Lucene search
K

865 matches found

CVE
CVE
added 2 days ago17 views

CVE-2026-12154

The CVE concerns the WordPress plugin Reviews Widgets for Google, Yelp & TripAdvisor (fb-reviews-widget)

6.4CVSS6AI score0.00193EPSS
Exploits0References5
OSV
OSV
added 6 days ago3 views

GHSA-3VCG-PV95-PQ54 SFTPGo has stored XSS via inline parameter on public shares and user file download

Summary The inline query parameter on the browsable-share file download and on the authenticated user file download suppressed Content-Disposition: attachment, so an HTML file stored in a share or home directory could be served as text/html and execute in SFTPGo's web origin stored XSS. Impact Lo...

3.7CVSS5.8AI score0.00028EPSS
Exploits0References2
OSV
OSV
added 6 days ago4 views

GHSA-H64P-8H4R-6GFH SFTPGo has path confinement bypass in public browsable share partial ZIP download

Summary The public web-client endpoint for partial ZIP downloads of a browsable share did not correctly confine the client-supplied files entries to the shared directory. A requester able to reach a public share could read files located outside the shared directory, as long as the target's...

5.9CVSS5.8AI score0.00057EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-57687 WordPress Custom Field Template plugin <= 2.7.8 - SQL Injection vulnerability

Contributor SQL Injection in Custom Field Template = 2.7.8 versions...

8.5CVSS0.0022EPSS
Exploits0References1
CVE
CVE
added 6 days ago11 views

CVE-2026-57673

Technical details of CVE-2026-57673 are not publicly provided in the supplied documents. Monitor for updates from authoritative sources; the available entries indicate unauthenticated XSS in Optimole

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41284

Unauthenticated Cross Site Scripting XSS in Optimole = 4.2.7 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 11:16 a.m.4 views

UBUNTU-CVE-2026-50750

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...

7.5CVSS5.8AI score0.00707EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 11:16 a.m.3 views

UBUNTU-CVE-2026-54475

Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing...

7.5CVSS5.7AI score0.00589EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/30 9:51 a.m.6 views

EUVD-2026-40280

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...

7.5CVSS5.8AI score0.00707EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 9:51 a.m.15 views

CVE-2026-50750

CVE-2026-50750 describes a pre-authentication Denial of Service in Apache ActiveMQ components where an unauthenticated attacker can flood BrokerInfo messages without a ConnectionInfo, causing an Out of Memory condition and broker crash. Affected ranges include Apache ActiveMQ Broker: 5.19.7 befor...

7.5CVSS5.8AI score0.00707EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2026/06/30 9:49 a.m.14 views

CVE-2026-53916

CVE-2026-53916 describes a memory allocation issue in Apache ActiveMQ families (ActiveMQ, ActiveMQ All, ActiveMQ Stomp) caused by an unauthenticated STOMP NIO client that can emit header bytes that never terminate. This unbounded header buffering can exhaust the JVM heap. Affected versions are be...

7.5CVSS5.9AI score0.00796EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-53842

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions 5.19.7 through 5.19.7 Apache ActiveMQ Broker versions 6.2.6 through 6.2.6 Apache ActiveMQ versions 5.19.7 through 5.19.7 Apache ActiveMQ versions 6.2.6 through 6.2.6 Apache ActiveMQ All versions 5.19.7 through...

7.5CVSS5.9AI score0.00707EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53846

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.8 Apache ActiveMQ versions 6.0.0 through 6.2.6 Description An authorization flaw exists in the handling of temporary destinations. While these destinations are intended to be isolated to the connection th...

7.5CVSS6AI score0.00589EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/29 1:36 p.m.6 views

EUVD-2026-40103

Subscriber Broken Access Control in Wallet System for WooCommerce = 2.7.6 versions...

7.1CVSS5.8AI score0.00256EPSS
Exploits0References1
Rockylinux
Rockylinux
added 2026/06/26 6:0 p.m.4 views

python27:2.7 security update

An update is available for python-backports-sslmatchhostname, python-ipaddress, python-markupsafe, module.python-chardet, module.python-pytest-mock, module.python-docs, python-pysocks, python-docutils, python-nose, module.python-markupsafe, module.python-dns, module.python-setuptoolsscm,...

7.5CVSS6.8AI score0.02453EPSS
Exploits1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-57660

Unauthenticated Broken Access Control in Booking and Rental Manager = 2.7.1 versions...

5.3CVSS0.00176EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.15 views

CVE-2026-57663

CVE-2026-57663 describes a SQL Injection vulnerability in the WordPress plugin Zip Recipes (Recipe Maker For Your Food Blog) versions

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.6 views

EUVD-2026-39703

Unauthenticated Cross Site Scripting XSS in Responsive Lightbox = 2.7.6 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.5 views

EUVD-2026-39367

Unauthenticated Broken Access Control in Five Star Restaurant Reservations = 2.7.19 versions...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/25 8:11 a.m.5 views

WordPress Gravity Bookings plugin <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection vulnerability

Authenticated Subscriber+ Time-Based SQL Injection vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Gravity Forms Bookings premium versions = 2.7.1...

6.5CVSS6AI score0.00241EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder