Lucene search
+L

425 matches found

osv
osv
added 3 days ago3 views

ROOT-OS-UBUNTU-2204-CVE-2026-23085 CVE-2026-23085 in rootio-linux - Patched by Root

Root has patched CVE-2026-23085 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

5.5CVSS5.4AI score0.00123EPSS
Exploits0
nvd
nvd
added 4 days ago3 views

CVE-2026-57368

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through = 4.8.5...

7.1CVSS0.0018EPSS
Exploits0References1
patchstack
patchstack
added 2026/07/08 3:22 p.m.5 views

WordPress Event Tickets plugin <= 5.28.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by dunvu0 in WordPress Plugin Event Tickets versions = 5.28.5...

7.5CVSS6.1AI score0.00246EPSS
Exploits0Affected Software1
attackerkb
attackerkb
added 2026/07/03 8:57 p.m.7 views

CVE-2026-14355

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS6.1AI score0.00306EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/06/30 8:50 p.m.6 views

EUVD-2026-40411

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console...

8.5CVSS5.6AI score0.00337EPSS
Exploits0References1
cve
cve
added 2026/06/30 7:50 p.m.16 views

CVE-2026-11595

CVE-2026-11595 affects IBM WebSphere Application Server 9.0 and 8.5. The IBM Security Bulletin describes a path traversal vulnerability in the administrative console’s integrated help system that could allow a remote attacker to obtain sensitive information. Affected products/versions include Web...

7.5CVSS5.8AI score0.00474EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/06/30 7:45 p.m.39 views

CVE-2026-11712 IBM WebSphere Application Server is affected by a cross-site scripting vulnerability

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system...

9.3CVSS0.00217EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/27 5:33 a.m.37 views

CVE-2026-13245 MaxButtons <= 9.8.5 - Reflected Cross-Site Scripting via 'view' Parameter

The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00211EPSS
Exploits0References4
osv
osv
added 2026/06/24 8:51 p.m.3 views

CVE-2026-47733 Rocket.Chat: Missing URL protocol sanitization in ImageElement allows javascript: URLs in markdown images

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown renders user-controlled src values directly into and attributes without protocol sanitization. Unlike the analogous LinkSpan component — which uses...

4.4CVSS6.2AI score0.00118EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/24 8:51 p.m.20 views

CVE-2026-47733 Rocket.Chat: Missing URL protocol sanitization in ImageElement allows javascript: URLs in markdown images

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown renders user-controlled src values directly into and attributes without protocol sanitization. Unlike the analogous LinkSpan component — which uses...

4.4CVSS0.00118EPSS
Exploits0References1
nessus
nessus
added 2026/06/24 12:0 a.m.12 views

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 XSS (7277546)

The version of IBM WebSphere Application Server running on the remote host is affected by a XSS vulnerability as referenced in the 7277546 advisory. - IBM WebSphere Application Server is affected by a cross-site scripting vulnerability in the administrative console login page. CWE: CWE-79: Improp...

8.5CVSS5.9AI score0.00337EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/06/22 2:46 p.m.4 views

CVE-2026-9006

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery SSRF with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure...

7.4CVSS5.8AI score0.00221EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2026/06/17 1:20 p.m.10 views

CVE-2026-25439

Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...

8.1CVSS0.00322EPSS
Exploits0References1
ibm
ibm
added 2026/06/16 3:21 p.m.6 views

Security Bulletin: IBM WebSphere Application Server is affected by an authentication bypass vulnerability (CVE-2026-10845)

Summary IBM WebSphere Application Server is affected by a an authentication bypass when a JAX-WS application is deployed. Vulnerability Details CVEID:CVE-2026-10845 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to bypass authentication and gain unauthorized access to...

7.3CVSS5.4AI score0.00337EPSS
Exploits0Affected Software1
nvd
nvd
added 2026/06/15 9:17 p.m.9 views

CVE-2026-48883

Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce = 8.5.3 versions...

7.5CVSS0.00238EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.14 views

PT-2026-49488

Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce = 8.5.3 versions...

7.5CVSS5.1AI score0.00238EPSS
Exploits0References2
nvd
nvd
added 2026/06/10 6:16 p.m.15 views

CVE-2026-20260

In Splunk SOAR Security Orchestration, Automation, and Response versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute ANSI escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might...

4.3CVSS0.00199EPSS
Exploits0References1
osv
osv
added 2026/06/07 7:24 p.m.6 views

MINI-GW72-97XX-8PV5

Bulletin has no description...

3.3CVSS5.2AI score0.00114EPSS
Exploits0
euvd
euvd
added 2026/06/05 8:29 p.m.15 views

EUVD-2026-32922

TinyMCE Cross-Site Scripting XSS vulnerability using media plugin data-mce-object injection...

8.7CVSS5.4AI score0.00264EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/05 7:48 p.m.19 views

CVE-2026-9170

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service and a potential remote code execution due to improper input validation...

9.8CVSS6.3AI score0.00488EPSS
Exploits0References1
Rows per page
Query Builder