Lucene search
+L

8064 matches found

cve
cve
added yesterday9 views

CVE-2026-45320

DataEase (open source data visualization/analysis tool) is affected by an SQL injection in dashboard variables. Prior to version 2.10.23, dashboard SQL variables (e.g., ${deptId}) are processed by SqlparserUtils.transFilter(), whose final branch returns raw user input for non-in and non-between o...

8.7CVSS6.1AI score0.00062EPSS
Exploits0References3
nvd
nvd
added yesterday4 views

CVE-2026-59955

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under...

7.5CVSS
Exploits0References3
cvelist
cvelist
added yesterday21 views

CVE-2025-32781 Apollo: Apollo Portal release endpoint allows cross-application configuration disclosure via releaseId

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.0, Apollo Portal does not verify application and namespace permissions when an authenticated user requests a release by ID through GET /envs/env/releases/releaseId while...

6.5CVSS
Exploits0References4
cvelist
cvelist
added yesterday15 views

CVE-2026-48799 Postiz: Unauthenticated arbitrary lifetime PRO grant via Nowpayments webhook

Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...

7.7CVSS0.00022EPSS
Exploits0References4
nuclei
nuclei
added yesterday12 views

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

6.1CVSS7AI score0.00562EPSS
Exploits1References2
cve
cve
added 2 days ago5 views

CVE-2026-15713

This CVE affects Libsoup’s HTTP/2 implementation. The issue is a memory leak where memory context blocks are not properly released under specific stream termination conditions (e.g., window exhaustion or explicit stream resets). A remote, unauthenticated attacker acting as a malicious network pee...

5.9CVSS6.1AI score0.00349EPSS
Exploits0References3
cve
cve
added 2 days ago8 views

CVE-2026-49788

CVE-2026-49788 : An HTTP/2 denial-of-service vulnerability due to unbounded resource allocation allows an unauthenticated network attacker to exhaust resources and disrupt service. CVSSv3.1 base score 7.5 (HIGH); vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. No product/vendor/version details are p...

7.5CVSS6.1AI score0.00797EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2 days ago3 views

CVE-2026-49788 HTTP/2 Denial of Service Vulnerability

...

7.5CVSS6.1AI score0.00797EPSS
Exploits0References1
nvd
nvd
added 2 days ago6 views

CVE-2026-51105

Buffer Overflow vulnerability in aMULE-Project aMule v.2.3.3 allows a remote attacker to cause a denial of service via the OPSERVERMESSAGE Handler...

7.5CVSS0.00318EPSS
Exploits0References1
euvd
euvd
added 2 days ago4 views

EUVD-2026-43606

OpENer 2.3.0 master branch up to commit 76b95cf is vulnerable to a severe memory corruption issue caused by an integer underflow in the processing of connected explicit messages SendUnitData...

9.8CVSS6.1AI score0.00379EPSS
Exploits0References3
cve
cve
added 2 days ago7 views

CVE-2026-51105

CVE-2026-51105 affects aMULE-Project’s aMule 2.3.3. The root cause is a Buffer Overflow in the OP_SERVERMESSAGE Handler, enabling a remote attacker over the network with no user interaction to cause a denial of service. The CVSS indicates Network access, low complexity, no privileges, and a High ...

7.5CVSS6.1AI score0.00318EPSS
Exploits0References1
nvd
nvd
added 3 days ago7 views

CVE-2026-57772

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Blind SQL Injection.This issue affects WP Inventory Manager: from n/a through = 2.4.0...

8.5CVSS0.00253EPSS
Exploits0References1
nvd
nvd
added 3 days ago4 views

CVE-2026-57702

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Melograno Venture Studio Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through = 2.4.2...

9.3CVSS0.00291EPSS
Exploits0References1
cve
cve
added 3 days ago15 views

CVE-2026-57772

CVE-2026-57772 concerns WP Inventory Manager (WordPress plugin) with an SQL Injection issue in the wp-inventory-manager component. The vulnerability is described as Blind SQL Injection and affects WP Inventory Manager versions up to and including 2.4.0 (and from an unspecified starting version). ...

8.5CVSS6.1AI score0.00253EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago32 views

CVE-2026-57744 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

9.8CVSS0.00313EPSS
Exploits0References1
cve
cve
added 3 days ago10 views

CVE-2026-61971

The CVE covers the WordPress plugin Metronet Profile Picture (Cozmoslabs User Profile Picture) insecure direct object references affecting versions

2.7CVSS6.1AI score0.00192EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago29 views

CVE-2026-57802 WordPress Struktur theme <= 2.5.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...

7.5CVSS0.00496EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago26 views

CVE-2026-57790 WordPress Billey theme <= 2.1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through = 2.1.8...

7.5CVSS0.00496EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago28 views

CVE-2026-57379 WordPress FormyChat plugin <= 2.15.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPPOOL FormyChat social-contact-form allows Stored XSS.This issue affects FormyChat: from n/a through = 2.15.3...

7.1CVSS0.0018EPSS
Exploits0References1
cve
cve
added 3 days ago17 views

CVE-2026-51538

CVE-2026-51538 (OpENer 2.3.0) describes an Incorrect Access Control in encapsulation session handling. The server validates that a session_handle exists in the global list but does not verify that the handle belongs to the TCP connection issuing the request. With no strong binding between a sessi...

9.1CVSS6.1AI score0.00379EPSS
Exploits0References2
Rows per page
Query Builder