Lucene search
K

6 matches found

Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.8 views

PT-2026-28639

Name of the Vulnerable Software and Affected Versions Ultimate Member plugin for WordPress versions through 2.11.2 Description The Ultimate Member plugin for WordPress is susceptible to Sensitive Information Exposure. The issue stems from the 'usermeta:password reset link' template tag being...

8CVSS5.9AI score0.00229EPSS
Exploits0References8
NVD
NVD
added 2026/03/07 5:15 p.m.7 views

CVE-2026-30852

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

7.5CVSS0.00401EPSS
Exploits1References3
CVE
CVE
added 2026/02/24 3:59 p.m.36 views

CVE-2026-27571

NATS-Server WebSockets handling is vulnerable to a pre-auth memory DoS via a compression bomb. Prior to v2.11.2 and v2.12.3, memory bounds for a NATS message were not independently applied to the memory stream, allowing excessive memory consumption and potential OS termination. The issue is explo...

7.5CVSS5.7AI score0.00478EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/07/23 12:0 a.m.5 views

Harbor 跨站脚本漏洞

Harbor is an open source registry from Harbor Open Source. Protects artifacts with policies and role-based access control, ensures images are scanned and free of vulnerabilities, and signs images as trusted. A cross-site scripting vulnerability exists in Harbor versions 2.11.2 and earlier,...

4.1CVSS5.3AI score0.00303EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/09/18 5:34 a.m.4 views

Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"

Overview WordPress plugin "Welcart e-Commerce" provided by Welcart Inc. contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2024-42404 Cross-site scripting CWE-79 - CVE-2024-45366 Shogo Kumamaru of LAC CyberLink Co., Ltd. reported this vulnerability to IPA. JPCERT/CC...

8.8CVSS7.6AI score0.00482EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/01/20 12:0 a.m.4 views

Espruino 安全漏洞

Espruino is a JavaScript interpreter. It is designed for devices with only 128kB flash memory and 8kB RAM.A security vulnerability exists in Espruino, which stems from the fact that Espruino 2v11.251 was found to contain a SEGV vulnerability via src jsinteractivec in jsiGetDeviceFromClass. No...

5.5CVSS5.5AI score0.00621EPSS
Exploits1References2
Rows per page
Query Builder