Lucene search
K

18 matches found

EUVD
EUVD
added 2026/06/15 8:18 p.m.12 views

EUVD-2026-36832

Unauthenticated Sensitive Data Exposure in Bookly = 27.4 versions...

7.5CVSS5.2AI score0.00294EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/13 11:25 a.m.10 views

CVE-2026-5513 Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.5AI score0.00312EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.9 views

SUSE SLES15 Security Update : rmt-server (SUSE-SU-2026:1964-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1964-1 advisory. This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle...

7.5CVSS5.9AI score0.0043EPSS
Exploits0References32
Patchstack
Patchstack
added 2026/04/09 11:53 p.m.7 views

WordPress Online Scheduling and Appointment Booking System - Bookly plugin <= 27.0 - Unauthenticated Price Manipulation via 'tips' vulnerability

WordPress Online Scheduling and Appointment Booking System - Bookly plugin = 27.0 - Unauthenticated Price Manipulation via 'tips' vulnerability discovered by Youssef Elouaer in WordPress Plugin Bookly versions = 27.0...

5.3CVSS5.9AI score0.00452EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/08 7:25 p.m.6 views

CVE-2026-35165

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the documentrepository frontend was restricting file access, the backend endpoint was not...

6.5CVSS0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/30 5:6 p.m.3 views

CVE-2025-66215 OpenSC: Stack-buffer-overflow WRITE in card-oberthur

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that...

3.8CVSS5.8AI score0.00159EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.10 views

PT-2025-50736

Name of the Vulnerable Software and Affected Versions AzeoTech DAQFactory version 20.7 Build 2555 Description A Use After Free issue exists in AzeoTech DAQFactory release 20.7 Build 2555. Exploitation of this issue, through the parsing of specially crafted .ctl files, can lead to memory corruptio...

7.8CVSS6.9AI score0.00201EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/10/11 8:29 a.m.10 views

CVE-2025-11254 Contest Gallery – Upload, Vote & Sell with PayPal and Stripe <= 27.0.3 - Unauthenticated CSV Injection

The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 27.0.3 via gallery submissions. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which c...

4.3CVSS0.00319EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.43 views

EUVD-2025-31660

Malicious code in bioql PyPI...

10CVSS6.5AI score0.00512EPSS
Exploits1References2
OSV
OSV
added 2025/08/09 6:15 a.m.2 views

DEBIAN-CVE-2025-8746

A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function strstrsse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue w...

5.5CVSS3.9AI score0.00212EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/25 12:0 a.m.3 views

IBM Spss Statistics 加密问题漏洞

IBM Spss Statistics is a software package from International Business Machines IBM, Inc. It is used for interactive or batch statistical analysis. An encryption issue vulnerability exists in IBM SPSS Statistics versions 26.0, 27.0.1, 28.0.1, and 29.0.2, which stems from the use of a weak encrypti...

7.5CVSS6.6AI score0.00187EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/28 12:0 a.m.4 views

Tiki 安全漏洞

Tiki is a suite of open source content management and portal applications from the Tiki community that can be used to create web applications, portals, corporate intranets, extranets, and more. A security vulnerability exists in Tiki version 27.0 and earlier, which originates from a user with...

4.8CVSS5.8AI score0.00236EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/08/29 2:50 p.m.6 views

CVE-2022-35962 Crafted link in Zulip message can cause disclosure of credentials

Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190...

8CVSS7.3AI score0.00891EPSS
Exploits0References3
OSV
OSV
added 2022/07/17 9:15 p.m.6 views

CVE-2022-27930

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed...

5.9CVSS5.8AI score0.0083EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/07/17 12:0 a.m.9 views

Pexip Infinity 输入验证错误漏洞

Pexip Infinity is a video conferencing cloud collaboration platform from Pexip, a Norwegian company. Pexip Infinity versions prior to 27.3 contain an input validation error vulnerability that can be exploited by remote, unauthenticated attackers to cause a denial of service...

7.5CVSS5.6AI score0.0101EPSS
Exploits0References2
CNVD
CNVD
added 2019/11/13 12:0 a.m.3 views

Unauthorized Access Vulnerability in Gallery 27.0, Qixing Image Library (CNVD-2020-00193)

Qixing Image GalleryGallery is mainly used to store images or videos in the company. An unauthorized access vulnerability exists in Qixing Image Library Gallery 27.0, which can be exploited by attackers to obtain sensitive information...

6.8AI score
Exploits0
CNVD
CNVD
added 2019/02/13 12:0 a.m.3 views

SQL Injection Vulnerability in the Backend Us***_Ro***.aspx File of Qixing Image & Video Library Gallery v27.0

Qixing Image & Video GalleryGallery is mainly used to store images or videos in the company. A SQL injection vulnerability exists in the backend UsRo.aspx file of Qixing Image & Video Gallery v27.0, which can be exploited by an attacker to obtain sensitive information from the database...

7.7AI score
Exploits0
CNVD
CNVD
added 2016/10/13 12:0 a.m.6 views

Pivotal Cloud Foundry MariaDB audit_plugin component information disclosure vulnerability

Pivotal Cloud Foundry PCF is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software, Inc. in the United States. cf-mysql-release is one of the releases. mariaDB auditplugin is one of the plugins that allows operators to enable audit trails and logging sent to SQL...

7.5CVSS7.2AI score0.01363EPSS
Exploits0References1
Rows per page
Query Builder