Lucene search
K

370 matches found

Patchstack
Patchstack
added 2 days ago4 views

WordPress WP Customer Area plugin <= 8.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin WP Customer Area versions = 8.3.5...

6.4CVSS6.1AI score0.00197EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2 days ago3 views

CVE-2026-57719

Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Malicious Files.This issue affects Aimogen Pro: from n/a through = 2.8.3...

10CVSS0.00358EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-57398 WordPress Real Estate Manager Pro plugin <= 12.8.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebCodingPlace Real Estate Manager Pro real-estate-manager-pro allows Reflected XSS.This issue affects Real Estate Manager Pro: from n/a through = 12.8.3...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added last week7 views

CVE-2026-55830

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, checkfunctionargumentnames rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted...

8.3CVSS0.00226EPSS
Exploits0References2
CVE
CVE
added last week10 views

CVE-2026-55830

Vulnerability summary (CVE-2026-55830) : In RestrictedPython, prior to version 8.3, check_function_argument_names() failed to reject protected guard hook names for positional-only arguments, enabling a local parameter to shadow special names such as getattr , getitem , write , or print . This cou...

8.3CVSS5.9AI score0.00226EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-55830

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, checkfunctionargumentnames rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted...

8.3CVSS5.9AI score0.00226EPSS
Exploits0References3Affected Software1
OSV
OSV
added last week3 views

CVE-2026-55830 RestrictedPython guard hooks can be shadowed via positional-only arguments

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, checkfunctionargumentnames rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted...

8.3CVSS6.1AI score0.00226EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:57 p.m.7 views

CVE-2026-14355

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS6.1AI score0.00306EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.8 views

CVE-2026-57362

Unauthenticated Cross Site Scripting XSS in ChatBot = 8.3.2 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 2:12 p.m.8 views

EUVD-2026-41008

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.23 before v.4.8.3.1...

6.4CVSS5.8AI score0.00148EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 12:22 p.m.5 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities (CVE-2026-7246)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2026-7246 DESCRIPTION: Pallets Click, versions 8.3.2...

7.2CVSS6AI score0.0081EPSS
Exploits1Affected Software1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-54847

Unauthenticated Broken Access Control in Stylish Cost Calculator = 8.3.9 versions...

7.5CVSS0.00278EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.9 views

CVE-2026-30041

An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service DoS via supplying a crafted PSD file...

7.5CVSS0.00571EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 2:52 p.m.6 views

EUVD-2026-39684

Unauthenticated Broken Access Control in Stylish Cost Calculator = 8.3.9 versions...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

Oracle Linux 9 : php:8.3 (ELSA-2026-22142)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-22142 advisory. php 8.3.31-2 - drop capstone dependency on i686 8.3.31-1 - rebase to 8.3.31 php-pecl-apcu 5.1.23-1 - update to 5.1.23 for PHP 8.2 RHEL-14699 5.1.21-1 ...

8.8CVSS5.9AI score0.0078EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/23 2:48 p.m.38 views

CVE-2025-62180 Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.

Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs...

7.1CVSS0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 4:10 p.m.32 views

CVE-2026-53571 Vite: `server.fs.deny` bypass on Windows alternate paths

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...

8.2CVSS0.00393EPSS
Exploits2References1
NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-42661

Custom role Path Traversal in WP Customer Area = 8.3.4 versions...

8.8CVSS0.00371EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/15 5:17 p.m.263 views

vite: `server.fs.deny` bypass on Windows alternate paths

Summary The contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file...

8.2CVSS5.4AI score0.00393EPSS
Exploits2References2Affected Software2
Vulnrichment
Vulnrichment
added 2026/06/12 10:13 p.m.9 views

CVE-2025-7018 Avira antivirus engine null pointer dereference when scanning a malformed PE file

Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64...

5.5CVSS5.3AI score0.00111EPSS
Exploits0References1
Rows per page
Query Builder