Lucene search
K

171 matches found

NVD
NVD
added 5 days ago8 views

CVE-2026-46710

Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in the installer. During installation, the installer invokes powershell.exe without using an absolute path after setting the working directory to the...

7.8CVSS0.00108EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago27 views

CVE-2026-48778 Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag in config.xml is read by NppXml::value Parameters.cpp:6430 and stored in nppGUI.commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDMFILEOPENCMD File → Open...

7.8CVSS0.01314EPSS
Exploits5References2
CVE
CVE
added 5 days ago5 views

CVE-2026-46710

Notepad++ is affected by a local privilege escalation vulnerability in the installer (CVE-2026-46710) detected in versions 8.9.4–8.9.6. During installation, the installer launches powershell.exe without an absolute path after setting the working directory to the installation contextMenu directory...

7.8CVSS5.8AI score0.00108EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-52972

Name of the Vulnerable Software and Affected Versions Notepad++ versions 8.9.4 through 8.9.5 Description The installer contains a local privilege escalation issue. During the installation process, the installer invokes powershell.exe without specifying an absolute path after setting the working...

7.5CVSS5.8AI score0.00108EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 6:0 a.m.9 views

CVE-2026-9709

The CVE-2026-9709 entry describes a vulnerability in the Premium Cornerstone page builder bundled with the X Theme (WordPress plugin) prior to version 7.8.9. The root cause is missing capability checks on one REST API route, allowing any authenticated user to disclose metadata of other users, inc...

7.7CVSS5.8AI score0.00219EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 2:46 p.m.6 views

CVE-2018-25392 MaxOn ERP Software 8.x-9.x SQL Injection via nomor Parameter

MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the logactivity function. Attackers can send POST requests to /index.php/user/logactivity with malicious SQL code in...

7.1CVSS6.1AI score0.00273EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/18 7:10 p.m.13 views

Microsoft Security Advisory CVE-2026-42899 – ASP.NET Core Denial of Service Vulnerability

Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Loop with unreachable exit...

7.5CVSS5.7AI score0.0243EPSS
Exploits0References5Affected Software12
Github Security Blog
Github Security Blog
added 2026/05/18 7:8 p.m.19 views

Microsoft Security Advisory CVE-2026-32175 – .NET Core Tampering Vulnerability

Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A tampering vulnerability...

4.3CVSS5.8AI score0.00711EPSS
Exploits0References5Affected Software4
Patchstack
Patchstack
added 2026/05/01 2:45 p.m.6 views

WordPress Simple Link Directory plugin <= 8.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Simple Link Directory versions = 8.9.2...

6.4CVSS5.8AI score0.00195EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.5 views

Oracle MySQL Server 9.x.x < 9.7.0 (April 2026 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging OpenSSL. Supported versions that are affected are 8.0.0-8.0.45,...

9.8CVSS6.3AI score0.47621EPSS
Exploits7References26
Positive Technologies
Positive Technologies
added 2026/04/11 12:0 a.m.4 views

PT-2026-32087

Name of the Vulnerable Software and Affected Versions The GreenShift - Animation and Page Builder Blocks plugin for WordPress versions up to and including 12.8.9 Description The GreenShift - Animation and Page Builder Blocks plugin for WordPress is susceptible to Stored Cross-Site Scripting due t...

6.4CVSS6.1AI score0.0042EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/04/11 12:0 a.m.5 views

WordPress plugin GreenShift - Animation and Page Builder Blocks 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.0042EPSS
Exploits0References7
OSV
OSV
added 2026/04/09 9:32 p.m.5 views

JLSEC-2026-67

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...

9.8CVSS7.1AI score0.02216EPSS
Exploits0References11
Elastic
Elastic
added 2026/04/08 4:1 p.m.46 views

Kibana 8.19.14, 9.2.8, 9.3.3 Security Update (ESA-2026-21)

Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via...

7.7CVSS5.8AI score0.003EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.3 views

GitLab 12.10 < 18.8.9 / 18.9 < 18.9.5 / 18.10 < 18.10.3 (CVE-2026-1092)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause...

7.5CVSS7.4AI score0.00552EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.6 views

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Important) (RHSA-2026:6278)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6278 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

10CVSS7AI score0.01945EPSS
Exploits2References10
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.3 views

CVE-2026-29101

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, a Denial-of-Service DoS vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue...

7.5CVSS5.8AI score0.00452EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.9 views

CVE-2026-29097

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions prior to 7.15.1 and 8.9.3 contain a Server-Side Request Forgery SSRF vulnerability combined with a Denial of Service DoS condition in the RSS Feed Dashlet component. Versions 7.15.1 an...

7.5CVSS5.8AI score0.00296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.3 views

CVE-2026-29102

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, an Authenticated Remote Code Execution RCE vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue...

8.8CVSS5.9AI score0.0049EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.7 views

CVE-2026-29099

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...

8.8CVSS6AI score0.00259EPSS
Exploits0References1
Rows per page
Query Builder