Lucene search
K

72 matches found

NVD
NVD
added 2026/06/25 2:16 p.m.7 views

CVE-2026-27366

Unauthenticated Broken Access Control in MainWP Child = 6.1.1 versions...

7.5CVSS0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.5 views

EUVD-2026-39362

Unauthenticated Broken Access Control in MainWP Child = 6.1.1 versions...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.12 views

CVE-2026-42096

Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond wi...

8.8CVSS5.7AI score0.00598EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.12 views

CVE-2026-42100

Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service DoS attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly. The vendor was notified early about this vulnerability,...

7.5CVSS5.5AI score0.00682EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.14 views

PT-2026-44744

Name of the Vulnerable Software and Affected Versions WP Maps Pro versions prior to 6.1.1 Description The WP Maps Pro plugin for WordPress contains a flaw allowing unauthenticated attackers to create administrator accounts and achieve complete site takeover. The issue stems from a temporary acces...

9.8CVSS6AI score0.09461EPSS
Exploits7References51
EUVD
EUVD
added 2026/05/19 12:59 p.m.12 views

EUVD-2026-30929

Sparx Pro Cloud Server is vulnerable to a Race Condition in the /dataapi/dlinternalartifact.php endpoint. The application downloads the properties of the object pointed by guid parameter and saves loaded content in current location DIR under the specified name. An attacker with repository access...

8.7CVSS6.2AI score0.00724EPSS
Exploits3References4
Vulnrichment
Vulnrichment
added 2026/05/19 12:59 p.m.11 views

CVE-2026-42096 Broken Access Control in Sparx Pro Cloud Server

Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond wi...

8.7CVSS6AI score0.00598EPSS
Exploits2References4
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

Sparx Systems Sparx Pro Cloud Server 安全漏洞

Sparx Systems' Sparx Pro Cloud Server is a modeling and service platform developed by the Australian company Sparx Systems. It supports remote access to model repositories and collaborative management. Versions of Sparx Pro Cloud Server prior to version 6.1 contained security vulnerabilities. The...

8.8CVSS6.1AI score0.00598EPSS
Exploits2References1
PyPA
PyPA
added 2026/04/24 5:16 p.m.24 views

PYSEC-2026-87

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS5.8AI score0.00324EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/11 9:45 p.m.9 views

EUVD-2026-11414

2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. Th...

7.8CVSS5.9AI score0.00505EPSS
Exploits1References1
CVE
CVE
added 2026/03/01 8:2 a.m.19 views

CVE-2026-3384

CVE-2026-3384 affects ChaiScript up to 6.1.0. The vulnerability targets chaiscript_eval.hpp, specifically chaiscript::eval::AST_Node_Impl::eval and chaiscript::eval::Function_Push_Pop, causing uncontrolled recursion. Local attack required; exploit disclosed publicly. The project was informed via ...

5.5CVSS5.3AI score0.00162EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/01 5:32 a.m.6 views

CVE-2026-3382 ChaiScript boxed_number.hpp get_as memory corruption

A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::BoxedNumber::getas of the file include/chaiscript/dispatchkit/boxednumber.hpp. Performing a manipulation results in memory corruption. The attack requires a local approach. The exploit...

4.8CVSS5.4AI score0.00169EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/02/19 7:21 p.m.8 views

CVE-2026-2655

A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::strless::operator of the file include/chaiscript/chaiscriptdefines.hpp. The manipulation results in use after free. The attack requires a local approach. The attack requires a high level of...

2.5CVSS5AI score0.00191EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/11 9:5 a.m.4 views

CVE-2025-13650

An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is not necessary, but the action must be performed who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Surname’ parameter of the ‘Creat...

5.1CVSS5.7AI score0.00227EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.13 views

PT-2026-7509

An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is not necessary, but the action must be performed who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Surname’ parameter of the ‘Creat...

5.1CVSS5.7AI score0.00227EPSS
Exploits0References5
OSV
OSV
added 2026/01/20 12:36 a.m.6 views

CVE-2026-23949 jaraco.context Has a Path Traversal Vulnerability

jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the jaraco.context.tarball function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract file...

8.6CVSS5.5AI score0.00527EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/09 9:20 a.m.4 views

CVE-2021-2127

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

4.9CVSS5.5AI score0.0046EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:51 a.m.4 views

CVE-2021-2074

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

8.2CVSS6.5AI score0.00493EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/18 5:56 a.m.9 views

CVE-2025-13265

A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traversal. It is possible to initiate the attack...

9.1CVSS6.4AI score0.00511EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/11/14 12:0 a.m.8 views

CVE-2025-54559

An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote Path Traversal for loading arbitrary external content...

0.00246EPSS
Exploits0References2
Rows per page
Query Builder