Lucene search
K

106 matches found

NVD
NVD
added 2026/07/05 10:16 p.m.12 views

CVE-2026-59520

Cross-Site Request Forgery CSRF vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16...

4.3CVSS0.001EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:5 p.m.40 views

CVE-2026-13376 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in spamBlocker Module

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS spamBlocker module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-1071. This issue affects Fireware OS 12.0 up to and...

4.8CVSS0.00158EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 1:18 p.m.9 views

CVE-2026-44946

A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service ACS handler did not enforce one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,...

9.5CVSS0.00291EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.12 views

CVE-2026-47902

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this iss...

6.2CVSS5.5AI score0.00153EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.9 views

CVE-2026-42680

Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1...

9.8CVSS5.4AI score0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 12:11 p.m.34 views

CVE-2026-9509 Uncaught exception vulnerability in Suprema's BioStar

An unhandled exception in Suprema BioStar 2 Server, versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remote attacker to cause a denial of service DoS by sending HTTP POST requests to the ‘/api/migration’ endpoint. This request triggers a failure that halts critical processes,...

8.7CVSS0.00351EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-43648

Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through = 2.14.16...

7.5CVSS5.8AI score0.00246EPSS
Exploits0References2
Amazon
Amazon
added 2026/05/14 12:0 a.m.21 views

Important: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalV...

7.5CVSS7.3AI score0.00702EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.6 views

PT-2026-34094

Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.0 through 8.0.45 MySQL Server versions 8.4.0 through 8.4.8 MySQL Server versions 9.0.0 through 9.6.0 Description An issue exists in the Group Replication Plugin of MySQL Server. A low-privileged attacker with network...

6.5CVSS7.2AI score0.00323EPSS
Exploits0References125
RedhatCVE
RedhatCVE
added 2026/03/26 3:5 p.m.4 views

CVE-2025-60233

Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2...

9.8CVSS5.2AI score0.00386EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.6 views

CVE-2025-53222

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through = 1.7.3...

7.1CVSS5.9AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2026/03/05 6:16 a.m.6 views

CVE-2026-27406

Insertion of Sensitive Information Into Sent Data vulnerability in Joe Dolson My Tickets my-tickets allows Retrieve Embedded Sensitive Data.This issue affects My Tickets: from n/a through = 2.1.0...

7.5CVSS0.00384EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/28 4:17 a.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to improper name handling in Werkzeug [ CVE-2025-66221]

Summary IBM Watson Speech Services Cartridge is vulnerable to improper name handling in Werkzeug, caused by a reading issue with Werkzeug's safejoin function that allows path segments with special device names to hang indefinately CVE-2025-66221. Werkzeug is used in our service runtimes. This...

6.3CVSS5.9AI score0.00474EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/02/20 4:22 p.m.6 views

CVE-2025-67975

Missing Authorization vulnerability in aDirectory aDirectory adirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects aDirectory: from n/a through = 3.0.3...

6.5CVSS0.00316EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 2:8 p.m.7 views

CVE-2026-25036

Missing Authorization vulnerability in WP Chill Passster content-protector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Passster: from n/a through = 4.2.25...

5.3AI score0.00296EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/23 9:15 p.m.5 views

CVE-2025-31413

Cross-Site Request Forgery CSRF vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through = 8.3.13...

4.3CVSS5.4AI score0.00133EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/23 9:15 p.m.5 views

CVE-2025-66139

Missing Authorization vulnerability in merkulove Audier For Elementor audier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audier For Elementor: from n/a through = 1.0.9...

5.4CVSS5.4AI score0.0022EPSS
Exploits0References1
NVD
NVD
added 2026/01/23 3:16 p.m.8 views

CVE-2026-24535

Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through = 1.2.7...

4.3CVSS0.00201EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.4 views

PT-2026-3983

Name of the Vulnerable Software and Affected Versions Jthemes xSmart versions through 1.2.9.4 Description An incorrect privilege assignment exists in Jthemes xSmart, potentially allowing privilege escalation. Recommendations Update Jthemes xSmart to a version later than 1.2.9.4...

5.3AI score0.00405EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/12 4:38 a.m.5 views

CVE-2025-69273 Spectrum broken authentication

Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.This issue affects DX NetOps Spectrum: 24.3.10 and earlier...

8.7CVSS6.6AI score0.00309EPSS
Exploits0References1
Rows per page
Query Builder