Lucene search
K

7943 matches found

CVE
CVE
added 2026/07/02 7:43 p.m.13 views

CVE-2026-59100

CVE-2026-59100 affects LobeChat up to version 2.2.9. It describes a broken object level authorization allowing authenticated attackers to access and modify other users’ chat-group agent data by supplying arbitrary group identifiers. Attackers can call getGroupAgents, updateAgentInGroup, and remov...

5CVSS5.9AI score0.0018EPSS
Exploits0References4
OSV
OSV
added 2026/07/02 7:9 p.m.3 views

GHSA-3VCG-PV95-PQ54 SFTPGo has stored XSS via inline parameter on public shares and user file download

Summary The inline query parameter on the browsable-share file download and on the authenticated user file download suppressed Content-Disposition: attachment, so an HTML file stored in a share or home directory could be served as text/html and execute in SFTPGo's web origin stored XSS. Impact Lo...

3.7CVSS5.8AI score0.00028EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 7:9 p.m.4 views

GHSA-H64P-8H4R-6GFH SFTPGo has path confinement bypass in public browsable share partial ZIP download

Summary The public web-client endpoint for partial ZIP downloads of a browsable share did not correctly confine the client-supplied files entries to the shared directory. A requester able to reach a public share could read files located outside the shared directory, as long as the target's...

5.9CVSS5.8AI score0.00057EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/02 1:46 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the Authorizer function. An attacker can determine valid usernames by measuring the response time difference between valid and invalid usernames during authentication attempts. Remediation There is no fixed...

6.9CVSS6AI score0.00516EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 12:18 p.m.3 views

ROOT-APP-GOBINARY-CVE-2026-53489 CVE-2026-53489 in rootio-github.com/containerd/containerd/v2 - Patched by Root

Root has patched CVE-2026-53489 in the rootio-github.com/containerd/containerd/v2 package for Root:Go. Multiple fixed versions available...

8.2CVSS5.8AI score0.00208EPSS
Exploits0
OSV
OSV
added 2026/07/02 12:18 p.m.4 views

ROOT-APP-GOBINARY-CVE-2026-53492 CVE-2026-53492 in rootio-github.com/containerd/containerd/v2 - Patched by Root

Root has patched CVE-2026-53492 in the rootio-github.com/containerd/containerd/v2 package for Root:Go. Multiple fixed versions available...

9.6CVSS5.8AI score0.00412EPSS
Exploits0
NVD
NVD
added 2026/07/02 12:17 p.m.4 views

CVE-2026-57357

Unauthenticated Cross Site Scripting XSS in Search Atlas SEO = 2.6.6 versions...

7.1CVSS0.00191EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 12:16 p.m.7 views

CVE-2025-69094

Subscriber SQL Injection in Unicamp = 2.2.2 versions...

8.5CVSS0.00278EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 11:16 a.m.11 views

CVE-2026-54431

In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...

5.1CVSS0.00128EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 11:15 a.m.15 views

CVE-2026-57753

The CVE-2026-57753 entry concerns the WordPress Kit (formerly ConvertKit) for WooCommerce plugin, affected versions 2.1.5 and earlier. Description indicates an unauthenticated sensitive data exposure vulnerability in these versions. The provided documents do not specify the exact root cause, vuln...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 11:15 a.m.8 views

EUVD-2026-41296

Contributor SQL Injection in Custom Field Template = 2.7.8 versions...

8.5CVSS5.8AI score0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.33 views

CVE-2026-57352 WordPress ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce plugin <= 2.2.0 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce = 2.2.0 versions...

4.8CVSS0.0021EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.10 views

CVE-2026-57351

Unauthenticated Cross Site Scripting XSS in HandL UTM Grabber = 2.9.2 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 11:14 a.m.13 views

CVE-2025-69152

CVE-2025-69152 affects the Artale | Wedding Photography WordPress theme (versions

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 10:30 a.m.7 views

CVE-2026-54431

In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...

5.1CVSS5.8AI score0.00128EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 10:30 a.m.10 views

EUVD-2026-41277

In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...

5.1CVSS5.8AI score0.00128EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 9:47 a.m.2 views

OPENSUSE-SU-2026:21210-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251453. -...

10CVSS7AI score0.91969EPSS
Exploits3References31
Fedora
Fedora
added 2026/07/02 1:12 a.m.10 views

[SECURITY] Fedora 43 Update: caddy-2.10.2-9.fc43

Caddy is an extensible server platform that uses TLS by default...

10CVSS6.8AI score0.0326EPSS
Exploits9
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.14 views

PT-2026-54961

Name of the Vulnerable Software and Affected Versions Unicamp versions prior to 2.2.3 Description A SQL Injection issue exists where users with subscriber-level access can extract sensitive data. This occurs due to improper handling of input in the subscriber module, allowing an attacker to execu...

8.5CVSS6.3AI score0.00278EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 10:16 p.m.4 views

CVE-2026-54704

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...

6.5CVSS0.00224EPSS
Exploits0References1
Rows per page
Query Builder