Lucene search
K

2731 matches found

CVE
CVE
added 2026/03/11 4:25 a.m.23 views

CVE-2025-13067

The CVE-2025-13067 entry documents a vulnerability in the Royal Addons for Elementor WordPress plugin up to version 1.7.1049. The issue is an arbitrary file upload due to insufficient file-type validation that can be bypassed when files named main.php are uploaded, allowing an attacker with autho...

8.8CVSS6.4AI score0.00468EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.3 views

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.0.1.8)

The version of AHV installed on the remote host is prior to AHV-10.0.1.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.0.1.8 advisory. - In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended,...

9.8CVSS5.9AI score0.4269EPSS
Exploits8References7
EUVD
EUVD
added 2026/03/04 9:31 a.m.8 views

EUVD-2026-9385

SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses containing whitespaces, allowing signature spoofing...

7.8CVSS5.9AI score0.0012EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.4 views

IBM Engineering Requirements Management DOORS Next Improper Access Control (7261900)

The version of IBM Engineering Requirements Management DOORS Next installed on the remote host is 7.1.0 prior to 7.1.0 ifix 08 or 7.2.0 prior to 7.2.0 ifix 01. It is, therefore, affected by a vulnerability as referenced in the 7261900 advisory. - IBM Engineering Requirements Management DOORS Next...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/03 6:0 p.m.20 views

OpenClaw has allowlist exec-guard bypass via env -S

Summary In allowlist mode, system.run guardrails could be bypassed through env -S, causing policy-analysis/runtime-execution mismatch for shell wrapper payloads. Severity Rationale Medium This issue is rated medium because it is a guardrail/policy bypass in OpenClaw's trusted-operator model, not ...

8.8CVSS6.1AI score0.00339EPSS
Exploits0References6Affected Software1
Patchstack
Patchstack
added 2026/03/03 11:26 a.m.8 views

WordPress Nutrie theme < 2.0.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Nutrie versions 2.0.1...

9.9CVSS5.9AI score0.00434EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/03 12:0 a.m.7 views

GitLab 14.4 < 18.7.5 / 18.8 < 18.8.5 / 18.9 < 18.9.1 (CVE-2026-1662)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause Denia...

7.5CVSS6AI score0.00357EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.13 views

Enclave 代码注入漏洞

Enclave is a sandbox software open source by AgentFront. Versions of Enclave prior to 2.11.1 had a code injection vulnerability. This vulnerability stemmed from the possibility of escaping the security boundaries set by @enclave-vm/core, which could lead to remote code execution...

10CVSS6.1AI score0.00878EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.6 views

CVE-2026-2473

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...

7.7CVSS5.9AI score0.00438EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/19 8:27 a.m.3 views

CVE-2026-27092

Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through = 2.2.11...

5.4AI score0.00264EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.7 views

Splunk Enterprise 日志信息泄露漏洞

Splunk Enterprise is a data collection and analysis software developed by the American company Splunk. Versions of Splunk Enterprise prior to 10.2.0, 10.0.2 prior to version 10.0.2, 9.4.7 prior to version 9.4.7, 9.3.9 prior to version 9.3.9, and 9.2.11 prior to version 9.2.11 have a vulnerability...

6.8CVSS5.8AI score0.0031EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.6 views

Splunk Enterprise 9.3.0 < 9.3.9, 9.4.0 < 9.4.8, 10.0.0 < 10.0.3 (SVD-2026-0206)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0206 advisory. - In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the admin Splun...

6.5CVSS5.8AI score0.00187EPSS
Exploits0References2
CVE
CVE
added 2026/02/06 5:43 p.m.25 views

CVE-2026-23632

CVE-2026-23632 (Gogs) : A bug in Gogs prior to 0.13.4 allows a token with read permission to modify repository contents via the PUT /repos/:owner/:repo/contents/* endpoint. After repoAssignment() passes, PutContents() calls UpdateRepoFile(), leading to commit creation and git push, enabling unaut...

6.5CVSS5.6AI score0.00282EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/04 9:15 p.m.7 views

CVE-2026-0947

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AT Internet Piano Analytics allows Cross-Site Scripting XSS.This issue affects AT Internet Piano Analytics: from 0.0.0 before 1.0.1, from 2.0.0 before 2.3.1...

4.8CVSS0.00142EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/04 8:3 p.m.8 views

EUVD-2026-5347

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code...

9.8CVSS5.9AI score0.00741EPSS
Exploits2References3
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.10 views

MediaWiki 安全漏洞

MediaWiki is a free and open-source web-based wiki engine developed by the Wikimedia Foundation in the United States. This product can be used to deploy internal knowledge management and content management systems. There are security vulnerabilities in versions of MediaWiki prior to 1.39.14,...

6.3CVSS5.8AI score0.00272EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.12 views

TP-Link Archer BE230 安全漏洞

The TP-Link Archer BE230 is a wireless router produced by TP-Link Corporation. The TP-Link Archer BE230 v1.2 1.2.4 Build 20251218 rel.70420 versions had security vulnerabilities. These vulnerabilities stemmed from OS command injection in the VPN module, which could allow for the execution of...

8.5CVSS6.2AI score0.01423EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/29 10:6 p.m.2 views

CVE-2026-25126 PolarLearn's unvalidated vote direction allows vote count manipulation

PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route POST /api/v1/forum/vote trusts the JSON body’s direction value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings e.g., "x" ...

7.1CVSS5.7AI score0.00339EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.10 views

PT-2026-5168

Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The application does not adequately restrict uploaded file types, allowing malicious files to be uploaded and executed by the server. This condition enables...

9.1CVSS6.5AI score0.00549EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/22 4:52 p.m.19 views

CVE-2025-69047 WordPress MaxShop theme <= 3.6.20 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech MaxShop swmaxshop allows PHP Local File Inclusion.This issue affects MaxShop: from n/a through = 3.6.20...

8.1CVSS0.00403EPSS
Exploits0References1
Rows per page
Query Builder