Lucene search
K

3675 matches found

Nuclei
Nuclei
added 18 hours ago20 views

ListingPro < 2.6.1 - Sensitive Data Disclosure

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the /listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email...

5.3CVSS6.2AI score0.01608EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago59 views

Edito CMS - Sensitive Data Leak

Web services managed by Edito CMS Content Management System in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user. id: CVE-2024-4836 info: name: Edito CMS - Sensitive Data Leak author: s4e-io severity: high description: | Web...

7.5CVSS6.1AI score0.02651EPSS
Exploits0References3
OSV
OSV
added yesterday3 views

CVE-2026-59198 Pillow TGA RLE encoder can serialize up to ~57 KB of adjacent heap data into generated images

Pillow is a Python imaging library. From 5.2.0 until 12.3.0, Pillow's TGA RLE encoder reads past its packed row buffer when saving a mode 1 image with TGA RLE compression, allowing adjacent process heap bytes to be copied into the generated TGA file. This issue is fixed in version 12.3.0...

6.5CVSS6.1AI score
Exploits1References6
NVD
NVD
added 2 days ago8 views

CVE-2026-58408

ChurchCRM is an open-source church management system. Prior to version 7.4.0, a low-privileged user can bypass the /admin/export UI and exfiltrate the entire member directory. The POST /CSVCreateFile.php endpoint generates and streams a CSV containing the full Personally Identifiable Information...

6.5CVSS0.00217EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago185 views

Jms Blog - SQL Injection

The module Jms Blog jmsblog from Joommasters contains a Time Based SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joommasters PrestaShop themes id: CVE-2023-27034 info: name: Jms Blog - SQL Injection author: MaStErChO severity: critical...

9.8CVSS7.1AI score0.58743EPSS
Exploits0References5
NVD
NVD
added 5 days ago6 views

CVE-2026-12918

The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of...

4.9CVSS0.00319EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/02 8:42 a.m.8 views

EUVD-2026-41271

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 10:22 p.m.22 views

CVE-2026-14408

CVE-2026-14408 affects Google Chrome Dawn prior to 150.0.7871.46, with an uninitialized use in Dawn allowing a remote attacker to read potentially sensitive information from process memory via a crafted HTML page. The vulnerability’s impact is described as information disclosure (Medium severity)...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/07/01 10:21 p.m.5 views

CVE-2026-14418

Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.8AI score0.00185EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/07/01 10:21 p.m.6 views

CVE-2026-14396

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00247EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 10:21 p.m.6 views

CVE-2026-14384

Out of bounds read in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00263EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/07/01 10:20 p.m.7 views

CVE-2026-53467

A flaw was found in ImageMagick. The MNG decoder in ImageMagick contains a heap information disclosure vulnerability. This flaw could allow an attacker to potentially access sensitive information from memory due to parts of image pixels being left unchanged during processing. This could lead to...

5.3CVSS5.6AI score0.00197EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/01 4:13 p.m.7 views

EUVD-2026-41061

Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php line 124: SELECT FROM complex WHERE name='".$GET'name'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-14019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS6.2AI score0.00238EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-14004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromiu...

6.5CVSS6.2AI score0.00299EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.4 views

CVE-2026-14146

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS0.00264EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.7 views

CVE-2026-14112

Inappropriate implementation in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

5.3CVSS0.00218EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-14100

Insufficient data validation in NetworkCache in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS0.00229EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:17 p.m.3 views

DEBIAN-CVE-2026-14100

Insufficient data validation in NetworkCache in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.8AI score0.00229EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-14050

Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS0.00247EPSS
Exploits0References2
Rows per page
Query Builder