Lucene search
K

594 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/04 8:48 p.m.6 views

CVE-2026-25517

Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...

5.1CVSS5.3AI score0.00343EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/02/04 8:25 a.m.6 views

EUVD-2026-5511

The All push notification for WP plugin for WordPress is vulnerable to time-based SQL Injection via the 'deleteid' parameter in all versions up to, and including, 1.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

4.9CVSS5.8AI score0.00339EPSS
Exploits0References3
OSV
OSV
added 2026/02/03 6:35 p.m.22 views

GHSA-4QVV-G3VR-M348 Wagtail has improper permission handling on admin preview endpoints

Impact Due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a preview rendering of any page, snippet or site setting object for which previews are enabled, consisting of any data...

5.1CVSS5.5AI score0.00343EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/01/29 9:24 a.m.13 views

CVE-2026-1083

The Appointment Hour Booking – Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form field configuration parameters in all versions up to, and including, 1.5.60 due to insufficient input sanitization and output escaping on the 'Min length/characters' and 'Max...

4.4CVSS5.9AI score0.00262EPSS
Exploits0References1
OSV
OSV
added 2026/01/22 8:16 p.m.3 views

CVE-2026-22281

Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains a Time-of-check Time-of-use TOCTOU race condition vulnerability. A low privileged attacker with adjacent...

4.8CVSS5.8AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/01/21 6:16 p.m.10 views

CVE-2021-47746

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by...

8.6CVSS0.00664EPSS
Exploits0References4
CVE
CVE
added 2026/01/21 4:26 p.m.21 views

CVE-2026-20055

Cisco CVE-2026-20055 affects the web-based management interfaces of Packaged CCE and Unified CCE. The issue is cross-site scripting (XSS) due to insufficient input validation in the interface pages. An authenticated attacker with administrative credentials could inject script code and potentially...

4.8CVSS5.8AI score0.00173EPSS
Exploits0References1
Amazon
Amazon
added 2026/01/21 12:0 a.m.7 views

Low: libxml2

Issue Overview: A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has be...

4.8CVSS4.7AI score0.00202EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/19 12:27 p.m.13 views

CVE-2025-15535

A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function ClayMeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be used...

4.8CVSS5.1AI score0.0012EPSS
Exploits0References1
NVD
NVD
added 2026/01/17 7:16 a.m.6 views

CVE-2026-0691

The CM E-Mail Blacklist – Simple email filtering for safer registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blackemail' parameter in all versions up to, and including, 1.6.2. This is due to insufficient input sanitization and output escaping. This makes it...

4.4CVSS0.0026EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-52862)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

5.1CVSS5.5AI score0.00356EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Qnap QTS and QuTS hero Out-of-bounds Write (CVE-2024-53697)

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed the vulnerability in the following versions...

7.2CVSS5.4AI score0.00465EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/15 7:23 a.m.9 views

CVE-2026-0812

The LinkedIn SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkedinscdateformat', 'linkedinscapikey', and 'linkedinscsecretkey' parameters in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible...

4.4CVSS5AI score0.00193EPSS
Exploits0References1
NVD
NVD
added 2026/01/14 6:15 a.m.8 views

CVE-2025-15486

The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. This makes it possible fo...

4.4CVSS0.00237EPSS
Exploits0References3
CVE
CVE
added 2026/01/14 5:28 a.m.20 views

CVE-2025-15486

CVE-2025-15486 concerns the WordPress Kunze Law plugin (versions

4.4CVSS4.8AI score0.00237EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/01/13 7:16 p.m.8 views

CVE-2026-22791

openCryptoki is a PKCS11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKMECDHAESKEYWRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key...

6.6CVSS6.1AI score0.00237EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/11 12:0 a.m.7 views

PT-2026-1783

Name of the Vulnerable Software and Affected Versions AcademySoftwareFoundation OpenColorIO versions through 2.5.0 Description An issue exists in AcademySoftwareFoundation OpenColorIO up to version 2.5.0 related to an out-of-bounds read condition. This occurs within the ConvertToRegularExpression...

4.8CVSS4AI score0.00165EPSS
Exploits0References25
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.7 views

CVE-2023-4986

A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this...

2.5CVSS6AI score0.00189EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.10 views

CVE-2021-33177

The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries...

8.8CVSS8AI score0.09817EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:19 a.m.7 views

CVE-2019-18286

A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18287. Please note that an attacker needs to have...

5.3CVSS6.3AI score0.0158EPSS
Exploits0References1
Rows per page
Query Builder