Lucene search
K

858 matches found

NVD
NVD
added yesterday5 views

CVE-2026-61971

Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through = 2.6.3...

2.7CVSS0.00314EPSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-61971

The CVE covers the WordPress plugin Metronet Profile Picture (Cozmoslabs User Profile Picture) insecure direct object references affecting versions

2.7CVSS6.1AI score0.00314EPSS
Exploits0References1
OSV
OSV
added 4 days ago1 views

CVE-2026-57218 RabbitMQ: AMQP 0-9-1 in combination with OAuth 2: consumer persistence can lead to post-revocation message disclosure

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry or connection.updatesecret refresh to reduced scopes because existing consumers are not canceled or reauthorized at delivery time after...

4.9CVSS6.1AI score0.00269EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-57305

Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 4.2.6 Description The RabbitMQ stream listener fails to enforce the configured stream frame-size limit when assembling frames during authentication and before Tune negotiation. This allows an unauthenticated remote...

7.5CVSS6.1AI score0.00429EPSS
Exploits1References8
Patchstack
Patchstack
added 6 days ago6 views

WordPress Booking and Rental Manager plugin <= 2.6.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by hhhai in WordPress Plugin Booking and Rental Manager versions = 2.6.9...

6.5CVSS6.1AI score0.00332EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/07/06 2:32 p.m.4 views

EUVD-2026-41880

OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...

5.9CVSS6AI score0.00487EPSS
Exploits0References1
CVE
CVE
added 2026/07/03 5:23 p.m.25 views

CVE-2026-14631

Vulnerability overview: CVE-2026-14631 affects webpack-dev-server up to version 5.2.5. An unauthenticated peer sending a normal HTTP request with a malformed Host header or a WebSocket upgrade to /ws with a malformed Origin header triggers an uncaught exception in the host-validation path, crashi...

5.3CVSS6AI score0.00308EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/03 5:23 p.m.42 views

CVE-2026-14631 webpack-dev-server vulnerable to denial of service via a malformed Host or Origin header

webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header or a WebSocket upgrade to the default /ws endpoint with a malformed Origin header. The malformed value causes an uncaught...

5.3CVSS0.00308EPSS
Exploits0References2
OSV
OSV
added 2026/07/03 5:0 p.m.4 views

CVE-2026-14620 webpack-dev-server vulnerable to cross-site request forgery via internal developer endpoints

webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any websi...

4.7CVSS6.1AI score0.00116EPSS
Exploits0References4
NVD
NVD
added 2026/07/02 12:17 p.m.6 views

CVE-2026-57671

Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.4 versions...

7.1CVSS0.00191EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/02 7:10 a.m.7 views

WordPress Perfmatters plugin <= 2.6.4 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin perfmatters versions = 2.6.4...

7.5CVSS5.8AI score0.0082EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 6:16 p.m.65 views

CVE-2026-55628

ImageMagick (CVE-2026-55628) is affected by a policy bypass in the -concatenate operation present in versions prior to 7.1.2-26he, due to missing security policy checks. This could allow reading and writing to paths disallowed by policy. The issue has been fixed in version 7.1.2-26he. Remediation...

5.5CVSS5.7AI score0.00098EPSS
Exploits0References1
NVD
NVD
added 2026/06/28 12:17 p.m.9 views

CVE-2026-13489

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcpserver.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack's...

3.1CVSS0.00228EPSS
Exploits0References7
CVE
CVE
added 2026/06/28 10:45 a.m.15 views

CVE-2026-13489

The CVE-2026-13489 entry describes a vulnerability in 78 xiaozhi-esp32

3.1CVSS5.1AI score0.00228EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.13 views

PT-2026-53102

Name of the Vulnerable Software and Affected Versions xiaozhi-esp32 versions prior to 2.2.7 Description A weakness in the MCP Response Handler component allows for improper synchronization. This issue occurs within the ParseMessage function located in the main/mcp server.cc file. Remote...

3.1CVSS5.7AI score0.00228EPSS
Exploits0References12
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56047

Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.3 versions...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 5:29 p.m.16 views

CVE-2026-57700

Summary of CVE-2026-57700 (WordPress OMGF Pro plugin

10CVSS5.8AI score0.00373EPSS
In wildExploits0References1
Cvelist
Cvelist
added 2026/06/25 5:29 p.m.19 views

CVE-2026-57700 WordPress OMGF Pro plugin <= 5.2.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through 5.2.6...

10CVSS0.00373EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 3:23 p.m.16 views

CVE-2026-48942

Affected software: K2 extension for Joomla (getk2.com), version constraint listed as K2 ≤ 2.26. Vulnerability: two templates render the database column __#k2_users.image directly into HTML src attributes without HTML escaping, revealing a stored-XSS risk. Root cause: lack of escaping when injecti...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/25 2:16 p.m.5 views

CVE-2026-54838

Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...

8.5CVSS0.0027EPSS
Exploits0References1
Rows per page
Query Builder