Lucene search
K

160795 matches found

ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-40005

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...

9.1CVSS6.2AI score0.00349EPSS
Exploits0References2Affected Software1
CVE
CVE
added 3 days ago9 views

CVE-2026-28564

The CVE-2026-28564 issue affects Apache IoTDB prior to 2.0.10. It is described as an authentication bypass caused by insufficient session expiration, enabling capture–replay against REST Basic Authentication. Affected versions are 1.0.0 up to, but not including, 2.0.10. The practical impact is hi...

9.8CVSS6.1AI score0.00367EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-13347

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS6.1AI score0.00512EPSS
Exploits0References4
Patchstack
Patchstack
added 3 days ago7 views

WordPress Hide My WP Lite plugin <= 1.3 - Unauthenticated Path Traversal to Arbitrary File Read vulnerability

Unauthenticated Path Traversal to Arbitrary File Read vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Hide My WP Lite versions = 1.3...

7.5CVSS5.9AI score0.00512EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 3 days ago7 views

WordPress LoginPress Pro plugin <= 6.2.3 - Unauthenticated Authentication Bypass vulnerability

Unauthenticated Authentication Bypass vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin LoginPress Pro versions = 6.2.3...

8.1CVSS5.9AI score0.00422EPSS
Exploits0References1Affected Software1
NVD
NVD
added 3 days ago8 views

CVE-2026-15292

The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'background' parameter in the 'sudoku-sc' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00243EPSS
Exploits0References5
CVE
CVE
added 3 days ago10 views

CVE-2026-15299

CVE-2026-15299 : The Animation Addons for Elementor WordPress plugin is vulnerable to Stored Cross-Site Scripting in all versions up to 2.6.3 via the Weather widget’s weather_style and move_direction parameters. The root cause is insufficient output escaping in Weather widget render() (widgets/we...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42796

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

6.5CVSS6AI score0.00276EPSS
Exploits0References2
NVD
NVD
added 3 days ago8 views

CVE-2026-14894

The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submitform function. This is due to missing file type validation and the absence of any capability check on the submitform nopriv AJAX...

9.8CVSS0.00523EPSS
Exploits1References2
Nuclei
Nuclei
added 3 days ago27 views

DotNetNuke 9.2 - 9.2.2 - Weak Encryption & Cookie Deserialization

DNN DotNetNuke versions 9.2 through 9.2.2 use a weak encryption algorithm to protect input parameters because of an incomplete fix for CVE-2018-15811. This cryptographic weakness enables attackers to craft malicious DNNPersonalization cookies that can be deserialized, leading to remote code...

7.5CVSS7.3AI score0.74048EPSS
Exploits5References5
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42780

A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function onpost of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument newvalues'data' results in cross site scripting. The attack can be launched remotely. The exploit has been...

4.8CVSS4.3AI score0.0022EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42721

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters. On MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers...

5.3CVSS6AI score0.00238EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago11 views

EUVD-2026-34014

Tesla: Authorization header leaks on cross-origin redirect via case-sensitive filtering...

8.2CVSS5.9AI score0.00396EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-57196

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.6.78 Description A code injection issue exists in the deploy/api.py file. The agents file parameter is directly interpolated into an f-string without proper sanitization. This interpolated string is used to genera...

9.4CVSS6.3AI score0.00392EPSS
Exploits0References8
NVD
NVD
added 4 days ago8 views

CVE-2026-57023

An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service DoS. When TCP proxy is engaged in a flow session,...

8.7CVSS0.00461EPSS
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-33803

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, a process whi...

6.9CVSS0.00354EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-58143

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes...

8.8CVSS6.1AI score0.00175EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-44787 Discourse: Signup-time primary_group_id assignment grants whisperer access

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primarygroupid and gain whisper-group privileges without legitimate group membership on sites with whispersallowedgroups configured. This...

8.2CVSS0.00309EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-49256

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, restricted tag and tag-group names attached to publicly readable categories as allowedtags, allowedtaggroups, or required tag groups could leak to anonymous and unauthorized users through categor...

6.3CVSS5.9AI score0.00384EPSS
Exploits0References6Affected Software1
CVE
CVE
added 4 days ago6 views

CVE-2026-46413

Discourse (open-source discussion platform) contains a vulnerability tracked as CVE-2026-46413 where, prior to versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This could allow una...

6.5CVSS5.9AI score0.00366EPSS
Exploits0References9
Rows per page
Query Builder