Lucene search
K

241 matches found

NVD
NVD
added 4 days ago8 views

CVE-2026-13546

A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could b...

7.5CVSS0.00383EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-13546

A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could b...

7.5CVSS5.5AI score0.00383EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-13544 Feehi CMS API users access control

A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project wa...

6.5CVSS0.00214EPSS
Exploits0References8
EUVD
EUVD
added last week12 views

EUVD-2026-36599

Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing...

6.5CVSS5.8AI score0.00282EPSS
Exploits0References2
CVE
CVE
added last week9 views

CVE-2026-57638

CVE-2026-57638 concerns a Cross Site Scripting (XSS) vulnerability in the WordPress plugin Fluent Booking affecting versions

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added last week39 views

CVE-2026-57630 WordPress Blocksy Companion Pro plugin <= 2.1.46 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...

5.3CVSS0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.11 views

CVE-2026-35563

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...

8.8CVSS5.5AI score0.00182EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/29 3:17 p.m.10 views

WordPress Booking Manager plugin <= 2.1.18 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by dodoh4t in WordPress Plugin Booking Manager versions = 2.1.18...

6.5CVSS5.8AI score0.0013EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/28 9:29 p.m.17 views

Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.28.0 Release.

Red Hat OpenShift Dev Spaces 3.28.0 has been released. Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. The 3.28 release is based on...

10CVSS7AI score0.0115EPSS
Exploits20References41
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

SMSGate 安全漏洞

SMSGate is a SMS gateway integration tool developed by Lihuanghe’s individual developers. Versions of SMSGate 2.1.13.6 and earlier contained security vulnerabilities. These vulnerabilities were caused by a problem with the Cmpp7FDeliverRequestMessageCodec.java component, which could allow a remot...

7.3CVSS6.1AI score0.0029EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/23 11:0 a.m.13 views

EUVD-2026-31533

A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memory corruption. Remote exploitation of the attack is possible. The exploit has been published and m...

6.5CVSS6.1AI score0.00228EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/18 8:15 p.m.58 views

CVE-2026-8838 Remote Code Execution via eval() Injection in amazon-redshift-python-driver

Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...

9.8CVSS0.00808EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.8 views

amf 安全漏洞

AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain security vulnerabilities. These vulnerabilities stem from the operation of the function UERadioCapabilityCheckResponse in the file ngap/dispatcher.go, which leads to...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 8:24 a.m.15 views

EUVD-2026-30259

The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'more' parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...

6.4CVSS6AI score0.00156EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 8:24 a.m.46 views

CVE-2026-6174 CC Child Pages <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'more' Parameter

The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'more' parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...

6.4CVSS0.00156EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 11:16 p.m.12 views

CVE-2026-42453

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts use double-quoted strings for shell command construction, unlike all other file manager operation...

8.7CVSS0.01207EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 10:55 p.m.13 views

CVE-2026-42453

Termix is affected by a command injection in the file-manager.ts endpoints extractArchive and compressFiles due to the use of double-quoted strings for shell construction, enabling $(command) substitution on the remote SSH host. This vulnerability (CVE-2026-42453) can lead to arbitrary command ex...

8.7CVSS5.8AI score0.01207EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/08 10:54 p.m.12 views

EUVD-2026-28862

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT temptoken for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow...

8.1CVSS5.7AI score0.00306EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/07 9:45 p.m.8 views

mcp-ssh-tool has file transfer path policy bypass and bearer token comparison hardening

Summary mcp-ssh-tool has released version 2.1.1 with security hardening for transfer path authorization and HTTP bearer authentication. The release addresses: - insufficient local path policy enforcement in transfer-related filesystem handling - incomplete canonicalization and segment-boundary...

5.8AI score
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.6 views

Fedora 42 : glow (2026-9d0e7df23a)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-9d0e7df23a advisory. Update to version 2.1.2. This also updates some of the vendored dependencies to fix CVEs, as well as building with the latest golang to fix even mor...

7.5CVSS5.8AI score0.00626EPSS
Exploits1References8
Rows per page
Query Builder