Lucene search
K

22 matches found

vulnersOsv
vulnersOsv
added 2026/06/08 11:2 p.m.7 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2346 more potentially affected by CVE-2026-47691 via io.netty:netty-resolver-dns (>=4.2.0.Final <=4.2.14.Final)

io.netty:netty-resolver-dns MAVEN version =4.2.0.Final, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-47691 Source advisory: OSV:GHSA-5PVG-856G-CP85...

10CVSS5.7AI score0.00285EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/04 1:26 a.m.8 views

CVE-2026-10737 SP Project & Document Manager <= 4.71 - Missing Authorization to Unauthenticated Arbitrary File Information Disclosure via view_file() Function

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS5.9AI score0.003EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

Vinades NukeViet 跨站脚本漏洞

Vinades NukeViet is an open-source content management system CMS developed by the Vietnamese company Vinades. Versions of Vinades NukeViet 4.5.07 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from insufficient input cleansing on the server side, which could lead...

8.7CVSS5.7AI score0.00349EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/14 3:27 a.m.53 views

CVE-2026-7648 LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.5 - Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment via 'quantity' Parameter

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...

4.3CVSS0.00423EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/30 5:34 a.m.5 views

CVE-2026-6521

OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS5.2AI score0.00143EPSS
Exploits1References4Affected Software1
Atlassian
Atlassian
added 2026/04/14 4:29 a.m.21 views

RCE (Remote Code Execution) at c3p0 dependency in Crucible Server

This High severity RCE Remote Code Execution vulnerability was introduced in version 4.9.0 of Crucible Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.9 and a CVSS Vector of code:java CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H code allows an...

8.9CVSS6.3AI score0.00534EPSS
Exploits0
NVD
NVD
added 2026/03/13 7:55 p.m.3 views

CVE-2026-32448

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through = 4.3.3...

6.5CVSS0.00133EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/24 2:45 a.m.5 views

CVE-2026-27129

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation uses gethostbyname, which only resolves IPv4 addresses. When a hostname has only AAAA IPv6 records, the function returns the...

7.1CVSS5.3AI score0.00427EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2026/02/12 2:16 p.m.7 views

CVE-2026-1320

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4.9.8 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.00257EPSS
Exploits0References2
OSV
OSV
added 2026/01/14 9:15 p.m.3 views

UBUNTU-CVE-2026-0960

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service...

5.5CVSS5.8AI score0.00122EPSS
Exploits1References3
CVE
CVE
added 2025/12/31 1:18 p.m.10 views

CVE-2025-62149

CVE-2025-62149 concerns the WordPress plugin “Add Custom Codes” (affected: versions up to 4.80) with an authenticated Stored XSS vulnerability. The Wordfence entry labels it as an issue exploitable by an authenticated user with the Author role, via input during web page generation. The provided d...

5.9CVSS5.9AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 2:23 p.m.4 views

CVE-2025-67472

Cross-Site Request Forgery CSRF vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through = 4.5.5...

8.8CVSS6.8AI score0.00122EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2025/11/02 9:2 a.m.9 views

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

...

7.5CVSS7AI score0.00582EPSS
Exploits1
Patchstack
Patchstack
added 2025/10/10 11:23 p.m.7 views

WordPress Enable Media Replace plugin <= 4.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via file_modified Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via filemodified Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Enable Media Replace versions = 4.1.6...

6.4CVSS5.6AI score0.00218EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-28501

Malicious code in bioql PyPI...

9.9CVSS6.4AI score0.00307EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/05/07 12:0 a.m.5 views

Drupal Enterprise MFA - TFA for Drupal module < 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability

Drupal Enterprise MFA - TFA for Drupal module 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability discovered by Conrad Lara cmlara in WordPress Module Enterprise MFA - TFA for Drupal versions 4.7.0,5.0.0-5.1.0...

7.5CVSS7AI score0.00353EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.4 views

xml-crypto 安全漏洞

NPM xml-crypto is a digital signature and cryptography library from NPM. A security vulnerability in xml-crypto versions 4.0.0 through 6.0.0, which stems from a default configuration that does not check the authorization of the signer, allows attackers to bypass XML signature verification...

10CVSS8.7AI score0.00833EPSS
Exploits1References8
vulnersOsv
vulnersOsv
added 2023/11/20 11:25 p.m.8 views

@5minds/processcube_docflow (>=1.3.2-develop-01bdfb-m4jp5iuo <=2.1.0-test-fb53a9-mispuplg), @adamjoelfraser/auth-drizzle (=1.0.0) +513 more potentially affected by CVE-2023-48309 via next-auth (>=0.0.0-manual.83c4ebd1 <=4.24.4)

next-auth NPM version =0.0.0-manual.83c4ebd1, =1.3.2-develop-01bdfb-m4jp5iuo, =0.1.20, =3.0.5, =3.0.3, =1.1.18, =1.1.63, =1.1.7, =1.0.77, =1.0.1, =0.1.0, =1.1.77 and more Source cves: CVE-2023-48309 Source advisory: OSV:GHSA-V64W-49XW-QQ89...

5.3CVSS6AI score0.007EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/09/13 4:31 p.m.5 views

@beardeddudes/strapi-types (=0.1.0), @mattie-bundle/mattie-strapi-bundle-example (>=1.0.0-alpha.0 <=1.0.0-alpha.3) +17 more potentially affected by CVE-2023-36472 via @strapi/admin (>=0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a <=4.11.6)

@strapi/admin NPM version =0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a, =1.0.0-alpha.0, =0.0.0-experimental.0a47d9bbb261b49ab02af2597ede27b7bdb196f4, =0.0.0-00c0da0e5db43d5de823f6193c9a3fa0dd11a364, =0.0.0-02d487e4eec68a5961817a4f580ffead9a9362f0,...

5.8CVSS6AI score0.00565EPSS
Exploits1
OSV
OSV
added 2019/11/06 10:15 a.m.2 views

ALPINE-CVE-2019-10218

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this...

6.5CVSS6.6AI score0.03515EPSS
Exploits0References1
Rows per page
Query Builder