Lucene search
K

15419 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 5:30 p.m.5 views

CVE-2026-48731

Warp is an agentic development environment. From 0.2024.02.20.08.01.stable01 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the Linux external editor launcher. Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the expand...

7.8CVSS5.9AI score0.00496EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 5:30 p.m.11 views

CVE-2026-48731

Warp, a developer environment, contains a Linux external editor launcher vulnerability. From 0.2024.02.20.08.01.stable_01 to 0.2026.05.06.15.42.stable_01, Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the expanded command through a shell. A user w...

7.8CVSS5.9AI score0.00496EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 7:16 a.m.10 views

CVE-2026-9183

The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is due to the lb24blockenqueuescripts function being hooked to enqueueblockeditorassets and, for any non-administrator user, falling back to loading...

4.3CVSS0.0021EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 7:16 a.m.7 views

CVE-2026-10753

The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have been granted dashboard sharing access such as Editors to modify a site-wide Site Kit by Google WordPress plugin before 1.176.0...

2.7CVSS0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 6:0 a.m.35 views

CVE-2026-10753 Site Kit by Google < 1.176.0 - Editor+ Email Reporting Settings Update

The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have been granted dashboard sharing access such as Editors to modify a site-wide Site Kit by Google WordPress plugin before 1.176.0...

0.00168EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 5:33 a.m.8 views

CVE-2026-9183

The CVE concerns the WordPress plugin 24liveblog (versions up to and including 2.2). The root cause is lb24_block_enqueue_scripts() hooked to enqueue_block_editor_assets, which for non-administrator users loads site-wide integration secrets (lb24_token, lb24_refresh_token, lb24_uid, lb24_uname) f...

4.3CVSS5.8AI score0.0021EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.32 views

CVE-2026-9183 24liveblog <= 2.2 - Authenticated (Contributor+) Exposure of Sensitive Information via Block Editor Script Localization

The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is due to the lb24blockenqueuescripts function being hooked to enqueueblockeditorassets and, for any non-administrator user, falling back to loading...

4.3CVSS0.0021EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51694

Name of the Vulnerable Software and Affected Versions 24liveblog versions prior to 2.3 Description The 24liveblog plugin for WordPress allows authenticated users with contributor-level access or higher to extract sensitive third-party account credentials. The issue occurs because the lb24 block...

4.3CVSS5.8AI score0.0021EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/23 11:12 p.m.5 views

vim: Vim: Command injection allows arbitrary code execution via malicious tag files

A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...

6.6CVSS6.4AI score0.00501EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/23 8:11 p.m.28 views

CVE-2026-47387 NocoDB: Stored Cross-Site Scripting via Form View Redirect URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler packages/nc-gui/composables/useSharedFormViewStore.ts in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A...

8.4CVSS0.00234EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:17 p.m.8 views

CVE-2026-54307

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to...

9.6CVSS0.00315EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 3:47 p.m.23 views

CVE-2026-54307

Summary: CVE-2026-54307 affects n8n prior to versions 1.123.55, 2.25.7, and 2.26.2, where a member-level editor of a shared workflow could reference credentials they do not own due to partial credential ownership checks, enabling cross-user credential access via public API endpoints. The issue is...

9.6CVSS5.8AI score0.00315EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/23 3:47 p.m.7 views

CVE-2026-54307

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to...

8.5CVSS5.7AI score0.00315EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/23 3:47 p.m.34 views

CVE-2026-54307 n8n: Credential Exfiltration via Permission Bypass

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to...

8.5CVSS0.00315EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 3:46 p.m.32 views

CVE-2026-54302 n8n: Stored XSS in Chat Trigger Node

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the...

7CVSS0.0021EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/23 6:43 a.m.4 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

8.2CVSS7AI score0.00552EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/23 6:0 a.m.8 views

EUVD-2026-38416

The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the importlist, urldetail, and filedetail admin page callbacks before using them in SQL queries, allowing authenticated attackers with Editor-level...

6.8CVSS5.9AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 6:0 a.m.40 views

CVE-2026-7842 Infility Global < 2.15.20 - Editor+ SQL Injection via orderby Parameter

The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the importlist, urldetail, and filedetail admin page callbacks before using them in SQL queries, allowing authenticated attackers with Editor-level...

0.00231EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 6:0 a.m.7 views

CVE-2026-7842

The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the importlist, urldetail, and filedetail admin page callbacks before using them in SQL queries, allowing authenticated attackers with Editor-level...

6.8CVSS5.9AI score0.00231EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/22 10:23 p.m.11 views

vim: command injection when decompressing .tgz archives

A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...

7CVSS6.1AI score0.00552EPSS
Exploits0References7
Rows per page
Query Builder