Lucene search
+L

1653 matches found

NVD
NVD
added 5 hours ago3 views

CVE-2026-63998

In the Linux kernel, the following vulnerability has been resolved: ethtool: module: call ethnlopscomplete on module flash errors When validate fails we are skipping over ethnlopscomplete even tho we already called ethnlopsbegin...

Exploits0References3
CVE
CVE
added 6 hours ago3 views

CVE-2026-63998

The CVE-2026-63998 entry relates to the Linux kernel: during ethtool module handling, ethnl_ops_begin() may be followed by a failed validate() that incorrectly skips ethnl_ops_complete(), potentially leaving an imbalance in operation lifecycle handling on module flash errors. The issue is describ...

5.4AI score
Exploits0References3
Cvelist
Cvelist
added 6 hours ago4 views

CVE-2026-63998 ethtool: module: call ethnl_ops_complete() on module flash errors

In the Linux kernel, the following vulnerability has been resolved: ethtool: module: call ethnlopscomplete on module flash errors When validate fails we are skipping over ethnlopscomplete even tho we already called ethnlopsbegin...

Exploits0References3
Nuclei
Nuclei
added 18 hours ago78 views

Complete Online Job Search System 1.0 - SQL Injection

Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=hiring&search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

7.2CVSS7.5AI score0.04522EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago48 views

Complete Online Job Search System 1.0 - SQL Injection

Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/admin/company/index.php?view=edit&id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site...

7.2CVSS7.5AI score0.04522EPSS
Exploits1References3
NVD
NVD
added 6 days ago5 views

CVE-2026-57411

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman CF7 Views Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS.This issue affects CF7 Views Complete Entry Management for Contact Form 7: from n/a through = 3.2.2...

7.1CVSS0.0018EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-43287

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

5.4CVSS6.1AI score0.0017EPSS
Exploits0References2
NVD
NVD
added 6 days ago5 views

CVE-2026-12271

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

5.4CVSS0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago3 views

CVE-2026-12271

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

6.1AI score0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/11 5:35 a.m.39 views

CVE-2026-10041 WCFM – Frontend Manager for WooCommerce <= 6.7.27 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Vendor Data Manipulation via Multiple AJAX Handlers

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.27 via the wcfmproductarchive due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS0.0025EPSS
Exploits0References12
NVD
NVD
added 2026/07/10 9:16 p.m.7 views

CVE-2026-13039

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to authorization bypass due to a regression in versions from 4.0.26 up to and including 4.1.15. This is due to the plugin not properly verifying that a user is authorized to perform a...

5.3CVSS0.00257EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/08 12:51 p.m.7 views

WordPress CF7 Views – Complete Entry Management for Contact Form 7 plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ParkHyunWoo in WordPress Plugin CF7 Views Complete Entry Management for Contact Form 7 versions = 3.2.2...

7.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/07/08 12:0 a.m.6 views

EUVD-2026-42135

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob...

8.7CVSS6AI score0.00508EPSS
Exploits0References6
CVE
CVE
added 2026/07/08 12:0 a.m.23 views

CVE-2026-55429

Coder's CVE-2026-55429 describes a cross-workspace agent rebinding vulnerability in UpsertWorkspaceApp and insertAgentApp where a provisioner payload can bind a victim app to an attacker-controlled agent due to lack of workspace verification. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, ...

8.7CVSS6AI score0.00508EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/07/08 12:0 a.m.11 views

CVE-2026-55429 Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob...

8.7CVSS6AI score0.00508EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/07 12:57 p.m.37 views

CVE-2026-53483

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote...

9.8CVSS0.00625EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 9:0 p.m.12 views

CVE-2026-59711

CVE-2026-59711 affects the showdown library. A cross-site scripting vulnerability exists in metadata title handling when the completeHTMLDocument option is enabled; unescaped characters in markdown frontmatter metadata are placed into HTML title tags, allowing script execution in the rendered pa...

6.1CVSS6AI score0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/07/06 9:0 p.m.9 views

CVE-2026-59711 showdown - Cross-Site Scripting via Unescaped Metadata Title in completeHTMLDocument

showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary HTML and JavaScript. When completeHTMLDocument option is enabled, unescaped less-than and greater-than characters in markdown frontmatter metadata are inserted directly into...

6.1CVSS6AI score0.00187EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/06 9:0 p.m.6 views

EUVD-2026-41948

showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary HTML and JavaScript. When completeHTMLDocument option is enabled, unescaped less-than and greater-than characters in markdown frontmatter metadata are inserted directly into...

6.1CVSS6AI score0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/06 9:0 p.m.38 views

CVE-2026-59711 showdown - Cross-Site Scripting via Unescaped Metadata Title in completeHTMLDocument

showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary HTML and JavaScript. When completeHTMLDocument option is enabled, unescaped less-than and greater-than characters in markdown frontmatter metadata are inserted directly into...

6.1CVSS0.00187EPSS
Exploits0References3
Rows per page
Query Builder