Lucene search
K

537 matches found

Debian CVE
Debian CVE
added 2026/01/08 2:49 p.m.4 views

CVE-2026-22034

Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deployments of Snuffleupagus prior to version 0.13.0 with the non-default upload validation feature enabled and configured to use one of the upstream...

9.8CVSS5.5AI score0.00657EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/01/06 4:36 p.m.5 views

CVE-2025-69331 WordPress Theater for WordPress plugin <= 0.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through = 0.19...

6.6AI score0.00152EPSS
Exploits0References1
CVE
CVE
added 2026/01/01 5:54 p.m.30 views

CVE-2026-21428

CVE-2026-21428 affects cpp-httplib (C++11 single-file header-only library). The vulnerability is in write_headers: it does not validate CR/LF in user-supplied header values, enabling injection of extra headers, potential tampering with the request body, and SSRF when paired with servers supportin...

8.7CVSS6.4AI score0.00372EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/31 9:55 p.m.24 views

CVE-2025-69288 Titra has Remote Code Execution in Admin Functionality

Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version...

9.1CVSS0.00731EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/30 12:30 p.m.3 views

EUVD-2025-205723

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through = 6.0.7...

6.3AI score0.00101EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/29 5:54 a.m.4 views

CVE-2025-68952

Eigent is a multi-agent Workforce. In version 0.0.60, a 1-click Remote Code Execution RCE vulnerability has been identified in Eigent. This vulnerability allows an attacker to execute arbitrary code on the victim's machine or server through a specific interaction 1-click. This issue has been...

9.3CVSS8.1AI score0.00488EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/19 3:31 p.m.7 views

EUVD-2025-204541

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...

7.5CVSS6.5AI score0.0046EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.8 views

PT-2025-51194

In the Eclipse OMR compiler component, since release 0.7.0, an optimization enabled for Eclipse OpenJ9 consumers of OMR on Z processors incorrectly handles NUL 0x00 characters during the Latin-compatible charset UTF-8, ISO8859-1, ASCII, etc to IBM-1047/037 translation sequence. This can cause the...

6.9CVSS6.8AI score0.00256EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.2 views

WordPress plugin WPNakama SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...

7.5CVSS7.5AI score0.00336EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.5 views

PT-2025-50806

The Simple post listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class name' parameter in the postlist shortcode in all versions up to, and including, 0.2. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes ...

6.4CVSS5AI score0.00152EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.4 views

Markdownify MCP Server 安全漏洞

Markdownify MCP Server is a Model Context Protocol server for converting almost any content to Markdown by Zach Caceres, an individual developer in the United States. A security vulnerability exists in Markdownify MCP Server version 0.0.2 and earlier, which stems from a server-side request forger...

7.5CVSS6.6AI score0.00442EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/12/07 6:5 a.m.13 views

CVE-2025-13857

The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclapbutton shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5AI score0.00202EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/07 12:0 a.m.3 views

TykoTech Fork 操作系统命令注入漏洞

TykoTech Fork is an AI integration tool for LionTech individual developers. An OS command injection vulnerability exists in TykoTech Fork version 0.1, which stems from misuse of the parameter authorizationUrl in the file /.well-known/oauth-authorization-server, which could lead to os command...

6.5CVSS6.9AI score0.01155EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2025/12/06 12:0 a.m.5 views

xrdp -- remote code execution

Denis Skvortsov, Security Researcher at Kaspersky reports: xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerabili...

9.8CVSS6.6AI score0.01318EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/05 6:7 a.m.2 views

CVE-2025-12355 Payaza <= 0.3.8 - Missing Authorization to Unauthenticated Order Status Update

The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxnoprivupdateorderstatus' AJAX endpoint in all versions up to, and including, 0.3.8. This makes it possible for unauthenticated attackers to update order statuses...

5.3CVSS5AI score0.00189EPSS
Exploits0References2
NVD
NVD
added 2025/12/04 10:15 p.m.5 views

CVE-2025-65900

Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all...

6.5CVSS0.00261EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.4 views

PT-2025-49045

Name of the Vulnerable Software and Affected Versions ComposioHQ version 0.7.20 Description A directory traversal issue exists in ComposioHQ version 0.7.20. This allows a remote attacker to potentially access sensitive information through the download file or dir function. The issue involves...

7.5CVSS6.3AI score0.00808EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.3 views

Central Dogma 安全漏洞

Central Dogma is an open source service configuration version control repository based on Git, ZooKeeper and HTTP/2. A security vulnerability exists in Central Dogma versions prior to 0.78.0, which stems from an open redirect and could lead to phishing attacks and credential theft...

6.1CVSS6.3AI score0.00141EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/12/03 5:0 p.m.8 views

Step CA Has Authorization Bypass in ACME and SCEP Provisioners

Summary A security fix is now available for Step CA that resolves a vulnerability affecting deployments configured with ACME and/or SCEP provisioners. All operators running these provisioners should upgrade to the latest release v0.29.0 immediately. The issue was discovered and disclosed by a...

10CVSS6.6AI score0.0326EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.9 views

Fedora 41 : rnp (2025-bc8b81c28d)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-bc8b81c28d advisory. Version 0.18.1 Security Fixed critical issue where PKESK public-key encrypted session keys were generated as all-zero, allowing trivial decryption of message...

5.5AI score
Exploits0References2
Rows per page
Query Builder