Lucene search
K

8549 matches found

Nuclei
Nuclei
added yesterday19 views

WordPress Candidate Application Form <= 1.3 - Local File Inclusion

WordPress Candidate Application Form = 1.3 is susceptible to arbitrary file downloads because the code in downloadpdffile.php does not do any sanity checks. id: CVE-2015-1000005 info: name: WordPress Candidate Application Form = 1.3 - Local File Inclusion author: dhiyaneshDK severity: high...

7.5CVSS7.3AI score0.08833EPSS
Exploits1References5
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-41693

A vulnerability was detected in code-projects Online Voting System 1.0. Impacted is the function testinput of the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/voterID/selectedCandidate results in sql injection. The attack can be initiated remotely...

7.5CVSS7AI score0.00269EPSS
Exploits0References6
CVE
CVE
added 5 days ago12 views

CVE-2026-14649

The CVE-2026-14649 entry concerns code-projects Online Voting System 1.0. The vulnerability is in the test_input function of /saveVote.php, where manipulating the arguments voterName, voterEmail, voterID, or selectedCandidate leads to SQL injection. The flaw is exploitable remotely over the netwo...

7.5CVSS7AI score0.00269EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/30 1:56 p.m.6 views

EUVD-2026-40326

openGauss 在处理带 NLS 参数的 totimestamp 调用时,totimestampwithfmtnls 会将 nlsfmtstr 保存到 usess-parsercxt.nlsfmtstr。在 seqscan + sort 执行路径下,该字符串原本被分配在 SeqScan 的表达式上下文中;当 SeqScan 完成后,该内存上下文会被 reset,但后续结果输出阶段 timestampout 仍会通过 CheckNlsFormat 访问 usess-parsercxt.nlsfmtstr,导致访问已释放内存。攻击者在具备数据库 SQL 执行权限的情况下,可构造特定...

5.9CVSS5.8AI score0.00351EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 5:30 p.m.11 views

CVE-2026-12672

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

5.8AI score
Exploits0References1
NVD
NVD
added 2026/06/24 8:16 a.m.9 views

CVE-2026-52922

In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadvdatforwarddata calls pskbcopyforclone to duplicate an skb for each DHT candidate, but does not check the return value before passing it to batadvsendskbprepareunicast4addr...

7.5CVSS0.00394EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/24 7:14 a.m.8 views

EUVD-2026-38725

In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadvdatforwarddata calls pskbcopyforclone to duplicate an skb for each DHT candidate, but does not check the return value before passing it to batadvsendskbprepareunicast4addr...

5.8AI score0.00394EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51715

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the batadv dat forward data function calls pskb copy for clone to duplicate an skb for each DHT candidate without verifying the return valu...

7.5CVSS5.7AI score0.00394EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-52922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: dat: handle forward allocation error batadvdatforwarddata calls pskbcopyforclone to duplicate an skb for each DHT candidate, but does not check the...

7.5CVSS6AI score0.00394EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 5:31 p.m.7 views

CVE-2026-11825

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/21 11:30 p.m.7 views

CVE-2026-12845

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-50924

Name of the Vulnerable Software and Affected Versions compose-rich-editor version 1.0.0-rc14 Description The compose-rich-editor library, used in HCL Verse for Android for rich text email composition, fails to properly validate HTML input. This lack of validation allows malicious content to be...

6.3CVSS5.8AI score0.00112EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/18 6:30 p.m.6 views

CVE-2026-12475

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

5.3AI score
Exploits0References1
NVD
NVD
added 2026/06/17 3:17 p.m.11 views

CVE-2026-55748

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

6CVSS0.0019EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 12:5 p.m.35 views

CVE-2024-35690

CVE-2024-35690 – WordPress Widget Options plugin up to version 4.0.1 is vulnerable to sensitive data exposure (Subscriber+). The Patchstack entries (and WPVulnDB reference) indicate vulnerable versions are

6.5CVSS5.2AI score0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 11:34 a.m.42 views

CVE-2024-33685

Technical details for CVE-2024-33685 (WordPress Startupzy theme) are not publicly provided in the supplied documents. No confirmed affected versions, root cause, impact, or remediation are stated here; monitor official advisories for updates.

4.3CVSS5.2AI score0.00155EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 10:25 a.m.40 views

CVE-2024-34810

CVE-2024-34810 is a CSRF vulnerability affecting Skyline WP

4.3CVSS5.1AI score0.00117EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 12:0 a.m.3 views

ALSA-2026:26455 Important: 389-ds-base security, bug fix, and enhancement update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: 389-ds-base: unbounded LDAP controls count in...

7.5CVSS5.8AI score0.00815EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.17 views

PT-2026-49183

CVE-2026-54095 - Rejected reason: CVE REJECT DO NOT USE THIS CVE ID :CVE-2026-54095 Published : June 12, 2026, 10:16 p.m. | 3 hours, 19 minutes ago Description :Rejected reason: CVE REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-53826. Reason: This candidate is a duplicate of...

5.3AI score0.00039EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 9:47 a.m.37 views

CVE-2022-42479

CVE-2022-42479 concerns a Broken Access Control in WordPress Soledad premium theme versions

5.4CVSS5.5AI score0.00177EPSS
Exploits0References1
Rows per page
Query Builder