologies versions prior to 1.2 Description Cross-Site Request Forgery occurs on the Google Analytics settings page 'ga.php' due to missing or incorrect nonce validation. A nonce is a unique token used to...

4.3CVSS5.8AI score0.00102EPSS
Exploits0References9
NVD
NVD
added 2026/06/29 8:17 p.m.6 views

CVE-2026-43700

A cross-origin issue was addressed with improved tracking of security origins. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information...

6.5CVSS0.0015EPSS
Exploits1References3
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-258 Aim path traversal in LockManager.release_locks

A vulnerability in the LockManager.releaselocks function in aimhubio/aim commit bb76afe allows for arbitrary file deletion through relative path traversal. The runhash parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. Thi...

9.1CVSS7.5AI score0.00849EPSS
Exploits1References6
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:12 a.m.6 views

netfilter: nft_exthdr: fix register tracking for F_PRESENT flag

...

7CVSS5.8AI score0.00128EPSS
Exploits0
Rows per page
Query Builder