Lucene search
K

199 matches found

EUVD
EUVD
added 4 days ago8 views

EUVD-2026-43164

The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS6.2AI score0.00676EPSS
Exploits0References6
NVD
NVD
added last week11 views

CVE-2026-59892

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS0.00436EPSS
Exploits0References3
OSV
OSV
added last week3 views

CVE-2026-59892 OpenTelemetry JavaScript: Denial of service in `JaegerPropagator` via unhandled exception on a malformed header

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS6.1AI score0.00436EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/07/02 1:35 p.m.7 views

WordPress Brook theme <= 2.9.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Brook versions = 2.9.0...

7.5CVSS5.9AI score0.00496EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/02 12:17 p.m.5 views

CVE-2026-57353

Subscriber Broken Access Control in Link Whisper Premium = 2.9.0 versions...

6.5CVSS0.00299EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.33 views

CVE-2026-57353 WordPress Link Whisper Premium plugin <= 2.9.0 - Broken Access Control vulnerability

Subscriber Broken Access Control in Link Whisper Premium = 2.9.0 versions...

6.5CVSS0.00299EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 3:16 p.m.9 views

CVE-2026-57341

Unauthenticated Insecure Direct Object References IDOR in Colissimo Officiel : Méthodes de livraison pour WooCommerce = 2.9.0 versions...

6.5CVSS0.00258EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 3:45 p.m.4 views

CVE-2026-47214 Docling: Unsafe URI and Path Handling in HTML Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...

7.1CVSS5.9AI score0.00217EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-39595

Author Broken Access Control in W3 Total Cache = 2.9.1 versions...

4.7CVSS0.0021EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.33 views

CVE-2026-49778 WordPress WPFunnels Pro plugin <= 2.9.4 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in WPFunnels Pro = 2.9.4 versions...

7.1CVSS0.00186EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:19 p.m.22 views

CVE-2026-49766

CVE-2026-49766 affects the WordPress plugin WP User Manager (versions ≤ 2.9.16). The vulnerability is described as an Arbitrary File Deletion issue reported for subscribers. The available metrics indicate a CRITICAL impact (CVSS 3.1: 9.9; NETWORK attack vector; LOW privileges required; no user in...

9.9CVSS5.2AI score0.00506EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.21 views

PT-2026-48371

Name of the Vulnerable Software and Affected Versions QuMagie versions prior to 2.9.0 Description A missing authorization issue allows remote attackers to access unauthorized data or perform unauthorized actions. Recommendations Update to version 2.9.0 or later...

8.7CVSS5.3AI score0.00322EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.14 views

CVE-2026-5831

A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminalexecute. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. Upgrading ...

6.5CVSS6.1AI score0.0111EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.11 views

CVE-2026-45413

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...

6.9CVSS5.5AI score0.00083EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.25 views

PT-2026-47074

Name of the Vulnerable Software and Affected Versions WP User Manager – User Profile Builder & Membership versions prior to 2.9.18 Description The plugin is susceptible to Local File Inclusion, a condition where an application includes files on a local server unexpectedly. This occurs through the...

7.5CVSS6AI score0.02403EPSS
Exploits1References19
OSV
OSV
added 2026/06/04 3:23 p.m.9 views

GHSA-RXV8-25V2-QMQ8 React Router vulnerable to Denial of Service via reflected user input in single-fetch

A DoS vulnerability exists in the React Router v7 Framework Mode, as well as Remix v2.9.0+ with Single Fetch enabled. In some scenarios the underlying serialization algorithm can become a bottleneck when encoding specific types of data into server responses. Please upgrade to React Router v7.14.0...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/03 6:2 p.m.20 views

Arbitrary Command Injection

Overview launch-editor is a launch editor from node.js Affected versions of this package are vulnerable to Arbitrary Command Injection due to improper sanitization of the file argument on Windows systems. An attacker can execute arbitrary commands by supplying a specially crafted filename as the...

8.8CVSS5.9AI score0.00521EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 8:12 p.m.37 views

CVE-2026-45413 MaxKB: Unsalted MD5 Password Hashing

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...

6.9CVSS0.00083EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in libxml2

The parser.c file in libxml2 before version 2.9.5 does not prevent infinite recursion in parameter entities...

7.5CVSS6.8AI score0.05928EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in ModSecurity-Apache

ModSecurity is an open-source, cross-platform Web Application Firewall WAF engine for Apache, IIS, and Nginx. Versions prior to 2.9.10 contain a denial-of-service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg – it’s the same action, just a alias...

7.5CVSS7.7AI score0.00797EPSS
Exploits1References2
Rows per page
Query Builder