Lucene search
K

32 matches found

OSV
OSV
added 2026/06/25 7:16 p.m.4 views

UBUNTU-CVE-2026-56766

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS6.6AI score0.01325EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 6:1 p.m.5 views

CVE-2026-56766

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS6.8AI score0.01325EPSS
Exploits2References3
EUVD
EUVD
added 2026/06/12 6:51 p.m.9 views

EUVD-2026-36546

Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery SSRF vulnerability in the radio station creation endpoint POST /api/radio/stations. The url field validation rules are declared without the bail keyword, so the...

6.3CVSS5.5AI score0.0016EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 3:52 p.m.63 views

CVE-2026-44504 Aegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR)

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...

8.6CVSS0.00285EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/01 12:7 a.m.5 views

EUVD-2026-17504

Parse Server has a LiveQuery protected-field guard bypass via array-like logical operator value...

5.3CVSS5.9AI score0.00251EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/31 3:6 p.m.6 views

EUVD-2026-17500

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.68 and 9.7.0-alpha.12, the GraphQL query complexity validator can be exploited to cause a denial-of-service by sending a crafted query with binary fan-out fragment spreads...

8.2CVSS5.7AI score0.00463EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.24 views

CVE-2025-69324 WordPress NEX-Forms plugin <= 9.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...

7.1CVSS0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.10 views

CVE-2023-4889

The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS5AI score0.00434EPSS
Exploits0References1
OSV
OSV
added 2025/09/05 6:31 p.m.6 views

GHSA-6859-2QXQ-FFV2 pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability

pgAdmin = 9.7 is affected by a Cross-Origin Opener Policy COOP vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation...

7.9CVSS6.9AI score0.00213EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/04 12:0 a.m.4 views

pgAdmin 安全漏洞

pgAdmin is pgAdmin open source an open source management and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin 9.7 and prior versions that stems from an improper cross-origin open policy, which could lead to unauthorized account access and...

7.9CVSS6.6AI score0.00213EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.3 views

WordPress plugin WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

5.9CVSS8.1AI score0.00202EPSS
Exploits0References2
OSV
OSV
added 2024/08/24 4:15 a.m.5 views

CVE-2024-6499

The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other...

5.3CVSS5.7AI score0.00439EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/21 12:0 a.m.9 views

PT-2024-38313 · WordPress · Acymailing

Name of the Vulnerable Software and Affected Versions: AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress versions up to, and including, 9.7.2 Description: The issue is related to arbitrary file uploads due to missing file type validation in the acym...

8.8CVSS7.8AI score0.00958EPSS
Exploits0References15
OSV
OSV
added 2022/12/07 4:15 a.m.4 views

CVE-2022-43508

Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file...

7.8CVSS6.3AI score0.00249EPSS
Exploits0References2
OSV
OSV
added 2022/11/18 11:15 p.m.4 views

CVE-2022-42459

Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin = 9.7.1 on WordPress...

7.2CVSS5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2022/09/23 12:0 a.m.4 views

Veritas Desktop and Laptop Option 跨站脚本漏洞

Veritas Desktop and Laptop Option is a software from Veritas, USA that provides data backup and endpoint protection features for Windows and Mac desktops and laptops. The software supports network-less protection, instant backup, customized failover, self-service restore, and other protection...

6.1CVSS6.1AI score0.00363EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.9 views

PT-2022-19562 · WordPress · Image Hover Effects Ultimate

Name of the Vulnerable Software and Affected Versions: Image Hover Effects Ultimate plugin for WordPress versions up to, and including, 9.7.3 Description: The issue arises from insufficient input sanitization and output escaping in the Video Link values that can be added to an Image Hover. This...

6.4CVSS5.2AI score0.00508EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/20 12:0 a.m.5 views

WordPress plugin Image Hover Effects Ultimate跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Image Hover Effects Ultimate plugin 9.7.1 and earlier versions are vulnerable to a cross-site...

4.8CVSS5.6AI score0.00489EPSS
Exploits0References3
OSV
OSV
added 2022/05/04 6:15 p.m.5 views

CVE-2022-25786

Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7...

4.9CVSS5.8AI score0.00688EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/05/04 12:0 a.m.6 views

Secomea GateManager 安全漏洞

Secomea GateManager is a remote access server product from the Danish company Secomea. security vulnerability exists in versions prior to Secomea GateManager 9.7, which stems from improper handling of permissions in Secomea GateManager's Web UI, and could be exploited to allow logged-in users to...

5.5CVSS5.8AI score0.00466EPSS
Exploits0References2
Rows per page
Query Builder