Lucene search
+L

4187 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-15610

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00232EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-44893

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6.1AI score0.00232EPSS
Exploits0References8
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-15610 WPBot <= 8.5.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary RAG Document Re-Sync via ajax_rag_manual_sync() Function

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00232EPSS
Exploits0References8
CVE
CVE
added 3 days ago10 views

CVE-2026-15610

The WPBot – AI ChatBot for WordPress plugin (WordPress WPBot) up to version 8.5.6 is affected by an authorization bypass via the ajax_rag_manual_sync() function. The root cause is improper verification of a user’s authorization, enabling authenticated attackers with subscriber-level access or hig...

4.3CVSS6.1AI score0.00232EPSS
Exploits0References8
OSV
OSV
added 6 days ago7 views

MGASA-2026-0248 Updated libxml2 packages fix a security vulnerability

The updated packages fix a security vulnerability: Denial of service via crafted xsd-validated document. CVE-2026-6732...

7.5CVSS6.1AI score0.00632EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 6 days ago4 views

LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents

A flaw was found in LibreOffice. A remote attacker could exploit this out-of-bounds write vulnerability by tricking a user into opening a specially crafted OOXML Office Open XML document with mismatched encryption salt parameters. This could lead to a denial of service DoS, making the application...

7.8CVSS6.1AI score0.00078EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 6 days ago5 views

RHEL 9 : libreoffice (RHSA-2026:38508)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:38508 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a...

7.8CVSS7AI score0.00078EPSS
Exploits0References5
NVD
NVD
added 2026/07/10 9:16 p.m.8 views

CVE-2026-55664

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, the GET /forms endpoint read table and column metadata without applying the document's access rules and did not check that the requested section was actually a form. A user with only partial read access, includin...

4.3CVSS0.00243EPSS
Exploits0References3
NVD
NVD
added 2026/07/09 11:17 p.m.6 views

CVE-2026-59853

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/getCriteria endpoint returns saved search criteria from data/storage/criteria.json without the publish-access filtering used by sibling storage endpoints, allowing a publish-mode Reader to read private...

6.5CVSS0.00235EPSS
Exploits0References3
NVD
NVD
added 2026/07/09 11:17 p.m.5 views

CVE-2026-59834

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing an unauthenticated publish visitor to inject a UNI...

7.5CVSS0.0038EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/09 10:20 p.m.6 views

CVE-2026-59853

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/getCriteria endpoint returns saved search criteria from data/storage/criteria.json without the publish-access filtering used by sibling storage endpoints, allowing a publish-mode Reader to read private...

6.5CVSS6AI score0.00235EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/09 10:15 p.m.7 views

CVE-2026-59834

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing an unauthenticated publish visitor to inject a UNI...

7.5CVSS6AI score0.0038EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/07/09 10:15 p.m.12 views

CVE-2026-59834

SiYuan URI: The vulnerability affects the block search endpoint POST /api/search/fullTextSearchBlock prior to version 3.7.1. An attacker-controlled paths value is concatenated into SQL predicates used by non-SQL search modes, enabling an unauthenticated publish visitor to inject a UNION SELECT an...

7.5CVSS6AI score0.0038EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/09 10:15 p.m.36 views

CVE-2026-59834 SiYuan: SQL Query in Block Search Exposes Hidden Published Document Content

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing an unauthenticated publish visitor to inject a UNI...

7.5CVSS0.0038EPSS
Exploits0References4
OSV
OSV
added 2026/07/09 10:15 p.m.2 views

CVE-2026-59834 SiYuan: SQL Query in Block Search Exposes Hidden Published Document Content

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing an unauthenticated publish visitor to inject a UNI...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.7 views

PT-2026-57010

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description The '/api/storage/getCriteria' endpoint returns saved search criteria from the data/storage/criteria.json file without applying the publish-access filtering used by other storage endpoints. This allow...

6.5CVSS6.1AI score0.00235EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.12 views

PT-2026-57009

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description An unauthenticated publish visitor can perform a UNION SELECT injection via the block search endpoint 'POST /api/search/fullTextSearchBlock'. The issue occurs because the endpoint concatenates...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/08 7:36 a.m.8 views

EUVD-2026-42207

When the application opens a PDF, traverses and builds the annotation elements related to hyperlinks, it fails to validate the abnormal annotation relationships and field combinations. This results in the internal objects entering an invalid state. Eventually, during the destruction phase, an...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 7:36 a.m.12 views

CVE-2026-57259

Technical details about CVE-2026-57259 are not publicly available in the provided documents; no product/version/root-cause information is present here. Monitor for updates.

6.5CVSS5.9AI score0.00205EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/07/08 7:36 a.m.7 views

CVE-2026-57259

The input file does not need to be strictly in a structurally valid PDF format. Instead, after reviewing the content, the original document disguised as a PDF will be sent to the parser. Malicious documents will construct malicious external entities that, through the protocol, point to local path...

6.5CVSS5.9AI score0.00205EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder