Lucene search
K

872 matches found

Nuclei
Nuclei
added 9 hours ago27 views

Blinko <= 1.8.3 - User Information Leak

Blinko = 1.8.4 contains an information disclosure caused by a publicly accessible endpoint exposing user information including usernames, roles, and account creation dates, letting remote attackers access sensitive user data, exploit requires no special privileges. id: CVE-2026-23486 info: name:...

6.9CVSS6AI score0.00711EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-59097

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS6AI score0.00344EPSS
Exploits0References6
Circl
Circl
added 3 days ago6 views

CVE-2026-12224

creationtimestamp| type| source ---|---|--- 2026-07-01 09:12:13+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mpl6f6frm32l 2026-07-01 09:12:13+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpl6f64vmw2r 2026-07-01 11:39:31+00:00| seen|...

8.8CVSS5.8AI score0.00246EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/19 6:51 a.m.9 views

CVE-2026-6798

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6AI score0.00299EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/19 6:51 a.m.9 views

EUVD-2026-37996

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6AI score0.00299EPSS
Exploits0References8
Circl
Circl
added 2026/06/15 11:0 p.m.8 views

CVE-2026-48713

creationtimestamp| type| source ---|---|--- 2026-06-15 23:00:38+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3moef7r5k4a24 2026-06-16 00:01:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moeimat47y2n 2026-06-16 03:00:27+00:00| seen|...

9.1CVSS5.7AI score0.00419EPSS
Exploits0References5
Circl
Circl
added 2026/06/04 11:18 p.m.9 views

CVE-2026-48579

creationtimestamp| type| source ---|---|--- 2026-06-04 23:18:35+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116694392154624808 2026-06-05 00:00:59+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnithjxzog2b 2026-06-05 13:22:36+00:00| seen|...

9.1CVSS5.3AI score0.01015EPSS
Exploits0References6
CVE
CVE
added 2026/06/03 1:28 p.m.17 views

CVE-2026-47325

The CVE-2026-47325 entry concerns the ProjectsAndPrograms school-management-system, where passwords for students and teachers are generated solely from the user’s date of birth (e.g., 12072000), and there is no forced password change at first login. Affected status: the version tied to commit 6b6...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/01 12:0 a.m.10 views

CVE-2026-41150

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/05/30 2:7 a.m.15 views

SUSE CVE-2026-41150

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References3
OSV
OSV
added 2026/05/29 3:16 p.m.6 views

DEBIAN-CVE-2026-41150

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 1:54 p.m.10 views

EUVD-2026-33325

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References5
Friends Of PHP
Friends Of PHP
added 2026/05/29 8:0 a.m.14 views

symfony/ux-live-component Format-less date LiveProps parsed with the permissive DateTime constructor

Description When a LiveProp is typed as a DateTimeInterface and no explicit format is configured, Symfony\UX\LiveComponent\LiveComponentHydrator::hydrateObjectValue falls back to new $className$value. The DateTime / DateTimeImmutable constructors accept relative strings such as "now", "tomorrow",...

6AI score
Exploits0Affected Software1
Circl
Circl
added 2026/05/28 8:16 p.m.9 views

CVE-2026-2128

creationtimestamp| type| source ---|---|--- 2026-05-28 20:16:19+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-2128 2026-05-29 09:54:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmybdofzag2e 2026-06-04 06:16:27+00:00| seen|...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References3
Circl
Circl
added 2026/05/20 8:17 p.m.11 views

CVE-2026-9126

creationtimestamp| type| source ---|---|--- 2026-05-20 20:17:06+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116608743862604761 2026-05-20 22:40:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmcxxhekzf2k 2026-05-21 17:07:07+00:00| seen|...

8.8CVSS5.8AI score0.00396EPSS
Exploits0References7
Circl
Circl
added 2026/05/20 4:51 a.m.9 views

CVE-2026-24214

creationtimestamp| type| source ---|---|--- 2026-05-20 04:51:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmb4aw6ccr2c 2026-05-20 19:37:20+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmcnputmzy2v 2026-06-22 00:19:59+00:00| seen|...

9.8CVSS5.8AI score0.00719EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/15 6:36 p.m.7 views

CVE-2021-47967 PHP Timeclock 1.04 Multiple Cross-Site Scripting via Parameters

PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers can append malicious payloads to login.php, timeclock.php, audit.php, and timerpt.php endpoints, o...

6.1CVSS5.9AI score0.00211EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40839

Name of the Vulnerable Software and Affected Versions Date iCal versions 0.0.0 through 4.0.14 Description A missing authorization issue in the Date iCal module, which exports entity date fields as iCal feeds, allows forceful browsing. The module fails to sufficiently check entity or field access...

9.8CVSS5.8AI score0.00369EPSS
Exploits0References6
Spring Security Advisories
Spring Security Advisories
added 2026/05/12 12:0 a.m.11 views

This Week in Spring - May 12th, 2026

Hi, Spring fans! As I write this I am in Miami, FL at the CodeRemix.ai show, focused on the wide and wonderful world of OpenRewrite and Moderne. I've got a talk to give so let's dive right into it! a quick note about the upcoming release train dates in last week's installment of A Bootiful Podcas...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/05/11 7:36 p.m.12 views

Infinite loop

Overview org.webjars.npm:mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Infinite loop in the rendering process of Gantt charts when the excludes attribute is set to exclude all dates. An...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References2
Rows per page
Query Builder