Lucene search
K

298 matches found

CVE
CVE
added 2 days ago11 views

CVE-2026-34597

CVE-2026-34597 affects Coolify prior to 4.0.0-beta.470. The vulnerability lies in how user-supplied build parameters for the Nixpacks build pack are handled: the install_command provided by a user is directly concatenated into a shell command string executed on the deployment host during the buil...

8.8CVSS6.2AI score0.00526EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-53749

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Server and project lookups are not scoped to the current team, which allows any...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References5
NVD
NVD
added 2026/06/18 5:16 p.m.10 views

CVE-2026-56024

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal WP EasyPay allows Cross Site Request Forgery. This issue affects WP EasyPay: from n/a through 4.4.0...

6.5CVSS0.00124EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 11:17 p.m.10 views

CVE-2026-50268

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Encryption 4.0.0 through 4.1.0, configuring encrypt:rsa:algorithm=OAEP does not enable OAEP encryption. Due to an incorrect BouncyCastle...

1.9CVSS0.00046EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 8:18 p.m.8 views

CVE-2026-39591

The CVE-2026-39591 entry concerns the WordPress WP-BusinessDirectory plugin up to version 4.0.0, where a Subscriber Arbitrary File Upload vulnerability is reported. Connected sources confirm the affected product and vulnerability class but do not provide exploit details or mitigation steps beyond...

9.9CVSS5.2AI score0.00465EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 6:1 p.m.143 views

CVE-2026-12143 form-data does not escape CR/LF/quote in multipart field names and filenames (CRLF injection)

form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header without escaping carriage return CR, line feed LF, or double-quote "...

8.7CVSS5.4AI score0.00409EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.10 views

CVE-2026-41031

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

9.3CVSS5.6AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 9:51 a.m.48 views

CVE-2026-41031 A Stored Cross-Site Scripting (XSS) vulnerability occurs in Vinna Process Monitor

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

9.3CVSS0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 9:51 a.m.17 views

EUVD-2026-35390

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

9.3CVSS5.6AI score0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47731

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

9.3CVSS5.6AI score0.00242EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.11 views

CVE-2025-14774

Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

7.4CVSS5.4AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.8 views

CVE-2026-7509

The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5.7AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.12 views

CVE-2026-43897

Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1...

8.7CVSS5.4AI score0.00432EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.8 views

CVE-2026-35672

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via PO...

8.7CVSS5.5AI score0.00384EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 9:40 a.m.8 views

EUVD-2025-210046

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

8CVSS5.8AI score0.00181EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.11 views

PT-2026-45909

Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

7.4CVSS5.8AI score0.0018EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.6 views

ABB T-MAC Plus 安全漏洞

ABB T-MAC Plus is a shipboard equipment status monitoring and predictive maintenance management system developed by the Swiss company ABB. Version 4.0-24 of ABB T-MAC Plus contains a security vulnerability, which stems from incorrect authorization settings...

7.4CVSS5.2AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 3:16 p.m.10 views

EUVD-2026-33686

Missing Authorization vulnerability in Ben Balter WP Document Revisions allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Document Revisions: from n/a before 4.0.0...

7.5CVSS5.8AI score0.00232EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.7 views

ZeusCart 跨站请求伪造漏洞

ZeusCart is an e-commerce shopping cart system developed by ZeusCart Inc. Version 4.0 of ZeusCart contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, allowing attackers to manipulate user behavior by tricking users into accessing pages...

6.9CVSS5.1AI score0.00156EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44383

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via PO...

8.7CVSS5.8AI score0.00384EPSS
Exploits0References3
Rows per page
Query Builder