Lucene search
+L

5431 matches found

nuclei
nuclei
added 10 hours ago36 views

WordPress Admin Word Count Column 2.2 - Local File Inclusion

The plugin does not validate the path parameter given to readfile, which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique. id:...

9.8CVSS7.1AI score0.21881EPSS
Exploits2References5
nuclei
nuclei
added 10 hours ago14 views

ChurchCRM - SQL Injection

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality. The newCountName parameter is directly concatenated into an SQL query without proper...

9.8CVSS7AI score0.02177EPSS
Exploits1References3
nuclei
nuclei
added 10 hours ago18 views

Sassy Social Share <= 3.3.3 - Cross-Site Scripting

The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateorssssharingcount' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS6.2AI score0.1544EPSS
Exploits1References3
osv
osv
added yesterday3 views

BIT-PILLOW-2026-59203 Pillow EpsImagePlugin negative %%BeginBinary byte count causes infinite loop denial of service

Pillow is a Python imaging library. From 12.0.0 through 12.2.0, Pillow's EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count in the %%BeginBinary directive, allowing a crafted EPS file to cause Image.open to seek backwards to the same directive and parse it repeatedly in an infinite...

7.5CVSS6.1AI score0.0039EPSS
Exploits1References5
redhatcve
redhatcve
added 2 days ago6 views

CVE-2026-14685

A flaw was found in HdrHistogram. A local attacker could exploit this vulnerability by manipulating the 'Count' argument within the recordValueWithCount function. This manipulation leads to a state issue, which could impact the integrity of data processing within the affected component. Mitigatio...

4.8CVSS5.8AI score0.00118EPSS
Exploits0References9
osv
osv
added 2 days ago3 views

DEBIAN-CVE-2026-59203

Pillow is a Python imaging library. From 12.0.0 through 12.2.0, Pillow's EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count in the %%BeginBinary directive, allowing a crafted EPS file to cause Image.open to seek backwards to the same directive and parse it repeatedly in an infinite...

7.5CVSS6.1AI score0.0039EPSS
Exploits1References1
osv
osv
added 2 days ago3 views

CVE-2026-59203 Pillow EpsImagePlugin negative %%BeginBinary byte count causes infinite loop denial of service

Pillow is a Python imaging library. From 12.0.0 through 12.2.0, Pillow's EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count in the %%BeginBinary directive, allowing a crafted EPS file to cause Image.open to seek backwards to the same directive and parse it repeatedly in an infinite...

5.3CVSS6.1AI score0.0039EPSS
Exploits1References6
cvelist
cvelist
added 2 days ago25 views

CVE-2026-59203 Pillow EpsImagePlugin negative %%BeginBinary byte count causes infinite loop denial of service

Pillow is a Python imaging library. From 12.0.0 through 12.2.0, Pillow's EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count in the %%BeginBinary directive, allowing a crafted EPS file to cause Image.open to seek backwards to the same directive and parse it repeatedly in an infinite...

5.3CVSS0.0039EPSS
Exploits1References4
cvelist
cvelist
added 2 days ago30 views

CVE-2026-11563 Word Count and Social Shares <= 1.0 - Subscriber+ Arbitrary File Deletion via Path Traversal

The Word Count and Social Shares WordPress plugin through 1.0 does not validate a user-supplied file path before deletion, nor does it have proper authorization or CSRF checks, allowing any authenticated user, such as a Subscriber, to delete arbitrary files on the server, which can lead to a full...

0.00165EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2 days ago4 views

PT-2026-58091

Name of the Vulnerable Software and Affected Versions Pillow versions 12.0.0 through 12.2.0 Description The EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count within the %%BeginBinary directive. A specially crafted EPS file can trigger the Image.open function to seek backwards to t...

7.5CVSS6.1AI score0.0039EPSS
Exploits1References8
redhat
redhat
added 3 days ago4 views

ruby/net-imap: ruby: Net::IMAP: Denial of Service via large iteration count in SCRAM authentication

A flaw was found in Net::IMAP, a Ruby library for Internet Message Access Protocol IMAP client functionality. A hostile server can exploit this vulnerability during SCRAM-SHA1 or SCRAM-SHA256 Salted Challenge Response Authentication Mechanism - Secure Hash Algorithm 1 or 256 authentication by...

6.5CVSS6AI score0.00299EPSS
Exploits0References11
osv
osv
added 4 days ago2 views

CVE-2026-10664 Out-of-bounds write in nRF70 Wi-Fi driver power-save event handler (unbounded TWT flow count)

The nRF70 Wi-Fi driver's power-save event handler nrfwifieventprocgetpowersaveinfo in drivers/wifi/nrfwifi/src/wifimgmt.c copied TWT Target Wake Time flow entries from an nrfwifiumaceventpowersaveinfo event into the fixed-size twtflowsWIFIMAXTWTFLOWS 8-element array of a caller-supplied struct...

5CVSS6.1AI score0.00143EPSS
Exploits1References5
osv
osv
added 6 days ago3 views

MGASA-2026-0240 Updated vim packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Arbitrary Code Execution via Python Omni-Completion in Vim 9.1.1783 && Vim = 9.2.0320 && Vim 9.2.0679. CVE-2026-57454 Out-of-bounds Write in SOFO Soundfolding in Vim 9.2.0698. CVE-2026-57455 Arbitrary Code Execution via Python Omni-Completion...

8.4CVSS6.2AI score0.00303EPSS
Exploits0References34
osv
osv
added 6 days ago3 views

CVE-2026-61455 Grav before 2.0.1 Decompression Bomb via ZipArchiver

Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage...

7.1CVSS6.1AI score0.00249EPSS
Exploits0References4
cve
cve
added 2026/07/09 12:30 p.m.12 views

CVE-2026-15185

GPAC MP4Box (vobsub_read_idx in /src/media_tools/vobsub.c) is affected. Manipulating the num_langs argument can trigger an out-of-bounds read, locally exploitable. The issue is in GPAC 26.03-DEV and has publicly disclosed exploit details. A patch was applied via commits 532097084729a936bcdf6a27c4...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References8
osv
osv
added 2026/07/08 1:16 p.m.2 views

DEBIAN-CVE-2026-14454

Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. ...

9.8CVSS6.1AI score0.00394EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/08 7:36 a.m.10 views

CVE-2026-57241

The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...

6.1CVSS6AI score0.00107EPSS
Exploits0References2Affected Software2
euvd
euvd
added 2026/07/08 7:36 a.m.9 views

EUVD-2026-42180

The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...

6.1CVSS6AI score0.00107EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.11 views

PT-2026-56340

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description An issue occurs when the application opens a PDF and JavaScript performs operations on the page and document. This causes page-related objects to lose synchronization, while t...

6.1CVSS6.1AI score0.00107EPSS
Exploits0References6
github
github
added 2026/07/07 1:2 p.m.5 views

ONNX has Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)

Summary Null pointer dereference SIGSEGV in Upsample67::adaptupsample67 onnx/versionconverter/adapters/upsample67.h:31 when convertversion processes a model with an Upsample node that has zero inputs. The adapter accesses node-inputs0-sizes without checking input count. 107-byte PoC crashes on...

5.5CVSS6AI score0.00191EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder