Lucene search
K

166 matches found

Patchstack
Patchstack
added 2026/06/30 1:25 p.m.6 views

WordPress Kids Zone - Children WordPress Theme theme <= 6.9 - Cross Site Scripting (XSS) vulnerability

WordPress Kids Zone - Children WordPress Theme theme = 6.9 - Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Kids Zone - Children WordPress Theme versions = 6.9...

7.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 8:23 p.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM Watsonx BI Assistant for CP4D

Summary Multiple vulnerabilities were addressed in IBM Watsonx BI Assistant for CP4D version 5.4.0 Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerab...

8.7CVSS7.3AI score0.00663EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:17 p.m.3 views

Security Bulletin: Vulnerability in flatted affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in flatted has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

7.5CVSS7.1AI score0.00777EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 7:51 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to privilege escalation in Sudo [CVE-2026-35535]

Summary IBM Watson Speech Services Cartridge is vulnerable to privilege escalation in Sudo, due to a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, which is not recognised as a fatal error and can lead to privilege escalation. CVE-2026-35535. Su...

7.8CVSS5.1AI score0.00173EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/06 1:26 a.m.10 views

CVE-2026-8438 All-In-One Security (AIOS) <= 5.4.7 - Unauthenticated Stored Cross-Site Scripting via REST API Request Path

The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanitization in the getrestroute function and missing output escaping in the columndefault method of the...

7.2CVSS5.8AI score0.00338EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.12 views

CVE-2026-39655

Missing Authorization vulnerability in TeconceTheme Mayosis Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mayosis Core: from n/a through 5.4.7...

5.3CVSS5.4AI score0.00231EPSS
Exploits0References1
Mageia
Mageia
added 2026/06/02 5:23 a.m.18 views

Updated assimp packages fix security vulnerabilities

CVE-2025-2750,- A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation leads to...

9.8CVSS5.9AI score0.00618EPSS
Exploits6References3
Patchstack
Patchstack
added 2026/06/01 8:45 a.m.12 views

WordPress Slimstat Analytics plugin < 5.4.0 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by mcdruid in WordPress Plugin Slimstat Analytics versions 5.4.0...

6.5CVSS5.8AI score0.00252EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 6:45 a.m.11 views

CVE-2026-7634

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

7.2CVSS6AI score0.00436EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.24 views

PT-2026-44203

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

7.2CVSS6AI score0.00436EPSS
Exploits0References15
EUVD
EUVD
added 2026/05/27 9:49 a.m.11 views

EUVD-2026-32177

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 2:12 p.m.13 views

CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

5.4CVSS5.8AI score0.00159EPSS
Exploits1References1
NVD
NVD
added 2026/05/26 8:16 a.m.12 views

CVE-2026-39655

Missing Authorization vulnerability in TeconceTheme Mayosis Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mayosis Core: from n/a through 5.4.7...

5.3CVSS0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.19 views

PT-2026-43195

Name of the Vulnerable Software and Affected Versions Mayosis Core versions prior to 5.4.7 Description Missing Authorization in TeconceTheme Mayosis Core allows for the exploitation of incorrectly configured access control security levels. Recommendations Update to a version later than 5.4.7...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.20 views

PT-2026-47113

Lua 5.4.0 fixed in 5.4.1 has a segmentation fault in changedline in ldebug.c e.g., when called by luaG traceexec because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function...

5.5AI score
Exploits0References4
OSV
OSV
added 2026/05/18 1:28 p.m.7 views

CLEANSTART-2026-UO66475 Security fixes for CVE-2026-42304, CVE-2026-44307, ghsa-2h4p-vjrc-8xpq, ghsa-grgv-6hw6-v9g4 applied in versions: 5.4.6-r0

Multiple security vulnerabilities affect the py3-jupyterhub package. These issues are resolved in later releases. See references for individual vulnerability details...

8.7CVSS5.8AI score0.00609EPSS
Exploits2References7
Vulnrichment
Vulnrichment
added 2026/05/09 3:39 a.m.10 views

CVE-2026-42174 Kirby: User avatar creation, replacement and deletion are not gated by user update permissions

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

5.3CVSS5.7AI score0.00237EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/09 3:39 a.m.8 views

EUVD-2026-28890

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

5.3CVSS5.7AI score0.00237EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/05 6:10 p.m.16 views

Cross-site Request Forgery (CSRF)

Overview jupyterhub is a JupyterHub: A multi-user server for Jupyter notebooks Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the handling of HTTP form endpoints when requests with the Sec-Fetch-Mode: no-cors header are incorrectly treated as same-origin,...

9.6CVSS5.7AI score0.00159EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/05 12:28 p.m.9 views

CVE-2026-28510

eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...

5.9CVSS5.8AI score0.00254EPSS
Exploits0References3
Rows per page
Query Builder