Lucene search
K

1045 matches found

Nuclei
Nuclei
added yesterday20 views

Formidable Forms < 2.05.02 - Cross-Site Scripting

Formidable Form Builder for WordPress versions before 2.05.03 contains a stored cross-site scripting caused by insufficient input sanitization and output escaping in form parameters like 'afterhtml', letting unauthenticated attackers inject and execute arbitrary scripts in victims' browsers id:...

8.3CVSS6.2AI score0.00999EPSS
Exploits2References3
CVE
CVE
added 2026/07/06 6:0 a.m.15 views

CVE-2026-10830

Affected software: AllCoach WordPress plugin

8.8CVSS6AI score0.00257EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-14076

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTM...

4.3CVSS6.2AI score0.00182EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-13895

Inappropriate implementation in Autofill in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS0.00212EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:37 p.m.16 views

CVE-2026-13821

CVE-2026-13821 concerns a Use-After-Free in the Canvas component of Google Chrome before 150.0.7871.47, enabling a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Affected: Google Chrome (Canvas). Root cause: use-after-free in Canvas handling as described in mu...

8.8CVSS6.2AI score0.00351EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/29 4:49 a.m.14 views

perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access

A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to...

9.1CVSS5.9AI score0.0043EPSS
Exploits0References7
NVD
NVD
added 2026/06/26 11:16 a.m.9 views

CVE-2026-57473

A vulnerability exists in the netclient and factory services of Reolink Home Hub versions prior to v3.3.0.45626031911 due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated...

5.8CVSS0.00145EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:17 a.m.7 views

CVE-2026-57876

An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a...

7.5CVSS5.8AI score0.00313EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/26 12:32 a.m.11 views

EUVD-2026-39584

Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: High...

6.8CVSS5.9AI score0.00115EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 2:16 p.m.5 views

CVE-2026-46734

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

7.8CVSS0.00064EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.8 views

Google Chrome < 149.0.7827.200 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 149.0.7827.200. It is, therefore, affected by multiple vulnerabilities as referenced in the 202606stable-channel-update-for-desktop01245939337 advisory. - Use after free in AdFilter in Google Chrome on Android prior to...

8.3CVSS6.4AI score0.00229EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56272

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...

5.6CVSS5.8AI score0.00073EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 6:0 a.m.11 views

CVE-2026-9709

The CVE-2026-9709 entry describes a vulnerability in the Premium Cornerstone page builder bundled with the X Theme (WordPress plugin) prior to version 7.8.9. The root cause is missing capability checks on one REST API route, allowing any authenticated user to disclose metadata of other users, inc...

7.7CVSS5.8AI score0.00219EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/23 11:48 a.m.12 views

Astra Linux – Vulnerability in Chromium

Using “after free” in WebRTC in Google Chrome before version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00281EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/18 4:21 p.m.21 views

CVE-2026-55237 AutoGPT SignUp Page has DOM-Based XSS and Open Redirect

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions prior to 0.6.62 have a DOM-based Cross-Site Scripting XSS vulnerability in AutoGPT's signup page. The application improperly trusts a URL parameter next, which is...

8.8CVSS0.00189EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.9 views

SUSE CVE-2026-12458

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.3AI score0.0019EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-50095

Unauthenticated PHP Object Injection in Kapee 1.7.0 versions...

8.1CVSS5.4AI score0.00308EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 11:38 p.m.23 views

CVE-2026-9260

CVE-2026-9260 concerns the Canon EOS Network Setting Tool, affected in version 1.5.0 or earlier. The underlying issue is the use of hard-coded cryptographic keys, which can undermine confidentiality, integrity, and availability of communications or data protected by these keys. The CVSS data indi...

9.8CVSS5.3AI score0.00232EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/10 5:15 p.m.33 views

CVE-2026-11596

Affected software: ScreenConnect™ (before version 26.2). The vulnerability concerns input validation in the Host Pass creation flow, where an authenticated user with Host Pass creation privileges could set a delegated access token expiration longer than the intended maximum. Impact, as described,...

4.7CVSS5.5AI score0.00221EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 6:0 a.m.46 views

CVE-2026-8071 Spam protection, Honeypot, Anti-Spam by CleanTalk < 6.79 - Unauthenticated Stored XSS via Comment Shortcode Bypass

The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user...

0.00296EPSS
Exploits0References1
Rows per page
Query Builder