Lucene search
K

16993 matches found

Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-10706 Exposure of Sensitive Information to an Unauthorized attacker

In Adalo’s no-code app builder, Versions 1 and 2 the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing...

0.00303EPSS
Exploits0References1
CVE
CVE
added 6 days ago8 views

CVE-2026-10706

CVE-2026-10706 affects Adalo’s no-code app builder (V1 and V2). A platform‑level flaw in the database API allows authenticated users to retrieve full user records from any Adalo application, via dbId enumeration, bypassing ownership checks and enabling cross‑application data exposure. The issue i...

7.5CVSS5.9AI score0.00303EPSS
Exploits0References1
NVD
NVD
added 6 days ago9 views

CVE-2026-8310

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Webbeyaz Web Design Mediküm Web allows Reflected XSS. This issue affects Mediküm Web: through 08072026. NOTE: The vendor was contacted and it was learned that the product is not supported...

6.1CVSS0.00149EPSS
Exploits0References1
NVD
NVD
added 6 days ago10 views

CVE-2026-8315

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Webbeyaz Web Design Mediküm Web allows Stored XSS. This issue affects Mediküm Web: through 08072026. NOTE: The vendor was contacted and it was learned that the product is not supported...

5.4CVSS0.00133EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42225

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Webbeyaz Web Design Mediküm Web allows Stored XSS. This issue affects Mediküm Web: through 08072026. NOTE: The vendor was contacted and it was learned that the product is not supported...

5.4CVSS5.9AI score0.00133EPSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-8315

The CVE-2026-8315 entry concerns a Stored XSS in Mediküm Web (Webbeyaz Web Design). Affected component: input handling during web page generation with improper neutralization of input as the root cause. Impact is Stored XSS (confidentiality/integrity impact low; availability none; user interactio...

5.4CVSS5.9AI score0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-8315 Stored XSS in Webbeyaz's Mediküm Web

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Webbeyaz Web Design Mediküm Web allows Stored XSS. This issue affects Mediküm Web: through 08072026. NOTE: The vendor was contacted and it was learned that the product is not supported...

5.4CVSS0.00133EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42224

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Webbeyaz Web Design Mediküm Web allows Reflected XSS. This issue affects Mediküm Web: through 08072026. NOTE: The vendor was contacted and it was learned that the product is not supported...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-8310

Mediküm Web (Webbeyaz Web Design) is affected by CVE-2026-8310, a Reflected XSS caused by improper neutralization of input during web page generation. Affected through 08/07/2026; vendor noted as not supported. The connected documents consistently describe the issue without detailing specific vul...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42157

An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TTGetVarDesign implementation used by FTGetVarDesignCoordinates...

6.5CVSS6AI score0.00278EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago11 views

Malicious code in rio-design-tokens (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed72d8256a1831ef61f01d101c9b9de21db822516cb3b61d1fffd1ef7b3bb0c7 [email protected] is a dependency-confusion attack package. package.json declares preinstall: node index.js, so npm install auto-executes...

5.9AI score
Exploits0References3
OSV
OSV
added 6 days ago7 views

MAL-2026-6956 Malicious code in rio-design-tokens (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed72d8256a1831ef61f01d101c9b9de21db822516cb3b61d1fffd1ef7b3bb0c7 [email protected] is a dependency-confusion attack package. package.json declares preinstall: node index.js, so npm install auto-executes...

6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56410

Name of the Vulnerable Software and Affected Versions Mediküm Web versions prior to 08072026 Description Mediküm Web contains an SQL injection flaw resulting from improper neutralization of special elements used in SQL commands. This occurs due to inadequate input validation or parameterization,...

9.8CVSS6.5AI score0.00266EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-56454

Name of the Vulnerable Software and Affected Versions Adalo versions 1 through 2 Description Attackers can extract complete user records and correlate user behavior across multiple applications through the enumeration of the dbId variable. This occurs because the platform lacks data minimization,...

7.5CVSS6AI score0.00303EPSS
Exploits0References5
NVD
NVD
added last week7 views

CVE-2026-50811

An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TTGetVarDesign implementation used by FTGetVarDesignCoordinates...

6.5CVSS0.00278EPSS
Exploits0References5
CVE
CVE
added 2026/07/07 12:0 a.m.17 views

CVE-2026-50811

FreeType 2.14.3 and earlier (before commit 5a280ecde6f324de0d226261036e736e0cb49a71) contain an out-of-bounds read in src/truetype/ttgxvar.c within TT_Get_Var_Design_Coordinates (used by TT_Get_Var_Design). Affected component: FreeType typography engine (ttgxvar.c). Root cause: out-of-bounds read...

6.5CVSS6AI score0.00278EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/07/07 12:0 a.m.5 views

CVE-2026-50811

An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TTGetVarDesign implementation used by FTGetVarDesignCoordinates...

6.5CVSS6AI score0.00278EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.7 views

PT-2026-56283

Name of the Vulnerable Software and Affected Versions FreeType versions prior to commit 5a280ecde6f324de0d226261036e736e0cb49a71 Description An out-of-bounds read occurs in the TT Get Var Design implementation, which is utilized by FT Get Var Design Coordinates. This issue is located within the...

6.5CVSS6.1AI score0.00278EPSS
Exploits0References12
NVD
NVD
added 2026/07/03 6:16 a.m.13 views

CVE-2026-9725

The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the storedesigndata function, which constructs a filesystem path from the user-supplied...

9.1CVSS0.00742EPSS
Exploits0References6
CVE
CVE
added 2026/07/03 4:30 a.m.24 views

CVE-2026-9725

The CVE-2026-9725 issue affects the Printcart Web to Print Product Designer for WooCommerce plugin for WordPress (versions

9.1CVSS6.5AI score0.00742EPSS
Exploits0References6
Rows per page
Query Builder