Lucene search
K

124167 matches found

CVE
CVE
added 1 hour ago3 views

CVE-2026-60109

Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that allows unauthenticated remote attackers to crash the sensor by sending a crafted KRBERROR message with error-code 25 KDCERRPREAUTHREQUIRED containing a PA-DATA element with padata-type 2, 3,...

8.7CVSS
Exploits0References3
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-60108 Zeek < 8.0.9 Uncontrolled Memory Consumption DoS via FTP Analyzer

Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT control line. Attackers can exploit t...

8.7CVSS
Exploits0References3
NVD
NVD
added 1 hour ago4 views

CVE-2026-60095

Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in the ModuleHandShake function of the agentlinkserver service that allows unauthenticated remote attackers to overwrite the saved return address by supplying an oversized listenuuid field that is measure...

6.9CVSS
Exploits0References3
CVE
CVE
added 2 hours ago5 views

CVE-2026-60095

Vinchin Backup & Recovery 9.0.0.86562 is affected by a stack buffer overflow in the agentlink_server’s ModuleHandShake function. The flaw arises from copying an oversized _listen_uuid (measured via strlen) into a fixed-length stack buffer using strcpy(), allowing unauthenticated remote attackers ...

6.9CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-60095 Vinchin Backup & Recovery 9.0.0.86562 Stack Buffer Overflow via ModuleHandShake

Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in the ModuleHandShake function of the agentlinkserver service that allows unauthenticated remote attackers to overwrite the saved return address by supplying an oversized listenuuid field that is measure...

6.9CVSS
Exploits0References3
CVE
CVE
added 2 hours ago6 views

CVE-2026-60094

Vulnerability overview (CVE-2026-60094): Vinchin Backup & Recovery up to 9.0.0.86562 is affected by a heap buffer overflow in the agentlink_server. According to the records, an unauthenticated remote attacker can send a malformed TCP packet with an unchecked body_len field, passing an attacker-co...

6.9CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added 3 hours ago5 views

CVE-2026-9253 WP Cost Estimation & Payment Forms Builder (E&P Forms) <= 10.5.97 - Unauthenticated Stored Cross-Site Scripting via 'customerInfos' Parameter

The WP Cost Estimation & Payment Forms Builder E&P Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customerInfos' parameter in all versions up to, and including, 10.5.97 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS
Exploits0References2
NVD
NVD
added 4 hours ago5 views

CVE-2026-9028

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.7.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers t...

5.3CVSS
Exploits0References8
NVD
NVD
added 4 hours ago4 views

CVE-2026-9021

The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...

5.3CVSS
Exploits0References10
NVD
NVD
added 4 hours ago6 views

CVE-2026-56291

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS
Exploits0References2
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42573

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS6AI score
Exploits0References2
CVE
CVE
added 5 hours ago10 views

CVE-2026-56291

Balbooa Forms (Joomla extension) is affected by CVE-2026-56291 due to an unauthenticated arbitrary file upload that can lead to full RCE. Affected product/version: Balbooa Forms extension for Joomla, versions

10CVSS6AI score
Exploits0References2
Cvelist
Cvelist
added 5 hours ago7 views

CVE-2026-56291 Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS
Exploits0References2
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42567

The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...

5.3CVSS6AI score
Exploits0References10
CVE
CVE
added 5 hours ago8 views

CVE-2026-9021

The CVE concerns the WordPress plugin Easy Invoice (WordPress plugin) with vulnerability in versions up to 2.1.19. The root cause is Missing Authorization via AJAX actions easy_invoice_accept_quote and easy_invoice_decline_quote , registered with wp_ajax_nopriv_ hooks and relying on a quote-scope...

5.3CVSS6AI score
Exploits0References10
Cvelist
Cvelist
added 5 hours ago4 views

CVE-2026-9021 Easy Invoice <= 2.1.19 - Unauthenticated Arbitrary Quote Accept/Decline and Invoice Creation via easy_invoice_accept_quote / easy_invoice_decline_quote AJAX Actions

The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...

5.3CVSS
Exploits0References10
Cvelist
Cvelist
added 5 hours ago5 views

CVE-2026-9028 CorvusPay WooCommerce Payment Gateway <= 2.7.4 - Missing Authorization to Unauthenticated Arbitrary Order Cancellation via 'order_number' Parameter

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.7.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers t...

5.3CVSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 5 hours ago2 views

CVE-2026-9028

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.7.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers t...

5.3CVSS6AI score
Exploits0References9
CVE
CVE
added 5 hours ago6 views

CVE-2026-9027

Summary of the CVE-2026-9027 issue : The CorvusPay WooCommerce Gateway for WordPress (versions up to 2.7.4) is vulnerable to a payment bypass via improper verification of the cryptographic signature. The REST endpoint POST /wp-json/corvuspay/success/ is registered with a permissive permission cal...

5.3CVSS6.2AI score
Exploits0References8
CVE
CVE
added 5 hours ago6 views

CVE-2026-9028

Technical details are not publicly available in the provided documents. Monitor for updates.

5.3CVSS6AI score
Exploits0References8
Rows per page
Query Builder