Lucene search
+L

8098 matches found

EUVD
EUVD
added 2026/07/03 7:53 a.m.7 views

EUVD-2026-41521

The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value...

5.4CVSS6.3AI score0.00255EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 6:11 a.m.8 views

CVE-2026-10536 HTTP/2 stream-dependency tree UAF

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...

9.8CVSS6.1AI score0.00891EPSS
Exploits1References5
EUVD
EUVD
added 2026/07/03 12:31 a.m.10 views

EUVD-2026-41440

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

8.1CVSS6.3AI score0.00392EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/03 12:31 a.m.7 views

EUVD-2026-41439

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemblev2incomingfragments would ignore unknown outer payloads but still store these in a fixed size array msgdigest.digestPAYLIMIT...

7.5CVSS6.4AI score0.00597EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.15 views

PT-2026-55497

Name of the Vulnerable Software and Affected Versions Ultimate Member versions prior to 2.11.5 Description The Ultimate Member plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because of insufficient input sanitization and output escaping when handling the about me...

6.4CVSS6.1AI score0.00241EPSS
Exploits0References15
OSV
OSV
added 2026/07/02 10:16 p.m.5 views

UBUNTU-CVE-2026-50722

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

8.1CVSS6.5AI score0.00392EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/02 9:19 p.m.7 views

CVE-2026-12413

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemblev2incomingfragments would ignore unknown outer payloads but still store these in a fixed size array msgdigest.digestPAYLIMIT...

7.5CVSS6.4AI score0.00597EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/07/02 7:49 p.m.12 views

EUVD-2026-33278

Mautic has an Authorization Bypass in API v2 Endpoints...

7.1CVSS5.8AI score0.00201EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 7:43 p.m.17 views

CVE-2026-59100

CVE-2026-59100 affects LobeChat up to version 2.2.9. It describes a broken object level authorization allowing authenticated attackers to access and modify other users’ chat-group agent data by supplying arbitrary group identifiers. Attackers can call getGroupAgents, updateAgentInGroup, and remov...

5CVSS5.9AI score0.0018EPSS
Exploits0References4
OSV
OSV
added 2026/07/02 7:9 p.m.4 views

GHSA-3VCG-PV95-PQ54 SFTPGo has stored XSS via inline parameter on public shares and user file download

Summary The inline query parameter on the browsable-share file download and on the authenticated user file download suppressed Content-Disposition: attachment, so an HTML file stored in a share or home directory could be served as text/html and execute in SFTPGo's web origin stored XSS. Impact Lo...

3.7CVSS5.8AI score0.00028EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 7:9 p.m.5 views

GHSA-H64P-8H4R-6GFH SFTPGo has path confinement bypass in public browsable share partial ZIP download

Summary The public web-client endpoint for partial ZIP downloads of a browsable share did not correctly confine the client-supplied files entries to the shared directory. A requester able to reach a public share could read files located outside the shared directory, as long as the target's...

5.9CVSS5.8AI score0.00057EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/02 1:46 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the Authorizer function. An attacker can determine valid usernames by measuring the response time difference between valid and invalid usernames during authentication attempts. Remediation There is no fixed...

6.9CVSS6AI score0.00517EPSS
Exploits1References2
OSV
OSV
added 2026/07/02 12:18 p.m.7 views

ROOT-APP-GOBINARY-CVE-2026-53492 CVE-2026-53492 in rootio-github.com/containerd/containerd/v2 - Patched by Root

Root has patched CVE-2026-53492 in the rootio-github.com/containerd/containerd/v2 package for Root:Go. Multiple fixed versions available...

9.6CVSS5.8AI score0.00412EPSS
Exploits0
OSV
OSV
added 2026/07/02 12:18 p.m.5 views

ROOT-APP-GOBINARY-CVE-2026-53489 CVE-2026-53489 in rootio-github.com/containerd/containerd/v2 - Patched by Root

Root has patched CVE-2026-53489 in the rootio-github.com/containerd/containerd/v2 package for Root:Go. Multiple fixed versions available...

8.2CVSS5.8AI score0.00208EPSS
Exploits0
NVD
NVD
added 2026/07/02 12:17 p.m.4 views

CVE-2026-57357

Unauthenticated Cross Site Scripting XSS in Search Atlas SEO = 2.6.6 versions...

7.1CVSS0.00191EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 12:16 p.m.8 views

CVE-2025-69094

Subscriber SQL Injection in Unicamp = 2.2.2 versions...

8.5CVSS0.00278EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2026/07/02 12:3 p.m.11 views

USN-8398-4: nginx vulnerability

USN-8398-3 fixed a vulnerability in nginx. This update provides the corresponding fix for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that nginx incorrectly handled certain cookie headers in the HTTP/2 implementation. A...

7.5CVSS5.8AI score0.11471EPSS
Exploits8
NVD
NVD
added 2026/07/02 11:16 a.m.11 views

CVE-2026-54431

In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...

5.1CVSS0.00128EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 11:15 a.m.17 views

CVE-2026-57753

The CVE-2026-57753 entry concerns the WordPress Kit (formerly ConvertKit) for WooCommerce plugin, affected versions 2.1.5 and earlier. Description indicates an unauthenticated sensitive data exposure vulnerability in these versions. The provided documents do not specify the exact root cause, vuln...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 11:15 a.m.8 views

EUVD-2026-41296

Contributor SQL Injection in Custom Field Template = 2.7.8 versions...

8.5CVSS5.8AI score0.0022EPSS
Exploits0References1
Rows per page
Query Builder