Lucene search
K

2048 matches found

CVE
CVE
added 2 days ago8 views

CVE-2026-15096

The CVE concerns the Themify Builder WordPress plugin. A Stored Cross-Site Scripting (XSS) flaw exists in the Map Module’s b_width_map field across all versions up to 7.7.6, caused by insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or hig...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-57164

Name of the Vulnerable Software and Affected Versions Lucee CFML Server versions 5.3.x Lucee CFML Server versions 6.1.x Lucee CFML Server versions 6.2.x Lucee CFML Server versions 7.0.x Description Reflected cross-site scripting occurs during URL path parsing, allowing unauthenticated remote...

8.2CVSS6.3AI score0.00386EPSS
Exploits1References4
NVD
NVD
added 4 days ago6 views

CVE-2026-13462

PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends...

7.5CVSS0.00229EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42540

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.9.4 via the 'access' parameter due to missing validation on a user controlled key. This...

5.3CVSS5.9AI score0.00408EPSS
Exploits0References14
Debian CVE
Debian CVE
added 5 days ago4 views

CVE-2026-59875

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is...

5.3CVSS5.9AI score0.00291EPSS
Exploits0
NVD
NVD
added 5 days ago11 views

CVE-2026-9701

The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The plugin stores a plaintext copy of the password reset key in the eventerverificationcode user meta field when a user requests a password reset. The plaintext key...

9.8CVSS0.00267EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.9 views

PT-2026-55508

Name of the Vulnerable Software and Affected Versions wpDiscuz versions prior to 7.6.57 Description Stored Cross-Site Scripting occurs when the plugin fails to properly escape output in the getCommentAuthor function. This happens because the comment author url value, provided in the guest comment...

7.2CVSS6AI score0.00305EPSS
Exploits0References16
NVD
NVD
added 2026/07/02 12:17 p.m.5 views

CVE-2026-57343

Unauthenticated Cross Site Scripting XSS in Real Estate 7 = 3.5.9 versions...

7.1CVSS0.00191EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 12:16 p.m.6 views

CVE-2026-27060

Contributor PHP Object Injection in ARMember Premium = 7.0 versions...

8.8CVSS0.00288EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 8:33 a.m.6 views

EUVD-2026-41262

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...

7.2CVSS6.3AI score0.01588EPSS
Exploits0References8
CVE
CVE
added 2026/07/01 6:16 p.m.63 views

CVE-2026-55628

ImageMagick (CVE-2026-55628) is affected by a policy bypass in the -concatenate operation present in versions prior to 7.1.2-26he, due to missing security policy checks. This could allow reading and writing to paths disallowed by policy. The issue has been fixed in version 7.1.2-26he. Remediation...

5.5CVSS5.7AI score0.00098EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 2:41 a.m.8 views

EUVD-2026-40869

An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser in WinRAR and UnRAR RecVolumes5::ReadHeader in recvol5.cpp. The RecItems vector is sized only when the first .rev file in a set is processed; subsequent .rev files supply an independent RecNum value that is validated again...

7.8CVSS7.4AI score0.1308EPSS
Exploits2References2
Patchstack
Patchstack
added 2026/07/01 12:0 a.m.5 views

WordPress WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin <= 7.11 - Authenticated (Administrator+) OS Command Injection vulnerability

Authenticated Administrator+ OS Command Injection vulnerability discovered by Irwan Kusuma - wanjay in WordPress Plugin WP Database Backup versions = 7.11...

7.2CVSS5.8AI score0.01588EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-54854

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.13-51 ImageMagick versions prior to 7.1.2-26 Description A missing depth check in the MVG decoder can lead to a stack overflow when the software processes a specially crafted image. A stack overflow occurs whe...

5.3CVSS6AI score0.00241EPSS
Exploits0References23
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54856

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-26 Description Incorrect handling of arguments in the JP2 encoder can lead to a heap buffer over-write. A heap buffer over-write occurs when a program writes more data to a heap-allocated memory buffer than ...

5.5CVSS6.2AI score0.00188EPSS
Exploits0References22
NVD
NVD
added 2026/06/30 4:16 p.m.8 views

CVE-2026-48286

Adobe Campaign Classic ACC versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00712EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:36 p.m.6 views

CVE-2026-57331

Performer Arbitrary File Deletion in Paid Videochat Turnkey Site = 7.4.8 versions...

9.9CVSS5.8AI score0.00344EPSS
Exploits0References2
OSV
OSV
added 2026/06/28 2:16 a.m.4 views

DEBIAN-CVE-2026-58058

Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6getdataprimitive libnetutil/netutil.cc, so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a craft...

6.9CVSS5.9AI score0.00278EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 9:2 p.m.3 views

GHSA-6Q7J-XR26-3H2C Scriban: ExpressionDepthLimit guard is non-enforcing — parser-recursion DoS in 6.6.0–7.2.0 (incomplete fix for GHSA-wgh7-7m3c-fx25 / GHSA-p6q4-fgr8-vx4p)

Summary The ExpressionDepthLimit parser guard in Scriban does not actually stop parsing — it only logs a non-fatal error and lets recursive descent continue. As a result, a template containing a deeply nested expression parentheses, array initializers, object initializers, or unary operators driv...

6.9CVSS6.1AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

libcurl 7.12.0 < 8.21.0 Cross-Proxy Digest Auth State Leak

The version of libcurl installed on the remote host is 7.12.0 prior to 8.21.0. It is, therefore, affected by a proxy credential disclosure vulnerability: - When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy...

9.1CVSS6AI score0.00752EPSS
Exploits1References2
Rows per page
Query Builder