Lucene search
K

54136 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-41804

A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...

5.3CVSS5.7AI score0.00224EPSS
Exploits0References6
Nuclei
Nuclei
added 2 days ago59 views

Oracle Content Server - Cross-Site Scripting

Oracle Content Server version 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0 are susceptible to cross-site scripting. The vulnerability can be used to include HTML or JavaScript code in the affected web page. The code is executed in the browser of users if they visit the manipulated site. id: CVE-2017-100...

8.2CVSS6.6AI score0.17558EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago171 views

WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection

WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL...

9.8CVSS7.3AI score0.78812EPSS
Exploits7References4
Cvelist
Cvelist
added 2 days ago39 views

CVE-2026-14691 SourceCodester Multi-Vendor Online Grocery Management System Setting SystemSettings.php update_settings_info code injection

A security vulnerability has been detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This impacts the function updatesettingsinfo of the file classes/SystemSettings.php of the component Setting Handler. Such manipulation of the argument content leads to code injection...

6.5CVSS0.00237EPSS
Exploits0References6
Nuclei
Nuclei
added 3 days ago216 views

Calibre <= 7.14.0 Remote Code Execution

Unauthenticated remote code execution via Calibre’s content server in Calibre = 7.14.0. id: CVE-2024-6782 info: name: Calibre = 7.14.0 Remote Code Execution author: DhiyaneshDK severity: critical description: | Unauthenticated remote code execution via Calibre’s content server in Calibre = 7.14.0...

9.8CVSS7.8AI score0.83393EPSS
Exploits8References1
Nuclei
Nuclei
added 3 days ago205 views

Ghost CMS Content API - SQL Injection

Ghost CMS before 6.19.1 is vulnerable to a blind SQL injection in the /ghost/api/content/tags/ endpoint via the filter parameter. This template checks for the vulnerability by sending a boolean-based payload. id: CVE-2026-26980 info: name: Ghost CMS Content API - SQL Injection author:...

9.4CVSS7.4AI score0.69996EPSS
Exploits7References3
RedhatCVE
RedhatCVE
added 4 days ago10 views

CVE-2026-38969

A flaw was found in WEBrick, a Ruby web server toolkit. This vulnerability allows a remote attacker to perform request smuggling by manipulating the Content-Length header in HTTP/1.1 requests. WEBrick incorrectly re-parses the trailer Content-Length, leading to a desynchronization between the pro...

7.5CVSS5.9AI score0.00162EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-41520

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 2.8.16 via the 'data' attribute of the adinserter shortcode. This is due to the replaceaitags function processing a reusable-block-N tag pattern that...

4.3CVSS6AI score0.00273EPSS
Exploits0References10
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-11900 Ad Inserter <= 2.8.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Post Content Disclosure via 'data' Shortcode Attribute

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 2.8.16 via the 'data' attribute of the adinserter shortcode. This is due to the replaceaitags function processing a reusable-block-N tag pattern that...

4.3CVSS0.00273EPSS
Exploits0References10
CVE
CVE
added 4 days ago12 views

CVE-2026-11900

The CVE-2026-11900 entry concerns the WordPress plugin Ad Inserter – Ad Manager & AdSense Ads up to version 2.8.16. It is vulnerable to an Insecure Direct Object Reference via the shortcodes’ data attribute. The replace_ai_tags() function processes a {reusable-block-N} pattern by calling get_post...

4.3CVSS6AI score0.00273EPSS
Exploits0References10
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-9626 JSON API User <= 4.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'content' Parameter

The JSON API User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content' parameter of the postcomment API endpoint in versions up to, and including, 4.1.0 This is due to insufficient input sanitization in the postcomment function, which passes the attacker-controlled...

6.4CVSS0.00228EPSS
Exploits0References6
CVE
CVE
added 4 days ago14 views

CVE-2026-9626

The CVE-2026-9626 entry concerns the WordPress JSON API User plugin (

6.4CVSS5.9AI score0.00228EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 4 days ago7 views

SUSE CVE-2026-20217

A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in...

7.5CVSS7.3AI score0.00389EPSS
Exploits0References3
Snyk
Snyk
added 5 days ago5 views

HTTP Request Smuggling

Overview webrick is a HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server. Affected versions of this package are vulnerable to HTTP Request Smuggling in the request process. An attacker can bypass request boundaries and interfere with HTTP...

7.5CVSS6AI score0.00162EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-58460

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS0.00138EPSS
Exploits0References2
OSV
OSV
added 5 days ago3 views

DEBIAN-CVE-2026-38969

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling...

7.5CVSS5.9AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 5 days ago6 views

CVE-2026-38969

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling...

7.5CVSS0.00162EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-58460 react-native-receive-sharing-intent Path Traversal via _display_name

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS0.00138EPSS
Exploits0References2
CVE
CVE
added 5 days ago12 views

CVE-2026-58460

CVE-2026-58460 affects the React Native package react-native-receive-sharing-intent. A path traversal vulnerability allows a co-resident malicious app to write files outside the intended cache directory by supplying a crafted _display_name with dot-dot path components via a malicious ContentProvi...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-41437

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References2
Rows per page
Query Builder