Lucene search
K

526 matches found

OSV
OSV
added 6 days ago3 views

CVE-2026-15084 UI Patterns (SDC in Drupal UI) - Moderately critical - Cross site scripting - SA-CONTRIB-2026-075

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Patterns SDC in Drupal UI allows Stored XSS. This issue affects UI Patterns SDC in Drupal UI versions: from 2.0.0 to 2.0.17...

5.4CVSS6.1AI score0.00274EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.9 views

PT-2026-56559

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.12 Description MQTT retained message delivery and QoS1+ durable replay may deliver messages to subscribers even if the original topics match a configured subscribe deny...

4.3CVSS6.1AI score0.00342EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-55942

Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.6.0 through 2.6.20 OpenVPN versions 2.7 alpha1 through 2.7.4 Description A remote attacker can cause a denial of service when the external-auth feature is enabled. This occurs by sending a malformed authentication token that...

5.9CVSS6.1AI score0.00487EPSS
Exploits0References16
EUVD
EUVD
added 2026/06/30 11:46 a.m.7 views

EUVD-2026-40298

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Stored XSS. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.4.0. NOTE: The vendor was contacted and it...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:38 a.m.39 views

CVE-2026-41053

CVE-2026-41053 affects Rancher’s GitHub authentication provider, specifically the team membership expansion, where an incorrect authentication caching flaw could grant principal access to any logged-in user. Affected versions are 2.13 prior to 2.13.6 and 2.14 prior to 2.14.2. Root cause: faulty c...

8.8CVSS5.8AI score0.0037EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-54834

Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone = 2.3.2 versions...

7.5CVSS0.00294EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 1:16 p.m.8 views

WordPress WP Job Portal plugin <= 2.5.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin WP Job Portal versions = 2.5.2...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/25 6:52 p.m.9 views

EUVD-2026-38387

MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies...

9.1CVSS5.8AI score0.00236EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:12 p.m.8 views

EUVD-2026-39363

Subscriber Sensitive Data Exposure in Visual Link Preview = 2.3.1 versions...

7.4CVSS5.8AI score0.00264EPSS
Exploits0References1
Metasploit
Metasploit
added 2026/06/23 7:6 p.m.199 views

Audiobookshelf Unauthenticated API Authentication Bypass Scanner

This module detects Audiobookshelf servers affected by CVE-2025-25205, an unauthenticated authentication bypass. Affected versions 2.17.0 through 2.19.0 decide whether a GET request may skip authentication by testing an unanchored regular expression against the request's full original URL,...

8.2CVSS5.9AI score0.03999EPSS
Exploits2
NVD
NVD
added 2026/06/19 2:16 p.m.15 views

CVE-2026-39999

Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache APISIX: from v2.2 through v3.16.0. Users are recommended to upgrade to version v3.17.0, which...

9.1CVSS0.00386EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 1:32 p.m.34 views

CVE-2026-48140 Unchecked enum cast vulnerability in NI grpc-device in BeginSidebandStream

There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message...

7.1CVSS0.00254EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 1:11 p.m.3 views

CVE-2026-44087 Apache APISIX: Openid-connect plugin Identity Header Spoofing

Insufficient Verification of Data Authenticity vulnerability in Apache APISIX. The openid-connect plugin under default configuration has an attack surface that allows the attacker to spoof identity headers allowing the attacker to get unauthorized access the protected resources. This issue affect...

5.3CVSS5.9AI score0.00213EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 2:17 p.m.22 views

CVE-2025-60229

Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0...

9.8CVSS0.00426EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-52696

Unauthenticated Sensitive Data Exposure in JetBlog = 2.4.8 versions...

7.5CVSS0.00238EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.9 views

CVE-2025-68851

Unauthenticated Cross Site Scripting XSS in Okay Toolkit = 2.3 versions...

7.1CVSS0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 10:43 a.m.31 views

CVE-2022-47150 WordPress WooCommerce Conversion Tracking plugin <= 2.0.10 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site request forgery CSRF vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10...

4.3CVSS0.00113EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 2:57 p.m.2 views

CVE-2026-25700 Apache Answer: AdminToken not invalidated after admin deactivation

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

7.2CVSS5.9AI score0.00448EPSS
Exploits0References4
OSV
OSV
added 2026/06/08 4:16 p.m.4 views

ALPINE-CVE-2026-34356

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.5CVSS5.9AI score0.00682EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-42475

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...

6.5CVSS5.6AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder