Lucene search
+L

1051 matches found

CVE
CVE
added 5 hours ago8 views

CVE-2026-58148

The CVE-2026-58148 entry concerns the Joomla ChronoForms extension, with an unauthenticated stored XSS vulnerability affecting ChronoForms prior to version 8.0.53. The issue is confirmed in the CVE listing, which identifies the vulnerable component as ChronoForms for Joomla and describes an unaut...

8.7CVSS5.2AI score
Exploits0References1
Cvelist
Cvelist
added 15 hours ago11 views

CVE-2026-13402 Royal Elementor Addons < 1.7.1063 - Unauthenticated Private Mega Menu Template Disclosure

The Royal Addons for Elementor WordPress plugin before 1.7.1063 does not check the post status of menu items or the templates they reference in one of its REST endpoints, allowing unauthenticated users to retrieve the rendered HTML content of private or draft Elementor templates linked from...

Exploits0References1
Nuclei
Nuclei
added 16 hours ago20 views

Formidable Forms < 2.05.02 - Cross-Site Scripting

Formidable Form Builder for WordPress versions before 2.05.03 contains a stored cross-site scripting caused by insufficient input sanitization and output escaping in form parameters like 'afterhtml', letting unauthenticated attackers inject and execute arbitrary scripts in victims' browsers id:...

8.3CVSS5.2AI score0.00999EPSS
Exploits2References3
CVE
CVE
added yesterday9 views

CVE-2026-63088

In StoatChat, CVE-2026-63088 affects stoatchat before 0.14.0 with an SSRF flaw. The vulnerability stems from incomplete address validation in url_is_blacklisted, which only inspects the first resolved address while the HTTP client iterates all cached addresses, enabling unauthenticated, network-a...

8.6CVSS6.1AI score
Exploits0References4
Cvelist
Cvelist
added yesterday36 views

CVE-2026-12395 WP Job Portal < 2.5.5 - Subscriber+ SQL Injection via Applied Resumes 'ta' Parameter

The WP Job Portal WordPress plugin before 2.5.5 does not properly sanitize and escape a parameter before using it in a SQL query, allowing authenticated users with a subscriber-level self-registerable account to perform SQL injection attacks...

0.00177EPSS
Exploits0References1
NVD
NVD
added 2 days ago8 views

CVE-2026-33684

WWBN AVideo is an open source video platform. Prior to version 29.0, Privilege Escalation is possible through unguarded permission parameters in signUp API, which allows any user who can solve a CAPTCHA to self-grant elevated permissions during account registration. The setapisignUp method in the...

5.3CVSS0.00329EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 6:0 a.m.16 views

CVE-2026-10830

Affected software: AllCoach WordPress plugin

8.8CVSS6AI score0.00257EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-14076

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTM...

4.3CVSS6.2AI score0.00182EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-13895

Inappropriate implementation in Autofill in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS0.00212EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:37 p.m.20 views

CVE-2026-13821

CVE-2026-13821 concerns a Use-After-Free in the Canvas component of Google Chrome before 150.0.7871.47, enabling a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Affected: Google Chrome (Canvas). Root cause: use-after-free in Canvas handling as described in mu...

8.8CVSS6.2AI score0.00351EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/29 4:49 a.m.14 views

perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access

A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to...

9.1CVSS5.9AI score0.0043EPSS
Exploits0References7
NVD
NVD
added 2026/06/26 11:16 a.m.11 views

CVE-2026-57473

A vulnerability exists in the netclient and factory services of Reolink Home Hub versions prior to v3.3.0.45626031911 due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated...

5.8CVSS0.00145EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:17 a.m.7 views

CVE-2026-57876

An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a...

7.5CVSS5.8AI score0.00313EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/26 12:32 a.m.12 views

EUVD-2026-39584

Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: High...

6.8CVSS5.9AI score0.00115EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 2:16 p.m.7 views

CVE-2026-46734

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

7.8CVSS0.00064EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.8 views

Google Chrome < 149.0.7827.200 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 149.0.7827.200. It is, therefore, affected by multiple vulnerabilities as referenced in the 202606stable-channel-update-for-desktop01245939337 advisory. - Use after free in AdFilter in Google Chrome on Android prior to...

8.3CVSS6.4AI score0.00229EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56272

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...

5.6CVSS5.8AI score0.00073EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 6:0 a.m.12 views

CVE-2026-9709

The CVE-2026-9709 entry describes a vulnerability in the Premium Cornerstone page builder bundled with the X Theme (WordPress plugin) prior to version 7.8.9. The root cause is missing capability checks on one REST API route, allowing any authenticated user to disclose metadata of other users, inc...

7.7CVSS5.8AI score0.00219EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/23 11:48 a.m.13 views

Astra Linux – Vulnerability in Chromium

Using “after free” in WebRTC in Google Chrome before version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00281EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/18 4:21 p.m.23 views

CVE-2026-55237 AutoGPT SignUp Page has DOM-Based XSS and Open Redirect

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions prior to 0.6.62 have a DOM-based Cross-Site Scripting XSS vulnerability in AutoGPT's signup page. The application improperly trusts a URL parameter next, which is...

8.8CVSS0.00189EPSS
Exploits0References1
Rows per page
Query Builder