Lucene search
+L

5819 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/29 7:46 a.m.7 views

CVE-2026-10039

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, 3.28.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

4.9CVSS6AI score0.00288EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/29 12:38 a.m.12 views

EUVD-2026-33098

Use after free in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00255EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/28 10:25 p.m.8 views

CVE-2026-9909

Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score0.00255EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 8:16 p.m.10 views

DEBIAN-CVE-2026-49128

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

8.7CVSS5.9AI score0.00501EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 5:12 p.m.13 views

CVE-2026-45348

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to...

8.7CVSS5.8AI score0.00199EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/05/28 12:0 a.m.1 views

CVE-2026-42998

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...

6CVSS6AI score0.00303EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.10 views

PT-2026-44593

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.216 Description A use after free issue in the Browser component allows a remote attacker to execute arbitrary code when a user opens a specially crafted HTML page. Use after free is a memory...

9.6CVSS6.2AI score0.00368EPSS
Exploits0References155
NVD
NVD
added 2026/05/27 6:16 p.m.23 views

CVE-2026-45718

Budibase is an open-source low-code platform. Prior to 3.38.1, the row action trigger endpoint POST /api/tables/:sourceId/actions/:actionId/trigger fails to validate that the user-supplied rowId is within the scope of the view's row filters. A user with access to a filtered view can trigger row...

5.4CVSS0.00146EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.35 views

CVE-2026-8897 Shortcode Buddy <= 0.1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Shortcode Buddy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 0.1.9.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces...

6.4CVSS0.00235EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 1:26 a.m.11 views

CVE-2026-7493 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.11.5 - Unauthenticated Denial of Service

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 1.6.11.5. This is due to a publicly accessible REST API endpoint /wp-json/ssa/v1/async that calls PHP's sleep function on a...

5.3CVSS5.7AI score0.0035EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 10:15 p.m.17 views

EUVD-2026-32020

A vulnerability was detected in JeecgBoot up to 3.9.1. This vulnerability affects unknown code of the component AiragModelController. The manipulation of the argument list/queryById results in improper access controls. The attack can be executed remotely. The exploit is now public and may be used...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2026/05/25 11:19 p.m.8 views

com.github.fangjinuo.agileway:agileway-shiro-redis (>=2.3.3 <=3.1.12), com.github.fangjinuo.agileway:agileway-shiro-redis-springdata2 (>=2.4.2 <=3.1.12) +35 more potentially affected by CVE-2026-43828 via org.apache.shiro:shiro-core (=3.0.0-alpha-1)

org.apache.shiro:shiro-core MAVEN version =3.0.0-alpha-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.shiro:shiro-core and may be impacted: - com.github.fangjinuo.agileway:agileway-shiro-redis =2.3.3, =2.4.2, =0.0.3, =0.0.3, =0.0.3, =0.0....

6.5CVSS5.7AI score0.00272EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/22 12:0 a.m.21 views

CVE-2026-37470

An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components...

6.2AI score0.00324EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 12:3 p.m.11 views

Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the cryptography package

Summary Storage Virtualize Ansible Collection uses the cryptography package to provide common cryptographic algorithms. Version cryptography-46.0.5 package is vulnerable to CVE-2026-39892. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

9.8CVSS5.8AI score0.00652EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.21 views

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the fact that the POST parameters tickid and ftickid were directly concatenated into the...

7.1CVSS5.9AI score0.00218EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.23 views

PT-2026-42662

Name of the Vulnerable Software and Affected Versions LMDeploy versions 0.12.3 and earlier Description LMDeploy is a toolkit for compressing, deploying, and serving large language models. The software hardcodes trust remote code=True in multiple HuggingFace model-loading call sites, specifically...

7.8CVSS6.2AI score0.00142EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/05/20 7:5 p.m.37 views

CVE-2026-39310 Trilium Notes: Authentication Bypass in Clipper API for Electron (Desktop) Builds

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop v0.101.3 allows full authentication bypass when running in an Electron environment. When Trilium detects an...

8.6CVSS0.00391EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 6:16 p.m.19 views

CVE-2026-30691

Cross-Site Scripting XSS vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode...

6.1CVSS0.00298EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in ntfs-3g

In NTFS-3G, from version 2021.8.22, ntfsck has a heap-based buffer overflow issue, involving a value of buffer+5123-2. NOTE: The upstream documentation states that ntfsck is deprecated; however, it is still being distributed with some Linux distributions...

7.8CVSS7.3AI score0.00504EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.10 views

Mantis Bug Tracker(MantisBT) 访问控制错误漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.1 contained an access control vulnerability. This vulnerability stemmed from allowing authenticated users to upload attachments to private issues that they did n...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References1
Rows per page
Query Builder