Lucene search
K

2851566 matches found

EUVD
EUVD
added 9 hours ago5 views

EUVD-2026-42551

Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc. OSOS allows Authentication Bypass. This issue affects OSOS: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

6.5CVSS5.9AI score
Exploits0References1
Circl
Circl
added 9 hours ago6 views

CVE-2026-47828

creationtimestamp| type| source ---|---|--- 2026-07-09 08:36:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq7a4pl3ul2k...

8.9CVSS7AI score
Exploits0References1
Circl
Circl
added 9 hours ago4 views

CVE-2026-47830

creationtimestamp| type| source ---|---|--- 2026-07-09 08:31:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq77tqjgfr27...

8.8CVSS7.2AI score
Exploits0References1
Circl
Circl
added 9 hours ago5 views

CVE-2026-47829

creationtimestamp| type| source ---|---|--- 2026-07-09 08:26:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq77krzyza2e...

8.3CVSS7.2AI score
Exploits0References1
EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-42548

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Inrove Software and Internet Services BiEticaret allows SQL Injection. This issue affects BiEticaret: before v3.3.57...

9.8CVSS6AI score
Exploits0References1
EUVD
EUVD
added 9 hours ago5 views

EUVD-2026-42547

HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...

6.2CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added 10 hours ago8 views

CVE-2026-5793 XSS in Inrove Software's BiEticaret

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Inrove Software and Internet Services BiEticaret allows Reflected XSS. This issue affects BiEticaret: before v3.3.57...

6.1CVSS
Exploits0References1
CVE
CVE
added 10 hours ago8 views

CVE-2026-5793

BiEticaret (Inrove Software and Internet Services) contains a reflected XSS due to improper input neutralization during web page generation. Affected: BiEticaret prior to v3.3.57. CVSSv3.1 metrics indicate Network attack vector, Low attack complexity, Privileges None, User Interaction Required, C...

6.1CVSS5.9AI score
Exploits0References1
NVD
NVD
added 10 hours ago5 views

CVE-2026-59269

A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions in the clusters, only if all the following conditions were true: the Pinniped Supervisor server is running with an ActiveDirectoryIdentityProvider resource configured; the...

3.8CVSS
Exploits0References1
NVD
NVD
added 10 hours ago5 views

CVE-2026-8848

The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.22.0. This is due to the plugin not properly verifying that a user is authorized to perform an...

7.2CVSS
Exploits0References12
Circl
Circl
added 10 hours ago3 views

CVE-2026-5523

creationtimestamp| type| source ---|---|--- 2026-07-09 08:07:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq76hzxyyb26 2026-07-09 11:49:32+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mq7kvszdyh27...

8.8CVSS5.9AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 10 hours ago4 views

gstreamer1-plugins-bad-free: GStreamer: Heap buffer overflow via crafted VNC server rectangle in librfb

A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a...

8.8CVSS6.6AI score0.00489EPSS
Exploits0References5
EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-42541

The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up to, and including, 3.4. This is due to a missing capability check and missing nonce validation on the...

4.3CVSS5.9AI score
Exploits0References5
CVE
CVE
added 10 hours ago7 views

CVE-2026-11359

The CVE-2026-11359 entry relates to the Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress. Affected versions up to 3.4 are vulnerable due to missing capability checks and nonce validation in the pg_install_profilegrid() AJAX handler (wp_ajax_...

4.3CVSS5.9AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 10 hours ago2 views

CVE-2026-13450

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.9.4 via the 'access' parameter due to missing validation on a user controlled key. This...

5.3CVSS5.9AI score
Exploits0References15
EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-42538

The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'stag' parameter in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.1AI score
Exploits0References6
Circl
Circl
added 10 hours ago4 views

CVE-2026-47840

creationtimestamp| type| source ---|---|--- 2026-07-09 07:54:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mq75qsv2b42w 2026-07-09 08:41:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq7afnzxnt27...

9.3CVSS5.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 10 hours ago2 views

CVE-2026-33390

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS6AI score
Exploits0References2
CVE
CVE
added 10 hours ago10 views

CVE-2026-33390

Summary: CVE-2026-33390 affects Arc sensors’ synchronization in Guardian/CMC prior to version 26.2.0. The root cause is an incorrect privilege assignment where Arc sensors receive CLI permissions during sync, allowing an authenticated user with limited privileges to issue administrative CLI comma...

8.1CVSS6AI score
Exploits0References1
EUVD
EUVD
added 11 hours ago5 views

EUVD-2026-42529

Permissive Cross-Origin Resource Sharing CORS in the REST API helix-rest, org.apache.helix.rest.server.filters.CORSFilter in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a web page visited by an authorized user to read responses from and issue cross-origin...

7.5CVSS6AI score
Exploits0References1
Rows per page
Query Builder