Lucene search
K

185 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-15070

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inje...

8.8CVSS0.00259EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2 days ago7 views

CVE-2026-15070

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inje...

8.8CVSS6.7AI score0.00259EPSS
Exploits0References7
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-42784

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inje...

8.8CVSS6.7AI score0.00259EPSS
Exploits0References6
CVE
CVE
added 6 days ago14 views

CVE-2026-49099

Summary: CVE-2026-49099 affects the Apache Camel Salesforce component. Non-Camel header constants (e.g., sObjectQuery, apexUrl) bypass the HTTP header filter, allowing an unauthenticated HTTP client to influence internal behavior by setting operation parameters (SOQL/SOSL, SObject name/id, Apex U...

5.3CVSS6AI score0.00341EPSS
Exploits0References2Affected Software1
CVE
CVE
added 6 days ago11 views

CVE-2026-48205

Summary: CVE-2026-48205 describes an SSRF vulnerability in the Apache Camel DNS component where DNS operation headers can be supplied via non-Camel header names (dns.server, dns.name, dns.domain, dns.type, dns.class, term) because the HTTP header filter is insufficient. This allows an unauthentic...

9.1CVSS6.1AI score0.0037EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-337 Use of hard-coded, security-relevant constants in deepset-ai/haystack

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack in version 1.15.0 and prior. A patch is available at commit 5fc84904f198de661d5b933fde756aa922bf09f1...

9.8CVSS7.3AI score0.00843EPSS
Exploits1References7
OSV
OSV
added 2026/06/16 11:48 a.m.5 views

BIT-MONGODB-2026-9747 Crafted cross-shard merge aggregation crashes MongoDB Server

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

7.1CVSS5.2AI score0.0027EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 12:31 a.m.12 views

EUVD-2026-35863

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 10:5 p.m.9 views

CVE-2026-9747 Crafted cross-shard merge aggregation crashes MongoDB Server

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 10:5 p.m.86 views

CVE-2026-9747

The vulnerability CVE-2026-9747 affects MongoDB Server’s cross-shard merge aggregation. When building aggregations, using fromRouter:true with runtimeConstants.userRoles may cause the server to crash. The connected documentation confirms the issue but provides no details on mitigations; exploitat...

7.1CVSS5.5AI score0.0027EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/09 10:5 p.m.43 views

CVE-2026-9747 Crafted cross-shard merge aggregation crashes MongoDB Server

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

7.1CVSS0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which can cause server...

7.1CVSS5.3AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.13 views

CVE-2025-11762

The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/admin/class-adminconstants.php file. This makes it possible for authenticated attackers, with...

4.3CVSS5.4AI score0.00193EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 3:33 p.m.12 views

EUVD-2026-32375

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop initconst from gates Since commit 8ceff24a754a "clk: mediatek: clk-gate: Refactor mtkclkregistergate to use mtkgate struct" the mtkgate structs are no longer just used for initialization/registration, but also...

5.8AI score0.00162EPSS
Exploits0References4
OSV
OSV
added 2026/05/23 5:41 p.m.9 views

MAL-2026-4637 Malicious code in pewter-constants (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c9f898fe8ed95b1d549bfff91d7c0dda0f75ada1c32a58af144940cf28b23c5 On npm install, a preinstall hook in callback.js collects os.hostname, os.userInfo.username, process.cwd, the configured npm registry...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/18 5:7 p.m.7 views

CLSA-2026-1779124021 firewalld: Fix of CVE-2026-4948

CVE-2026-4948: use PKACTIONCONFIG instead of PKACTIONCONFIGINFO for setZoneSettings2 and setPolicySettings to require config-write authorization...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-38648

Name of the Vulnerable Software and Affected Versions electerm versions 3.x and earlier Description The getConstants IPC handler in src/app/lib/ipc-sync.js serializes the entire process.env object and sends it to the renderer, where it is stored as window.pre.env. This data is accessible to any...

6.5CVSS5.8AI score0.00103EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-37496

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The pegasus probe function fills USB Request Blocks URBs with hardcoded endpoint pipes without verifying the endpoint descriptors. Specifically, it uses usb rcvbulkpipedev, 1 for RX data...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
Snyk
Snyk
added 2026/05/04 12:1 a.m.5 views

Malicious Package

Overview @bcs-bank/common-constants is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/04 12:1 a.m.7 views

MAL-2026-3265 Malicious code in @bcs-bank/common-constants (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9c84c16934aaaeda86ed317c33795f796252ac98aaf9f39208575837332b372 The package @bcs-bank/common-constants was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Rows per page
Query Builder