Lucene search
K

36113 matches found

OSV
OSV
added 10 hours ago1 views

ROOT-APP-NPM-CVE-2026-54285 CVE-2026-54285 in @rootio/opentelemetry__core - Patched by Root

Root has patched CVE-2026-54285 in the @rootio/opentelemetrycore package for Root:npm. Multiple fixed versions available...

5.3CVSS6.1AI score0.00238EPSS
Exploits0
Nuclei
Nuclei
added 12 hours ago66 views

Social Login by BestWebSoft < 0.2 - Cross-Site Scripting

The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. id: CVE-2017-18501 info: name: Social Login by BestWebSoft 0.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues...

6.1CVSS6.4AI score0.0141EPSS
Exploits1References4
Nuclei
Nuclei
added 12 hours ago35 views

WordPress WPB Show Core <= 2.2 - Server-Side Request Forgery

The WPB Show Core WordPress plugin through version 2.2 is vulnerable to Server-Side Request Forgery SSRF via the 'path' parameter in the download-file.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs. id: CVE-2023-5974 info: nam...

9.8CVSS7.1AI score0.0315EPSS
Exploits2References2
Nuclei
Nuclei
added 12 hours ago58 views

Lotus Core CMS 1.0.1 - Local File Inclusion

Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php pageslug parameter. id: CVE-2020-8641 info: name: Lotus Core CMS 1.0.1 - Local File Inclusion author: 0xAkoko severity: high description: Lotus Core CMS 1.0.1 allows authenticated...

8.8CVSS7AI score0.10808EPSS
Exploits1References5
Nuclei
Nuclei
added 12 hours ago74 views

WordPress WPB Show Core - Cross-Site Scripting

WordPress wpb-show-core plugin through TODO contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site...

6.1CVSS6.5AI score0.00902EPSS
Exploits1References3
CVE
CVE
added yesterday26 views

CVE-2026-48805

Twig vulnerability CVE-2026-48805: Affected: Twig (PHP template engine); issue arises before 3.27.0 in deprecated internal wrappers in src/Resources/core.php. Root cause: Sandbox state is not forwarded to CoreExtension::checkArrow(), arraySome(), and arrayEvery() when using legacy helpers twig_ch...

5.3CVSS6.1AI score
Exploits0References3
NVD
NVD
added yesterday3 views

CVE-2026-15773

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday26 views

CVE-2026-48758 sigstore-js: DSSE payloadType type-binding failure

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.2.1, the preAuthEncoding function in @sigstore/core uses Node.js ascii encoding when converting the PAE string to bytes, allowing payloadType to be mutated after signing without invalidating the signature...

5.4CVSS
Exploits0References4
CVE
CVE
added yesterday5 views

CVE-2026-15773

CVE-2026-15773 is a Use-After-Free in Chrome’s Core on Windows prior to 150.0.7871.125 that could allow a remote attacker to achieve a sandbox escape via a crafted HTML page. The vulnerability affects Google Chrome Windows builds and is tracked in multiple sources. No exploitation status is provi...

9.6CVSS6.2AI score
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-47303

Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network...

8.8CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-47300

Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network...

8.8CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-47303

CVE-2026-47303 affects ASP.NET Core. Authentication bypass by assumed-immutable data enables an authorized attacker to elevate privileges over a network. From the provided metrics, the CVSS v3.1 base score is 8.8 (HIGH) with Network attack vector, Low attack complexity, Privileges Required: LOW, ...

8.8CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday26 views

CVE-2026-47300 ASP.NET Core Elevation of Privilege Vulnerability

...

8.8CVSS
Exploits0References1
CVE
CVE
added yesterday16 views

CVE-2026-47300

The vulnerability CVE-2026-47300 affects ASP.NET Core and is due to an incorrect implementation of the authentication algorithm that could allow an authorized attacker to elevate privileges over a network. The CVSS v3.1 base score is 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, a...

8.8CVSS6.1AI score
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-50437

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally...

5.5CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-50359

Use after free in Microsoft XML Core Services allows an authorized attacker to elevate privileges locally...

7CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-45646

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network...

7.5CVSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-58541

CVE-2026-58541 — Windows DWM Core Library Elevation of Privilege due to a type confusion in DWM. Affected component: Windows DWM Core Library/DWM (Windows OS). Description from sources: Access of resource using incompatible type ('type confusion') in Windows DWM allows an authorized attacker to e...

7.8CVSS6AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-50359 Microsoft XML Core Services Elevation of Privilege Vulnerability

...

7CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-50359

CVE-2026-50359 is a Microsoft XML Core Services elevation-of-privilege vulnerability described as a use-after-free issue. The NVD/NCSC/CIRCL entries confirm local privilege escalation for an authorized user. No exploit vectors are provided in the documents. Microsoft has released updates addressi...

7CVSS6AI score
Exploits0References1
Rows per page
Query Builder