Lucene search
K

14083 matches found

CVE
CVE
added 14 hours ago8 views

CVE-2026-59246

The CVE concerns elixir-mint mint: an unbounded chain of zero-length HTTP/2 CONTINUATION frames can bypass the header-block size cap in Mint.HTTP2.handle_continuation/3, causing unbounded memory growth on the client and eventual out-of-memory termination. The vulnerability arises because each CON...

6.3CVSS6.2AI score
Exploits0References4
Cvelist
Cvelist
added 14 hours ago6 views

CVE-2026-59246 Zero-length HTTP/2 CONTINUATION frames bypass Mint's header-block byte-size cap and exhaust client memory

Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP/2 server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP2.handlecontinuation/3 function in lib/mint/http2.ex accumulates the header-block fragment carried by each HTTP/2...

6.3CVSS
Exploits0References4
EUVD
EUVD
added 14 hours ago5 views

EUVD-2026-43643

Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP/2 server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP2.handlecontinuation/3 function in lib/mint/http2.ex accumulates the header-block fragment carried by each HTTP/2...

6.3CVSS6.2AI score
Exploits0References4
Nuclei
Nuclei
added 15 hours ago95 views

WordPress Core <6.5.2 - Cross-Site Scripting

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. id: CVE-2024-4439 info: name: WordPress Core 6.5.2 - Cross-Site Scripting author: nqdung2002 severity: hi...

7.2CVSS6.9AI score0.70822EPSS
Exploits4References2
Nuclei
Nuclei
added 15 hours ago88 views

WordPress iQ Block Country <=1.2.11 - Cross-Site Scripting

WordPress iQ Block Country plugin 1.2.11 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...

5.5CVSS6.3AI score0.01193EPSS
Exploits0References5
NVD
NVD
added yesterday6 views

CVE-2026-60103

Blender 3.0.0 through 5.1.2 contains an out-of-bounds read vulnerability that allows attackers to trigger a crash or read adjacent heap memory by supplying a crafted .blend file with a malicious signed short memberindex value in the SDNA block. The memberindex field is used as an array index into...

6.8CVSS
Exploits0References3
CVE
CVE
added yesterday16 views

CVE-2026-60103

Blender 3.0.0–5.1.2 contains an out-of-bounds read via a crafted .blend SDNA block. The signed short member_index is used as an array index into sdna-&gt;members[] in sdna_expand_names() without bounds checking, producing an invalid pointer that is then passed to strlen(), causing a SIGSEGV or un...

6.8CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added yesterday32 views

CVE-2026-60103 Blender 3.0.0 - 5.1.2 Out-of-Bounds Read via crafted .blend SDNA block

Blender 3.0.0 through 5.1.2 contains an out-of-bounds read vulnerability that allows attackers to trigger a crash or read adjacent heap memory by supplying a crafted .blend file with a malicious signed short memberindex value in the SDNA block. The memberindex field is used as an array index into...

6.8CVSS
Exploits0References3
EUVD
EUVD
added yesterday6 views

EUVD-2026-43317

A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead to os command injection. The attack can be executed remotely. The exploit has been made available ...

6.5CVSS6.4AI score0.0105EPSS
Exploits0References6
NVD
NVD
added 3 days ago6 views

CVE-2026-5743

The SimpLy Gallery Block & Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in all versions up to, and including, 3.3.3.2. This is due to insufficient input sanitization and output escaping on the sliderMaxHeight block attribute in the...

6.4CVSS0.00259EPSS
Exploits0References10
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43120

The SimpLy Gallery Block & Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in all versions up to, and including, 3.3.3.2. This is due to insufficient input sanitization and output escaping on the sliderMaxHeight block attribute in the...

6.4CVSS6.2AI score0.00259EPSS
Exploits0References10
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-5743 Mixed Media Gallery Blocks <= 3.3.3.1 - Authenticated (Author+) Stored Cross-Site Scripting via sliderMaxHeight Block Attribute

The SimpLy Gallery Block & Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in all versions up to, and including, 3.3.3.2. This is due to insufficient input sanitization and output escaping on the sliderMaxHeight block attribute in the...

6.4CVSS0.00259EPSS
Exploits0References10
CVE
CVE
added 3 days ago10 views

CVE-2026-5743

The CVE concerns the SimpLy Gallery Block & Lightbox WordPress plugin. A stored XSS vulnerability exists through the sliderMaxHeight block attribute in all versions up to and including 3.3.3.2, caused by insufficient input sanitization and output escaping in pgc_sgb_render_callback(). The root ca...

6.4CVSS6.2AI score0.00259EPSS
Exploits0References10
NVD
NVD
added 4 days ago6 views

CVE-2026-55781

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's UFS and FFS image handler in NanaZip.Codecs.Archive.Ufs.cpp validates the superblock block size only against the MINBSIZE lower bound and does not validate the fsfsize fragment size, allowin...

2.4CVSS0.00112EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42957

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's UFS and FFS image handler in NanaZip.Codecs.Archive.Ufs.cpp validates the superblock block size only against the MINBSIZE lower bound and does not validate the fsfsize fragment size, allowin...

2.4CVSS6.2AI score0.00112EPSS
Exploits0References3
CVE
CVE
added 4 days ago9 views

CVE-2026-55781

The CVE affects NanaZip (7-Zip derivative) prior to version 6.5.1749.0, specifically the UFS/FFS image handler in NanaZip.Codecs.Archive.Ufs.cpp. The root cause is that superblock considerations validate the block size only against MINBSIZE and do not validate the fs_fsize fragment size, allowing...

2.4CVSS6.2AI score0.00112EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-58225

SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...

2.1CVSS6.3AI score0.00163EPSS
Exploits0References5Affected Software1
NVD
NVD
added 4 days ago6 views

CVE-2026-12108

The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.00208EPSS
Exploits0References8
CVE
CVE
added 4 days ago7 views

CVE-2026-12108

The CVE-2026-12108 entry concerns the WordPress Highlighting Code Block plugin. Affected: the Highlighting Code Block plugin for WordPress (versions up to 2.2.0). Vulnerability: Stored Cross-Site Scripting via admin settings caused by insufficient input sanitization and output escaping. Impact: a...

4.4CVSS6.2AI score0.00208EPSS
Exploits0References8
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42841

The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS6.2AI score0.00208EPSS
Exploits0References8
Rows per page
Query Builder