Lucene search
K

150 matches found

Cvelist
Cvelist
added yesterday17 views

CVE-2026-57802 WordPress Struktur theme <= 2.5.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...

7.5CVSS0.00496EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

RHEL 8 : ruby:2.5 (RHSA-2026:33514)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:33514 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

7.6CVSS5.8AI score0.00813EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-42450

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, FileFormatSpi3D.cpp:163 uses sscanf with %s into 64-byte...

8.4CVSS5.9AI score0.0012EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 5:16 p.m.9 views

CVE-2026-49260

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, pontedilana/php-weasyprint builds the shell command for WeasyPrint by passing the binary path through escapeshellarg first and then checking the quoted result with isexecutable. On POSIX...

8.2CVSS0.00154EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-44381

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow attribute listing endpoints. The affected code accepted order or sort values from request paramete...

9.3CVSS5.7AI score0.0054EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 10:17 p.m.13 views

CVE-2026-45343

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScript in an administrator's browser session. This affects instances configured with SSO/OAuth...

8.5CVSS0.00306EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

WordPress plugin Product Import Export for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.16 views

PT-2026-42260

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1...

9.4CVSS5.7AI score0.00303EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/14 2:36 p.m.8 views

EUVD-2026-30298

OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving...

2.3CVSS5.8AI score0.00248EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/13 8:53 p.m.9 views

EUVD-2026-30166

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...

5.3CVSS5.9AI score0.00178EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 12:7 p.m.64 views

CVE-2026-8080 MISP core - Stored XSS in MISP template (old engine) element attribute type

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

6.8CVSS0.00139EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/27 7:23 p.m.6 views

CVE-2026-6978

A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialcharsdecode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sqls results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

5.8CVSS5AI score0.00253EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.14 views

PT-2026-34666

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...

5.8AI score0.00359EPSS
Exploits1References5
OSV
OSV
added 2026/04/21 6:27 p.m.2 views

GHSA-P49J-V9WC-WG57 OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation

Impact OpenBao's namespaces provide multi-tenant separation. A tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. Patches This was addressed in v2.5.3...

2CVSS5.8AI score0.00301EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/21 6:26 p.m.6 views

EUVD-2026-24035

OpenBao's SQL Injection in PostgreSQL database secrets engine...

4.6CVSS5.8AI score0.00235EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/21 5:26 p.m.10 views

OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate

Background OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Token renewals for other authentication methods do not require any supplied login...

3.1CVSS5.6AI score0.00101EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/04/15 5:26 p.m.7 views

EUVD-2026-22991

Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses a...

7.4CVSS5.8AI score0.00316EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.5 views

CVE-2026-39662

Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through = 2.5.6...

5.3CVSS5.9AI score0.0019EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 8:30 a.m.16 views

CVE-2026-39710

CVE-2026-39710 affects WordPress RT-Theme 18 | Extensions (rt18-extensions) up to version 2.5. The issue is a CSRF vulnerability that could allow actions on behalf of authenticated users. The root cause and affected component are described across multiple feeds; the primary fix recommended is upd...

5.4CVSS5.9AI score0.00097EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.11 views

PT-2026-31441

Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code execution via crafted tophat:// or http://localhost:29070 URLs. The arguments query parameter flows unsanitized from URL parsing through to /bin/bash -c execution, allowing an attacker to execute...

8.7CVSS6.7AI score0.00555EPSS
Exploits0References3
Rows per page
Query Builder