Lucene search
+L

18274 matches found

CVE
CVE
added 6 days ago7 views

CVE-2026-57393

CVE-2026-57393 affects the WordPress plugin WooCommerce PDF Invoice Builder (plugin slug woo-pdf-invoice-builder) up to version ≤ 2.0.8. The vulnerability is described as an Exposure of Sensitive System Information to an Unauthorized Control Sphere that allows retrieval of embedded sensitive data...

6.5CVSS6.1AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-58252

A flaw was found in NATS Server. An authenticated user could bypass configured access restrictions and receive messages on subjects that were explicitly denied. This occurs when a wildcard subscription overlaps with a wildcard deny rule but is not a direct subset, or when queue subscriptions...

6.5CVSS6AI score0.00465EPSS
Exploits0References10
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-12582 Library Management System < 3.5.8 - Unauthenticated SQL Injection via book_id

The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes...

0.00262EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago8 views

Malicious code in slds-lsp-client (npm)

The slds-lsp-client package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Salesforce SLD...

6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-60060

Summary Apollo Portal versions before 2.5.0 do not verify application and namespace permissions when an authenticated user requests a release by ID through GET /envs/env/releases/releaseId. When configView.memberOnly.envs is enabled for the requested environment, a low-privileged Portal user can...

6.5CVSS6.1AI score0.00415EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 6 days ago3 views

The vulnerability of the gnutls_x509_crt_check_hostname2() function in the lib/x509/hostname-verify.c file, lines 111,245–265, of the GnuTLS cryptographic library allows a attacker to replace the server and gain unauthorized access to protected information.

The vulnerability of the gnutlsx509crtcheckhostname2 function in the lib/x509/hostname-verify.c file at line 111,245-265 of the GnuTLS cryptographic library is related to errors in the certificate validation process. Exploiting this vulnerability could allow an attacker to replace the server and...

8.5CVSS6.1AI score0.00354EPSS
Exploits0References27Affected Software8
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-57841

Name of the Vulnerable Software and Affected Versions Rejetto HFS versions 3.0.0 through 3.2.0 Description The software derives its session-cookie signing key from the non-cryptographic Math.random generator and discloses outputs of this generator to unauthenticated clients during login. A remote...

9.8CVSS6.5AI score0.00747EPSS
Exploits0References6
OSV
OSV
added 2026/07/11 2:16 p.m.3 views

DEBIAN-CVE-2026-56372

ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service...

9.1CVSS6.2AI score0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/11 1:0 p.m.33 views

CVE-2026-56372 ImageMagick - Heap Buffer Overflow Read via Unrecognized Magnify Method

ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service...

4.8CVSS0.00198EPSS
Exploits0References2
NVD
NVD
added 2026/07/11 5:16 a.m.9 views

CVE-2026-13116

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.14.0 via the generatedocumentshortcode due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS0.00223EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/11 3:44 a.m.5 views

EUVD-2026-43138

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.14.0 via the generatedocumentshortcode due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS6.1AI score0.00223EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/11 3:44 a.m.29 views

CVE-2026-13116 PDF Invoices & Packing Slips for WooCommerce <= 5.14.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via 'order_id' Shortcode Attribute

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.14.0 via the generatedocumentshortcode due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS0.00223EPSS
Exploits0References8
CVE
CVE
added 2026/07/11 3:44 a.m.13 views

CVE-2026-13116

CVE-2026-13116 affects the PDF Invoices & Packing Slips for WooCommerce plugin (WordPress) ≤ 5.14.0. Issue: Insecure Direct Object Reference via generate_document_shortcode caused by missing validation on a user-controlled key. Consequence: authenticated attackers with contributor+ access can min...

4.3CVSS6.1AI score0.00223EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/11 2:31 a.m.7 views

EUVD-2026-43128

The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideoenqueuesettingsscript. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data...

4.3CVSS6.1AI score0.00237EPSS
Exploits0References6
CVE
CVE
added 2026/07/11 2:31 a.m.15 views

CVE-2026-7544

Summary (CVE-2026-7544) : The Mux Video Uploader WordPress plugin (≤ v1.1.4) is vulnerable to Sensitive Information Exposure via muxvideo_enqueue_settings_script. Authenticated users with subscriber-level access or higher can extract sensitive data, including Mux API credentials. The CVE notes th...

4.3CVSS6.1AI score0.00237EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/11 2:31 a.m.7 views

EUVD-2026-43127

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

6.5CVSS6.1AI score0.00281EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/11 12:0 a.m.12 views

PT-2026-57388

Name of the Vulnerable Software and Affected Versions PDF Invoices & Packing Slips for WooCommerce versions prior to 5.14.1 Description An Insecure Direct Object Reference IDOR exists in the generate document shortcode function due to missing validation on a user-controlled key. Authenticated...

4.3CVSS6.1AI score0.00223EPSS
Exploits0References11
OSV
OSV
added 2026/07/10 9:44 p.m.6 views

CVE-2026-13237 AI Agents - Moderately critical - Information disclosure, Access bypass - SA-CONTRIB-2026-057

Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

4.8CVSS6.1AI score0.00168EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/10 9:31 p.m.31 views

CVE-2026-59155 Nezha Monitoring: DDNS and Notification credential exposure via unredacted list API

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to 2.2.5, the GET /api/v1/ddns and GET /api/v1/notification endpoints return full resource objects including plaintext third-party API credentials, including Cloudflare API tokens, TencentCloud...

6.9CVSS0.00304EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/10 9:29 p.m.5 views

CVE-2026-59996

A flaw was found in OpenSSH, a widely used tool for secure remote access. When a user attempts to copy files between two different remote systems using the scp command, the file might be incorrectly placed in a directory above the intended destination. This unintended file placement could lead to...

5.4CVSS6AI score0.00241EPSS
Exploits0References6
Rows per page
Query Builder