Lucene search
K

263 matches found

CVE
CVE
added 2026/03/17 3:36 a.m.11 views

CVE-2026-2373

The Royal Addons for Elementor – Addons and Templates Kit for Elementor (WordPress) is affected up to version 1.7.1049. The vulnerability arises in get_main_query_args(), due to insufficient restrictions on which posts can be included, allowing unauthenticated attackers to exfiltrate contents of ...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/17 3:36 a.m.4 views

CVE-2026-2373

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the getmainqueryargs function due to insufficient restrictions on which posts can be included. This makes it possib...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.7 views

PT-2026-25870

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the get main query args function due to insufficient restrictions on which posts can be included. This makes it...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References3
OSV
OSV
added 2026/03/16 4:26 p.m.6 views

GHSA-CVWP-R2G2-J824 Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials

Summary The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not addressed by this fix. These endpoints return the complete...

7.5CVSS5.8AI score0.00499EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/16 4:26 p.m.7 views

Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials

Summary The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not addressed by this fix. These endpoints return the complete...

7.5CVSS5.8AI score0.00499EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.3 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005678)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005678 advisory. In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in softwarenodegetreferenceargs softwarenodegetreferenceargs...

7.1CVSS5.8AI score0.00163EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/03 12:0 a.m.2 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005463)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005463 advisory. In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in softwarenodegetreferenceargs softwarenodegetreferenceargs...

7.1CVSS6.5AI score0.00163EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-20964

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description A configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, potentially enabling container...

9.8CVSS5.1AI score0.00479EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/02/12 7:33 a.m.5 views

CVE-2025-13431

The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all versions up to, and including, 5.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...

6.5CVSS5.9AI score0.00217EPSS
Exploits0References1
NVD
NVD
added 2026/02/11 2:15 a.m.4 views

CVE-2025-13431

The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all versions up to, and including, 5.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...

6.5CVSS0.00217EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/08 7:2 p.m.8 views

EUVD-2026-5772

A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...

6.5CVSS5.1AI score0.02953EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.5 views

Xcode MCP Server 命令注入漏洞

Xcode MCP Server is an Xcode-compatible context protocol server developed by R. Huijts. Xcode MCP Server has a command injection vulnerability, which stems from incorrect handling of the args parameter in the src/tools/xcode/index.ts file, potentially leading to command injection...

8.8CVSS6.6AI score0.02953EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/02/01 9:18 a.m.18 views

CVE-2025-15525

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parsecustomargs function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References1
CVE
CVE
added 2026/01/31 4:35 a.m.19 views

CVE-2025-15525

CVE-2025-15525 affects the WordPress plugin “Ajax Load More – Infinite Scroll, Load More, & Lazy Load.” The vulnerability arises from incorrect authorization in the parse_custom_args() function, allowing unauthenticated users to view titles and excerpts of private, draft, pending, scheduled, and ...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/31 4:35 a.m.29 views

CVE-2025-15525 Ajax Load More – Infinite Scroll, Lazy Load & Load More <= 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parsecustomargs function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose...

5.3CVSS0.00264EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/31 4:35 a.m.6 views

EUVD-2025-206596

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parsecustomargs function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/31 12:0 a.m.10 views

PT-2026-5501

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parse custom args function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expo...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/23 3:24 p.m.5 views

CVE-2026-22991

In the Linux kernel, the following vulnerability has been resolved: libceph: make freechooseargmap resilient to partial allocation freechooseargmap may dereference a NULL pointer if its caller fails after a partial allocation. For example, in decodechooseargs, if allocation of argmap-args fails,...

5.8AI score0.00395EPSS
Exploits0References8Affected Software1
Snyk
Snyk
added 2026/01/13 7:57 p.m.4 views

Arbitrary Command Injection

Overview renovate is a dependency updater. Affected versions of this package are vulnerable to Arbitrary Command Injection due to the improper sanitazation of user-supplied chart name in the helmRepositoryArgs function of kustomize manager. An attacker can execute arbitrary commands on the host...

8.4CVSS7.7AI score
Exploits0References2
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix possible map leak in fastrpcputargs The failure of copytouser could cause an early return without cleaning up the fdlist. This fdlist has been updated by the DSP. This could lead to a map leak. This issue is...

5.8AI score0.00197EPSS
Exploits0References3
Rows per page
Query Builder