Lucene search
+L

415 matches found

nvd
nvd
added 3 days ago7 views

CVE-2026-57772

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Blind SQL Injection.This issue affects WP Inventory Manager: from n/a through = 2.4.0...

8.5CVSS0.00253EPSS
Exploits0References1
cve
cve
added 3 days ago15 views

CVE-2026-57772

CVE-2026-57772 concerns WP Inventory Manager (WordPress plugin) with an SQL Injection issue in the wp-inventory-manager component. The vulnerability is described as Blind SQL Injection and affects WP Inventory Manager versions up to and including 2.4.0 (and from an unspecified starting version). ...

8.5CVSS6.1AI score0.00253EPSS
Exploits0References1
cve
cve
added 2026/07/08 4:30 a.m.17 views

CVE-2026-14487

The CVE-2026-14487 entry concerns the WordPress plugin Simple Coherent Form (SCF). Affected versions are all up to and including 2.4.13. The root cause is insufficient file path validation in the removeUploadDir function, enabling unauthenticated deletion of arbitrary server files (e.g., wp-confi...

9.1CVSS6.8AI score0.0074EPSS
Exploits0References6
nessus
nessus
added 2026/06/26 12:0 a.m.10 views

SUSE SLES16: dovecot24 / dovecot24-backend-mysql / dovecot24-backend-pgsql / etc (SUSE-SU-2026:22185-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22185-1 advisory. This update for dovecot24 fixes the following issues - CVE-2026-27851: lib-var-expand: safe filter leaks to all following pipeline...

9.1CVSS5.8AI score0.00454EPSS
Exploits0References16
attackerkb
attackerkb
added 2026/06/22 6:0 a.m.5 views

CVE-2026-4110

The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.8AI score0.00152EPSS
Exploits0References1
euvd
euvd
added 2026/06/20 3:21 p.m.9 views

EUVD-2024-55642

Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction API. Because this feature is enabled by default with no allow-list of permitted variables and relie...

9.8CVSS6.5AI score0.00648EPSS
Exploits0References2
cve
cve
added 2026/06/16 12:32 a.m.38 views

CVE-2026-1764

The CVE-2026-1764 to CVE-2026-1767 family affects GNOME localsearch (tracker-miners) MP3 extraction. Root cause: a missing bounds check in extract_performers_tags when parsing MP3 files (ID3v2.x), enabling a heap buffer overflow. Impact: Denial of Service (remote or local depending on context) vi...

5.6CVSS5.6AI score0.00209EPSS
Exploits2References2Affected Software2
cvelist
cvelist
added 2026/06/16 12:32 a.m.41 views

CVE-2026-1764 Localsearch: tracker-miners: gnome localsearch mp3 extractor: heap buffer overflow leads to denial of service or information disclosure when parsing mp3 files

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the extractperformerstags function can lead to a heap buffer overflow. This vulnerability allows a remote attacker...

5.6CVSS0.00209EPSS
Exploits2References2
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.13 views

PT-2026-49271

A heap use-after-free in the gf node get tag function scenegraph/base scenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.3AI score0.00188EPSS
Exploits1References2
osv
osv
added 2026/06/11 10:9 a.m.11 views

RHSA-2026:25090 Red Hat Security Advisory: httpd:2.4 security update

Bulletin has no description...

7.5CVSS5.2AI score0.11471EPSS
Exploits8References9
cvelist
cvelist
added 2026/06/09 12:0 a.m.40 views

CVE-2025-55659

A NULL pointer dereference in the cttsboxwrite function isomedia/boxcodebase.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

0.00345EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/06/09 12:0 a.m.19 views

GPAC MP4Box 代码问题漏洞

GPAC MP4Box is a open-source multimedia packager from GPAC. It is primarily used for processing ISOBMF files such as MP4 and 3GP, but it can also be used for importing/exporting media from container files like AVI, MPG, MKV, and MPEG-2 TS. Version 2.4 of GPAC MP4Box has a code vulnerability cause...

6.5CVSS5.3AI score0.00345EPSS
Exploits1References1
osv
osv
added 2026/06/09 12:0 a.m.2 views

CVE-2025-52292

A stack buffer overflow in the fileinprocess function infile.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

7.5CVSS6.2AI score0.005EPSS
Exploits1References4
euvd
euvd
added 2026/06/08 3:11 p.m.13 views

EUVD-2026-35088

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the modproxyftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

5.4AI score0.00562EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/08 12:0 a.m.23 views

PT-2026-47313

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description A Use After Free issue exists in Apache HTTP Server when using mod ldap in per-directory configuration. Use After Free occurs when an application continues to use a pointer after it...

9.8CVSS5.6AI score0.8377EPSS
Exploits10References135
nvd
nvd
added 2026/06/04 10:16 p.m.12 views

CVE-2026-42547

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS0.00174EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/04 8:57 p.m.32 views

CVE-2026-42540 IRIS has a Mass Assignment issue

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS0.00183EPSS
Exploits0References1
cve
cve
added 2026/06/04 8:57 p.m.21 views

CVE-2026-42540

IRIS web collaborative platform suffers a Mass Assignment vulnerability (CVE-2026-42540). Versions prior to 2.4.28 allow an attacker to alter values in the database through manipulated API requests. A fix is available in version 2.4.28. The CVSS 3.1 score is 4.3 (Medium) with Network attack vecto...

4.3CVSS5.8AI score0.00183EPSS
Exploits0References1
euvd
euvd
added 2026/06/04 8:47 p.m.11 views

EUVD-2026-34325

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...

4.7CVSS5.8AI score0.00174EPSS
Exploits0References1
euvd
euvd
added 2026/06/04 7:31 p.m.9 views

EUVD-2026-34320

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS5.9AI score0.00246EPSS
Exploits0References1
Rows per page
Query Builder