Lucene search
K

192880 matches found

CVE
CVE
added yesterday8 views

CVE-2026-12936

The CVE-2026-12936 relates to the Recurio – Ultimate Subscription for WooCommerce WordPress plugin. It describes a generic SQL Injection via the 'data' parameter in all versions up to and including 1.1.3 , caused by insufficient escaping and inadequate query preparation. With shop manager-level a...

4.9CVSS6AI score
Exploits0References4
NVD
NVD
added yesterday6 views

CVE-2026-15041

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing measurements of LDAP bind attempts to infer partial hash...

3.7CVSS
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-42213

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing measurements of LDAP bind attempts to infer partial hash...

3.7CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added yesterday26 views

CVE-2026-15041 389-ds-base: 389-ds-base: non-constant-time comparison in pbkdf2-sha256 password verification

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing measurements of LDAP bind attempts to infer partial hash...

3.7CVSS
Exploits0References2
Nuclei
Nuclei
added yesterday61 views

Atlassian Jira Confluence - Cross-Site Scripting

Atlassian Jira Confluence before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4, and from version 7.9.0 before version 7.9.2, allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the error messa...

6.1CVSS6.8AI score0.37611EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday489 views

FUEL CMS 1.4.1 - Remote Code Execution

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. id: CVE-2018-16763 info: name: FUEL CMS 1.4.1 - Remote Code Execution author: pikpikcu severity: critical description: FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/...

9.8CVSS7.2AI score0.82937EPSS
Exploits17References5
Nuclei
Nuclei
added yesterday35 views

Autonomy Ultraseek - Open Redirect

Open redirect vulnerability in cs.html in the Autonomy formerly Verity Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. id: CVE-2009-0347 info: name: Autonomy Ultraseek - Open Redirect author: ctflearner...

5.8CVSS6.1AI score0.10257EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday209 views

Rejetto HTTP File Server - Template injection

This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. id: CVE-2024-23692 info: name: Rejetto HTTP File Server - Template injection author: johnk3r severity: critical description: | This...

9.8CVSS7.6AI score0.99485EPSS
Exploits20References2
Nuclei
Nuclei
added yesterday363 views

Qlik Sense Enterprise - HTTP Request Smuggling

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

9.9CVSS7.4AI score0.84967EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday149 views

Weaver OA 9.5 - Information Disclosure

A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. id:...

7.5CVSS5.6AI score0.54232EPSS
Exploits1References5
CVE
CVE
added yesterday9 views

CVE-2026-9701

The CVE-2026-9701 entry concerns the WordPress Eventer plugin (up to version 4.4.2) with an insecure password reset mechanism. The root cause is that the plugin stores a plaintext password reset key in the eventer_verification_code (wp_usermeta) when a reset is requested, allowing an attacker to ...

9.8CVSS6AI score0.00267EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday9 views

kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache

A flaw was found in the Linux kernel's NFSv4.0 server nfsd. A remote, unauthenticated attacker can exploit this heap overflow vulnerability in the NFSv4.0 LOCK replay cache. By using two cooperating NFSv4.0 clients, where one sets a lock with a large owner string and another requests a conflictin...

9.8CVSS6.6AI score0.0049EPSS
Exploits0References5
OSV
OSV
added 2 days ago3 views

DEBIAN-CVE-2026-14380

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

6.3AI score0.00237EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2 days ago4 views

CVE-2026-14380

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

6.3AI score0.00237EPSS
Exploits0
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42073

9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint this route is not covered by the dashboard middleware matcher, so no authorization check is applied. The sudoPassword field from the request body is written to t...

9.8CVSS6.3AI score0.01372EPSS
Exploits0References2
Nuclei
Nuclei
added 2 days ago240 views

Weaver E-Office 9.5 - Remote Code Execution

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit h...

9.8CVSS6.2AI score0.32895EPSS
Exploits4References5
Nuclei
Nuclei
added 2 days ago103 views

Jeecg-boot 3.5.0 qurestSql - SQL Injection

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. id: CVE-2023-1454 info: name: Jeecg-boot 3.5...

9.8CVSS6.5AI score0.35825EPSS
Exploits3References5
Nuclei
Nuclei
added 2 days ago104 views

XStream <1.4.15 - Server-Side Request Forgery

XStream before 1.4.15 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorize...

7.7CVSS6.9AI score0.82238EPSS
Exploits4References5
RedHat Linux
RedHat Linux
added 2 days ago5 views

389-ds-base: 389-ds-base: Heap buffer overflow in sasl_io_recv() via padded SASL UNBIND

A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. After a successful SASL bind with integrity protection SSF 0, an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer...

8.8CVSS6.1AI score0.00627EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-42036

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote...

9.8CVSS6.1AI score0.00625EPSS
Exploits0References1
Rows per page
Query Builder