Lucene search
K

1572 matches found

Nuclei
Nuclei
added yesterday38 views

WordPress Personal Dictionary <1.3.4 - Blind SQL Injection

WordPress Personal Dictionary plugin before 1.3.4 contains a blind SQL injection vulnerability. The plugin fails to properly sanitize user-supplied POST data before being interpolated in an SQL statement and executed. An attacker can possibly obtain sensitive information, modify data, and/or...

9.8CVSS7.2AI score0.0677EPSS
Exploits2References5
EUVD
EUVD
added yesterday5 views

EUVD-2026-43560

PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a push token can systematically guess passphrases at 120 attempts per minute without triggering any...

8.7CVSS6.1AI score0.00304EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2 days ago4 views

CVE-2026-61458 PasswordPusher < 2.9.2 Passphrase Brute-Force via Unthrottled Endpoint

PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a push token can systematically guess passphrases at 120 attempts per minute without triggering any...

8.7CVSS6.1AI score0.00304EPSS
Exploits0References2
NVD
NVD
added 2026/07/05 2:16 p.m.7 views

CVE-2026-14750

A security flaw has been discovered in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The affected element is the function Notescontroller::accessingdictionaryauthorization of the file application/PHP/objects/notes/accessingdictionaryauthorization.php. The manipulation of the...

7.5CVSS0.00269EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/05 1:30 p.m.38 views

CVE-2026-14752 mjperpinosa stumasy add_into_dictionary.php add_definition cross site scripting

A security vulnerability has been detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This affects the function adddefinition of the file application/PHP/objects/notes/addintodictionary.php. Such manipulation of the argument reference leads to cross site scripting. It ...

5.1CVSS0.00203EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 1:30 p.m.9 views

EUVD-2026-41758

A security vulnerability has been detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This affects the function adddefinition of the file application/PHP/objects/notes/addintodictionary.php. Such manipulation of the argument reference leads to cross site scripting. It ...

5.1CVSS4.2AI score0.00203EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 1:0 p.m.8 views

EUVD-2026-41756

A security flaw has been discovered in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The affected element is the function Notescontroller::accessingdictionaryauthorization of the file application/PHP/objects/notes/accessingdictionaryauthorization.php. The manipulation of the...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/05 1:0 p.m.29 views

CVE-2026-14750 mjperpinosa stumasy accessing_dictionary_authorization.php accessing_dictionary_authorization sql injection

A security flaw has been discovered in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The affected element is the function Notescontroller::accessingdictionaryauthorization of the file application/PHP/objects/notes/accessingdictionaryauthorization.php. The manipulation of the...

7.5CVSS0.00269EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 1:0 p.m.6 views

CVE-2026-14750

A security flaw has been discovered in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The affected element is the function Notescontroller::accessingdictionaryauthorization of the file application/PHP/objects/notes/accessingdictionaryauthorization.php. The manipulation of the...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 1:0 p.m.9 views

CVE-2026-14750

The CVE-2026-14750 entry concerns mjperpinosa stumasy with a SQL injection in the function Notes_controller::accessing_dictionary_authorization (file application/PHP/objects/notes/accessing_dictionary_authorization.php). Manipulating the Password argument enables a remote attacker to leverage SQL...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/30 3:59 p.m.9 views

CVE-2026-58376 Dolibarr - SQL Injection via sqlfilters Parameter in Multiple REST API List Endpoints

Dolibarr through 23.0.3, fixed in commit 14db36e, contains a sql injection vulnerability that allows authenticated API users to exfiltrate arbitrary database contents by supplying malicious values to the sqlfilters query parameter in the setup dictionary and multicurrencies REST API endpoints. Th...

7.6CVSS6AI score0.00221EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 1:16 a.m.14 views

CVE-2026-54639

Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of convertTokenDatatokens, output: 'object' ;; indirect usage, via using Expand API; and/or indirect...

8.8CVSS0.00132EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 12:17 a.m.12 views

EUVD-2026-38640

Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of convertTokenDatatokens, output: 'object' ;; indirect usage, via using Expand API; and/or indirect...

8.8CVSS5.8AI score0.00132EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 12:17 a.m.33 views

CVE-2026-54639 Style Dictionary - Prototype Pollution in convertTokenData utility function

Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of convertTokenDatatokens, output: 'object' ;; indirect usage, via using Expand API; and/or indirect...

8.8CVSS0.00132EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 12:17 a.m.16 views

CVE-2026-54639

CVE-2026-54639 affects Style Dictionary prior to 5.4.4, with a prototype pollution vulnerability in the convertTokenData utility (versions 4.3.0–4.x before 5.4.4). The impact is high when Style Dictionary is used as a Node.js server integration, moderate for web app integrations, and low for toke...

8.8CVSS5.8AI score0.00132EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 12:17 a.m.3 views

CVE-2026-54639 Style Dictionary - Prototype Pollution in convertTokenData utility function

Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of convertTokenDatatokens, output: 'object' ;; indirect usage, via using Expand API; and/or indirect...

8.8CVSS6AI score0.00132EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.19 views

PT-2026-51612

Name of the Vulnerable Software and Affected Versions Style Dictionary versions 4.3.0 through 5.4.3 Description Style Dictionary contains a prototype pollution issue within the convertTokenData function. Prototype pollution occurs when an attacker manipulates the proto property of a JavaScript...

8.8CVSS5.8AI score0.00132EPSS
Exploits0References9
OSV
OSV
added 2026/06/12 12:26 p.m.9 views

OESA-2026-2647 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability was detected in Assi...

4.8CVSS4.1AI score0.00118EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.11 views

CVE-2026-8114

A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The explo...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 12:30 a.m.14 views

EUVD-2026-33524

A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References6
Rows per page
Query Builder