Lucene search
+L

65416 matches found

nuclei
nuclei
added yesterday12 views

Motors Car Dealer & Classified Ads <= 1.4.0 - Unauthenticated settings import/export

includes/options.php in the motors-car-dealership-classified-listings aka Motors - Car Dealer & Classified Ads plugin through 1.4.0 for WordPress allows unauthenticated options changes. id: CVE-2019-17228 info: name: Motors Car Dealer & Classified Ads = 1.4.0 - Unauthenticated settings...

6.5CVSS6.6AI score0.01153EPSS
Exploits1References4
nuclei
nuclei
added yesterday10 views

WordPress OneTone theme <= 3.0.6 – Unauthenticated Options Changes

includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes. id: CVE-2019-17230 info: name: WordPress OneTone theme = 3.0.6 – Unauthenticated Options Changes author: daffainfo severity: medium description: | includes/theme-functions.php in...

5.3CVSS6.2AI score0.02362EPSS
Exploits1References3
nvd
nvd
added yesterday6 views

CVE-2026-11866

The Appointment Booking Plugin WordPress plugin before 5.6.3 does not validate a CSRF nonce on several state-changing actions handled by its central request dispatcher, allowing attackers to perform privileged actions, such as overwriting the booking-form configuration or disconnecting the...

5.4CVSS0.00097EPSS
Exploits0References1
redhatcve
redhatcve
added yesterday5 views

CVE-2026-15697

A flaw was found in svgdotjs svg.js. A remote attacker could exploit a vulnerability in the EventTarget.on function, which improperly controls modifications to object prototype attributes. This could allow an attacker to manipulate object properties, potentially leading to unintended behavior or...

6.5CVSS6.6AI score0.0033EPSS
Exploits0References9
nvd
nvd
added yesterday11 views

CVE-2026-12409

The Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.3.6. This is due to missing or incorrect nonce validation on the ulpbadminajax function. Thi...

4.3CVSS0.00129EPSS
Exploits0References6
cve
cve
added 2 days ago6 views

CVE-2026-58658

Summary. CVE-2026-58658 affects GPUStack up to version 2.2.1 and was fixed by commit 4e20551. An unauthenticated attacker can abuse unprotected /serveLogs and /debug endpoints on the worker port to disclose sensitive information and configure logs. Specifically, attackers can enumerate model inst...

8.8CVSS6.1AI score0.0039EPSS
Exploits0References3
cvelist
cvelist
added 2 days ago31 views

CVE-2026-58658 GPUStack Unauthenticated Information Disclosure via Worker Endpoints

GPUStack through 2.2.1, fixed in commit 4e20551, contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to access sensitive inference logs and modify worker configuration by exploiting unprotected /serveLogs and /debug endpoints on the worker port...

8.8CVSS0.0039EPSS
Exploits0References3
cve
cve
added 2 days ago52 views

CVE-2026-56434

Summary: CVE-2026-56434 affects the nginx ngx_http_ssi_module in NGINX Plus and NGINX Open Source when SSI, proxy_pass, and proxy_buffering are configured off. An unauthenticated attacker with MITM control over upstream responses can trigger a heap buffer over-read in the nginx worker process, po...

8.3CVSS6.1AI score0.00387EPSS
Exploits0References1
redhat
redhat
added 2 days ago5 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 shadow paging mechanism. This use-after-free vulnerability arises from incorrect handling of Guest Frame Numbers GFNs when guest page tables are modified. A local attacker with control over a guest virtual machine could...

8.8CVSS6.5AI score0.00126EPSS
Exploits0References5
packetstorm
packetstorm
added 2 days ago14 views

📄 xxl-job Cross Site Request Forgery

xxl-job versions prior to 3.4.0 suffer from a cross site request forgery vulnerability. Description Summary A Cross-Site Request Forgery CSRF vulnerability exists in the xxl-job-admin web application that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The...

9.1CVSS5.7AI score0.00266EPSS
Exploits1
nvd
nvd
added 3 days ago5 views

CVE-2026-62659

A security flaw was discovered in the NETGEAR WAX333 Access Point that could allow someone already logged in and connected to the local network to make unauthorized changes to the device's settings...

6.8CVSS0.00195EPSS
Exploits0References2
cve
cve
added 3 days ago6 views

CVE-2026-62659

CVE-2026-62659 affects the NETGEAR WAX333 Access Point. The issue enables someone who is already logged in and on the same local network to make unauthorized changes to the device’s settings. The CVSS details show an adjacent attack vector, low attack complexity, high privileges required, and no ...

6.8CVSS6.1AI score0.00195EPSS
Exploits0References2
cvelist
cvelist
added 3 days ago29 views

CVE-2025-8412 VMDP: Potential buffer overflow in the RtlQueryRegistryValues function

A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in SUSE Virtual Machine Driver Pack allows an attacker with the ability to modify the registry to affect the integrity of the driver. We're not aware of a feasible way to exploit this currently. This issue affect...

2CVSS0.0009EPSS
Exploits0References1
zeroscience
zeroscience
added 3 days ago33 views

SIP Sustainable Irrigation Platform 5.x (cv) Settings Mass Assignment

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

8.8CVSS6.1AI score0.00357EPSS
Exploits2
nessus
nessus
added 3 days ago5 views

Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS : LibreOffice vulnerabilities (USN-8534-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8534-1 advisory. It was discovered that LibreOffice incorrectly handled importing DXF drawings. An attacker could use this issue to cause...

7.8CVSS6.9AI score0.00171EPSS
Exploits0References7
nvd
nvd
added 5 days ago8 views

CVE-2026-56308

Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cookie or authenticated browser can change the account email to gain control of account recovery and...

8.4CVSS0.00244EPSS
Exploits0References2
euvd
euvd
added 6 days ago6 views

EUVD-2026-43148

The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email during customer profile synchronization from webhook...

8.1CVSS6.1AI score0.00302EPSS
Exploits0References2
redhat
redhat
added last week3 views

cpython: python: Extraction filter bypass for linking outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...

7.5CVSS6.5AI score0.00805EPSS
Exploits2References10
nvd
nvd
added last week9 views

CVE-2026-57475

Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a remote attacker to make limited additions to the configuration. These additions were not used by the system. On 2026-03-25, AI Assist for Customer restricted network access an...

6.9CVSS0.0034EPSS
Exploits0References4
euvd
euvd
added last week15 views

EUVD-2026-42975

Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a remote attacker to make limited additions to the configuration. These additions were not used by the system. On 2026-03-25, AI Assist for Customer restricted network access an...

6.9CVSS6.2AI score0.0034EPSS
Exploits0References4
Rows per page
Query Builder