Lucene search
K

2789 matches found

NVD
NVD
added 2026/06/15 9:17 p.m.11 views

CVE-2026-52700

Subscriber SQL Injection in WCMultiShipping = 3.0.2 versions...

8.5CVSS0.0037EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:41 p.m.35 views

CVE-2026-48714 i18next-http-middleware missingKeyHandler does not reject keys whose segments contain prototype-polluting names

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9.7, the missingKeyHandler blocked the literal request-body keys proto, constructor, and prototype added in 3.9.3, see GHSA-5fgg-jcpf-8jjw, but did not...

9.1CVSS0.00419EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 7:56 p.m.17 views

EUVD-2026-37002

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run...

8.5CVSS5.5AI score0.00144EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49441

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.32 views

CVE-2026-50869

An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request...

0.00718EPSS
Exploits0References1
Redos
Redos
added 2026/06/15 12:0 a.m.9 views

ROS-20260615-73-0042

The vulnerability of the persistentcachereadentryv3 function in the RDP client FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow an attacker to compromise the integrity and accessibility of protected information...

7.1CVSS5.8AI score0.001EPSS
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/15 12:0 a.m.9 views

Security update for cyrus-imapd (important)

openSUSE Security Update: Security update for cyrus-imapd Announcement ID: openSUSE-SU-2026:0204-1 Rating: important References: 1241536 1241543 1246165 1251788 Cross-References: CVE-2025-23394 CVE-2025-49812 CVSS scores: CVE-2025-49812 SUSE: 8.3...

8.3CVSS5.5AI score0.00516EPSS
Exploits0References4
CVE
CVE
added 2026/06/11 3:53 p.m.26 views

CVE-2026-11945

CVE-2026-11945 affects PostgreSQL Anonymizer. A local user who can create JSON documents can embed malicious code in a specific key–value pair, which is executed with superuser privileges if a superuser invokes import_database_rules() or import_roles_rules(). This leads to privilege escalation/po...

7.5CVSS5.6AI score0.00247EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/06/11 3:10 p.m.11 views

EUVD-2024-55619

IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user...

4.1CVSS5.4AI score0.00094EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 2:16 p.m.16 views

CVE-2026-38581

SQL Injection vulnerability in damasac thaipalliativelte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php line 14 and the id parameter line 49. The parameters are concatenated directly into SQL queries without...

9.8CVSS0.00329EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/06/11 1:56 p.m.14 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.9AI score0.00651EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/11 1:47 p.m.11 views

EUVD-2026-36246

A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...

7CVSS5.5AI score0.00253EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 9:16 a.m.15 views

CVE-2023-40200

Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...

5.3CVSS0.00188EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/06/11 8:1 a.m.23 views

SQLite before 3.53.2 Memory Corruption in FTS5 Extension

...

8.5CVSS5.3AI score0.00175EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/11 12:0 a.m.10 views

CVE-2026-38581

SQL Injection vulnerability in damasac thaipalliativelte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php line 14 and the id parameter line 49. The parameters are concatenated directly into SQL queries without...

6.3AI score0.00329EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.15 views

PT-2026-48669

Name of the Vulnerable Software and Affected Versions IBM Security QRadar EDR versions 3.12 through 3.12.24 Description User credentials are stored in plain text, which allows a local privileged user to read this sensitive information. Recommendations At the moment, there is no information about ...

4.4CVSS5.8AI score0.00094EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.23 views

aioHTTP < 3.14.0 Multiple Vulnerabilities

The version of aioHTTP installed on the remote host is prior to 3.14.0. It is, therefore, affected by multiple vulnerabilities: - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 2:58 a.m.13 views

CVE-2026-11469

A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add Endpoint. Executing a manipulation of the argument platformValue can lead to...

5.8CVSS5AI score0.00232EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.22 views

PT-2026-47631

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References7
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.12 views

OpenSSL Toolkit 3.6.3

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.6 release...

9.8CVSS5.4AI score0.02719EPSS
Exploits0
Rows per page
Query Builder