Lucene search
+L

5122 matches found

Nuclei
Nuclei
added 10 hours ago206 views

WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting

WordPress eCommerce Product Catalog plugin before 3.0.39 contains a cross-site scripting vulnerability. The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute. This can allow an attacker to steal cookie-based authentication credentials an...

6.1CVSS5.8AI score0.01555EPSS
Exploits1References4
CVE
CVE
added 2 days ago8 views

CVE-2026-52888

NocoBase before 2.1.0-alpha.46 exposes sensitive data via the SQL Collection feature. The plugin-collection-sql checkSQL() used an incomplete keyword blacklist that did not block PostgreSQL system catalogs (e.g., pg_shadow, pg_roles, pg_stat_activity), allowing an admin-role user to read password...

6.8CVSS6.1AI score0.00269EPSS
Exploits0References3
OSV
OSV
added 2 days ago3 views

MINI-PQ7G-23V6-MCRJ

Bulletin has no description...

6.5CVSS6.1AI score0.00248EPSS
Exploits0
OSV
OSV
added 3 days ago3 views

MINI-55HP-3W67-PXVW

Bulletin has no description...

5.3CVSS6.1AI score0.00237EPSS
Exploits0
Circl
Circl
added 3 days ago4 views

CVE-2026-49795

creationtimestamp| type| source ---|---|--- 2026-07-14 19:01:51+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0231 2026-07-14 22:03:59+00:00| seen| https://www.thezdi.com/blog/2026/7/14/the-july-2026-security-update-review 2026-07-14 23:00:35+00:00| exploited|...

8.8CVSS4.8AI score0.01791EPSS
Exploits0References5
Circl
Circl
added 3 days ago4 views

CVE-2026-54992

creationtimestamp| type| source ---|---|--- 2026-07-14 19:01:41+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0231 2026-07-14 22:02:12+00:00| seen| https://www.thezdi.com/blog/2026/7/14/the-july-2026-security-update-review 2026-07-14 23:00:36+00:00| exploited|...

8.4CVSS6.1AI score0.00388EPSS
Exploits1References5
Circl
Circl
added 3 days ago4 views

CVE-2026-56155

creationtimestamp| type| source ---|---|--- 2026-07-14 18:00:28+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/3d723813-809e-42df-ae57-9da291055398 2026-07-14 18:20:36+00:00| seen| https://bsky.app/profile/cvesentinel.bsky.social/post/3mqmt3ncdul23...

7.8CVSS7.7AI score0.00379EPSS
Exploits0References37
Circl
Circl
added 3 days ago6 views

CVE-2026-15410

creationtimestamp| type| source ---|---|--- 2026-07-14 17:48:47+00:00| seen| https://bsky.app/profile/blackhatnews.tokyo/post/3mqmrct2poa2b 2026-07-14 18:59:52+00:00| seen| https://bsky.app/profile/hapsis.bsky.social/post/3mqmvbuce4c2u 2026-07-14 20:00:01+00:00| exploited|...

7.2CVSS7.8AI score0.01486EPSS
Exploits1References57
Circl
Circl
added 3 days ago4 views

CVE-2026-15409

creationtimestamp| type| source ---|---|--- 2026-07-14 17:48:47+00:00| seen| https://bsky.app/profile/blackhatnews.tokyo/post/3mqmrct2poa2b 2026-07-14 18:59:52+00:00| seen| https://bsky.app/profile/hapsis.bsky.social/post/3mqmvbuce4c2u 2026-07-14 19:00:30+00:00| exploited|...

10CVSS8.6AI score0.01266EPSS
Exploits3References83
CVE
CVE
added 3 days ago11 views

CVE-2026-62390

Apache Kylin vulnerability CVE-2026-62390 is a SQL Injection flaw in the Catalog Cache Refresh API. Affected versions are 4 through 5.0.3; upgrading to 5.0.4 fixes the issue. The issue arises from improper neutralization of special elements in SQL commands used by the backend API that refreshes t...

9.8CVSS6.1AI score0.00681EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-57979

Name of the Vulnerable Software and Affected Versions Apache Kylin versions 4 through 5.0.3 Description An OS Command Injection issue exists where a backend API allows job configuration parameters to be passed directly to the OS command line without proper neutralization of special elements. OS...

9.8CVSS6.3AI score0.01828EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-57978

Name of the Vulnerable Software and Affected Versions Apache Kylin versions 4 through 5.0.3 Description An SQL Injection issue exists where improper neutralization of special elements used in an SQL command occurs. This happens when a backend API refreshes the table catalog, which may lead to the...

9.8CVSS6.1AI score0.00681EPSS
Exploits0References9
OSV
OSV
added 4 days ago2 views

MINI-J94F-RM4Q-6F3X

Bulletin has no description...

8.6CVSS6.7AI score0.01279EPSS
Exploits0
OSV
OSV
added 5 days ago3 views

MINI-MM77-3CVM-MHF4

Bulletin has no description...

5.3CVSS6.1AI score0.00413EPSS
Exploits0
OSV
OSV
added 6 days ago1 views

MINI-XR9P-79PW-9GR4

Bulletin has no description...

5.3CVSS6.1AI score0.00413EPSS
Exploits0
OSV
OSV
added 6 days ago1 views

MINI-28GV-QG6P-6PR7

Bulletin has no description...

7.8CVSS6.1AI score0.00183EPSS
Exploits0
OSV
OSV
added 2026/07/09 7:41 p.m.3 views

MINI-J668-RPWG-48R9

Bulletin has no description...

6.1CVSS6.3AI score0.00719EPSS
Exploits1
OSV
OSV
added 2026/07/09 7:41 p.m.1 views

MINI-WCCQ-R38P-HJ92

Bulletin has no description...

8.5CVSS6.1AI score0.00346EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/07/09 4:29 p.m.20 views

How GitHub gave every repository a durable owner

GitHub has over 14,000 repositories across our primary internal GitHub organization. As of early 2025, there were over 11,000 non-archived repositories, the vast majority of which with no clear owner. For repositories attached to production services, we have historically had robust durable...

6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/07/08 1:7 p.m.8 views

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.10.2 release.

Red Hat Developer Hub 1.10.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

10CVSS7AI score0.01186EPSS
Exploits11References39
Rows per page
Query Builder