Lucene search
K

54 matches found

EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40000

A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Maven Plugin. This manipulation causes time-of-check time-of-use. The attack is...

4.5CVSS5.2AI score0.00091EPSS
Exploits0References5
Debian CVE
Debian CVE
added 4 days ago6 views

CVE-2026-13501

A security vulnerability has been detected in antlr ANTLR4 up to 4.13.2. Affected by this vulnerability is the function GoTarget of the file tool/src/org/antlr/v4/codegen/target/GoTarget.java of the component gofmt. The manipulation leads to command injection. The attack can only be performed fro...

5.3CVSS5.6AI score0.00678EPSS
Exploits0
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-57645 WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability

newsletterssubscribers Broken Access Control in Newsletters = 4.13 versions...

8.1CVSS0.00189EPSS
Exploits0References1
EUVD
EUVD
added last week6 views

EUVD-2026-39183

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response...

8.7CVSS5.8AI score0.00274EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 12:0 a.m.2 views

UBUNTU-CVE-2026-12245

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response...

8.7CVSS5.8AI score0.00274EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/18 1:14 p.m.4 views

WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by HieuPenguinnn in WordPress Plugin Newsletters versions = 4.13...

7.3CVSS5.8AI score0.00213EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/10 8:52 a.m.9 views

WordPress Newsletters plugin <= 4.13 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by wesley wcraft in WordPress Plugin Newsletters versions = 4.13...

7.5CVSS5.7AI score0.01382EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/10 8:28 a.m.52 views

CVE-2026-3018 Newsletters <= 4.13 - Unauthenticated SQL Injection via wpmlsubscriber_id Parameter

The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriberid’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS0.01382EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48398

Name of the Vulnerable Software and Affected Versions Newsletters plugin for WordPress versions prior to 4.14 Description The plugin is susceptible to time-based SQL Injection, a technique where an attacker sends queries that force the database to wait a specific amount of time before responding,...

7.5CVSS5.6AI score0.01382EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/26 11:33 a.m.13 views

Important: Red Hat Security Advisory: OpenShift Virtualization v4.13 Images

Red Hat OpenShift Virtualization release v4.13 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

9.9CVSS5.8AI score0.00596EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 1:14 p.m.10 views

Information Exposure

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

6.9CVSS5.8AI score0.00109EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/21 9:42 p.m.14 views

Off-by-one Error

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

6.9CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/21 8:7 a.m.6 views

CLEANSTART-2026-PX23055 Security fixes for CVE-2026-33811, CVE-2026-33814, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499 applied in versions: 4.13.1-r0

Multiple security vulnerabilities affect the metacontroller package. These issues are resolved in later releases. See references for individual vulnerability details...

7.5CVSS5.8AI score0.00813EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.9 views

RHCOS 4 : OpenShift Container Platform 4.13.40 (RHSA-2024:1763)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1763 advisory. - golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 Note that Nessus has not tested for this iss...

7.5CVSS7.2AI score0.01533EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/04/12 11:15 p.m.3 views

WordPress YITH WooCommerce Wishlist plugin < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR vulnerability

Unauthenticated Arbitrary Wishlist Renaming via IDOR vulnerability discovered by Chiao-Lin Yu Steven Meow in WordPress Plugin YITH WooCommerce Wishlist versions 4.13.0...

6.5CVSS5.8AI score0.00226EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/10 6:0 a.m.1 views

CVE-2026-4432

The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the savetitle AJAX handler before allowing wishlist renaming operations. The function only checks for a valid nonce, which is publicly exposed in the page source of the /wishlist/ page,...

5.9AI score0.00226EPSS
Exploits0References1
NVD
NVD
added 2026/04/03 8:16 p.m.5 views

CVE-2026-25726

Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...

9.8CVSS0.00376EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/03 8:6 p.m.25 views

CVE-2026-25726 Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)

Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...

8.1CVSS0.00376EPSS
Exploits0References2
CVE
CVE
added 2026/01/27 3:23 p.m.9 views

CVE-2020-36940

CVE-2020-36940 affects Easy CD & DVD Cover Creator 4.13. A buffer overflow in the serial-number input field can crash the application when a ~6000-byte payload is pasted. The issue has PoC/exploit references in public material; no remediation is provided in the supplied documents. The CVSS data i...

9.8CVSS6.1AI score0.00245EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.6 views

Easy CD & DVD Cover Creator has a security vulnerability

Easy CD & DVD Cover Creator is a CD/DVD cover creation software developed by Ben Williamson. Version 4.13 of Easy CD & DVD Cover Creator has a security vulnerability; this vulnerability stems from a buffer overflow in the serial number input field, which may cause the application to crash...

9.8CVSS6AI score0.00245EPSS
Exploits0References2
Rows per page
Query Builder