Lucene search
K

94 matches found

CVE
CVE
added 2026/06/17 5:21 p.m.23 views

CVE-2026-30803

RTI Connext Micro (Core Libraries) is affected by an Integer Underflow (wrap/wraparound) vulnerability that allows overread of buffers. Affected versions are Connext Micro 4.0.0 up to (but not including) 4.3.0. The issue is documented across CVE-2026-30803 entries in NVD and CVE records; no explo...

8.8CVSS5.2AI score0.00276EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36955

Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...

7.1CVSS5.2AI score0.00278EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 4:37 p.m.28 views

CVE-2026-45154

Nextcloud Collectives vulnerability: from version 2.6.0 through before 4.3.0, if a collective page was deleted and the collective was shared view‑only, guests with access could directly retrieve the deleted pages from the trashbin. Root cause: improper access control. A fix is available in versio...

2.6CVSS5.7AI score0.00189EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.11 views

PT-2026-45470

Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...

2.6CVSS5.7AI score0.00189EPSS
Exploits0References4
CVE
CVE
added 2026/05/27 9:49 a.m.21 views

CVE-2026-42735

The CVE concerns the WordPress KiviCare plugin by Iqonic Design (affected: KiviCare kivicare-clinic-management-system, plugin version

8.2CVSS5.8AI score0.00255EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/18 5:35 p.m.15 views

multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception

Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property e.g., proto, constructor, toString, the parser invokes .push on the inherited...

7.5CVSS5.8AI score0.00473EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.17 views

PT-2026-40851

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...

4.3CVSS5.8AI score0.00423EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40268

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2...

9.3CVSS5.8AI score0.00434EPSS
Exploits0References3
NVD
NVD
added 2026/05/07 12:16 p.m.30 views

CVE-2026-41643

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during th...

7.5CVSS0.00503EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.5 views

CVE-2026-3504

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/04 7:16 a.m.7 views

CVE-2026-7736

A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this...

7.5CVSS6.8AI score0.00454EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/04 6:16 a.m.8 views

CVE-2026-7735

A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading...

7.5CVSS7.2AI score0.00361EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 6:16 a.m.8 views

UBUNTU-CVE-2026-7735

A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading...

7.3CVSS7.1AI score0.00361EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/04 5:45 a.m.9 views

CVE-2026-7737

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated...

7.5CVSS5.7AI score0.00631EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/02 1:26 p.m.4 views

CVE-2026-3504 Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 4.3.1 - Unauthenticated Information Disclosure in Store Reviews REST API Endpoint

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/16 6:44 a.m.3 views

CVE-2026-3875 BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocsfeedbackform' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible...

6.4CVSS5.9AI score0.00218EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.5 views

CVE-2026-39521

Server-Side Request Forgery SSRF vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through = 4.3.1...

4.9CVSS5.8AI score0.00145EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.2 views

CVE-2026-39671

Cross-Site Request Forgery CSRF vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through = 4.3.3...

5.9AI score0.00102EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:47 p.m.2 views

CVE-2026-35485

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadgrammar allows reading any file on the server filesystem with no extension restriction. Gradio does not server-side validate dropdown value...

7.5CVSS6AI score0.00677EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/07 2:45 p.m.18 views

CVE-2026-35483 text-generation-webui has a Path Traversal in load_template() — .jinja/.yaml/.yml file read without authentication

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadtemplate allows reading files with .jinja, .jinja2, .yaml, or .yml extensions from anywhere on the server filesystem. For .jinja files the...

5.3CVSS0.00325EPSS
Exploits1References1
Rows per page
Query Builder