Lucene search
K

418 matches found

Cvelist
Cvelist
added yesterday25 views

CVE-2025-69156 WordPress Kids Zone - Children WordPress Theme theme <= 5.4 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Kids Zone - Children WordPress Theme = 5.4 versions...

7.1CVSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-41271

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1
CVE
CVE
added 3 days ago7 views

CVE-2025-36333

CVE-2025-36333 affects IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0. The authenticated user can perform unauthorized actions due to improper enforcement of the behavioral workflow. Root cause details are not specified in the provided documents. The entry lists a MEDIUM im...

4.3CVSS5.8AI score0.00277EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 2:1 p.m.7 views

EUVD-2026-38791

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText Access Manager allows Cross-Site Scripting XSS. This issue affects Access Manager: from 5.1 through 5.1.2...

8.2CVSS5.8AI score0.0013EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51820

Name of the Vulnerable Software and Affected Versions OpenText Access Manager versions 5.1 through 5.1.2 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS, a condition where malicious scripts are injected into trusted websites. Recommendations...

8.2CVSS5.8AI score0.0013EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/23 12:32 p.m.35 views

CVE-2026-4610 ProfileGrid <= 5.9.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Message Content

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pmauthormessage' parameter in the pmsendmessagetoauthor function in all versions up to, and including, 5.9.9.2 due to insufficient input sanitization and output...

6.4CVSS0.00201EPSS
Exploits0References6
NVD
NVD
added 2026/06/22 10:16 p.m.6 views

CVE-2026-48166

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered email addresses. The impact is limited to disclosing whether ...

5.3CVSS0.0021EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A use-after-free vulnerability was discovered in iscsiswtcpsessioncreate in drivers/scsi/iscsitcp.c within the SCSI sub-component of the Linux kernel. This flaw allows an attacker to access internal kernel information...

5.5CVSS6.7AI score0.00249EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Qemu

A use-after-free flaw was discovered in the MegaRAID emulator of QEMU. This issue occurs during the processing of SCSI I/O requests when the mptsasfreerequest function fails to dequeue the request object ‘req’ from the pending requests queue. This flaw allows a privileged guest user to crash the...

3.2CVSS6.4AI score0.0045EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Mariadb 10.3

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. The supported versions affected are 5.7.33 and earlier, as well as 8.0.23 and earlier. This easily exploitable vulnerability allows a highly privileged attacker with network access via multiple protocols to compromi...

4.9CVSS6.7AI score0.04643EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/irdma: The Cap MSIX used to online CPUs + 1 The irdma driver can use a maximum number of msix vectors equal to numonlinecpus + 1. If this number is exceeded, the kernel will issue a warning. The kernel issues a warning wh...

5.9AI score0.00156EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: scsitransportsas: Fixed error handling in sasPhyadd. If transportadddevice fails in sasPhyadd, the kernel may crash when trying to delete the device using transportRemoveDevice, which is called from sasRemoveHost. The kerne...

5.5CVSS5.7AI score0.00183EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.9 views

CVE-2026-45441

Unauthenticated Other Vulnerability Type in WpEvently = 5.3.3 versions...

7.5CVSS0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49356

Unauthenticated Broken Access Control in User Registration = 5.1.2 versions...

7.5CVSS5.2AI score0.00372EPSS
Exploits0References2
Fedora
Fedora
added 2026/06/13 1:13 a.m.11 views

[SECURITY] Fedora 44 Update: vmod-uuid-1.10-31.fc44

UUID Varnish vmod used to generate a uuid, including versions 1, 3, 4 and 5 as specified in RFC 4122. See the RFC for details about the various versions...

5.4AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/09 3:51 a.m.9 views

CVE-2026-41850 Spring Framework Algorithmic Denial of Service via SpEL Expressions

Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or...

7.5CVSS5.5AI score0.0036EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.8 views

CVE-2026-39349

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

2.7CVSS5.5AI score0.00112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-49044

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Advanced Custom Fields: Font Awesome Field: from n/a through 5.0.2...

6.5CVSS5.4AI score0.00182EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/06/03 4:23 p.m.6 views

11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.1.5.0) +419 more potentially affected by CVE-2026-8404 via django (>=5.0.0 <=5.2.14)

django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =0.42.1, =1.0.0, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.51 and more Source cves: CVE-2026-8404 Source advisory: SNYK:PYTHON-DJANGO-17151726...

5.3CVSS5.7AI score0.00285EPSS
Exploits0
PyPA
PyPA
added 2026/06/03 2:16 p.m.16 views

PYSEC-2026-201

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

5.3CVSS5.4AI score0.00285EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder