Lucene search
K

225 matches found

Cvelist
Cvelist
added yesterday20 views

CVE-2026-58475 Sustainable Irrigation Platform 5.2.16 Stored XSS via Program Name

Sustainable Irrigation Platform SIP through version 5.2.16 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject arbitrary JavaScript by supplying malicious script payloads within program names submitted via HTTP requests. Attackers can exploit the...

6.1CVSS
Exploits2References2
CVE
CVE
added 2 days ago12 views

CVE-2026-11964

Affected software: User Registration & Membership WordPress plugin (prior to 5.2.2). Vulnerability: The plugin does not verify the authenticity of incoming payment-provider webhook notifications, enabling unauthenticated attackers to forge a payment-approved event. Impact: This can activate a pai...

9.1CVSS6.1AI score0.00261EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/08 3:58 p.m.36 views

CVE-2026-59887 linkify-it: Quadratic-complexity DoS via the `mailto:` validator scan-loop on attacker text

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test and .match can be invoked at every mailto: occurrence and scan the remaining input through srcemailname in lib/re.mjs, causing On^2 CPU consumption on crafted user text...

7.5CVSS0.00346EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/07 2:10 p.m.8 views

EUVD-2026-42044

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...

6.3CVSS6AI score0.00291EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/03 5:23 p.m.42 views

CVE-2026-14631 webpack-dev-server vulnerable to denial of service via a malformed Host or Origin header

webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header or a WebSocket upgrade to the default /ws endpoint with a malformed Origin header. The malformed value causes an uncaught...

5.3CVSS0.00308EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 8:23 p.m.6 views

EUVD-2025-210383

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling...

4.3CVSS5.8AI score0.00431EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 8:22 p.m.7 views

EUVD-2025-210382

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

6.4CVSS5.5AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 8:17 p.m.33 views

CVE-2025-36327 Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security...

6.5CVSS0.0036EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.27 views

Linux Distros Unpatched Vulnerability : CVE-2026-9595

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and...

5.3CVSS6AI score0.00163EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-49071

Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...

6.5CVSS0.00305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.10 views

CVE-2025-36335

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user...

6.2CVSS5.4AI score0.00093EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-45267

Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been patched in version 5.2.6...

6.5CVSS5.3AI score0.00291EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/04 2:30 a.m.14 views

SUSE CVE-2026-8404

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

5.9CVSS5.8AI score0.00285EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/06/03 2:16 p.m.5 views

arthexis (>=0.2.6 <=0.8.0), cg-django-uaa (=2.1.9) +49 more potentially affected by CVE-2026-7666 via django (>=5.2.0 <=5.2.14)

django PYPI version =5.2.0, =0.2.6, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-7666 Source advisory: OSV:PYSEC-2026-200...

3.1CVSS5.7AI score0.0015EPSS
Exploits0
EUVD
EUVD
added 2026/06/03 1:16 p.m.14 views

EUVD-2026-34088

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

3.1CVSS5.8AI score0.00285EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/03 1:16 p.m.29 views

CVE-2026-7666

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

3.1CVSS5.7AI score0.0015EPSS
Exploits0
OSV
OSV
added 2026/06/01 4:40 p.m.2 views

CVE-2026-45267 Nextcloud: Missing permission check for from submissions

Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been patched in version 5.2.6...

6.5CVSS5.9AI score0.00291EPSS
Exploits0References5
CVE
CVE
added 2026/05/28 1:12 p.m.24 views

CVE-2026-8980

The CVE-2026-8980 entry concerns the Mennekes Amtron series with firmware versions ≤ 5.22.3. Affected component: firmware handling privilege levels. The vulnerability allows an authenticated low-privileged user to escalate privileges by issuing crafted POST requests to change passwords for admin ...

10CVSS5.8AI score0.00331EPSS
Exploits1References1
CVE
CVE
added 2026/05/16 12:30 p.m.16 views

CVE-2025-4202

CVE-2025-4202 affects the Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress. A missing capability check in the cf_add_comment function across all versions up to 5.2 allows authenticated users with Subscriber-level access or higher to modify data by adding comment...

4.3CVSS5.9AI score0.00237EPSS
Exploits0References3
CVE
CVE
added 2026/05/14 8:35 p.m.42 views

CVE-2026-44673

CVE-2026-44673 affects libyang. The issue is an integer overflow in lyb_read_string() in src/parser_lyb.c, leading to a heap buffer overflow when parsing malicious LYB binary blobs. Affected path includes any libyang consumer that processes LYB data (e.g., NETCONF servers, sysrepo). Impact is cra...

7.5CVSS6AI score0.00428EPSS
Exploits0References7
Rows per page
Query Builder