Lucene search
K

15063 matches found

Nuclei
Nuclei
added yesterday24 views

WP AmASIN – The Amazon Affiliate Shop - Local File Inclusion

Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter. id: CVE-2014-4577 info: name: WP AmASIN – The Amazon Affiliate Shop -...

5CVSS7.2AI score0.03749EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday45 views

WordPress 2kb Amazon Affiliates Store <2.1.1 - Cross-Site Scripting

WordPress 2kb Amazon Affiliates Store plugin before 2.1.1 contains multiple cross-site scripting vulnerabilities. The plugin allows an attacker to inject arbitrary web script or HTML via the 1 page parameter or 2 kbAction parameter in the kbAmz page to wp-admin/admin.php, thus making possible the...

6.1CVSS6.5AI score0.02892EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday29 views

WP-Lister Lite for Amazon <= 2.6.16 - Cross-Site Scripting

The WP-Lister Lite for Amazon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.6.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

7.1CVSS6.2AI score0.0063EPSS
Exploits0References3
EUVD
EUVD
added yesterday8 views

EUVD-2026-43249

A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function buildtargeturl of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument extractedpathandquery can lead to server-side request forgery...

6.5CVSS6.3AI score0.00333EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-57441

Name of the Vulnerable Software and Affected Versions Parse Server versions 9.0.0 through 9.10.0-alpha.1 Parse Server versions 8.x through 8.6.83 Description A stored cross-site scripting XSS issue exists when the software fails to recognize an uploaded file's extension via the mime package,...

2.1CVSS6AI score0.00245EPSS
Exploits0References8
Amazon
Amazon
added 4 days ago4 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in removewaiter CVE-2026-43499 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

7.8CVSS6.6AI score0.00125EPSS
Exploits12
Amazon
Amazon
added 4 days ago4 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in removewaiter CVE-2026-43499 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about...

7.8CVSS6.6AI score0.00125EPSS
Exploits12
Amazon
Amazon
added 4 days ago3 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in removewaiter CVE-2026-43499 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about...

7.8CVSS6.6AI score0.00125EPSS
Exploits12
NVD
NVD
added 5 days ago6 views

CVE-2026-53961

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon but did not bind them to trusted TopicArn values, allowing any AWS account holder to publish...

6.5CVSS0.00221EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-46413

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

6.5CVSS5.9AI score0.00366EPSS
Exploits0References10Affected Software1
CVE
CVE
added 5 days ago8 views

CVE-2026-53961

CVE-2026-53961 concerns Discourse, an open-source discussion platform. Prior to the fixed versions, the AWS SES bounce webhook at POST /webhooks/aws did not bind SNS-signed messages to trusted TopicArn values, enabling any AWS account holder to publish forged Bounce notifications that revoke a ta...

6.5CVSS6AI score0.00221EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-53961

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon but did not bind them to trusted TopicArn values, allowing any AWS account holder to publish...

6.5CVSS6AI score0.00221EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-53961 Discourse: Forged AWS SNS bounce notifications can disable a targeted user's email (missing TopicArn binding)

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon but did not bind them to trusted TopicArn values, allowing any AWS account holder to publish...

6.5CVSS0.00221EPSS
Exploits0References9
Chainguard
Chainguard
added 5 days ago9 views

GHSA-MG7H-Q7HW-M596 vulnerabilities

Vulnerabilities for packages: linux-aws...

5.9AI score
Exploits0
NVD
NVD
added 6 days ago8 views

CVE-2026-59897

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware o...

5.3CVSS0.00126EPSS
Exploits0References3
Chainguard
Chainguard
added 6 days ago8 views

CVE-2026-53139 vulnerabilities

Vulnerabilities for packages: linux-aws, linux-qemu, linux-qemu-melange, linux-azure, linux-gcp, linux-vmware...

5.5CVSS6.1AI score0.00122EPSS
Exploits0
Chainguard
Chainguard
added 6 days ago10 views

GHSA-RC47-M48R-2657 vulnerabilities

Vulnerabilities for packages: linux-aws, linux-qemu, linux-qemu-melange, linux-azure, linux-gcp, linux-vmware...

6.1AI score
Exploits0
Chainguard
Chainguard
added 6 days ago5 views

GHSA-WFX4-V2WF-4GMP vulnerabilities

Vulnerabilities for packages: linux-aws, linux-qemu, linux-qemu-melange, linux-azure, linux-gcp, linux-vmware...

6.1AI score
Exploits0
Chainguard
Chainguard
added 6 days ago7 views

GHSA-WXVQ-PWV2-XPC3 vulnerabilities

Vulnerabilities for packages: linux-aws, linux-qemu, linux-qemu-melange, linux-azure, linux-gcp, linux-vmware...

6.1AI score
Exploits0
Chainguard
Chainguard
added 6 days ago5 views

GHSA-Q6QM-26CH-2W94 vulnerabilities

Vulnerabilities for packages: linux-aws, linux-qemu, linux-qemu-melange, linux-azure, linux-gcp, linux-vmware...

6.1AI score
Exploits0
Rows per page
Query Builder