Lucene search
+L

57 matches found

CVE
CVE
added 2026/07/11 5:35 a.m.17 views

CVE-2026-11901

Affected software: WordPress WP Hotel Booking plugin (versions ≤ 2.3.1). Vulnerability: Insufficient Verification of Data Authenticity in the PayPal IPN handler (web_hook_process_paypal_standard). The IPN validation endpoint can be chosen from attacker-controlled test_ipn, permitting force-upgrad...

5.3CVSS6.1AI score0.00177EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/07/10 6:30 a.m.6 views

WordPress WP Hotel Booking plugin <= 2.3.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by 1M4 in WordPress Plugin WP Hotel Booking versions = 2.3.1...

6.1CVSS5.9AI score0.00254EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.11 views

PT-2026-56578

Name of the Vulnerable Software and Affected Versions AsyncSSH versions prior to 2.23.1 Description AsyncSSH is a Python package providing an asynchronous client and server implementation of the SSHv2 protocol. A malicious SSH server can write arbitrary files on the SCP client's filesystem by...

8.1CVSS6.2AI score0.00317EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:12 p.m.6 views

CVE-2026-54821

Subscriber Sensitive Data Exposure in Visual Link Preview = 2.3.1 versions...

7.4CVSS5.8AI score0.00264EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/08 10:51 p.m.14 views

EUVD-2026-28861

Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting XSS vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary JavaScript in a crafted EPUB file. When a victim opens the book, the script executes in their browser wi...

6.3CVSS5.7AI score0.00136EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 3:38 p.m.11 views

GHSA-XV9C-MJW8-79GF Sidekiq-cron is vulnerable to a cross-site scripting (xss) vulnerability via crafted URL

Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for Sidekiq, is vulnerable to a cross-site scripting xss vulnerability via crafted URL being rended from cron.erb...

6.1CVSS5.6AI score0.00194EPSS
Exploits0References7
OSV
OSV
added 2026/05/06 2:42 p.m.7 views

BIT-JAVA-2020-2659

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols...

4.3CVSS6.8AI score0.04202EPSS
Exploits0References20
ATTACKERKB
ATTACKERKB
added 2026/03/31 10:22 p.m.2 views

CVE-2026-34556

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow HBO in icAnsiToUtf8 in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8std::string&, char const ...

6.2CVSS5.9AI score0.00156EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/31 10:22 p.m.28 views

CVE-2026-34556 iccDEV: HBO in icAnsiToUtf8()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow HBO in icAnsiToUtf8 in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8std::string&, char const ...

6.2CVSS0.00156EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 10:9 p.m.11 views

CVE-2026-34548

iccDEV contains an Undefined Behavior (UB) in the XML conversion tool path (iccToXml) caused by an implicit conversion from a negative signed integer to icUInt32Number, leading to value changes prior to version 2.3.1.6. The issue is patched in version 2.3.1.6.

6.2CVSS5.8AI score0.00159EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 10:8 p.m.1 views

CVE-2026-34547 iccDEV: UB at IccUtil.cpp

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, an Undefined Behavior UB condition in IccUtil.cpp can be triggered by a crafted ICC profile when running iccDumpProfile. This issue has been patched in version 2.3.1.6...

6.2CVSS5.7AI score0.00156EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 10:5 p.m.14 views

CVE-2026-34542

CVE-2026-34542 affects iccDEV before version 2.3.1.6, where a crafted ICC profile can trigger a stack-buffer-overflow in CIccCalculatorFunc::Apply() when processed via iccApplyNamedCmm. Under AddressSanitizer this appears as a 4-byte write stack-buffer-overflow in IccProfLib/IccMpeCalc.cpp:3873, ...

6.2CVSS5.8AI score0.00156EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/31 9:59 p.m.20 views

CVE-2026-34536

ICC Dev iccDEV libraries are affected by a stack overflow in SIccCalcOp::ArgsUsed() when processing a crafted ICC profile under iccApplyProfiles. The issue exists before version 2.3.1.6 and is observed under AddressSanitizer; it has been patched in version 2.3.1.6.

6.2CVSS5.8AI score0.00222EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 9:58 p.m.9 views

CVE-2026-34535

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault SEGV in CIccTagArray::Cleanup. The issue is observable under UBSan/ASan as misaligned member access / misaligned pointer...

6.2CVSS5.8AI score0.00156EPSS
Exploits1References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/16 4:29 a.m.6 views

Security Bulletin: Inefficient Regular Expression Complexity (ReDoS) Vulnerability in nth-check affect IBM watsonx.data

Summary nth-check is vulnerable to Inefficient Regular Expression Complexity. These can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2021-3803 DESCRIPTION: nth-check is vulnerable to Inefficient Regular Expression Complexity CWE:CWE-1333: Inefficient Regular Expression Complexity CVSS...

7.5CVSS5.7AI score0.02165EPSS
Exploits1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/10 6:6 p.m.6 views

CVE-2026-31797 iccDEV has a heap out-of-bounds read in CTiffImg::ReadLine()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CTiffImg::ReadLine when iccApplyProfiles processes a crafted TIFF image, causing memory disclosure or crash. This vulnerability is fixed in 2.3.1.5...

6.1CVSS5.8AI score0.0015EPSS
Exploits0References4
OSV
OSV
added 2026/03/09 5:24 p.m.1 views

GHSA-9H33-G3WW-MQFF Pocket ID: OAuth redirect_uri validation bypass via userinfo/host confusion

Impact A flaw in callback URL validation allowed crafted redirecturi values containing URL userinfo @ to bypass legitimate callback pattern checks. If an attacker can trick a user into opening a malicious authorization link, the authorization code may be redirected to an attacker-controlled host...

7.1CVSS5.8AI score0.00204EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/20 1:26 p.m.4 views

CVE-2026-25311

Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Autoshare for Twitter: from n/a through = 2.3.1...

5.4CVSS5.5AI score0.00209EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 9:16 a.m.5 views

CVE-2026-25311

Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Autoshare for Twitter: from n/a through = 2.3.1...

5.4CVSS0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/16 9:10 p.m.6 views

CVE-2026-23148

A race condition vulnerability was found in the NVMe target nvmet subsystem. In nvmetbiodone, the bio completion callback can re-queue and re-submit a request using the same inlinebio before biouninit is called. When biouninit subsequently sets bio-biblkg to NULL, the re-submitted bio causes a NU...

5.7CVSS5.4AI score0.00271EPSS
Exploits0References4
Rows per page
Query Builder