Lucene search
K

55 matches found

Cvelist
Cvelist
added 2026/06/18 3:27 p.m.16 views

CVE-2026-56024 WordPress WP EasyPay plugin <= 4.5.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal WP EasyPay allows Cross Site Request Forgery. This issue affects WP EasyPay: from n/a through 4.5.0...

6.5CVSS0.00124EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49241

Zephyr's native TCP stack iterates the global connection list in net tcp foreach subsys/net/ip/tcp.c using the SYS SLIST FOR EACH CONTAINER SAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcp lock while invoking the per-connection callback and...

4.8CVSS5.5AI score0.00162EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.16 views

PT-2026-47171

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument dev name results in command injection. It is possible to initiate the attack...

7.5CVSS7.1AI score0.01572EPSS
Exploits1References6
Fedora
Fedora
added 2026/06/05 4:27 a.m.11 views

[SECURITY] Fedora 44 Update: perl-Cpanel-JSON-XS-4.41-1.fc44

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

7.5CVSS5.8AI score0.00375EPSS
Exploits0
CVE
CVE
added 2026/05/08 3:9 p.m.24 views

CVE-2026-44498

CVE-2026-44498 affects ZEBRA (Zcash node written in Rust). Prior to version 4.4.0, Zebra’s block validator undercounted sigops, specifically: (A) Coinbase legacy sigops were not charged, hiding up to ~98 sigops, and (B) P2SH sigops were not accumulated during block validation. This caused blocks ...

9.2CVSS5.7AI score0.00283EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.6 views

zebra 安全漏洞

Zebra is an open-source implementation of Zcash full node written in Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 contained a security vulnerability, which was caused by a combined denial-of-service vulnerability in the block discovery pipeline. This vulnerability could allow...

8.7CVSS5.8AI score0.00351EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/04 5:45 a.m.5 views

CVE-2026-7737 osrg GoBGP BMP Parser bmp.go BMPStatisticsReport.ParseBody out-of-bounds

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated...

6.9CVSS5.7AI score0.00631EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/04 5:30 a.m.7 views

CVE-2026-7736 osrg GoBGP mrt.go parseRibEntry integer underflow

A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this...

7.5CVSS6.9AI score0.00454EPSS
Exploits0References6
CVE
CVE
added 2026/05/04 5:15 a.m.21 views

CVE-2026-7735

The CVE concerns osrg GoBGP (up to 4.3.0) where the PathAttributeAigp.DecodeFromBytes function in pkg/packet/bgp/bgp.go handles the AIGP Attribute Parser. A manipulation can cause a buffer overflow, enabling remote initiation of an attack. This entry specifies that upgrading to version 4.4.0 addr...

7.5CVSS7.3AI score0.00361EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/03/30 5:29 p.m.2 views

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error in the CapSoftwareVersion.DecodeFromBytes function. An attacker can cause a denial of service by remotely manipulating the data argument to trigger an off-by-one error. Remediation Upgrade...

6.3CVSS5.9AI score0.00409EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

N2W 安全漏洞

N2W is a data backup and recovery software developed by N2W Corporation. Versions of N2W prior to 4.4.0 contained security vulnerabilities. These vulnerabilities stemmed from a two-step attack targeting RESTful APIs, which could lead to remote code execution...

9CVSS6.2AI score0.00339EPSS
Exploits0References2
CVE
CVE
added 2026/03/20 3:50 p.m.9 views

CVE-2026-32989

Precurio Intranet Portal 4.4 is affected by a CSRF weakness that can coerce an authenticated user into submitting a crafted request to a profile update endpoint handling file uploads. If attacker-controlled content is stored as an executable server-side file in a web-accessible location, this may...

8.8CVSS6.3AI score0.00214EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-27472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.4.9 allows Blind Server-Side Request Forgery SSRF via syndicated sites in the private area. When editing a syndicated site, the application does n...

5.3CVSS6AI score0.00262EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.7 views

CVE-2023-40035

Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable...

7.2CVSS7.9AI score0.01909EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/01 6:3 p.m.21 views

CVE-2026-21436 eopkg has Path Traversal: '../filedir' vulnerability

eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could escape the directory set by --destdir. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be installed in the path given...

5.8CVSS0.00257EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/01 6:3 p.m.2 views

CVE-2026-21436 eopkg has Path Traversal: '../filedir' vulnerability

eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could escape the directory set by --destdir. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be installed in the path given...

5.8CVSS6.3AI score0.00257EPSS
Exploits0References4
CVE
CVE
added 2025/12/06 9:25 a.m.28 views

CVE-2025-13065

The CVE-2025-13065 vulnerability affects the WordPress Starter Templates plugin (versions up to and including 4.4.41). Root cause: insufficient file-type validation for WXR uploads allows double extensions to bypass sanitization, enabling an authenticated attacker with author-level access or high...

8.8CVSS7.1AI score0.07061EPSS
Exploits0References2
OSV
OSV
added 2025/11/25 10:18 p.m.5 views

JLSEC-2025-311 An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause...

An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file...

6.5CVSS8.7AI score0.00805EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/10/23 10:17 p.m.6 views

CVE-2025-59776 AutomationDirect Productivity Suite Relative Path Traversal

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine...

6.3CVSS0.00465EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-30153

Malicious code in bioql PyPI...

5.5CVSS6.3AI score0.00597EPSS
Exploits1References2
Rows per page
Query Builder