Lucene search
K

77 matches found

NVD
NVD
added 2 days ago2 views

CVE-2026-57357

Unauthenticated Cross Site Scripting XSS in Search Atlas SEO = 2.6.6 versions...

7.1CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.9 views

CVE-2026-56069

This CVE concerns the WordPress Toolset Forms plugin (versions up to 2.6.24). The issue is an Unauthenticated Insecure Direct Object Reference (IDOR) in Toolset Forms, allowing access to objects without authentication. The CVSS 3.1 vector indicates network attack, low attack complexity, no privil...

7.5CVSS5.8AI score0.003EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 12:15 a.m.17 views

CVE-2026-50590

Mimecast Incydr vulnerability CVE-2026-50590 affects versions before 2.6.0, enabling arbitrary file access. The provided documents do not specify the underlying root cause, affected components, or a remediation. No exploitation details are given. Action: monitor for updates and vendor advisories ...

4.5CVSS5.9AI score0.0009EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 9:32 p.m.17 views

CVE-2026-44369

CVAT (open source annotation tool) is affected by CVE-2026-44369: from versions 2.5.0 through 2.63.0, an attacker who can create or edit an annotation guide on a task can inject malicious JavaScript that runs in the browser of anyone viewing that guide. The injected code can perform arbitrary req...

8.5CVSS6AI score0.00266EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 7:4 p.m.32 views

CVE-2026-42874 Microdot: HTTP response splitting in Response.set_cookie()

Microdot is a minimalistic Python web framework. Prior to 2.6.1, the Response.setcookie method does not sanitize its string arguments, and in particular will not detect the presence of the \r\n sequence in them. This can be a potential source of header injection attacks. For a header injection...

3.7CVSS0.00215EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/08 5:11 a.m.4 views

CVE-2026-33273

Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, an arbitrary file may be created by an administrator of the product. As a result, arbitrary code may be executed on the server...

5.1CVSS6.2AI score0.00228EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/08 5:10 a.m.2 views

CVE-2026-24913

SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, information stored in the database may be obtained or altered by a user who can log in to the product...

8.8CVSS5.9AI score0.00301EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.9 views

CVE-2026-35164

Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies...

8.8CVSS5.9AI score0.00708EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/06 7:10 p.m.5 views

EUVD-2026-19458

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 5:17 p.m.1 views

CVE-2026-35045 Tandoor Recipes Affected by Private Recipe Exposure and Unauthorized Modification

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batchupdate/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in that Space, including recipes marked as private by...

8.1CVSS5.9AI score0.00267EPSS
Exploits1References2
CVE
CVE
added 2026/03/26 7:3 p.m.8 views

CVE-2026-29055

CVE-2026-29055 affects Tandoor Recipes: in versions prior to 2.6.0, the image processing pipeline did not strip EXIF data, rescale, or validate sizes for WebP and GIF uploads, allowing sensitive EXIF metadata (GPS coordinates, camera model, timestamps, software) to be stored and served to all vie...

5.3CVSS5.9AI score0.00306EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/06 7:53 a.m.3 views

CVE-2026-28051

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Yacht Rental yacht-rental allows PHP Local File Inclusion.This issue affects Yacht Rental: from n/a through = 2.6...

8.1CVSS5.8AI score0.00415EPSS
Exploits0References1
NVD
NVD
added 2026/03/05 6:16 a.m.5 views

CVE-2026-28051

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Yacht Rental yacht-rental allows PHP Local File Inclusion.This issue affects Yacht Rental: from n/a through = 2.6...

8.1CVSS0.00415EPSS
Exploits0References1
NVD
NVD
added 2026/02/04 12:16 a.m.8 views

CVE-2026-1813

A vulnerability was found in bolo-blog bolo-solo up to 2.6.4. Affected is an unknown function of the file src/main/java/org/b3log/solo/bolo/pic/PicUploadProcessor.java of the component FreeMarker Template Handler. The manipulation of the argument File results in unrestricted upload. It is possibl...

9.8CVSS0.00333EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.7 views

CVE-2023-40829

There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000...

7.5CVSS6.9AI score0.00463EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.10 views

CVE-2023-49860

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project...

6.5CVSS6.7AI score0.00385EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 7:21 a.m.13 views

CVE-2025-53441

CVE-2025-53441 corresponds to a PHP Local File Inclusion in the WordPress Greeny theme (versions through 2.6). The issue arises from improper control of filenames for include/require statements, enabling Local File Inclusion via a PHP Remote File Inclusion pattern. Affected product: axiomthemes G...

8.1CVSS6.7AI score0.00445EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.10 views

PT-2025-52036

Name of the Vulnerable Software and Affected Versions axiomthemes Greeny versions through 2.6 Description A flaw exists in axiomthemes Greeny that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue is related to a 'PHP Remote File...

8.1CVSS6.7AI score0.00445EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.4 views

WordPress plugin Greeny 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

8.1CVSS6.7AI score0.00445EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.10 views

PT-2025-49187

Name of the Vulnerable Software and Affected Versions Demo Importer Plus plugin for WordPress versions up to and including 2.0.6 Description The Demo Importer Plus plugin for WordPress is susceptible to arbitrary file upload due to inadequate file type validation when processing WXR files. This...

8.8CVSS7.6AI score0.00464EPSS
Exploits0References8
Rows per page
Query Builder