Lucene search
+L

428 matches found

CVE
CVE
added 2 days ago17 views

CVE-2026-12583

Summary: The Newsletters WordPress plugin before 4.15 is vulnerable to unauthenticated PHP object injection via a subscriber custom field. Deserialization of untrusted input stored through a public form enables an attacker to write arbitrary files and execute code on the server via a gadget chain...

8.1CVSS6.4AI score0.00326EPSS
Exploits0References1
NVD
NVD
added 2026/07/07 5:16 a.m.11 views

CVE-2026-42201

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS0.00195EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/07 3:21 a.m.38 views

CVE-2026-34037 Cross-Tenant Resource Cloning via Broken Object-Level Authorization in cloneTo()

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the cloneTo Livewire action in ResourceOperations.php authorizes the source resource but resolves destination resources with unscoped Eloquent lookups, allowing an...

9.9CVSS0.00247EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/07 3:6 a.m.33 views

CVE-2026-34034 Coolify: Host RCE via Sentinel token injection

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentineltoken setting is used in shell commands without sufficient validation, allowing an authenticated user with access to server Sentinel settings to inject shell...

8.8CVSS0.00403EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 11:51 p.m.9 views

BIT-SEAWEEDFS-2026-54917 SeaweedFS: Path traversal in the S3 and Iceberg REST gateways allows cross-bucket access

SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...

10CVSS5.8AI score0.00766EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 6:41 p.m.15 views

CVE-2026-54917

SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...

7.8CVSS5.9AI score0.00345EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/06/18 8:16 p.m.7 views

UBUNTU-CVE-2026-43915

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the web-admin HTTPS interface. An attacker who can create a TURN allocation with a crafted USERNAME value can inject HTML/JavaScript that execut...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/17 2:24 p.m.12 views

EUVD-2026-37726

Dell PowerFlex Manager, versions Version prior to 4.8, contains an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...

7.5CVSS5.4AI score0.00213EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.11 views

CVE-2026-40793

Subscriber Broken Access Control in Groundhogg 4.4.1 versions...

6.5CVSS0.00279EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.16 views

PT-2026-49226

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

6.5CVSS5.2AI score0.00196EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

WordPress plugin Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.2AI score0.00181EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:49 a.m.8 views

CVE-2026-42758

Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 4.08.253...

9.8CVSS5.8AI score0.00308EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions 0 through prior to 4.0.1, which stems from a URL query component that does not percentile encode CRLF characters, potentially resulting in HTTP request splitting...

7.5CVSS5.8AI score0.00421EPSS
Exploits1References5
OSV
OSV
added 2026/05/24 11:16 p.m.10 views

DEBIAN-CVE-2026-48832

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

3.5CVSS5.8AI score0.00186EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.19 views

Dell PowerFlex Manager 安全漏洞

Dell PowerFlex Manager is a software-defined infrastructure deployment and lifecycle management platform developed by the American company Dell. Versions of Dell PowerFlex Manager prior to 4.6.2 contain security vulnerabilities. These vulnerabilities stem from the exposure of directory list...

7.5CVSS5.8AI score0.00127EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 1:16 p.m.14 views

CVE-2026-24573

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0...

6.5CVSS0.00166EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 12:54 p.m.41 views

CVE-2026-24573 WordPress Visualizer plugin < 4.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0...

6.5CVSS0.00166EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.11 views

WordPress plugin Visualizer 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.6AI score0.00166EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 10:29 p.m.8 views

CVE-2026-8495

Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15...

5.8AI score0.00369EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 10:29 p.m.2 views

CVE-2026-8495 Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-037

Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15...

9.8CVSS5.9AI score0.00369EPSS
Exploits0References5
Rows per page
Query Builder